nci-cidc-api-modules 1.0.0rc0__py3-none-any.whl → 1.0.1__py3-none-any.whl

cidc_api/shared/auth.py

@@ -1,8 +1,8 @@
 from functools import wraps
-from packaging import version
 from typing import List
 
 import requests
+from packaging import version
 from jose import jwt
 from flask import g, request, current_app as app, Flask
 from werkzeug.exceptions import Unauthorized, BadRequest, PreconditionFailed
@@ -13,6 +13,8 @@ from ..config.logging import get_logger
 
 logger = get_logger(__name__)
 
+TIMEOUT_IN_SECONDS = 20
+
 
 ### Main auth utility functions ###
 def validate_api_auth(app: Flask):
@@ -32,7 +34,7 @@ def validate_api_auth(app: Flask):
     )
 
 
-def requires_auth(resource: str, allowed_roles: list = []):
+def requires_auth(resource: str, allowed_roles: list = None):
     """
     A decorator that adds authentication and basic access to an endpoint.
 
@@ -43,6 +45,9 @@ def requires_auth(resource: str, allowed_roles: list = []):
         Unauthorized if unauthorized
     """
 
+    if allowed_roles is None:
+        allowed_roles = []
+
     def decorator(endpoint):
         # Store metadata on this function stating that it is protected by authentication
         endpoint.is_protected = True
@@ -159,11 +164,11 @@ def _extract_token() -> str:
             assert bearer.lower() == "bearer"
         else:
             id_token = request.json["id_token"]
-    except (AssertionError, AttributeError, KeyError, TypeError, ValueError):
+    except (AssertionError, AttributeError, KeyError, TypeError, ValueError) as exc:
         raise Unauthorized(
             "Either the 'Authorization' header must be set with structure 'Authorization: Bearer <id token>' "
             'or "id_token" must be present in the JSON body of the request.'
-        )
+        ) from exc
 
     return id_token
 
@@ -184,11 +189,11 @@ def _get_issuer_public_key(token: str) -> dict:
     try:
         header = jwt.get_unverified_header(token)
     except jwt.JWTError as e:
-        raise Unauthorized(str(e))
+        raise Unauthorized(str(e)) from e
 
     # Get public keys from our Auth0 domain
     jwks_url = f"https://{AUTH0_DOMAIN}/.well-known/jwks.json"
-    jwks = requests.get(jwks_url).json()
+    jwks = requests.get(jwks_url, timeout=TIMEOUT_IN_SECONDS).json()
 
     # Obtain the public key used to sign this token
     public_key = None
@@ -198,7 +203,7 @@ def _get_issuer_public_key(token: str) -> dict:
 
     # If no matching public key was found, we can't validate the token
     if not public_key:
-        raise Unauthorized("Found no public key with id %s" % header["kid"])
+        raise Unauthorized(f"Found no public key with id {header['kid']}")
 
     return public_key
 
@@ -233,11 +238,11 @@ def _decode_id_token(token: str, public_key: dict) -> dict:
     except jwt.ExpiredSignatureError as e:
         raise Unauthorized(
             f"{e} Token expired. Obtain a new login token from the CIDC Portal, then try logging in again."
-        )
+        ) from e
     except jwt.JWTClaimsError as e:
-        raise Unauthorized(str(e))
+        raise Unauthorized(str(e)) from e
     except jwt.JWTError as e:
-        raise Unauthorized(str(e))
+        raise Unauthorized(str(e)) from e
 
     # Currently, only id_tokens are accepted for authentication.
     # Going forward, we could also accept access tokens that we
@@ -340,9 +345,9 @@ def _enforce_cli_version():
 
     try:
         client, client_version = user_agent.split("/", 1)
-    except ValueError:
-        logger.error(f"Unrecognized user-agent string format: {user_agent}")
-        raise BadRequest("could not parse User-Agent string")
+    except ValueError as exc:
+        logger.error("Unrecognized user-agent string format: %s", user_agent)
+        raise BadRequest("could not parse User-Agent string") from exc
 
     # The CLI sets the User-Agent header to `cidc-cli/{version}`,
     # so we can assess whether the requester needs to update their CLI.

cidc_api/shared/gcloud_client.py

@@ -1,23 +1,21 @@
 """Utilities for interacting with the Google Cloud Platform APIs."""
+
+# pylint: disable=logging-fstring-interpolation
+
 import json
 import os
 from os import environ
-
-from cidc_api.config.secrets import get_secrets_manager
-
-os.environ["TZ"] = "UTC"
+import base64
 import datetime
 import warnings
 import hashlib
 from collections import namedtuple
 from concurrent.futures import Future
-from sqlalchemy.orm.session import Session
 from typing import (
     Any,
     BinaryIO,
     Callable,
     Dict,
-    Iterable,
     List,
     Optional,
     Set,
@@ -25,13 +23,18 @@ from typing import (
     Union,
 )
 
-import requests
+from werkzeug.datastructures import FileStorage
+from sqlalchemy.orm.session import Session
 from google.cloud import storage, pubsub, bigquery
 from google.cloud.bigquery.enums import EntityTypes
 from google.oauth2.service_account import Credentials
-from werkzeug.datastructures import FileStorage
-import googleapiclient.discovery
 from google.api_core.iam import Policy
+from google.api_core.client_options import ClientOptions
+import googleapiclient.discovery
+import requests
+
+from cidc_schemas.prism.constants import ASSAY_TO_FILEPATH
+from cidc_api.config.secrets import get_secrets_manager
 
 from ..config.settings import (
     DEV_USE_GCS,
@@ -55,57 +58,82 @@ from ..config.settings import (
 )
 from ..config.logging import get_logger
 
-from cidc_schemas.prism.constants import ASSAY_TO_FILEPATH
-
+os.environ["TZ"] = "UTC"
 logger = get_logger(__name__)
 
-_storage_client = None
-_bigquery_client = None
-_crm_service = None
+TIMEOUT_IN_SECONDS = 20
+
+# these should be initialized here or used as cached values
+STORAGE_CLIENT = None
+BIGQUERY_CLIENT = None
+CRM_SERVICE = None
 
 # The Secret Manager object should only be initiated once and reused.
 # This is due to the fact that every time this object is initiated, a
 # Google Cloud client is also initiated, which is an expensive handshake
 # that significantly adds to the latency of the script.
-if not TESTING:
-    secret_manager = get_secrets_manager()
+SECRET_MANAGER = get_secrets_manager(TESTING)
 
 
 def _get_storage_client() -> storage.Client:
+    global STORAGE_CLIENT
+    if STORAGE_CLIENT is None:
+        logger.debug("Getting local client")
+        if os.environ.get("DEV_GOOGLE_STORAGE", None):
+            client_options = ClientOptions(
+                api_endpoint=os.environ.get("DEV_GOOGLE_STORAGE")
+            )
+            credentials = Credentials.from_service_account_info(
+                json.loads(SECRET_MANAGER.get("APP_ENGINE_CREDENTIALS"))
+            )
+            STORAGE_CLIENT = storage.Client(
+                client_options=client_options, credentials=credentials
+            )
+            logger.debug(f"Local client set to {STORAGE_CLIENT}")
+            return STORAGE_CLIENT
+
+        return _get_storage_client2()
+
+    return STORAGE_CLIENT
+
+
+def _get_storage_client2() -> storage.Client:
     """
     the project which the client acts on behalf of falls back to the default inferred from the environment
     see: https://googleapis.dev/python/storage/latest/client.html#google.cloud.storage.client.Client
 
     directly providing service account credentials for signing in get_signed_url() below
     """
-    global _storage_client
-    if _storage_client is None:
+    global STORAGE_CLIENT
+    if STORAGE_CLIENT is None:
         credentials = Credentials.from_service_account_info(
-            json.loads(secret_manager.get(environ.get("APP_ENGINE_CREDENTIALS_ID")))
+            json.loads(SECRET_MANAGER.get(environ.get("APP_ENGINE_CREDENTIALS_ID")))
         )
-        _storage_client = storage.Client(credentials=credentials)
-    return _storage_client
+        # client_options = ClientOptions(api_endpoint=os.environ.get("DEV_GOOGLE_STORAGE"))
+        # STORAGE_CLIENT = storage.Client(client_options=client_options, credentials=credentials)
+        STORAGE_CLIENT = storage.Client(credentials=credentials)
+    return STORAGE_CLIENT
 
 
 def _get_crm_service() -> googleapiclient.discovery.Resource:
     """
     Initializes a Cloud Resource Manager service.
     """
-    global _crm_service
-    if _crm_service is None:
+    global CRM_SERVICE
+    if CRM_SERVICE is None:
         credentials = Credentials.from_service_account_info(
-            json.loads(secret_manager.get(environ.get("APP_ENGINE_CREDENTIALS_ID")))
+            json.loads(SECRET_MANAGER.get(environ.get("APP_ENGINE_CREDENTIALS_ID")))
         )
-        _crm_service = googleapiclient.discovery.build(
+        CRM_SERVICE = googleapiclient.discovery.build(
             "cloudresourcemanager", "v1", credentials=credentials
         )
-    return _crm_service
+    return CRM_SERVICE
 
 
 def _get_bucket(bucket_name: str) -> storage.Bucket:
     """
     Get the bucket with name `bucket_name` from GCS.
-    This does not make an HTTP request; it simply instantiates a bucket object owned by _storage_client.
+    This does not make an HTTP request; it simply instantiates a bucket object owned by STORAGE_CLIENT.
     see: https://googleapis.dev/python/storage/latest/client.html#google.cloud.storage.client.Client.bucket
     """
     storage_client = _get_storage_client()
@@ -134,24 +162,26 @@ def _get_bigquery_dataset(dataset_id: str) -> bigquery.Dataset:
     Get the bigquery dataset with the id 'dataset_id'.
     makes an API request to pull this with the bigquery client
     """
-    global _bigquery_client
-    if _bigquery_client is None:
+    global BIGQUERY_CLIENT
+    if BIGQUERY_CLIENT is None:
         credentials = Credentials.from_service_account_info(
-            json.loads(secret_manager.get(environ.get("APP_ENGINE_CREDENTIALS_ID")))
+            json.loads(SECRET_MANAGER.get(environ.get("APP_ENGINE_CREDENTIALS_ID")))
         )
-        _bigquery_client = bigquery.Client(credentials=credentials)
+        # client_options = ClientOptions(api_endpoint=os.environ.get("DEV_GOOGLE_BIGQUERY"))
+        # BIGQUERY_CLIENT = bigquery.Client(client_options=client_options, credentials=credentials)
+        BIGQUERY_CLIENT = bigquery.Client(credentials=credentials)
 
-    dataset = _bigquery_client.get_dataset(dataset_id)  # Make an API request.
+    dataset = BIGQUERY_CLIENT.get_dataset(dataset_id)  # Make an API request.
 
     return dataset
 
 
-_xlsx_gcs_uri_format = (
+XLSX_GCS_URI_FORMAT = (
     "{trial_id}/xlsx/{template_category}/{template_type}/{upload_moment}.xlsx"
 )
 
 
-_pseudo_blob = namedtuple(
+PseudoBblob = namedtuple(
     "_pseudo_blob", ["name", "size", "md5_hash", "crc32c", "time_created"]
 )
 
@@ -172,7 +202,7 @@ def upload_xlsx_to_gcs(
     Returns:
         arg1: GCS blob object
     """
-    blob_name = _xlsx_gcs_uri_format.format(
+    blob_name = XLSX_GCS_URI_FORMAT.format(
         trial_id=trial_id,
         template_category=template_category,
         template_type=template_type,
@@ -183,7 +213,7 @@ def upload_xlsx_to_gcs(
         logger.info(
             f"Would've saved {blob_name} to {GOOGLE_UPLOAD_BUCKET} and {GOOGLE_ACL_DATA_BUCKET}"
         )
-        return _pseudo_blob(
+        return PseudoBblob(
             blob_name, 0, "_pseudo_md5_hash", "_pseudo_crc32c", upload_moment
         )
 
@@ -382,7 +412,7 @@ def get_blob_names(
         blob_list.extend(
             storage_client.list_blobs(GOOGLE_ACL_DATA_BUCKET, prefix=prefix)
         )
-    return set([blob.name for blob in blob_list])
+    return {blob.name for blob in blob_list}
 
 
 def grant_download_access_to_blob_names(
@@ -524,14 +554,11 @@ def _build_trial_upload_prefixes(
     if not trial_id:
         from ..models.models import TrialMetadata
 
-        trial_set = set(
-            [
-                str(t.trial_id)
-                for t in session.query(TrialMetadata).add_columns(
-                    TrialMetadata.trial_id
-                )
-            ]
-        )
+        trial_set = {
+            str(t.trial_id)
+            for t in session.query(TrialMetadata).add_columns(TrialMetadata.trial_id)
+        }
+
     else:
         trial_set = set([trial_id])
 
@@ -626,7 +653,7 @@ def grant_bigquery_iam_access(policy: Policy, user_emails: List[str]) -> None:
 
     # try to set the new policy with edits
     try:
-        _crm_service.projects().setIamPolicy(
+        CRM_SERVICE.projects().setIamPolicy(
             resource=GOOGLE_CLOUD_PROJECT,
             body={
                 "policy": policy,
@@ -649,7 +676,7 @@ def grant_bigquery_iam_access(policy: Policy, user_emails: List[str]) -> None:
             )
         )
     dataset.access_entries = entries
-    _bigquery_client.update_dataset(dataset, ["access_entries"])  # Make an API request.
+    BIGQUERY_CLIENT.update_dataset(dataset, ["access_entries"])  # Make an API request.
 
 
 # Arbitrary upper bound on the number of GCS IAM bindings we expect a user to have for uploads
@@ -689,15 +716,21 @@ def revoke_bigquery_iam_access(policy: Policy, user_email: str) -> None:
     """
     # find and remove user on binding
     binding = next(
-        b for b in policy["bindings"] if b["role"] == GOOGLE_BIGQUERY_USER_ROLE
+        (b for b in policy["bindings"] if b["role"] == GOOGLE_BIGQUERY_USER_ROLE), None
     )
+    if not binding:
+        logger.warning(
+            "Expected at least 1 user to have a bigquery jobUser role, but 0 found."
+        )
+        return
+
     if "members" in binding and user_member(user_email) in binding["members"]:
         binding["members"].remove(user_member(user_email))
 
     # try update of the policy
     try:
         policy = (
-            _crm_service.projects()
+            CRM_SERVICE.projects()
             .setIamPolicy(
                 resource=GOOGLE_CLOUD_PROJECT,
                 body={
@@ -719,14 +752,15 @@ def revoke_bigquery_iam_access(policy: Policy, user_email: str) -> None:
         entry for entry in entries if entry.entity_id != user_email
     ]
 
-    dataset = _bigquery_client.update_dataset(
+    dataset = BIGQUERY_CLIENT.update_dataset(
         dataset,
         # Update just the `access_entries` property of the dataset.
         ["access_entries"],
     )  # Make an API request.
 
 
-user_member = lambda email: f"user:{email}"
+def user_member(email):
+    return f"user:{email}"
 
 
 def _build_storage_iam_binding(
@@ -812,6 +846,8 @@ def _find_and_pop_storage_iam_binding(
     return binding
 
 
+# object_url          | essex_test/xlsx/assays/wes_bam/2023-04-18T16:33:03.735217.xlsx
+# http://localhost:4443/storage/v1/b/essex-data-staging-acl/o/essex_test%2Fxlsx%2Fassays%2Fwes_bam%2F2023-04-18T16%3A33%3A03.735217.xlsx?Expires=1683748504&GoogleAccessId=commanding-hawk-348012%40appspot.gserviceaccount.com&Signature=nBKeq%2BlOCYrCKqxXgiKP2hnLqOerrl5lTdGYfaFQPgkyJeRzHOk42R25L31X%2FKgR8t%2FHzqfpzQJzsW65kXDK59ZEhDs1TAS23gCUXHQMZImScU7yXWr%2FXTM4iVXNfDi%2Fq592v%2BTpnDowjnG21ixWRLt3oBep39trkAXL%2FOK%2Fe21fJHQvxNo%2F%2BMPGYUcU5oWJqdh1pS55IAZbLfhvcvUJQBSn0B0tWOSahncC9iLtaipBAMGA%2F3vjNUzUTuL2i0ED%2F7rkWrWPPaFaF6c0bTvpfF23hjNXzaH3CEq2a5ozvXAR2ltaDf7zgxxpwtC5XLKnjnc%2F%2BIIVsFnRdFzZGFTToA%3D%3D&response-content-disposition=attachment%3B+filename%3D%22_storage_v1_b_essex_test_xlsx_assays_wes_bam_2023-04-18T16%3A33%3A03.735217.xlsx%22
 def get_signed_url(
     object_name: str,
     bucket_name: str = GOOGLE_ACL_DATA_BUCKET,
@@ -825,17 +861,24 @@ def get_signed_url(
     https://cloud.google.com/storage/docs/access-control/signing-urls-with-helpers
     """
     storage_client = _get_storage_client()
+    logger.info(storage_client)
     bucket = storage_client.get_bucket(bucket_name)
     blob = bucket.blob(object_name)
 
     # Generate the signed URL, allowing a client to use `method` for `expiry_mins` minutes
     expiration = datetime.timedelta(minutes=expiry_mins)
     full_filename = object_name.replace("/", "_").replace('"', "_").replace(" ", "_")
+    other_kwargs = {}
+    if os.environ.get("DEV_GOOGLE_STORAGE", None):
+        other_kwargs["api_access_endpoint"] = (
+            os.environ.get("DEV_GOOGLE_STORAGE") or ""
+        ) + (os.environ.get("DEV_GOOGLE_STORAGE_PATH") or "")
     url = blob.generate_signed_url(
         version="v2",
         expiration=expiration,
         method=method,
         response_disposition=f'attachment; filename="{full_filename}"',
+        **other_kwargs,
     )
     logger.info(f"generated signed URL for {object_name}: {url}")
 
@@ -854,26 +897,28 @@ def _encode_and_publish(content: str, topic: str) -> Future:
             logger.info(
                 f"Publishing message {content!r} to topic {DEV_CFUNCTIONS_SERVER}/{topic}"
             )
-            import base64
 
             bdata = base64.b64encode(content.encode("utf-8"))
             try:
                 res = requests.post(
-                    f"{DEV_CFUNCTIONS_SERVER}/{topic}", data={"data": bdata}
+                    f"{DEV_CFUNCTIONS_SERVER}/{topic}",
+                    data={"data": bdata},
+                    timeout=TIMEOUT_IN_SECONDS,
                 )
             except Exception as e:
                 raise Exception(
                     f"Couldn't publish message {content!r} to topic {DEV_CFUNCTIONS_SERVER}/{topic}"
                 ) from e
-            else:
-                logger.info(f"Got {res}")
-                if res.status_code != 200:
-                    raise Exception(
-                        f"Couldn't publish message {content!r} to {DEV_CFUNCTIONS_SERVER}/{topic}: {res!r}"
-                    )
+
+            logger.info(f"Got {res}")
+            if res.status_code != 200:
+                raise Exception(
+                    f"Couldn't publish message {content!r} to {DEV_CFUNCTIONS_SERVER}/{topic}: {res!r}"
+                )
+
         else:
             logger.info(f"Would've published message {content} to topic {topic}")
-        return
+        return None
 
     # The Pub/Sub publisher client returns a concurrent.futures.Future
     # containing info about whether the publishing was successful.
@@ -922,7 +967,7 @@ def send_email(to_emails: List[str], subject: str, html_content: str, **kw) -> N
 
     logger.info(f"({ENV}) Sending email to {to_emails} with subject {subject}")
     email_json = json.dumps(
-        dict(to_emails=to_emails, subject=subject, html_content=html_content, **kw)
+        {"to_emails": to_emails, "subject": subject, "html_content": html_content, **kw}
     )
 
     report = _encode_and_publish(email_json, GOOGLE_EMAILS_TOPIC)

cidc_api/shared/rest_utils.py

@@ -1,4 +1,5 @@
 """Shared utility functions for building CIDC API resource endpoints."""
+
 from functools import wraps
 from typing import Optional, Callable, Union
 
@@ -6,6 +7,7 @@ from flask import request, jsonify
 from webargs import fields
 from webargs.flaskparser import use_args
 from marshmallow import validate
+from marshmallow.exceptions import ValidationError
 from werkzeug.exceptions import (
     PreconditionRequired,
     PreconditionFailed,
@@ -13,7 +15,6 @@ from werkzeug.exceptions import (
     BadRequest,
     UnprocessableEntity,
 )
-from marshmallow.exceptions import ValidationError
 
 from ..models import BaseModel, BaseSchema, ValidationMultiError
 
@@ -48,11 +49,11 @@ def unmarshal_request(schema: BaseSchema, kwarg_name: str, load_sqla: bool = Tru
                 loaded_instance.validate()
             # The many ways that validation errors might get raised...
             except ValueError as e:
-                raise UnprocessableEntity(str(e))
+                raise UnprocessableEntity(str(e)) from e
             except ValidationError as e:
-                raise UnprocessableEntity(e.messages)
+                raise UnprocessableEntity(e.messages) from e
             except ValidationMultiError as e:
-                raise UnprocessableEntity({"errors": e.args[0]})
+                raise UnprocessableEntity({"errors": e.args[0]}) from e
 
             kwargs[kwarg_name] = body
 
@@ -186,7 +187,7 @@ def use_args_with_pagination(argmap: dict, model_schema: BaseSchema):
         return {k: v for k, v in args.items() if k in argmap.keys()}
 
     def get_pagination_args(args: dict):
-        return {k: v for k, v in args.items() if k in pagination_argmap.keys()}
+        return {k: v for k, v in args.items() if k in pagination_argmap}
 
     def decorator(endpoint):
         @wraps(endpoint)

{nci_cidc_api_modules-1.0.0rc0.dist-info → nci_cidc_api_modules-1.0.1.dist-info}/METADATA

@@ -1,10 +1,10 @@
 Metadata-Version: 2.1
-Name: nci-cidc-api-modules
-Version: 1.0.0rc0
+Name: nci_cidc_api_modules
+Version: 1.0.1
 Summary: SQLAlchemy data models and configuration tools used in the NCI CIDC API
 Home-page: https://github.com/NCI-CIDC/cidc-api-gae
 License: MIT license
-Requires-Python: >=3.6
+Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: werkzeug ==2.0.3
@@ -23,7 +23,7 @@ Requires-Dist: pandas <2,>=1
 Requires-Dist: python-dotenv ==0.10.3
 Requires-Dist: requests ==2.22.0
 Requires-Dist: jinja2 ~=3.0.3
-Requires-Dist: nci-cidc-schemas ~=0.26.23
+Requires-Dist: nci-cidc-schemas ~=0.26.28
 
 # NCI CIDC API <!-- omit in TOC -->
 
@@ -44,10 +44,11 @@ The next generation of the CIDC API, reworked to use Google Cloud-managed servic
   - [Deploying by hand](#deploying-by-hand)
 - [Connecting to the API](#connecting-to-the-api)
 - [Provisioning the system from scratch](#provisioning-the-system-from-scratch)
+- [Docker Compose](#setting-up-docker-compose)
 
 ## Install Python dependencies
 
-Python versions tested include 3.7, 3.8, and 3.9. The current App Engine is using version 3.7 (see [app.prod.yaml](./app.prod.yaml)). You can use https://github.com/pyenv/pyenv to manage your python versions. Homebrew will also work, but you will have to be specific when you install packages with pip outside of virtual environments. On that note, it is recommended that you install your python dependencies in an isolated environment. For example,
+Python versions tested include 3.9 and 3.10. The current App Engine is using version 3.9 (see [app.prod.yaml](./app.prod.yaml)). You can use https://github.com/pyenv/pyenv to manage your python versions. Homebrew will also work, but you will have to be specific when you install packages with pip outside of virtual environments. On that note, it is recommended that you install your python dependencies in an isolated environment. For example,
 
 ```bash
 # make a virtual environment in the current direcory called "venv"
@@ -301,6 +302,33 @@ To connect to the production API locally, follow the same procedure, but instead
 
 For an overview of how to set up the CIDC API service from scratch, see the step-by-step guide in `PROVISION.md`.
 
+## Setting up Docker Compose
+
+If you would like to run this project as a docker container.  We have dockerized the cidc-api-gae and cidc-ui so that you don't have to install all the requirements above.  Included in the docker-compose file are postgres:14 with data and test user login, bigquery-emulator, fake-gcs-server with buckets and data to match postgres, and gcs-oauth2-emulator to generate faked presigned urls.
+
+**_NOTE:_** You must have docker installed and have this repository and cidc-ui in the same directory (~/git/cidc/cidc-ui and ~/git/cidc/cidc-api-gae), or you can download each and build the image with the command `docker build .`
+
+**_NOTE:_** Having issues with the cidc-ui docker container. You'll have to start that manually using the instructions in the repo.
+
+**_NOTE:_** You can't use Docker while simultaneously running your NIH VPN. This is due to a quirk with self-hosting a google secrets bucket. More work is required to make the docker containers work while the VPN is on.
+
+This repo has hot code reloading. However, you will need to build the image again if there is an update to python libraries. Make sure you don't use a cached image when rebuilding.
+
+Make sure you add this line to your /etc/hosts file: ```127.0.0.1       host.docker.internal```
+
+To run everything simply run the following commands:
+```bash
+vim .env # uncomment the docker section in the .env file.  Comment out any overlaping variable defintions(POSTGRES)
+cp ~/.config/gcloud/application_default_credentials.json .
+cd docker
+docker compose up
+```
+**_NOTE:_** You still need to install and signin to gcloud CLI. The application_default_credentials.json should be under the cidc-api-gae directory next to the Dockerfile. We have mocked most of the connection points to GCP but at startup it still checks for a valid user account. This is very similar behavior to aws's localstack. It requires a realistic token at the start even though it doesn't make connections to aws.
+
+**_TODO:_** The application_default_credentials.json I think could be faked and pointed to the gcs-oauth2-emulator for startup.  In this case a gcloud cli wouldnt be needed at all and a faked application_default_credentials.json could be uploaded under the docker folder.
+
+
+
 ## JIRA Integration
 
 To set-up the git hook for JIRA integration, run:

nci_cidc_api_modules-1.0.1.dist-info/RECORD

@@ -0,0 +1,25 @@
+cidc_api/config/__init__.py,sha256=5kcMGor07TrBm6e_UW6CCVnJu5wJ-8QX8X9ZRmeuPKA,147
+cidc_api/config/db.py,sha256=ayeeNV-sV20hGoFyMMTMncI2V-FI9lVN3JV-Lmpr3xI,1981
+cidc_api/config/logging.py,sha256=gJ2TGgQVREng4Hv0phlCCkQai7HhumKYjJxubpxS6Q0,1090
+cidc_api/config/secrets.py,sha256=2DXeew1Pm0lnf2SLuo8wW5c5kOJp2WrhjflxZGsY_Ng,1505
+cidc_api/config/settings.py,sha256=Ua6UpiQu9l1ZD-YlmpaWuQOv9tPyYLxWFLC2DEJdAyQ,4044
+cidc_api/csms/__init__.py,sha256=eJkY6rWNOAUBmSd4G1_U6h7i472druKEtBdVmgFZVPg,20
+cidc_api/csms/auth.py,sha256=25Yma2Kz3KLENAPSeBYacFuSZXng-EDgmgInKBsRyP0,3191
+cidc_api/models/__init__.py,sha256=bl445G8Zic9YbhZ8ZBni07wtBMhLJRMBA-JqjLxx2bw,66
+cidc_api/models/csms_api.py,sha256=Wp4b53vwOqSlOIaoAYGlI1p8ZfXRXmVJ6MLcsvzq0LA,31664
+cidc_api/models/migrations.py,sha256=gp9vtkYbA9FFy2s-7woelAmsvQbJ41LO2_DY-YkFIrQ,11464
+cidc_api/models/models.py,sha256=AYt0rIzaeQ0HHlTSeerbTpYwMJwqt93aadOuFLLEqBA,120820
+cidc_api/models/schemas.py,sha256=7tDYtmULuzTt2kg7RorWhte06ffalgpQKrFiDRGcPEQ,2711
+cidc_api/models/files/__init__.py,sha256=8BMTnUSHzUbz0lBeEQY6NvApxDD3GMWMduoVMos2g4Y,213
+cidc_api/models/files/details.py,sha256=eg1u8uZwtxb0m9mFobcTL_mnPBMq1MPZv3NN3KWMGOI,62309
+cidc_api/models/files/facets.py,sha256=5xI5eM1J0Uc97W0-MvAPSRRN-2Hs2xb_AIupliJRMJU,29172
+cidc_api/shared/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+cidc_api/shared/auth.py,sha256=VMd_3QJE2iG16QxuGzHBV9MzJJItOZNn9gcw0_iUBLI,11647
+cidc_api/shared/emails.py,sha256=AhSp2hxWyuMpe21pERuQwrAEy0yCfy3rvSygDNKtgdc,4820
+cidc_api/shared/gcloud_client.py,sha256=7dDs0crLMJKdIp4IDSfrZBMB3h-zvWNieB81azoeLO4,33746
+cidc_api/shared/rest_utils.py,sha256=LMfBpvJRjkfQjCzVXuhTTe4Foz4wlvaKg6QntyR-Hkc,6648
+nci_cidc_api_modules-1.0.1.dist-info/LICENSE,sha256=pNYWVTHaYonnmJyplmeAp7tQAjosmDpAWjb34jjv7Xs,1102
+nci_cidc_api_modules-1.0.1.dist-info/METADATA,sha256=rhlYaotiiwG6djDCZaSq5GT9CcE_2YVlHs_gnSd9tgY,40275
+nci_cidc_api_modules-1.0.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+nci_cidc_api_modules-1.0.1.dist-info/top_level.txt,sha256=rNiRzL0lJGi5Q9tY9uSoMdTbJ-7u5c_D2E86KA94yRA,9
+nci_cidc_api_modules-1.0.1.dist-info/RECORD,,

{nci_cidc_api_modules-1.0.0rc0.dist-info → nci_cidc_api_modules-1.0.1.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.41.2)
+Generator: bdist_wheel (0.43.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

nci_cidc_api_modules-1.0.0rc0.dist-info/RECORD

@@ -1,25 +0,0 @@
-cidc_api/config/__init__.py,sha256=5kcMGor07TrBm6e_UW6CCVnJu5wJ-8QX8X9ZRmeuPKA,147
-cidc_api/config/db.py,sha256=cw0wTfcak_FyAKZE8oKVYLVkph644Lv-_MAbYutGV44,1978
-cidc_api/config/logging.py,sha256=gJ2TGgQVREng4Hv0phlCCkQai7HhumKYjJxubpxS6Q0,1090
-cidc_api/config/secrets.py,sha256=DlloiKiy420WJO250SfKs_-T0wKYPbgdwyPncP5MGLY,1518
-cidc_api/config/settings.py,sha256=GyeGDCj1tt61u4fbhomPIDq_fiamRMIT6dQPY1ufl-w,4076
-cidc_api/csms/__init__.py,sha256=eJkY6rWNOAUBmSd4G1_U6h7i472druKEtBdVmgFZVPg,20
-cidc_api/csms/auth.py,sha256=upJ52PX-u1KD4I0-Hy4JptCp_cp6qgs_ZMXPxqfeVI0,3071
-cidc_api/models/__init__.py,sha256=bl445G8Zic9YbhZ8ZBni07wtBMhLJRMBA-JqjLxx2bw,66
-cidc_api/models/csms_api.py,sha256=ubT-1Z5ajh5slAZ1jUvY8_0xKKl-7AVMwpQy0QT08eU,31379
-cidc_api/models/migrations.py,sha256=Z2ycc-0XWdOnfDmCPFNXdg0lHLL8sDLIlhJHiEeYrv8,11292
-cidc_api/models/models.py,sha256=hs6zrrEcLID_pI-Ue78B5HPFbWa3w680JO9O8BrPTYI,100057
-cidc_api/models/schemas.py,sha256=7tDYtmULuzTt2kg7RorWhte06ffalgpQKrFiDRGcPEQ,2711
-cidc_api/models/files/__init__.py,sha256=8BMTnUSHzUbz0lBeEQY6NvApxDD3GMWMduoVMos2g4Y,213
-cidc_api/models/files/details.py,sha256=AP0EeMj9E9dzlafPToNCIeM4Ia851lv4bz9fUioTr8s,63004
-cidc_api/models/files/facets.py,sha256=FVVWDVR0bMX7TvZ9sTelWTeKaLhBP1oYcim_2iVx9e8,28653
-cidc_api/shared/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cidc_api/shared/auth.py,sha256=KOmakviByttH4b3yFw0zmcjciA-245AWabz8qatIcRQ,11475
-cidc_api/shared/emails.py,sha256=AhSp2hxWyuMpe21pERuQwrAEy0yCfy3rvSygDNKtgdc,4820
-cidc_api/shared/gcloud_client.py,sha256=v1QKFym1uX1FM5wuM2AyQZKZ0mA7CUnszm06pX-XHDo,31194
-cidc_api/shared/rest_utils.py,sha256=MCUypPmOOHKQR-vThkSMj8Fe8m_lZmv85jViCxZgGPE,6633
-nci_cidc_api_modules-1.0.0rc0.dist-info/LICENSE,sha256=pNYWVTHaYonnmJyplmeAp7tQAjosmDpAWjb34jjv7Xs,1102
-nci_cidc_api_modules-1.0.0rc0.dist-info/METADATA,sha256=JHO1daZNVK3D6UgZll7UHu8ROVVPUCeTWQxVad-Bp-s,37983
-nci_cidc_api_modules-1.0.0rc0.dist-info/WHEEL,sha256=yQN5g4mg4AybRjkgi-9yy4iQEFibGQmlz78Pik5Or-A,92
-nci_cidc_api_modules-1.0.0rc0.dist-info/top_level.txt,sha256=rNiRzL0lJGi5Q9tY9uSoMdTbJ-7u5c_D2E86KA94yRA,9
-nci_cidc_api_modules-1.0.0rc0.dist-info/RECORD,,