-
Notifications
You must be signed in to change notification settings - Fork 4
Redwood
- Backend
- dcc-storage - Most storage system functionality exposed here
- dcc-metadata - Bundle metadata tracker (maps filename/bundle/etc. to uuid/s3 key)
- dcc-auth - auth for redwood requests
- Client
Note: while dcc-metadata-indexer plays a role in the function of redwood, it is not part of dcc-ops/redwood compose setup.
The following should work on dev or prod redwood (as long as you use the right credentials--see dcc-ops/redwood/.env).
Create an accessToken for a user (granting the requested scopes):
dcc-ops/redwood/scripts/createAccessToken.sh
# see `dcc-ops/redwood/scripts/createAccessToken.sh -h` for more
List a user's (e.g. beni's) access tokens:
docker exec -it redwood-auth-server 'curl -k https://localhost:8443/users/beni/tokens -u mgmt:pass'
Revoke an accessToken (e.g. 'ae335...'):
curl -k -XDELETE https://localhost:8443/tokens/ae335944-37a6-43bb-b71c-7163eb9c2976 -u mgmt:pass
Revoke a user's (e.g. beni's) access to all scopes:
curl -k -XDELETE https://localhost:8444/admin/scope/beni -u admin:secret
For developing dcc-storage, dcc-metadata, dcc-auth, or the redwood infrastructure
Each constituent redwood server is built into a docker image from one of the above git repositories:
- redwood-storage-server is built from dcc-storage
- redwood-metadata-server is built from dcc-metadata
- redwood-auth-server is built from dcc-auth
To build one of the redwood servers, check out the corresponding git repository. Then, from the project root:
./mvnw
That builds a tar archive and docker image of the server. For example, in dcc-storage server dcc-storage-server/target/dcc-storage-server-*-dist.tar.gz and a quay.io/ucsc_cgl/redwood-storage-server:VERSION docker image will be built.
The docker image and tar archive are tagged with the the project version as defined in pom.xml.
You can remote debug the redwood servers as they run in the docker container.
To do this, exec
into the container, cd $(which dcc-storage-server)/../conf
, edit the wrapper.conf file to specify java remote debugging options (-agentlib:jdwp=transport=dt_socket,server=y,address=8000,suspend=n), and restart the java process with dcc-storage-server restart
. Similar steps work for dcc-auth and dcc-metadata.
Then check dcc-ops/redwood/dev.yml to see which host port maps to the container's port 8000 and start a remote debugging session in your ide pointing to that port.
All redwood state is stored in the configured S3 bucket, the redwood-auth-db, and the redwood-metadata-db
MongoDB instance that tracks bundle id, file id, filename, etc.
Simple connection:
$ docker exec -it redwood-metadata-db mongo dcc-metadata
Find all records for a particular bundle_id (e.g. efa...):
> db.Entity.find({gnosId:{$eq: 'efac875b-faf5-5e0d-b778-0ef411b81cad'}}).limit(10)
Access tokens and scope storage
Simple connection:
docker exec -it dcc-auth-db psql -Upostgres -d dcc
User scopes are stored in the authorities table.
select * from authorities;
OAuth Client information (id, password, scopes, etc) is stored in the oauth_client_details table.
select * from oauth_client_details;
This guide assumes the default development credentials for the different principals at play in the auth service. These prinicipals, credentials, and their definition locations are listed here.
- Postgres (dcc-auth-db)
- Database Admin User
- Username: postgres (default for postgres image)
- Password: password (POSTGRES_PASSWORD environment variable of dcc-auth-db container as defined in docker-compose.yml)
- Used for connecting to postgres
- Database Admin User
- Auth Service
- Auth Service Admin
- Username: admin (security.user.name property in dcc-auth-server/src/main/resources/application.yml)
- Password: secret (security.user.password property in dcc-auth-server/src/main/resources/application.yml)
- Used for making calls to all admin endpoints of auth-server (/admin/* endpoints)
- Auth OAuth Management Client
- Username: mgmt (defined in postgres://dcc/users:username and postgres://dcc/oauth_client_details:client_id and
- initialized via dcc-auth-db/auth-schema-postgresql.sql)
- Password: pass (defined in postgres://dcc/users:password and postgres://dcc/oauth_client_details:client_secret and
- initialized via dcc-auth-db/auth-schema-postgresql.sql)
- Used as credentials of OAuth client for making oauth calls to auth-server (/oauth/* endpoints)
- Auth Service Admin
You should follow the hubflow release process.
Once all tests pass and the code is ready for release, update the project version by running ./mvnw versions:set -DnewVersion=1.2.3
(replace '1.2.3' as appropriate). This should be committed on the release branch just before finishing the release.
Then finish the release with hubflow and update the project version to the next SNAPSHOT (e.g. ./mvnw versions:set -DnewVersion=1.2.4-SNAPSHOT
with '1.2.4' replaced as appropriate).