Comments (2)
The problem is that there are no securitySchemes
defined in the (pro)TES specification, neither are they applied globally or to individual operations (see steps 1 and 2 here: https://swagger.io/docs/specification/authentication/)
Now, ideally we should be able to add these through the app config via FOCA. So, e.g., by specifying the following API configuration, we should get what we need:
api:
specs:
- path:
- api/9e9c5aa.task_execution_service.openapi.yaml
- api/additional_logs.yaml
add_operation_fields:
x-openapi-router-controller: ga4gh.tes.server
security:
- bearerAuth: []
add_security_fields:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
x-bearerInfoFunc: foca.security.auth.validate_token
However, we can currently only add fields to existing operations and security definitions. Therefore, add the security
properties to each operation works well with the above example, but adding securitySchemes
when there isn't already one defined, does not work with the current implementation in FOCA (link to code):
if not spec.disable_auth and spec.add_security_fields is not None:
for key, val in spec.add_security_fields.items():
# OpenAPI 2
sec_defs = spec_parsed.get('securityDefinitions', {})
for sec_def in sec_defs.values():
sec_def[key] = val
# OpenAPI 3
sec_schemes = spec_parsed.get(
'components', {'securitySchemes': {}}
).get('securitySchemes', {}) # type: ignore
for sec_scheme in sec_schemes.values():
sec_scheme[key] = val
logger.debug(f"Added security fields: {spec.add_security_fields}")
Therefore, without changing the implementation in FOCA, we need to add an additional, partial OpenAPI file, e.g., api/security_schemes.yaml
, with the following content:
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
And then use the following FOCA API configuration:
api:
specs:
- path:
- api/9e9c5aa.task_execution_service.openapi.yaml
- api/additional_logs.yaml
- api/security_schemes.yaml
add_operation_fields:
x-openapi-router-controller: ga4gh.tes.server
security:
- bearerAuth: []
add_security_fields:
x-bearerInfoFunc: foca.security.auth.validate_token
I suggest that we commit the api/security_schemes.yaml
file and configuration changes to version control. I will raise a PR.
from protes.
Closed by #163
from protes.
Related Issues (20)
- Enforce immutability for incoming task document HOT 3
- Error handling issues in calculate_distance function of distance-based task distribution module
- test: unit test for tasks module HOT 1
- ignore Funnel basic credential if task submitted to TESK HOT 2
- Add Access Control
- Tasks with inputs without URLs fail HOT 1
- Report and publish code coverage
- Fetch available TES instances dynamically
- Write models for custom config validation
- Next page cursor loop
- build: exclude Connexion >3
- fix: unit tests HOT 3
- Middleware for Crypt4GH Support HOT 1
- Update Mongo image version
- fix: infinite loop with jsonschema>3.2.0 HOT 1
- build: upgrade gunicorn
- fix: Getting list of tasks not working without name prefix
- fix: add ignore_error executor field HOT 2
- fix: Handle None Values Correctly in List Task Endpoint Query Filter
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from protes.