tools, env-generator: allow configuration of PARAMS_ENCODING_ENABLED

rucio · Nov 12, 2024 · 9d7db73 · 9d7db73
1 parent dafd58b
commit 9d7db73
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 13 deletions.
diff --git a/tools/env-generator/.env.template b/tools/env-generator/.env.template
@@ -5,6 +5,8 @@ export RUCIO_WEBUI_ENABLE_SSL="false"
 # SERVER_CA_BUNDLE is required if you are have enabled SSL. This CA bundle should verify the SSL certificate of the Rucio server.
 # export RUCIO_WEBUI_SERVER_CA_BUNDLE="/path/to/ca-bundle.pem"
 export RUCIO_WEBUI_PROJECT_URL="https://atlas.cern/"
+# PARAMS_ENCODING_ENABLED must be set to true if your policy schema for DIDs includes special characters like slashes (/) or plus (+).
+export RUCIO_WEBUI_PARAMS_ENCODING_ENABLED="false"
 
 export RUCIO_WEBUI_MULTIVO_ENABLED="true"
 export RUCIO_WEBUI_VO_DEFAULT="def"

diff --git a/tools/env-generator/README.md b/tools/env-generator/README.md
@@ -12,19 +12,24 @@ cp .env.template .env.base
 
 2. Edit the `.env.base` file and add the required environment variables. All the variables **MUST** be prefixed with ` RUCIO*WEBUI*`` The variables should be added in the following format: `export RUCIO*WEBUI*<VARIABLE_NAME>=<VARIABLE_VALUE>`
 
-| Variable Name    | Full Name                    | Description                                                                                | Example                        | Default |
-| ---------------- | ---------------------------- | ------------------------------------------------------------------------------------------ | ------------------------------ | ------- |
-| RUCIO_HOST       | RUCIO_WEBUI_RUCIO_HOST       | URL for the Rucio Server                                                                   | https://rucio-lb-prod.cern.ch  |         |
-| RUCIO_AUTH_HOST  | RUCIO_WEBUI_RUCIO_AUTH_HOST  | URL for the Rucio authentication server                                                    | https://rucio-auth-host.ch:443 |         |
-| HOSTNAME         | RUCIO_WEBUI_HOSTNAME         | Public HOSTNAME at which Rucio WebUI will be accessible. It may include port number.       | rucio-ui.cern.ch               |         |
-| ENABLE_SSL       | RUCIO_WEBUI_ENABLE_SSL       | Enable or Disable TLS Termination (true or false)                                          | true                           | false   |
-| SERVER_CA_BUNDLE | RUCIO_WEBUI_SERVER_CA_BUNDLE | Path to the CA bundle file that can verify Rucio Server certificate. If ENABLE_SSL is set. | /path/to/ca-bundle.pem         |         |
-| PROJECT_URL      | RUCIO_WEBUI_PROJECT_URL      | Public URL for your project                                                                | https://atlas.cern.ch          |         |
-| VO_DEFAULT       | RUCIO_WEBUI_VO_DEFAULT       | Short name for the default VO used for authentication                                      | def                            | def     |
-| VO_LIST          | RUCIO_WEBUI_VO_LIST          | CSV string containing the list of supported VOs                                            | def, atl, cms                  | def     |
-| MULTIVO_ENABLED  | RUCIO_WEBUI_MULTIVO_ENABLED  | Whether to enable multi-VO config (true or false)                                          | true                           |         |
-| OIDC_ENABLED     | RUCIO_WEBUI_OIDC_ENABLED     | Enable or Disable OIDC Authentication (true or false)                                      | true                           |         |
-| OIDC_PROVIDERS   | RUCIO_WEBUI_OIDC_PROVIDERS   | CSV string containing names of OIDC Providers                                              | cern, indigo                   |         |
+**NOTE** In order to support DID schemas that use special characters like "/", a new configuration option has been added to the new webui to enable or disable this functionality.
+In cases where DID schemas use any such special characters, the Apache configuration of the Rucio Server most likely uses `AllowEncodedSlashes` or `AllowEncode` directives.
+The `PARAMS_ENCODING_ENABLED` in the helm chart config of the Rucio WebUI tells the webui to encode the URI parameters when requests are sent out to the rucio server.
+
+| Variable Name           | Full Name                           | Description                                                                                | Example                        | Default |
+| ----------------------- | ----------------------------------- | ------------------------------------------------------------------------------------------ | ------------------------------ | ------- |
+| RUCIO_HOST              | RUCIO_WEBUI_RUCIO_HOST              | URL for the Rucio Server                                                                   | https://rucio-lb-prod.cern.ch  |         |
+| RUCIO_AUTH_HOST         | RUCIO_WEBUI_RUCIO_AUTH_HOST         | URL for the Rucio authentication server                                                    | https://rucio-auth-host.ch:443 |         |
+| PARAMS_ENCODING_ENABLED | RUCIO_WEBUI_PARAMS_ENCODING_ENABLED | If your DID schema has special characters like  '/' or '+' in the name, set this to true.  | true                           | false   |
+| HOSTNAME                | RUCIO_WEBUI_HOSTNAME                | Public HOSTNAME at which Rucio WebUI will be accessible. It may include port number.       | rucio-ui.cern.ch               |         |
+| ENABLE_SSL              | RUCIO_WEBUI_ENABLE_SSL              | Enable or Disable TLS Termination (true or false)                                          | true                           | false   |
+| SERVER_CA_BUNDLE        | RUCIO_WEBUI_SERVER_CA_BUNDLE        | Path to the CA bundle file that can verify Rucio Server certificate. If ENABLE_SSL is set. | /path/to/ca-bundle.pem         |         |
+| PROJECT_URL             | RUCIO_WEBUI_PROJECT_URL             | Public URL for your project                                                                | https://atlas.cern.ch          |         |
+| VO_DEFAULT              | RUCIO_WEBUI_VO_DEFAULT              | Short name for the default VO used for authentication                                      | def                            | def     |
+| VO_LIST                 | RUCIO_WEBUI_VO_LIST                 | CSV string containing the list of supported VOs                                            | def, atl, cms                  | def     |
+| MULTIVO_ENABLED         | RUCIO_WEBUI_MULTIVO_ENABLED         | Whether to enable multi-VO config (true or false)                                          | true                           |         |
+| OIDC_ENABLED            | RUCIO_WEBUI_OIDC_ENABLED            | Enable or Disable OIDC Authentication (true or false)                                      | true                           |         |
+| OIDC_PROVIDERS          | RUCIO_WEBUI_OIDC_PROVIDERS          | CSV string containing names of OIDC Providers                                              | cern, indigo                   |         |
 
 For each `VO` specified in the `VO_LIST` variable, the additional variables need to be specified. The variables should be added in the following format:
 `export RUCIO_WEBUI_VO_<VO_SHORT_NAME>_<VARIABLE_NAME>=<VARIABLE_VALUE>`. An example for the default VO is shown below:

diff --git a/tools/env-generator/src/api/base.ts b/tools/env-generator/src/api/base.ts
@@ -62,6 +62,7 @@ export class WebUIEnvTemplateCompiler {
       'VO_DEFAULT': 'def',
       'OIDC_ENABLED': 'false',
       'ENABLE_SSL': 'false',
+      'PARAMS_ENCODING_ENABLED': 'false',
       ...this.environmentVariables,
     }
   }

diff --git a/tools/env-generator/src/templates/.env.liquid b/tools/env-generator/src/templates/.env.liquid
@@ -20,6 +20,7 @@ NODE_EXTRA_TLS_CERTS={{ context.SERVER_CA_BUNDLE }}
 [gateway]
 RUCIO_AUTH_HOST={{ context.RUCIO_AUTH_HOST }}
 RUCIO_HOST={{ context.RUCIO_HOST }}
+PARAMS_ENCODING_ENABLED={{ context.PARAMS_ENCODING_ENABLED }}
 
 [oidc]
 OIDC_ENABLED={{ context.OIDC_ENABLED }}