From 9d7db730b0cfa49dc023b361b5cbb8e56c82ceb5 Mon Sep 17 00:00:00 2001 From: maany Date: Thu, 31 Oct 2024 15:40:13 +0100 Subject: [PATCH] tools, env-generator: allow configuration of PARAMS_ENCODING_ENABLED --- tools/env-generator/.env.template | 2 ++ tools/env-generator/README.md | 31 +++++++++++-------- tools/env-generator/src/api/base.ts | 1 + tools/env-generator/src/templates/.env.liquid | 1 + 4 files changed, 22 insertions(+), 13 deletions(-) diff --git a/tools/env-generator/.env.template b/tools/env-generator/.env.template index 7898bffd4..1dcd5ff5e 100644 --- a/tools/env-generator/.env.template +++ b/tools/env-generator/.env.template @@ -5,6 +5,8 @@ export RUCIO_WEBUI_ENABLE_SSL="false" # SERVER_CA_BUNDLE is required if you are have enabled SSL. This CA bundle should verify the SSL certificate of the Rucio server. # export RUCIO_WEBUI_SERVER_CA_BUNDLE="/path/to/ca-bundle.pem" export RUCIO_WEBUI_PROJECT_URL="https://atlas.cern/" +# PARAMS_ENCODING_ENABLED must be set to true if your policy schema for DIDs includes special characters like slashes (/) or plus (+). +export RUCIO_WEBUI_PARAMS_ENCODING_ENABLED="false" export RUCIO_WEBUI_MULTIVO_ENABLED="true" export RUCIO_WEBUI_VO_DEFAULT="def" diff --git a/tools/env-generator/README.md b/tools/env-generator/README.md index 09e379533..e6202143d 100644 --- a/tools/env-generator/README.md +++ b/tools/env-generator/README.md @@ -12,19 +12,24 @@ cp .env.template .env.base 2. Edit the `.env.base` file and add the required environment variables. All the variables **MUST** be prefixed with ` RUCIO*WEBUI*`` The variables should be added in the following format: `export RUCIO*WEBUI*=` -| Variable Name | Full Name | Description | Example | Default | -| ---------------- | ---------------------------- | ------------------------------------------------------------------------------------------ | ------------------------------ | ------- | -| RUCIO_HOST | RUCIO_WEBUI_RUCIO_HOST | URL for the Rucio Server | https://rucio-lb-prod.cern.ch | | -| RUCIO_AUTH_HOST | RUCIO_WEBUI_RUCIO_AUTH_HOST | URL for the Rucio authentication server | https://rucio-auth-host.ch:443 | | -| HOSTNAME | RUCIO_WEBUI_HOSTNAME | Public HOSTNAME at which Rucio WebUI will be accessible. It may include port number. | rucio-ui.cern.ch | | -| ENABLE_SSL | RUCIO_WEBUI_ENABLE_SSL | Enable or Disable TLS Termination (true or false) | true | false | -| SERVER_CA_BUNDLE | RUCIO_WEBUI_SERVER_CA_BUNDLE | Path to the CA bundle file that can verify Rucio Server certificate. If ENABLE_SSL is set. | /path/to/ca-bundle.pem | | -| PROJECT_URL | RUCIO_WEBUI_PROJECT_URL | Public URL for your project | https://atlas.cern.ch | | -| VO_DEFAULT | RUCIO_WEBUI_VO_DEFAULT | Short name for the default VO used for authentication | def | def | -| VO_LIST | RUCIO_WEBUI_VO_LIST | CSV string containing the list of supported VOs | def, atl, cms | def | -| MULTIVO_ENABLED | RUCIO_WEBUI_MULTIVO_ENABLED | Whether to enable multi-VO config (true or false) | true | | -| OIDC_ENABLED | RUCIO_WEBUI_OIDC_ENABLED | Enable or Disable OIDC Authentication (true or false) | true | | -| OIDC_PROVIDERS | RUCIO_WEBUI_OIDC_PROVIDERS | CSV string containing names of OIDC Providers | cern, indigo | | +**NOTE** In order to support DID schemas that use special characters like "/", a new configuration option has been added to the new webui to enable or disable this functionality. +In cases where DID schemas use any such special characters, the Apache configuration of the Rucio Server most likely uses `AllowEncodedSlashes` or `AllowEncode` directives. +The `PARAMS_ENCODING_ENABLED` in the helm chart config of the Rucio WebUI tells the webui to encode the URI parameters when requests are sent out to the rucio server. + +| Variable Name | Full Name | Description | Example | Default | +| ----------------------- | ----------------------------------- | ------------------------------------------------------------------------------------------ | ------------------------------ | ------- | +| RUCIO_HOST | RUCIO_WEBUI_RUCIO_HOST | URL for the Rucio Server | https://rucio-lb-prod.cern.ch | | +| RUCIO_AUTH_HOST | RUCIO_WEBUI_RUCIO_AUTH_HOST | URL for the Rucio authentication server | https://rucio-auth-host.ch:443 | | +| PARAMS_ENCODING_ENABLED | RUCIO_WEBUI_PARAMS_ENCODING_ENABLED | If your DID schema has special characters like '/' or '+' in the name, set this to true. | true | false | +| HOSTNAME | RUCIO_WEBUI_HOSTNAME | Public HOSTNAME at which Rucio WebUI will be accessible. It may include port number. | rucio-ui.cern.ch | | +| ENABLE_SSL | RUCIO_WEBUI_ENABLE_SSL | Enable or Disable TLS Termination (true or false) | true | false | +| SERVER_CA_BUNDLE | RUCIO_WEBUI_SERVER_CA_BUNDLE | Path to the CA bundle file that can verify Rucio Server certificate. If ENABLE_SSL is set. | /path/to/ca-bundle.pem | | +| PROJECT_URL | RUCIO_WEBUI_PROJECT_URL | Public URL for your project | https://atlas.cern.ch | | +| VO_DEFAULT | RUCIO_WEBUI_VO_DEFAULT | Short name for the default VO used for authentication | def | def | +| VO_LIST | RUCIO_WEBUI_VO_LIST | CSV string containing the list of supported VOs | def, atl, cms | def | +| MULTIVO_ENABLED | RUCIO_WEBUI_MULTIVO_ENABLED | Whether to enable multi-VO config (true or false) | true | | +| OIDC_ENABLED | RUCIO_WEBUI_OIDC_ENABLED | Enable or Disable OIDC Authentication (true or false) | true | | +| OIDC_PROVIDERS | RUCIO_WEBUI_OIDC_PROVIDERS | CSV string containing names of OIDC Providers | cern, indigo | | For each `VO` specified in the `VO_LIST` variable, the additional variables need to be specified. The variables should be added in the following format: `export RUCIO_WEBUI_VO__=`. An example for the default VO is shown below: diff --git a/tools/env-generator/src/api/base.ts b/tools/env-generator/src/api/base.ts index 18b04a45c..fbbf70c1f 100644 --- a/tools/env-generator/src/api/base.ts +++ b/tools/env-generator/src/api/base.ts @@ -62,6 +62,7 @@ export class WebUIEnvTemplateCompiler { 'VO_DEFAULT': 'def', 'OIDC_ENABLED': 'false', 'ENABLE_SSL': 'false', + 'PARAMS_ENCODING_ENABLED': 'false', ...this.environmentVariables, } } diff --git a/tools/env-generator/src/templates/.env.liquid b/tools/env-generator/src/templates/.env.liquid index 6ea9b4eee..25014bb96 100644 --- a/tools/env-generator/src/templates/.env.liquid +++ b/tools/env-generator/src/templates/.env.liquid @@ -20,6 +20,7 @@ NODE_EXTRA_TLS_CERTS={{ context.SERVER_CA_BUNDLE }} [gateway] RUCIO_AUTH_HOST={{ context.RUCIO_AUTH_HOST }} RUCIO_HOST={{ context.RUCIO_HOST }} +PARAMS_ENCODING_ENABLED={{ context.PARAMS_ENCODING_ENABLED }} [oidc] OIDC_ENABLED={{ context.OIDC_ENABLED }}