diff --git a/mappings/project_institution.yaml b/mappings/project_institution.yaml index 090586e77..6e6a50356 100644 --- a/mappings/project_institution.yaml +++ b/mappings/project_institution.yaml @@ -15,6 +15,7 @@ Cincinnati: "University of Cincinnati" Clarkson: "Clarkson University" Coe: "Coe College" Creighton: "Creighton University" +CSUN: "California State University, Northridge" CUBoulder: "University of Colorado Boulder" CUAnschutz: "University of Colorado Anschutz Medical Campus" CSUSB: "California State University, San Bernadino" diff --git a/projects/BrighamAndWomens_ Baratono.yaml b/projects/BrighamAndWomens_Baratono.yaml similarity index 100% rename from projects/BrighamAndWomens_ Baratono.yaml rename to projects/BrighamAndWomens_Baratono.yaml diff --git a/projects/CMU_Isayev.yaml b/projects/CMU_Isayev.yaml new file mode 100644 index 000000000..ddce4431c --- /dev/null +++ b/projects/CMU_Isayev.yaml @@ -0,0 +1,8 @@ +Department: Chemistry +Description: Quantum chemical and machine learning insights into supra-molecular organization + of molecular crystals. +FieldOfScience: Chemistry +Organization: Carnegie-Mellon University +PIName: Olexandr Isayev + + diff --git a/src/tests/data/testrg.yaml b/src/tests/data/testrg.yaml new file mode 100644 index 000000000..52a7b691d --- /dev/null +++ b/src/tests/data/testrg.yaml @@ -0,0 +1,246 @@ +Production: true +SupportCenter: Self Supported + +GroupDescription: Test Resource Group + +GroupID: 91359 + +Resources: + TEST_STASHCACHE_CACHE: + Active: true + Description: This is a StashCache cache server at TEST. + ID: 99958 + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + FQDN: sc-cache.test.wisc.edu + DN: /CN=sc-cache.test.wisc.edu + Services: + XRootD cache server: + Description: StashCache cache server + VOOwnership: + testvo: 100 + AllowedVOs: + - ANY + + TEST_TIGER_CACHE: + Active: true + Description: This is a StashCache cache server at TEST running on the Tiger Kubernetes cluster. + ID: 91098 + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + FQDN: stash-cache.osg.test.io + DN: /CN=stash-cache.osg.test.io + Services: + XRootD cache server: + Description: StashCache cache server + VOOwnership: + testvo: 100 + AllowedVOs: + - ANY + + TEST_STASHCACHE_ORIGIN: + Active: true + Description: This is a StashCache origin server at TEST. + ID: 99959 + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + FQDN: sc-origin.test.wisc.edu + DN: /CN=sc-origin.test.wisc.edu + Services: + XRootD origin server: + Description: StashCache origin server + VOOwnership: + testvo: 100 + AllowedVOs: + - ANY + + TEST_STASHCACHE_ORIGIN_2000: + Active: true + Description: This is a StashCache origin server at TEST. + ID: 91069 + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + FQDN: sc-origin2000.test.wisc.edu + DN: /CN=sc-origin2000.test.wisc.edu + Services: + XRootD origin server: + Description: StashCache origin server + VOOwnership: + testvo: 100 + AllowedVOs: + - ANY + + TEST_STASHCACHE_ORIGIN_AUTH_2000: + Active: true + Description: This is a StashCache origin server at TEST. + ID: 91192 + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + FQDN: origin-auth2000.test.wisc.edu + FQDNAliases: + - origin-auth.test.wisc.edu + DN: /CN=origin-auth2000.test.wisc.edu + Services: + XRootD origin server: + Description: StashCache origin server, see OPS-198 + VOOwnership: + testvo: 100 + AllowedVOs: + - ANY + + TEST_OSGDEV_SHOVELER_CACHE: + Active: true + Description: This is a testing StashCache cache server with a shoveler at TEST running on the Tiger Kubernetes cluster. + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + FQDN: stash-cache-shoveler.osgdev.test.io + DN: /CN=stash-cache-shoveler.osgdev.test.io + Services: + XRootD cache server: + Description: StashCache cache server + VOOwnership: + testvo: 100 + AllowedVOs: + - ANY + + TEST-ITB-HELM-ORIGIN: + Active: false + Description: >- + This is a testing OSDF origin server on the Tiger cluster, + deployed via Helm. It serves both public and protected data. + ID: 91370 + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000003 + Name: Brian Lin + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000003 + Name: Brian Lin + FQDN: helm-origin.osgdev.test.io + DN: /CN=helm-origin.osgdev.test.io + Services: + XRootD origin server: + Description: xrootd stash-origin and stash-origin-auth instances + VOOwnership: + testvo: 100 + AllowedVOs: + - testvo + + TEST-ITB-HELM-CACHE1: + Active: false + Description: >- + This is a testing StashCache cache server the Tiger cluster, + deployed via Helm. + ID: 91339 + ContactLists: + Administrative Contact: + Primary: + ID: OSG1000003 + Name: Brian Lin + Tertiary: + ID: OSG1000002 + Name: Matyas Selmeci + Security Contact: + Primary: + ID: OSG1000002 + Name: Matyas Selmeci + Secondary: + ID: OSG1000015 + Name: Aaron Moate + FQDN: helm-cache1.osgdev.test.io + DN: /CN=helm-cache1.osgdev.test.io + Services: + XRootD cache server: + Description: StashCache cache server + VOOwnership: + testvo: 100 + AllowedVOs: + - testvo + - OSG + diff --git a/src/tests/data/testvo.yaml b/src/tests/data/testvo.yaml new file mode 100644 index 000000000..1a25cbe89 --- /dev/null +++ b/src/tests/data/testvo.yaml @@ -0,0 +1,108 @@ +AppDescription: Test VO +CertificateOnly: false +Community: Test VO +Contacts: + Administrative Contact: + - ID: OSG1000015 + Name: Aaron Moate + Miscellaneous Contact: + - ID: OSG1000018 + Name: Christina Koch + Registration Authority: + - ID: OSG1000015 + Name: Aaron Moate + Security Contact: + - ID: OSG1000015 + Name: Aaron Moate + VO Manager: + - ID: 48e1c2f26dc3479a6cf9b2de7c79d654ac27b1d1 + Name: Miron Livny +Credentials: + TokenIssuers: + - URL: https://test.wisc.edu + DefaultUnixUser: vdttest +Disable: false +FieldsOfScience: + PrimaryFields: + - Multi-Science Community + SecondaryFields: + - Community Grid +ID: 9999 +LongName: Test Virtual Organization +OASIS: + Managers: + - Name: Aaron Moate + DNs: /DC=org/DC=doegrids/OU=People/CN=Aaron Moate 717557 + ID: OSG1000015 + UseOASIS: true +PrimaryURL: https://test.wisc.edu +PurposeURL: https://test.wisc.edu/approach.shtml +SupportURL: https://test.wisc.edu + +DataFederations: + StashCache: + Namespaces: + - Path: /testvo/PUBLIC + Authorizations: + - PUBLIC + AllowedOrigins: + # sc-origin.test.wisc.edu + - TEST_STASHCACHE_ORIGIN + # sc-origin2000.test.wisc.edu + - TEST_STASHCACHE_ORIGIN_2000 + AllowedCaches: + - ANY + + - Path: /testvo/itb/helm-origin/PUBLIC + Authorizations: + - PUBLIC + AllowedOrigins: + # helm-origin.osgdev.test.io + - TEST-ITB-HELM-ORIGIN + AllowedCaches: + - ANY + + - Path: /testvo/itb/helm-origin/PROTECTED + Authorizations: + - FQAN: /TESTVO + - DN: /DC=org/DC=cilogon/C=US/O=University of Wisconsin-Madison/CN=Matyas Selmeci A148276 + - SciTokens: + Issuer: https://test.wisc.edu + Base Path: /testvo + Map Subject: False + AllowedOrigins: + # helm-origin.osgdev.test.io + - TEST-ITB-HELM-ORIGIN + AllowedCaches: + - ANY + + - Path: /testvo + Authorizations: + - SciTokens: + Issuer: https://test.wisc.edu + Base Path: /testvo + Map Subject: True + AllowedOrigins: + # origin-auth2000.test.wisc.edu + - TEST_STASHCACHE_ORIGIN_AUTH_2000 + AllowedCaches: + - ANY + Writeback: https://origin-auth2000.test.wisc.edu:1095 + DirList: https://origin-auth2000.test.wisc.edu:1095 + CredentialGeneration: + BasePath: /testvo + Strategy: OAuth2 + Issuer: https://test.wisc.edu + MaxScopeDepth: 3 + + - Path: /testvo/issuer2test + Authorizations: + - SciTokens: + Issuer: https://test.wisc.edu/issuer2 + BasePath: "/testvo/issuer2test" + MapSubject: False + AllowedOrigins: + # helm-origin.osgdev.test.io + - TEST-ITB-HELM-ORIGIN + AllowedCaches: + - ANY diff --git a/src/tests/test_stashcache.py b/src/tests/test_stashcache.py index 9c17a210f..d5552cc2b 100644 --- a/src/tests/test_stashcache.py +++ b/src/tests/test_stashcache.py @@ -1,7 +1,10 @@ +from configparser import ConfigParser +import copy import flask import pytest import re from pytest_mock import MockerFixture +import time # Rewrites the path so the app can be imported like it normally is import os @@ -13,13 +16,17 @@ os.environ['TESTING'] = "True" from app import app, global_data +from webapp import models, topology, vos_data +from webapp.common import load_yaml_file import stashcache GRID_MAPPING_REGEX = re.compile(r'^"(/[^"]*CN=[^"]+")\s+([0-9a-f]{8}[.]0)$') # ^^ the DN starts with a slash and will at least have a CN in it. EMPTY_LINE_REGEX = re.compile(r'^\s*(#|$)') # Empty or comment-only lines -I2_TEST_CACHE = "osg-sunnyvale-stashcache.t2.ucsd.edu" +I2_TEST_CACHE = "osg-sunnyvale-stashcache.nrp.internet2.edu" # ^^ one of the Internet2 caches; these serve both public and LIGO data +TEST_ITB_HELM_ORIGIN = "helm-origin.osgdev.test.io" +# ^^ a fake origin that's in our test data # Some DNs I can use for testing and the hashes they map to. @@ -37,6 +44,37 @@ MOCK_DN_LIST = list(MOCK_DNS_AND_HASHES.keys()) +def get_test_global_data(global_data: models.GlobalData) -> models.GlobalData: + """Get a copy of the global data with some entries created for testing""" + new_global_data = copy.deepcopy(global_data) + + # Start with a fully populated set of topology data + topo = new_global_data.get_topology() + assert isinstance(topo, topology.Topology), "Unable to get Topology data" + + # Add our testing RG + testrg = load_yaml_file(topdir + "/tests/data/testrg.yaml") + topo.add_rg("University of Wisconsin", "CHTC", "testrg", testrg) + + # Put it back into global_data2 and make sure it doesn't get overwritten by future calls + new_global_data.topology.data = topo + new_global_data.topology.next_update = time.time() + 999999 + + # Start with a fully populated set of VO data + vos = new_global_data.get_vos_data() + assert isinstance(vos, vos_data.VOsData), "Unable to get VO data" + + # Load our testing VO + testvo = load_yaml_file(topdir + "/tests/data/testvo.yaml") + vos.add_vo("testvo", testvo) + + # Put it back into global_data2 and make sure it doesn't get overwritten by future calls + new_global_data.vos_data.data = vos + new_global_data.vos_data.next_update = time.time() + 999999 + + return new_global_data + + @pytest.fixture def client(): with app.test_client() as client: @@ -48,7 +86,7 @@ class TestStashcache: def test_allowedVO_includes_ANY_for_ligo_inclusion(self, client: flask.Flask, mocker: MockerFixture): spy = mocker.spy(global_data, "get_ligo_dn_list") - stashcache.generate_cache_authfile(global_data, "osg-sunnyvale-stashcache.t2.ucsd.edu") + stashcache.generate_cache_authfile(global_data, "osg-sunnyvale-stashcache.nrp.internet2.edu") assert spy.call_count == 5 @@ -66,6 +104,29 @@ def test_allowedVO_excludes_LIGO_and_ANY_for_ligo_inclusion(self, client: flask. assert spy.call_count == 0 + def test_scitokens_issuer_sections(self, client: flask.Flask): + test_global_data = get_test_global_data(global_data) + origin_scitokens_conf = stashcache.generate_origin_scitokens( + test_global_data, TEST_ITB_HELM_ORIGIN) + assert origin_scitokens_conf.strip(), "Generated scitokens.conf empty" + + cp = ConfigParser() + cp.read_string(origin_scitokens_conf, "origin_scitokens.conf") + + try: + assert "Global" in cp, "Missing Global section" + assert "Issuer https://test.wisc.edu" in cp, \ + "Issuer missing" + assert "Issuer https://test.wisc.edu/issuer2" in cp, \ + "Issuer 2 missing" + assert "base_path" in cp["Issuer https://test.wisc.edu/issuer2"], \ + "Issuer 2 base_path missing" + assert cp["Issuer https://test.wisc.edu/issuer2"]["base_path"] == "/testvo/issuer2test", \ + "Issuer 2 has wrong base path" + except AssertionError: + print(f"Generated origin scitokens.conf text:\n{origin_scitokens_conf}\n", file=sys.stderr) + raise + def test_None_fdqn_isnt_error(self, client: flask.Flask): stashcache.generate_cache_authfile(global_data, None) diff --git a/topology/Fermi National Accelerator Laboratory/FNAL USCMS Tier1/USCMS-FNAL-WC1_downtime.yaml b/topology/Fermi National Accelerator Laboratory/FNAL USCMS Tier1/USCMS-FNAL-WC1_downtime.yaml index 52b12d511..9b9598674 100644 --- a/topology/Fermi National Accelerator Laboratory/FNAL USCMS Tier1/USCMS-FNAL-WC1_downtime.yaml +++ b/topology/Fermi National Accelerator Laboratory/FNAL USCMS Tier1/USCMS-FNAL-WC1_downtime.yaml @@ -983,10 +983,26 @@ Services: - CE # --------------------------------------------------------- - - - - - - +- Class: SCHEDULED + ID: 1643919211 + Description: Migration to Alma9 + Severity: Outage + StartTime: Nov 13, 2023 12:00 +0000 + EndTime: Nov 14, 2023 22:00 +0000 + CreatedTime: Nov 07, 2023 21:18 +0000 + ResourceName: USCMS-FNAL-WC1-CE4 + Services: + - CE +# --------------------------------------------------------- +- Class: SCHEDULED + ID: 1643919571 + Description: Migration to Alma9 + Severity: Outage + StartTime: Nov 13, 2023 12:00 +0000 + EndTime: Nov 14, 2023 22:00 +0000 + CreatedTime: Nov 07, 2023 21:19 +0000 + ResourceName: USCMS-FNAL-WC1-OPP1 + Services: + - CE +# --------------------------------------------------------- diff --git a/topology/Fermi National Accelerator Laboratory/FermiGrid/GPGRID_downtime.yaml b/topology/Fermi National Accelerator Laboratory/FermiGrid/GPGRID_downtime.yaml index 9584a6f32..0cad1d666 100644 --- a/topology/Fermi National Accelerator Laboratory/FermiGrid/GPGRID_downtime.yaml +++ b/topology/Fermi National Accelerator Laboratory/FermiGrid/GPGRID_downtime.yaml @@ -98,3 +98,15 @@ Services: - CE # --------------------------------------------------------- +- Class: SCHEDULED + ID: 1643919815 + Description: Migration to Alma9 + Severity: Outage + StartTime: Nov 13, 2023 12:00 +0000 + EndTime: Nov 14, 2023 22:00 +0000 + CreatedTime: Nov 07, 2023 21:19 +0000 + ResourceName: FNAL_GPGRID_CE_04 + Services: + - CE +# --------------------------------------------------------- + diff --git a/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure.yaml b/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure.yaml index 63c665f80..1d0caac24 100644 --- a/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure.yaml +++ b/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure.yaml @@ -17,8 +17,8 @@ Resources: Primary: Name: Fabio Andrijauskas ID: OSG1000162 - FQDN: osg-sunnyvale-stashcache.t2.ucsd.edu - DN: /DC=org/DC=incommon/C=US/ST=California/O=University of California, San Diego/CN=osg-sunnyvale-stashcache.t2.ucsd.edu + FQDN: osg-sunnyvale-stashcache.nrp.internet2.edu + DN: /DC=org/DC=incommon/C=US/ST=Michigan/O=University Corporation For Advanced Internet Development/CN=osg-sunnyvale-stashcache.nrp.internet2.edu Services: XRootD cache server: Description: Internet2Sunnyvale Cache diff --git a/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure_downtime.yaml b/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure_downtime.yaml index 10c35531e..ee0725c1b 100644 --- a/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure_downtime.yaml +++ b/topology/Internet2/Internet2Sunnyvale/I2SunnyvaleInfrastructure_downtime.yaml @@ -9,3 +9,14 @@ Services: - XRootD cache server # --------------------------------------------------------- +- Class: UNSCHEDULED + ID: 1638600566 + Description: changing hostname + Severity: Intermittent Outage + StartTime: Nov 01, 2023 19:30 +0000 + EndTime: Nov 06, 2023 19:30 +0000 + CreatedTime: Nov 01, 2023 17:34 +0000 + ResourceName: Stashcache-Sunnyvale + Services: + - XRootD cache server +# --------------------------------------------------------- diff --git a/topology/Lawrence Berkley National Laboratory/LBL_HPCS/LBL_HPCS_downtime.yaml b/topology/Lawrence Berkley National Laboratory/LBL_HPCS/LBL_HPCS_downtime.yaml index 3a70ccef6..284531a0e 100644 --- a/topology/Lawrence Berkley National Laboratory/LBL_HPCS/LBL_HPCS_downtime.yaml +++ b/topology/Lawrence Berkley National Laboratory/LBL_HPCS/LBL_HPCS_downtime.yaml @@ -31,3 +31,14 @@ Services: - CE # --------------------------------------------------------- +- Class: SCHEDULED + ID: 1640473745 + Description: Cooling work in the machine room and SLURM upgrade + Severity: Outage + StartTime: Nov 21, 2023 15:00 +0000 + EndTime: Nov 23, 2023 00:00 +0000 + CreatedTime: Nov 03, 2023 21:36 +0000 + ResourceName: LBL_HPCS + Services: + - CE +# --------------------------------------------------------- diff --git a/topology/Purdue University/Purdue CMS/Purdue.yaml b/topology/Purdue University/Purdue CMS/Purdue.yaml index 26723a6cd..256d8028a 100644 --- a/topology/Purdue University/Purdue CMS/Purdue.yaml +++ b/topology/Purdue University/Purdue CMS/Purdue.yaml @@ -1,6 +1,6 @@ GroupDescription: CMS tier 2 facility at Purdue University, West Lafayette, IN. GroupID: 393 -Production: true +Production: false Resources: Purdue-Hadoop-CE: Active: true @@ -180,7 +180,7 @@ Resources: StorageCapacityMin: 1 TapeCapacity: 0 Purdue-Brown: - Active: true + Active: false ContactLists: Administrative Contact: Primary: diff --git a/topology/The University of Montana/UMontana IT/UMT-Hellgate_downtime.yaml b/topology/The University of Montana/UMontana IT/UMT-Hellgate_downtime.yaml new file mode 100644 index 000000000..7c8881663 --- /dev/null +++ b/topology/The University of Montana/UMontana IT/UMT-Hellgate_downtime.yaml @@ -0,0 +1,12 @@ +- Class: UNSCHEDULED + ID: 1642970913 + Description: Cluster being moved location + Severity: Outage + StartTime: Nov 02, 2023 18:57 +0000 + EndTime: Dec 31, 2023 06:57 +0000 + CreatedTime: Nov 06, 2023 18:58 +0000 + ResourceName: UMT-Hellgate-CE1 + Services: + - CE +# --------------------------------------------------------- + diff --git a/topology/University of Chicago/UChicago/UChicago_OSGConnect.yaml b/topology/University of Chicago/UChicago/UChicago_OSGConnect.yaml index 90fa9d097..00596513e 100644 --- a/topology/University of Chicago/UChicago/UChicago_OSGConnect.yaml +++ b/topology/University of Chicago/UChicago/UChicago_OSGConnect.yaml @@ -534,3 +534,22 @@ Resources: Description: OS Pool access point Tags: - OSPool + + UChicago_OSGConnect_Public_Origin: + Active: true + Description: OSG Connect Public endpoint + ContactLists: + Administrative Contact: + Primary: + ID: 0a22bab3de2d83d723811e3fb1ebca904e924a97 + Name: Lincoln Bryant + Secondary: + ID: a418fbc5dd33637bba264c01d84d52dd317f2813 + Name: Judith Stephen + FQDN: osdf-public.uc.osg-htc.org + DN: /CN=osdf-public.uc.osg-htc.org + Services: + XRootD origin server: + Description: OSG Connect Public Origin Server + AllowedVOs: + - OSG diff --git a/virtual-organizations/LIGO.yaml b/virtual-organizations/LIGO.yaml index 508bcca40..8ae434abe 100644 --- a/virtual-organizations/LIGO.yaml +++ b/virtual-organizations/LIGO.yaml @@ -79,6 +79,7 @@ DataFederations: Namespaces: - Path: /user/ligo Authorizations: + - DN: /CN=hcc-mon2.unl.edu - FQAN: /osg/ligo - FQAN: /virgo - FQAN: /virgo/virgo diff --git a/virtual-organizations/OSG.yaml b/virtual-organizations/OSG.yaml index 0ab263f0b..17ca8ff0a 100644 --- a/virtual-organizations/OSG.yaml +++ b/virtual-organizations/OSG.yaml @@ -108,6 +108,13 @@ DataFederations: - OSGCONNECT_ORIGIN AllowedCaches: - ANY + - Path: /ospool/uc-shared/public + Authorizations: + - PUBLIC + AllowedOrigins: + - UChicago_OSGConnect_Public_Origin + AllowedCaches: + - ANY # HACK: enormous hack to get us going on a demo # https://opensciencegrid.atlassian.net/browse/SOFTWARE-5398 @@ -226,6 +233,15 @@ DataFederations: Issuer: https://osg-htc.org/ospool MaxScopeDepth: 4 + # SciTokens issuer for ap22 + - Path: /ospool/ap22/.well-known + Authorizations: + - PUBLIC + AllowedOrigins: + - UChicago_OSGConnect_ap22 + # Do not cache this: direct access only + AllowedCaches: [] + - Path: /ospool/uc-shared/project Authorizations: - SciTokens: @@ -246,18 +262,3 @@ DataFederations: Strategy: OAuth2 Issuer: https://osg-htc.org/ospool/uc-shared MaxScopeDepth: 4 - - - Path: /ospool/uc-shared/public - Authorizations: - - PUBLIC - AllowedOrigins: - - UChicago_OSGConnect_ap23 - AllowedCaches: - - ANY - Writeback: https://ap23.uc.osg-htc.org:1095 - DirList: https://ap23.uc.osg-htc.org:1095 - CredentialGeneration: - Strategy: OAuth2 - Issuer: https://osg-htc.org/ospool/uc-shared - MaxScopeDepth: 4 - diff --git a/virtual-organizations/UCSD.yaml b/virtual-organizations/UCSD.yaml index 347b42f2f..4c07d40c9 100644 --- a/virtual-organizations/UCSD.yaml +++ b/virtual-organizations/UCSD.yaml @@ -46,6 +46,7 @@ DataFederations: Map Subject: False AllowedOrigins: - SDSC_NRP_OSDF_ORIGIN + - NEBRASKA_NRP_OSDF_ORIGIN AllowedCaches: - ANY