Merge pull request #109 from brianhlin/SOFTWARE-4431.new-scitokens-pl…

…ugin Update config to append SciTokens to the auth list for XRootD 5+
opensciencegrid · Jan 26, 2021 · f29d008 · f29d008
2 parents 443aca6 + 6fb31e1
commit f29d008
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/configs/stash-cache/config.d/50-stash-cache-authz.cfg b/configs/stash-cache/config.d/50-stash-cache-authz.cfg
@@ -65,10 +65,17 @@ fi
 xrootd.diglib * /etc/xrootd/digauth.cfg
 
 # Allow scitokens on all ports, all protocols
-if defined ?StashCacheSciTokensConf
+# For XRootD 4, replace the auth lib with SciTokens
+# For XRootD 5+, append SciTokens to the  the auth list
+if defined ?StashCacheSciTokensConf && defined ?~XROOTD4
     ofs.authlib libXrdAccSciTokens.so config=$StashCacheSciTokensConf
-else
+else if defined ?~XROOTD4
     ofs.authlib libXrdAccSciTokens.so config=/run/stash-cache-auth/scitokens.conf
+else if defined ?StashCacheSciTokensConf
+    ofs.authlib +++ libXrdAccSciTokens.so config=$StashCacheSciTokensConf
+else
+    ofs.authlib +++ libXrdAccSciTokens.so config=/run/stash-cache-auth/scitokens.conf
 fi
+
 # Pass the bearer token to the Xrootd authorization framework.
 http.header2cgi Authorization authz
diff --git a/configs/stash-origin/config.d/50-stash-origin-authz.cfg b/configs/stash-origin/config.d/50-stash-origin-authz.cfg
@@ -61,8 +61,14 @@ else if named stash-origin
 fi
 
 # Allow scitokens always, whether auth origin or not.
-if defined ?StashOriginSciTokensConf
+# For XRootD 4, replace the auth lib with SciTokens
+# For XRootD 5+, append SciTokens to the  the auth list
+if defined ?StashOriginSciTokensConf && defined ?~XROOTD4
     ofs.authlib libXrdAccSciTokens.so config=$StashOriginSciTokensConf
-else
+else if defined ?~XROOTD4
     ofs.authlib libXrdAccSciTokens.so config=/run/stash-origin-auth/scitokens.conf
+else if defined ?StashOriginSciTokensConf
+    ofs.authlib +++ libXrdAccSciTokens.so config=$StashOriginSciTokensConf
+else
+    ofs.authlib +++ libXrdAccSciTokens.so config=/run/stash-origin-auth/scitokens.conf
 fi
diff --git a/rpm/xcache.spec b/rpm/xcache.spec
@@ -1,6 +1,6 @@
 Name:      xcache
 Summary:   XCache scripts and configurations
-Version:   1.5.3
+Version:   1.5.4
 Release:   1%{?dist}
 License:   Apache 2.0
 Group:     Grid
@@ -292,6 +292,10 @@ mkdir -p %{buildroot}%{_sysconfdir}/grid-security/xrd
 %config %{_sysconfdir}/xrootd/config.d/03-redir-tuning.cfg
 
 %changelog
+* Tue Jan 26 2021 Brian Lin <[email protected]> - 1.5.4-1
+- Update configuration to append SciTokens to the auth list for XRootD
+  5+ (SOFTWARE-4431)
+
 * Wed Jan 13 2021 Brian Lin <[email protected]> - 1.5.3-1
 - Add default values for the number of blocks and threads used for
   writing in parallel