-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Rdf Descriptions of Houdini and Hypercube to Fedora #612
Comments
This is blocked by #504 , right? |
Loosely. You can do the work no problem, but verifying API-X picks up the service can't happen until #504 |
Okay, cool, unless anyone wants this particularly, I will push through #504 and then turn to this real quick (which should be quick once we have a nicely-integrated "Lion Force Voltron"-style CLAW/API-X Vagrant. |
@ajs6f I prefer "Clawzord' from Power Rangers Samurai, though it may be a bit too literal. |
I wasn't young enough to catch Power Rangers when they got big, but holy cow that is totally what the new CLAW conf swag should be like. @manez ^^^ |
I'd agree with that assessment, but in not fluent in API-X either. |
I'm working #504, but it's going to be slow as I physically move my family and change jobs. As we speak. If this "chain" of tix is important for MVC progress, we should have a discussion about it. |
I am open for anything. I think the two moves right now from which we can choose (and we could do both) are:
@dannylamb CLAW call agenda item? Too minor? |
I'd be happy to help make API-X Syn-aware. Can somebody give a high-level description of what generally API-X would need to do? I'm assuming this is for the part where API-X authenticates itself to Fedora so that it can maintain its own various registries? |
@ajs6f Ah, right. I'm not familiar with JWT, but will take a look this afternoon to see what it would take. |
Ok, circling back to this one. I've added an OPTIONS request to Hypercube here. Then I ran into the following error when trying to curl up the url to api-x's loader service:
From the logs:
I created another interceptor to manually jam in a dummy WWW-Authenticate header here to test the waters. But it looks like it never gets called. I'm still getting the same errors. I tracked it down to here in the Api-X code and it looks like maybe it's because the @birkland Do you think this is worth filing an issue or am I just doing it wrong? @ajs6f Your thoughts would be appreciated, too. |
File an issue. It's stripping off all headers from the incoming request. I wonder what the right behavior is:
|
@birkland is this maybe a point where API-X isn't yet using the "custom" injected client? |
I think that this is API-X acting on behalf of the initial request, right? So it should use the |
So if it's "on behalf of the initial request", the interaction is like: Bootstrap to API-X: "I'm ___, please load the extension at this service URI" Does that sound about right? |
I think so. Here's my reasoning: we have always imagined that the registry for API-X might not be the repository (not sure how likely that is in practice, but anyway). Suppose that it is instead a SQL db somewhere. It makes no sense in that case for API-X to use the same credentials used against it to go against that db, right? This is, from a certain angle, just about API-X storing its own config... |
@ajs6f So you're saying that this particular interaction is analogous; where API-X itself (and not a client) is requesting access to service, for API-X's own purpose. API-X wants to perform OPTIONS so that it can populate its registry. Therefore, it makes sense to use API-X's own credentials for this interaction. Makes sense to me. There's a separate and unrelated issue of "secure the loader", i.e. protect the loader service, so that only authenticated clients with the appropriate authorization can instruct API-X load an extension. If you're securing the repository, and individual extensions, then I imagine that would be useful as well. |
Oh wait... I read that all wrong. We're issuing the OPTIONS request against the service itself, not the repository, which in our case is locked down the same way as the repository, but potentially not for others. So we can get away with using the same http client retrieved by the httpClientFetcher bean, but most people won't. I'll update the issue I just created. |
by the way, there's a PR for this now: fcrepo4-labs/fcrepo-api-x#122 I don't know if you want to try it, or if we can just merge it in. It's a fairly straightforward change. It might be easier to try it out from a -SNAPSHOT after it gets merged in |
Relevant reading: https://github.com/fcrepo4-labs/fcrepo-api-x/blob/master/src/site/markdown/extension-definition-and-binding.md#examples and https://github.com/fcrepo4-labs/fcrepo-api-x/blob/master/src/site/markdown/service-discovery-and-binding.md#example-ldp-service-instance-registry.
Those links skip to the example sections, but the entire documents are relevant if you're seeking more context.
We need to include a service description and an extension description in Fedora for both Houdini and Hypercube to be found by Api-X. Ideally, we'd make bundles for them in Drupal so we could have forms, but for now, let's just manually jam in some RDF and revisit after Islandoracon.
The scope of this work is to create RDF documents for service and extension for both Houdini and Hypercube (4 documents in total) and to cURL them into Fedora during provisioning in claw_vagrant.
The text was updated successfully, but these errors were encountered: