Implement creation of a sharing URL #257
Conversation
Consolidates configuration in the client and encrypted client that has different logic than the server for calculating the config directory.
Make the output variable be returned as part of the output.
This adds new options for the token generation, introducing an enum (replacing the prior boolean) that differentiates between sharing tokens (which should be very fine-grained) and regular read/write.
With this, one may create a sharing URL when using the OAuth2 flow.
Additionally, refactor the client sharing method to take a URL (and perform metadata discovery as needed).
| directorUrl = configDirectorUrl | ||
| } | ||
| } else if objectUrl.Scheme != "" { | ||
| return "", errors.Errorf("Unsupported scheme for pelican: %s://", objectUrl.Scheme) |
There was a problem hiding this comment.
This isn't a change request, per say, but I wonder how we could support having schemeless sharing. If I do osdf object share /chtc/staging/jhiemstra/chtc-auth-test.txt, might it be reasonable to generate a sharing URL that points to a cache or an origin? For example, if I curl -v https://origin-auth2000.chtc.wisc.edu:1095/chtc/staging/jhiemstra/chtc-auth-test.txt?authz=<TOKEN FROM RUNNING OBJECT SHARE>, I also get the file. We could generate this particular sharing URL when no scheme is provided.
There was a problem hiding this comment.
Not sure I'm following -- the prior conditional handles the case for schemaless sharing, no?
There was a problem hiding this comment.
Ah, I think I tested in a way that pointed at the wrong director, which caused a failure I misinterpreted. After pointing back to the production director, this appears to work as intended.
This fixes the case where the user provides an `osdf://`-style URL and also overrides the director URL.
This allows a user to create a "sharing URL", a URL that includes the authorization token but has minimal privileges.
The intended usage is something like this:
Includes test cases covering token generation and the director URL discovery but, honestly, it's a bit difficult to test end-to-end as the
director-cache.osg-htc.orgis not working with authenticated CHTC URLs right now.Fixes #24