Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add S3 backend to Pelican #419

Merged
merged 14 commits into from
Dec 8, 2023
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 52 additions & 1 deletion cmd/origin.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,12 +109,63 @@ func initOrigin() error {
func init() {
originCmd.AddCommand(originConfigCmd)
originCmd.AddCommand(originServeCmd)
originServeCmd.Flags().StringP("volume", "v", "", "Setting the volue to /SRC:/DEST will export the contents of /SRC as /DEST in the Pelican federation")

// The -m flag is used to specify what kind of backend we plan to use for the origin.
originServeCmd.Flags().StringP("mode", "m", "posix", "Set the mode for the origin service (default is 'posix')")
if err := viper.BindPFlag("Origin.Mode", originServeCmd.Flags().Lookup("mode")); err != nil {
panic(err)
}

// The -v flag is used when an origin is served in POSIX mode
originServeCmd.Flags().StringP("volume", "v", "", "Setting the volume to /SRC:/DEST will export the contents of /SRC as /DEST in the Pelican federation")
if err := viper.BindPFlag("Origin.ExportVolume", originServeCmd.Flags().Lookup("volume")); err != nil {
panic(err)
}

// A variety of flags we add for S3 mode. These are ultimately required for configuring the S3 xrootd plugin
originServeCmd.Flags().String("service-name", "", "Specify the S3 service-name. Only used when an origin is launched in S3 mode.")
originServeCmd.Flags().String("region", "", "Specify the S3 region. Only used when an origin is launched in S3 mode.")
originServeCmd.Flags().String("bucket", "", "Specify the S3 bucket. Only used when an origin is launched in S3 mode.")
originServeCmd.Flags().String("service-url", "", "Specify the S3 service-url. Only used when an origin is launched in S3 mode.")
originServeCmd.Flags().String("bucket-access-keyfile", "", "Specify a filepath to use for configuring the bucket's access key.")
originServeCmd.Flags().String("bucket-secret-keyfile", "", "Specify a filepath to use for configuring the bucket's access key.")
if err := viper.BindPFlag("Origin.S3ServiceName", originServeCmd.Flags().Lookup("service-name")); err != nil {
panic(err)
}
if err := viper.BindPFlag("Origin.S3Region", originServeCmd.Flags().Lookup("region")); err != nil {
panic(err)
}
if err := viper.BindPFlag("Origin.S3Bucket", originServeCmd.Flags().Lookup("bucket")); err != nil {
panic(err)
}
if err := viper.BindPFlag("Origin.S3ServiceUrl", originServeCmd.Flags().Lookup("service-url")); err != nil {
panic(err)
}
if err := viper.BindPFlag("Origin.S3AccessKeyfile", originServeCmd.Flags().Lookup("bucket-access-keyfile")); err != nil {
panic(err)
}
if err := viper.BindPFlag("Origin.S3SecretKeyfile", originServeCmd.Flags().Lookup("bucket-secret-keyfile")); err != nil {
panic(err)
}

// Would be nice to make these mutually exclusive to mode=posix instead of to --volume, but cobra
// doesn't seem to have something that can make the value of a flag exclusive to other flags
// Anyway, we never want to run the S3 flags with the -v flag.
turetske marked this conversation as resolved.
Show resolved Hide resolved
originServeCmd.MarkFlagsMutuallyExclusive("volume", "service-name")
originServeCmd.MarkFlagsMutuallyExclusive("volume", "region")
originServeCmd.MarkFlagsMutuallyExclusive("volume", "bucket")
originServeCmd.MarkFlagsMutuallyExclusive("volume", "service-url")
originServeCmd.MarkFlagsMutuallyExclusive("volume", "bucket-access-keyfile")
originServeCmd.MarkFlagsMutuallyExclusive("volume", "bucket-secret-keyfile")
// We don't require the bucket access and secret keyfiles as they're not needed for unauthenticated buckets
originServeCmd.MarkFlagsRequiredTogether("service-name", "region", "bucket", "service-url")
originServeCmd.MarkFlagsRequiredTogether("bucket-access-keyfile", "bucket-secret-keyfile")

// The port any web UI stuff will be served on
originServeCmd.Flags().AddFlag(portFlag)

// origin token, used for creating and verifying tokens with
// the origin's signing jwk.
originCmd.AddCommand(originTokenCmd)
originTokenCmd.AddCommand(originTokenCreateCmd)
originTokenCmd.PersistentFlags().String("profile", "wlcg", "Passing a profile ensures the token adheres to the profile's requirements. Accepted values are scitokens2 and wlcg")
Expand Down
9 changes: 9 additions & 0 deletions cmd/origin_serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,15 @@ func serveOrigin( /*cmd*/ *cobra.Command /*args*/, []string) error {
return err
}
wg.Add(1)

// In posix mode, we rely on xrootd to export keys. When we run the origin with
// different backends, we instead export the keys via the Pelican process
if param.Origin_Mode.GetString() != "posix" {
if err = origin_ui.ConfigIssJWKS(engine.Group("/.well-known")); err != nil {
return err
}
}

if err = server_ui.RegisterNamespaceWithRetry(); err != nil {
return err
}
Expand Down
50 changes: 50 additions & 0 deletions docs/parameters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -355,8 +355,58 @@ description: >-
downloads to work properly and for directories to be visable.
type: bool
default: false
---
name: Origin.Mode
description: >-
The backend mode to be used by an origin. Current values that can be selected from
are either "posix" or "s3".
type: string
default: posix
components: ["origin"]
---
name: Origin.S3ServiceName
description: >-
The S3 Service Name to be used by the XRootD plugin.
type: string
default: none
components: ["origin"]
---
name: Origin.S3Region
description: >-
The S3 region to be used by the XRootD plugin.
type: string
default: none
components: ["origin"]
---
name: Origin.S3Bucket
description: >-
The S3 bucket to be used by the XRootD plugin.
type: string
default: none
components: ["origin"]
---
name: Origin.S3ServiceUrl
description: >-
The S3 service URL to be used by the XRootD plugin.
type: string
default: none
components: ["origin"]
---
name: Origin.S3AccessKeyfile
description: >-
A path to a file containing an S3 access keyfile for authenticated buckets when an origin is run in S3 mode.
type: filename
default: none
components: ["origin"]
---
name: Origin.S3SecretKeyfile
description: >-
A path to a file containing an S3 secret keyfile for authenticated buckets when an origin is run in S3 mode.
type: filename
default: none
components: ["origin"]
---


############################
# Cache-level configs #
Expand Down
8 changes: 6 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ require (
github.com/jellydator/ttlcache/v3 v3.1.0
github.com/jsipprell/keyctl v1.0.4-0.20211208153515-36ca02672b6c
github.com/lestrrat-go/jwx/v2 v2.0.16
github.com/minio/minio-go/v7 v7.0.65
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f
github.com/oklog/run v1.1.0
github.com/opensaucerer/grab/v3 v3.0.1
Expand All @@ -21,7 +22,7 @@ require (
github.com/prometheus/client_golang v1.16.0
github.com/prometheus/common v0.44.0
github.com/prometheus/prometheus v0.46.0
github.com/sirupsen/logrus v1.8.1
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.16.0
Expand Down Expand Up @@ -95,7 +96,7 @@ require (
github.com/julienschmidt/httprouter v1.3.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/klauspost/compress v1.16.7 // indirect
github.com/klauspost/cpuid/v2 v2.2.4 // indirect
github.com/klauspost/cpuid/v2 v2.2.5 // indirect
github.com/kylelemons/godebug v1.1.0 // indirect
github.com/leodido/go-urn v1.2.4 // indirect
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
Expand All @@ -109,6 +110,8 @@ require (
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mattn/go-sqlite3 v1.14.17 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/minio/md5-simd v1.1.2 // indirect
github.com/minio/sha256-simd v1.0.1 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
Expand All @@ -126,6 +129,7 @@ require (
github.com/prometheus/procfs v0.11.0 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/rs/xid v1.5.0 // indirect
github.com/segmentio/asm v1.2.0 // indirect
github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
github.com/spf13/afero v1.9.5 // indirect
Expand Down
20 changes: 14 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -377,9 +377,10 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
Expand Down Expand Up @@ -431,6 +432,12 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5
github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
github.com/minio/minio-go/v7 v7.0.65 h1:sOlB8T3nQK+TApTpuN3k4WD5KasvZIE3vVFzyyCa0go=
github.com/minio/minio-go/v7 v7.0.65/go.mod h1:R4WVUR6ZTedlCcGwZRauLMIKjgyaWxhs4Mqi/OMPmEc=
github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
Expand Down Expand Up @@ -520,6 +527,8 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=
github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.19 h1:+1H+N9QFl2Sfvia0FBYfMrHYHYhmpZxhSE0wpPL2lYs=
github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
Expand All @@ -531,8 +540,8 @@ github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
Expand Down Expand Up @@ -762,7 +771,6 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
Expand Down Expand Up @@ -797,7 +805,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
Expand Down
12 changes: 12 additions & 0 deletions images/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,18 @@ ENV JAVA_HOME=/usr/lib/jvm/jre \
QDL_HOME="/opt/qdl" \
PATH="${ST_HOME}/bin:${QDL_HOME}/bin:${PATH}"

# Install the S3 and HTTP server plugins for XRootD. For now we do this from source
# until we can sort out the RPMs.
RUN \
git clone https://github.com/PelicanPlatform/xrootd-s3-http.git && \
cd xrootd-s3-http && \
mkdir build && cd build && \
cmake .. && \
make install && \
# For now, until the RPM is set up, we install the libraries here, but
# we need to add to LD_LIBRARY_PATH so XRootD knows where to look
echo "/usr/local/lib" > /etc/ld.so.conf.d/xrdplugins.conf && ldconfig

RUN chmod +x /pelican/osdf-client \
&& chmod +x /entrypoint.sh

Expand Down
38 changes: 36 additions & 2 deletions origin_ui/origin.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,17 @@
package origin_ui

import (
"encoding/json"
"net/http"
"net/url"
"os"
"path/filepath"

"github.com/pelicanplatform/pelican/config"
"github.com/pelicanplatform/pelican/param"

"github.com/gin-gonic/gin"
"github.com/pkg/errors"
"os"
"path/filepath"
)

// Configure XrootD directory for both self-based and director-based file transfer tests
Expand Down Expand Up @@ -56,3 +62,31 @@ func ConfigureXrootdMonitoringDir() error {

return nil
}

func ConfigIssJWKS(router *gin.RouterGroup) error {
if router == nil {
return errors.New("Origin configuration passed a nil pointer")
}

router.GET("/openid-configuration", ExportOpenIDConfig)
router.GET("/issuer.jwks", ExportIssuerJWKS)
return nil
}

func ExportOpenIDConfig(c *gin.Context) {
issuerURL, _ := url.Parse(param.Server_ExternalWebUrl.GetString())
jwksUri, _ := url.JoinPath(issuerURL.String(), "/.well-known/issuer.jwks")
jsonData := gin.H{
"issuer": issuerURL.String(),
"jwks_uri": jwksUri,
}

c.JSON(http.StatusOK, jsonData)
}

func ExportIssuerJWKS(c *gin.Context) {
keys, _ := config.GetIssuerPublicJWKS()
buf, _ := json.MarshalIndent(keys, "", " ")

c.Data(http.StatusOK, "application/json; charset=utf-8", buf)
}
25 changes: 25 additions & 0 deletions utils/server_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,10 @@ import (
"encoding/json"
"io"
"net/http"
"net/url"

"github.com/pelicanplatform/pelican/config"
"github.com/pelicanplatform/pelican/param"
"github.com/pkg/errors"
)

Expand Down Expand Up @@ -58,3 +60,26 @@ func MakeRequest(url string, method string, data map[string]interface{}, headers

return body, nil
}

jhiemstrawisc marked this conversation as resolved.
Show resolved Hide resolved
func GetLocalIssuerURL() (*url.URL, error) {
// If Origin.Mode is set to anything that isn't "posix" or "", assume we're running a plugin and
// that the origin's issuer URL actually uses the same port as OriginUI instead of XRootD. This is
// because under that condition, keys are being served by the Pelican process instead of by XRootD
originMode := param.Origin_Mode.GetString()
if originMode == "" || originMode == "posix" {
// In this case, we use the default set up by config.go, which uses the xrootd port
issuerUrl, err := url.Parse(param.Origin_Url.GetString())
if err != nil {
return nil, errors.Wrap(err, "Failed to parse the issuer URL from the default origin URL")
}
return issuerUrl, nil
} else {
issuerUrlStr := param.Server_ExternalWebUrl.GetString()
issuerUrl, err := url.Parse(issuerUrlStr)
if err != nil {
return nil, errors.Wrap(err, "Failed to parse the issuer URL generated using ComputeExternalAddress")
}

return issuerUrl, nil
}
}
13 changes: 11 additions & 2 deletions xrootd/authorization.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ import (
"github.com/pelicanplatform/pelican/director"
"github.com/pelicanplatform/pelican/param"
"github.com/pelicanplatform/pelican/server_utils"
"github.com/pelicanplatform/pelican/utils"
"github.com/pkg/errors"
)

Expand Down Expand Up @@ -277,7 +278,11 @@ func GenerateMonitoringIssuer() (issuer Issuer, err error) {
return
}
issuer.Name = "Built-in Monitoring"
issuer.Issuer = param.Origin_Url.GetString()
issuerUrl, err := utils.GetLocalIssuerURL()
if err != nil {
return
}
issuer.Issuer = issuerUrl.String()
issuer.BasePaths = []string{"/pelican/monitoring"}
issuer.DefaultUser = "xrootd"

Expand All @@ -290,7 +295,11 @@ func GenerateOriginIssuer(exportedPaths []string) (issuer Issuer, err error) {
return
}
issuer.Name = "Origin"
issuer.Issuer = param.Origin_Url.GetString()
issuerUrl, err := utils.GetLocalIssuerURL()
if err != nil {
return
}
issuer.Issuer = issuerUrl.String()
issuer.BasePaths = exportedPaths
issuer.RestrictedPaths = param.Origin_ScitokensRestrictedPaths.GetStringSlice()
issuer.MapSubject = param.Origin_ScitokensMapSubject.GetBool()
Expand Down
Loading
Loading