Merge pull request PelicanPlatform#1284 from haoming29/fix-ext-iss-fo…

…r-self-test Fix issuer for self-monitoring and scitokens issuer name
joereuss12 · May 15, 2024 · 8729905 · 8729905
2 parents 694c735 + ec4fd03
commit 8729905
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 37 deletions.
diff --git a/origin/self_monitor.go b/origin/self_monitor.go
@@ -22,21 +22,18 @@ import (
 	"context"
 	"time"
 
+	log "github.com/sirupsen/logrus"
+
 	"github.com/pelicanplatform/pelican/config"
 	"github.com/pelicanplatform/pelican/metrics"
 	"github.com/pelicanplatform/pelican/param"
 	"github.com/pelicanplatform/pelican/server_utils"
-	log "github.com/sirupsen/logrus"
 )
 
 func doSelfMonitor(ctx context.Context) {
 	log.Debug("Starting a new self-test monitoring cycle")
 	fileTests := server_utils.TestFileTransferImpl{}
-	issuerUrl, err := config.GetServerIssuerURL()
-	if err != nil {
-		log.Warningln("Self-test monitoring cycle failed due to lack of issuer URL: ", err)
-		metrics.SetComponentHealthStatus(metrics.OriginCache_XRootD, metrics.StatusCritical, "Self-test monitoring cycle due to lack of issuer URL: "+err.Error())
-	}
+	issuerUrl := param.Server_ExternalWebUrl.GetString()
 	ok, err := fileTests.RunTests(ctx, param.Origin_Url.GetString(), config.GetServerAudience(), issuerUrl, server_utils.OriginSelfFileTest)
 	if ok && err == nil {
 		log.Debugln("Self-test monitoring cycle succeeded at", time.Now().Format(time.UnixDate))

diff --git a/server_utils/server_utils.go b/server_utils/server_utils.go
@@ -28,16 +28,15 @@ import (
 	"context"
 	"io"
 	"net/http"
-	"net/url"
 	"reflect"
 	"time"
 
 	"github.com/fsnotify/fsnotify"
-	"github.com/pelicanplatform/pelican/config"
-	"github.com/pelicanplatform/pelican/param"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/sync/errgroup"
+
+	"github.com/pelicanplatform/pelican/config"
 )
 
 // Wait until given `reqUrl` returns a HTTP 200.
@@ -131,21 +130,6 @@ func WaitUntilWorking(ctx context.Context, method, reqUrl, server string, expect
 	}
 }
 
-// For calling from within the server. Returns the server's issuer URL/port
-func GetServerIssuerURL() (*url.URL, error) {
-	issuerUrlStr, err := config.GetServerIssuerURL()
-	if err != nil {
-		return nil, errors.Wrap(err, "The server failed to determine its own issuer url. Something is wrong!")
-	}
-
-	issuerUrl, err := url.Parse(issuerUrlStr)
-	if err != nil {
-		return nil, errors.Wrapf(err, "The server's issuer URL is malformed: %s. Something is wrong!", param.Server_IssuerUrl.GetString())
-	}
-
-	return issuerUrl, nil
-}
-
 // Launch a maintenance goroutine.
 // The maintenance routine will watch the directory `dirPath`, invoking `maintenanceFunc` whenever
 // an event occurs in the directory.  Note the behavior of directory watching differs across platforms;

diff --git a/xrootd/authorization.go b/xrootd/authorization.go
@@ -442,11 +442,8 @@ func GenerateMonitoringIssuer() (issuer Issuer, err error) {
 		return
 	}
 	issuer.Name = "Built-in Monitoring"
-	issuerUrl, err := server_utils.GetServerIssuerURL()
-	if err != nil {
-		return
-	}
-	issuer.Issuer = issuerUrl.String()
+	// We use server local issuer regardless of Server.IssuerUrl
+	issuer.Issuer = param.Server_ExternalWebUrl.GetString()
 	issuer.BasePaths = []string{"/pelican/monitoring"}
 	issuer.DefaultUser = "xrootd"
 
@@ -459,11 +456,11 @@ func GenerateOriginIssuer(exportedPaths []string) (issuer Issuer, err error) {
 		return
 	}
 	issuer.Name = "Origin"
-	issuerUrl, err := server_utils.GetServerIssuerURL()
+	issuerUrl, err := config.GetServerIssuerURL()
 	if err != nil {
 		return
 	}
-	issuer.Issuer = issuerUrl.String()
+	issuer.Issuer = issuerUrl
 	issuer.BasePaths = exportedPaths
 	issuer.RestrictedPaths = param.Origin_ScitokensRestrictedPaths.GetStringSlice()
 	issuer.MapSubject = param.Origin_ScitokensMapSubject.GetBool()
@@ -556,36 +553,47 @@ func EmitScitokensConfig(server server_structs.XRootDServer) error {
 }
 
 // Writes out the origin's scitokens.cfg configuration
-func WriteOriginScitokensConfig(exportedPaths []string) error {
+func WriteOriginScitokensConfig(authedPaths []string) error {
 	cfg, err := makeSciTokensCfg()
 	if err != nil {
 		return err
 	}
-	if issuer, err := GenerateMonitoringIssuer(); err == nil && len(issuer.Name) > 0 {
+	if issuer, err := GenerateOriginIssuer(authedPaths); err == nil && len(issuer.Name) > 0 {
 		if val, ok := cfg.IssuerMap[issuer.Issuer]; ok {
 			val.BasePaths = append(val.BasePaths, issuer.BasePaths...)
+			val.Name += " and " + issuer.Name
 			cfg.IssuerMap[issuer.Issuer] = val
 		} else {
 			cfg.IssuerMap[issuer.Issuer] = issuer
 			cfg.Global.Audience = append(cfg.Global.Audience, config.GetServerAudience())
 		}
+	} else if err != nil {
+		return errors.Wrap(err, "failed to generate xrootd issuer for the origin")
 	}
-	if issuer, err := GenerateOriginIssuer(exportedPaths); err == nil && len(issuer.Name) > 0 {
+
+	if issuer, err := GenerateMonitoringIssuer(); err == nil && len(issuer.Name) > 0 {
 		if val, ok := cfg.IssuerMap[issuer.Issuer]; ok {
 			val.BasePaths = append(val.BasePaths, issuer.BasePaths...)
+			val.Name += " and " + issuer.Name
 			cfg.IssuerMap[issuer.Issuer] = val
 		} else {
 			cfg.IssuerMap[issuer.Issuer] = issuer
 			cfg.Global.Audience = append(cfg.Global.Audience, config.GetServerAudience())
 		}
+	} else if err != nil {
+		return errors.Wrap(err, "failed to generate xrootd issuer for self-monitoring")
 	}
+
 	if issuer, err := GenerateDirectorMonitoringIssuer(); err == nil && len(issuer.Name) > 0 {
 		if val, ok := cfg.IssuerMap[issuer.Issuer]; ok {
 			val.BasePaths = append(val.BasePaths, issuer.BasePaths...)
+			val.Name += " and " + issuer.Name
 			cfg.IssuerMap[issuer.Issuer] = val
 		} else {
 			cfg.IssuerMap[issuer.Issuer] = issuer
 		}
+	} else if err != nil {
+		return errors.Wrap(err, "failed to generate xrootd issuer for director-based monitoring")
 	}
 
 	return writeScitokensConfiguration(config.OriginType, &cfg)

diff --git a/xrootd/resources/test-scitokens-monitoring.cfg b/xrootd/resources/test-scitokens-monitoring.cfg
@@ -27,10 +27,9 @@ issuer = https://demo.scitokens.org
 base_path = /foo, /bar
 default_user = osg
 
-[Issuer Built-in Monitoring]
+[Issuer Origin and Built-in Monitoring]
 issuer = https://origin.example.com:8444
-base_path = /pelican/monitoring, /foo/bar
-default_user = xrootd
+base_path = /foo/bar, /pelican/monitoring
 
 [Issuer WLCG]
 issuer = https://wlcg.cnaf.infn.it