Pulling master branch from UC into our development branch, catching up (

#3) * Base image v1.4.1 for faster start up (uc-cdis#846) * fix(google): when linking an external bucket, search for existing bucket before creating another * Update fence_create.py * Update fence_create.py * Add support to accept userid in RAS Co-authored-by: Pauline Ribeyre <[email protected]> Co-authored-by: Alexander VT <[email protected]> Co-authored-by: Alexander VanTol <[email protected]> Co-authored-by: BinamB <[email protected]> Co-authored-by: Binam Bajracharya <[email protected]>
rolinge · Dec 4, 2020 · 2af4f6c · 2af4f6c
1 parent bb9dbb3
commit 2af4f6c
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # To run: docker run --rm -d -v /path/to/fence-config.yaml:/var/www/fence/fence-config.yaml --name=fence -p 80:80 fence
 # To check running container: docker exec -it fence /bin/bash
 
-FROM quay.io/cdis/python-nginx:pybase3-1.4.0
+FROM quay.io/cdis/python-nginx:pybase3-1.4.1
 
 ENV appname=fence
 

diff --git a/fence/resources/openid/ras_oauth2.py b/fence/resources/openid/ras_oauth2.py
@@ -73,6 +73,9 @@ def get_user_id(self, code):
             if userinfo.get("UserID"):
                 username = userinfo["UserID"]
                 field_name = "UserID"
+            elif userinfo.get("userid"):
+                username = userinfo["userid"]
+                field_name = "userid"
             elif userinfo.get("preferred_username"):
                 username = userinfo["preferred_username"]
                 field_name = "preferred_username"

diff --git a/fence/scripting/fence_create.py b/fence/scripting/fence_create.py
@@ -1318,6 +1318,38 @@ def link_external_bucket(db, name):
     with db.session as current_session:
         google_cloud_provider = _get_or_create_google_provider(current_session)
 
+        # search for existing bucket based on name, try to use existing group email
+        existing_bucket = current_session.query(Bucket).filter_by(name=name).first()
+        if existing_bucket:
+            access_group = (
+                current_session.query(GoogleBucketAccessGroup)
+                .filter(GoogleBucketAccessGroup.privileges.any("read"))
+                .filter_by(bucket_id=existing_bucket.id)
+                .all()
+            )
+            if len(access_group) > 1:
+                raise Exception(
+                    f"Existing bucket {name} has more than 1 associated "
+                    "Google Bucket Access Group with privilege of 'read'. "
+                    "This is not expected and we cannot continue linking."
+                )
+            elif len(access_group) == 0:
+                raise Exception(
+                    f"Existing bucket {name} has no associated "
+                    "Google Bucket Access Group with privilege of 'read'. "
+                    "This is not expected and we cannot continue linking."
+                )
+
+            access_group = access_group[0]
+
+            email = access_group.email
+
+            logger.warning(
+                f"bucket already exists with name: {name}, using existing group email: {email}"
+            )
+
+            return email
+
         bucket_db_entry = Bucket(name=name, provider_id=google_cloud_provider.id)
         current_session.add(bucket_db_entry)
         current_session.commit()