Merge branch 'airavata-3401'
diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
index 724e27c..a5e1894 100644
--- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
+++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java
@@ -5081,9 +5081,11 @@
sharingClient.shareEntityWithUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "READ", true);
else if(userPermission.getValue().equals(ResourcePermissionType.MANAGE_SHARING)) {
- if (userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER))
+ if (userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER)) {
+ createManageSharingPermissionTypeIfMissing(sharingClient, gatewayId);
sharingClient.shareEntityWithUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "MANAGE_SHARING", true);
+ }
else
throw new AuthorizationException("User is not allowed to grant sharing permission because the user is not the resource owner.");
}
@@ -5126,9 +5128,11 @@
sharingClient.shareEntityWithGroups(gatewayId, resourceId,
Arrays.asList(groupPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "READ", true);
else if(groupPermission.getValue().equals(ResourcePermissionType.MANAGE_SHARING)){
- if(userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER))
+ if(userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER)) {
+ createManageSharingPermissionTypeIfMissing(sharingClient, gatewayId);
sharingClient.shareEntityWithGroups(gatewayId, resourceId,
Arrays.asList(groupPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "MANAGE_SHARING", true);
+ }
else
throw new AuthorizationException("User is not allowed to grant sharing permission because the user is not the resource owner.");
}
@@ -5170,9 +5174,11 @@
sharingClient.revokeEntitySharingFromUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "READ");
else if(userPermission.getValue().equals(ResourcePermissionType.MANAGE_SHARING)){
- if (userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER))
+ if (userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER)) {
+ createManageSharingPermissionTypeIfMissing(sharingClient, gatewayId);
sharingClient.revokeEntitySharingFromUsers(gatewayId, resourceId,
Arrays.asList(userPermission.getKey()), authzToken.getClaimsMap().get(Constants.GATEWAY_ID) + ":" + "MANAGE_SHARING");
+ }
else
throw new AuthorizationException("User is not allowed to change sharing permission because the user is not the resource owner.");
}
@@ -5213,7 +5219,7 @@
ResourceType.EXPERIMENT, ResourceType.APPLICATION_DEPLOYMENT, ResourceType.GROUP_RESOURCE_PROFILE
));
if (adminRestrictedResourceTypes.contains(resourceType)) {
- // Prevent removing Admins WRITE access and Read Only Admins READ access
+ // Prevent removing Admins WRITE/MANAGE_SHARING access and Read Only Admins READ access
GatewayGroups gatewayGroups = retrieveGatewayGroups(regClient, gatewayId);
if (groupPermissionList.containsKey(gatewayGroups.getAdminsGroupId())
&& groupPermissionList.get(gatewayGroups.getAdminsGroupId()).equals(ResourcePermissionType.WRITE)) {
@@ -5224,8 +5230,12 @@
throw new Exception("Not allowed to remove Read Only Admins group's READ access.");
}
if (groupPermissionList.containsKey(gatewayGroups.getAdminsGroupId())
+ && groupPermissionList.get(gatewayGroups.getAdminsGroupId()).equals(ResourcePermissionType.READ)) {
+ throw new Exception("Not allowed to remove Admins group's READ access.");
+ }
+ if (groupPermissionList.containsKey(gatewayGroups.getAdminsGroupId())
&& groupPermissionList.get(gatewayGroups.getAdminsGroupId()).equals(ResourcePermissionType.MANAGE_SHARING)) {
- throw new Exception("Not allowed to remove Admins group's SHARING access.");
+ throw new Exception("Not allowed to remove Admins group's MANAGE_SHARING access.");
}
}
for(Map.Entry<String, ResourcePermissionType> groupPermission : groupPermissionList.entrySet()){
@@ -5236,9 +5246,11 @@
sharingClient.revokeEntitySharingFromUsers(gatewayId, resourceId,
Arrays.asList(groupPermission.getKey()), gatewayId + ":" + "READ");
else if(groupPermission.getValue().equals(ResourcePermissionType.MANAGE_SHARING)){
- if(userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER))
+ if(userHasAccessInternal(sharingClient, authzToken, resourceId, ResourcePermissionType.OWNER)) {
+ createManageSharingPermissionTypeIfMissing(sharingClient, gatewayId);
sharingClient.revokeEntitySharingFromUsers(gatewayId, resourceId,
Arrays.asList(groupPermission.getKey()), gatewayId + ":" + "MANAGE_SHARING");
+ }
else
throw new AuthorizationException("User is not allowed to change sharing because the user is not the resource owner");
}
@@ -6098,6 +6110,8 @@
private void shareEntityWithAdminGatewayGroups(RegistryService.Client regClient, SharingRegistryService.Client sharingClient, Entity entity) throws TException {
final String domainId = entity.getDomainId();
GatewayGroups gatewayGroups = retrieveGatewayGroups(regClient, domainId);
+ createManageSharingPermissionTypeIfMissing(sharingClient, domainId);
+ sharingClient.shareEntityWithGroups(domainId, entity.getEntityId(), Arrays.asList(gatewayGroups.getAdminsGroupId()), domainId + ":MANAGE_SHARING", true);
sharingClient.shareEntityWithGroups(domainId, entity.getEntityId(), Arrays.asList(gatewayGroups.getAdminsGroupId()), domainId + ":WRITE", true);
sharingClient.shareEntityWithGroups(domainId, entity.getEntityId(), Arrays.asList(gatewayGroups.getAdminsGroupId(), gatewayGroups.getReadOnlyAdminsGroupId()), domainId + ":READ", true);
}
@@ -6133,6 +6147,20 @@
throw new RuntimeException("Unrecognized entity type id: " + entity.getEntityTypeId());
}
+ private void createManageSharingPermissionTypeIfMissing(SharingRegistryService.Client sharingClient, String domainId) throws TException {
+ // AIRAVATA-3297 Some gateways were created without the MANAGE_SHARING permission, so add it if missing
+ String permissionTypeId = domainId + ":MANAGE_SHARING";
+ if (!sharingClient.isPermissionExists(domainId, permissionTypeId)) {
+ PermissionType permissionType = new PermissionType();
+ permissionType.setPermissionTypeId(permissionTypeId);
+ permissionType.setDomainId(domainId);
+ permissionType.setName("MANAGE_SHARING");
+ permissionType.setDescription("Manage sharing permission type");
+ sharingClient.createPermissionType(permissionType);
+ logger.info("Created MANAGE_SHARING permission type for domain " + domainId);
+ }
+ }
+
private GatewayGroups retrieveGatewayGroups(RegistryService.Client regClient, String gatewayId) throws TException {
if (regClient.isGatewayGroupsExists(gatewayId)) {
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/global-flood/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/global-flood/vars.yml
new file mode 100644
index 0000000..16df3d6
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/global-flood/vars.yml
@@ -0,0 +1,53 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+#gateway_data_store_resource_id: "js-168-166.jetstream-cloud.org_e86fd426-201a-461a-a0b4-4368af59ca28"
+#gateway_data_store_hostname: "js-168-166.jetstream-cloud.org"
+
+vhost_servername: "globalflood.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/globalflood.scigap.org/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/globalflood.scigap.org/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/globalflood.scigap.org/privkey.pem"
+
+
+## Keycloak related variables
+tenant_domain: "global-flood"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+auth_options:
+ password:
+ name: "Global Flood Assessment Gateway"
+ external:
+ - name: "Existing Institution Credentials"
+ idp_alias: "cilogon"
+ logo: "images/cilogon-logo-24x24-b.png"
+
+gateway_id: "global-flood"
+experiment_data_dir: "{{ user_data_dir }}/global-flood"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPuGmLPwwXu15TCdLwsE9dFoWJu1kzQzdLukslMKjVCf05Fe+MyCP7EG5n1psGigSORGm0bo/9t9fPQGyPRUR2jIBI5lR2bE5JJ8XNotf+Gdv45FXhXHTIPSeb1bAymEQVghALxqeYOWnnP+6aL61Zy6nAokMJdkdRXFRxr0paYLbH3oaCAVdp2ggMXP+KMvkKHjMSa9aZFK/V/YrIRONKDrdK+DV7D0xk4XGplRAsw8UpS8GJipfq8uTM23Tr/UMCYUCbW8qqf0HYFohY+51lT/1JjYb+cBWjy1iuNGVQVnQsuNSOoDnW1C07V6VFzwKZJOv+rYhw6iL5rcq3fzDD"
+
+admin_emails: "[('CIRC', 'circ-iu-group@iu.edu'),('Wang Jun','wang208@iu.edu')]"
+portal_title: "Global Flood Assessment Gateway"
+
+#django_google_analytics_tracking_id: "UA-66348921-1"
+...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/global-flood/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/global-flood/vault.yml
new file mode 100644
index 0000000..11892c3
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/global-flood/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+37626635613934633764323832616234313762356331386239333735326635633232346237653261
+3266623134383564383631326536353139626565393366350a666166313965306331626133363734
+34383365333333646661346537653835393861323331303932333734363761633338333861656263
+3561636365383632660a623934663233326538306561616532653530623938353634663962623033
+66336233313434663431383934326162366231386335653630613431396539323030363562626234
+64383162333265323434313238396337313131313537633637343530383061613233353334313638
+64363861656235303430386431393039396135383031323865333039653365363633363230303862
+39643265333265313136643234303466343965646263613133353063396265383438306461656663
+38306265646631336235303236656363666633346232616266326466303936636234653931373466
+39633232353966336334323161396236393266663935656437383235626339616638313562373739
+37343631616338633130373839643537326139346437653339353238613230333936353534663165
+37353833643338633035653736333966613139623663646366363431313237383065346564306335
+33623637353839386433346131323438653933663138366330313133313139376461353462356363
+6563346534383030383633663962663237386438376433656365
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/hicops-deepsnap/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/hicops-deepsnap/vars.yml
new file mode 100644
index 0000000..180e6dc
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/hicops-deepsnap/vars.yml
@@ -0,0 +1,54 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+#gateway_data_store_resource_id: "js-168-166.jetstream-cloud.org_e86fd426-201a-461a-a0b4-4368af59ca28"
+#gateway_data_store_hostname: "js-168-166.jetstream-cloud.org"
+
+vhost_servername: "hicops.cs.fiu.edu"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/hicops.cs.fiu.edu/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/hicops.cs.fiu.edu/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/hicops.cs.fiu.edu/privkey.pem"
+
+#django_file_upload_max_file_size_mb: 2500
+
+## Keycloak related variables
+tenant_domain: "hicops"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+auth_options:
+ password:
+ name: "HICOPS Gateway"
+ external:
+ - name: "Existing Institution Credentials"
+ idp_alias: "cilogon"
+ logo: "images/cilogon-logo-24x24-b.png"
+
+gateway_id: "hicops"
+experiment_data_dir: "{{ user_data_dir }}/hicops"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnwOfvXERKIUcsH9W4GH+S+glClMrxzlEV6cXtCgrr92ooTEw3oxjmQGyvGs0G6AFHe7Tbkxnp6QBFD/VvNLpaXcvZc3t37IvbKqm2Wu5TkLhgHZqG/ceGSlaLqgKIhU5kENF3Y0XtK/QSd4hfECWQ/VyzafPCLs88xuaXdhUQE4dw+COrimaW57nCZ/A1lspBIKsnwxqFpmIXE1gsR/eU0UjVCNixm3PoO+0hr6MTzzped+xAdQHuTST/0bu0vcrK1qVixsD8rKVLgaaEaHml93vG85wlzBmsiGID4yKNTJSQBNn3G8r51mjzw72tRHovaYlP3NMpPuWeVZgY7WF9"
+
+admin_emails: "[('CIRC', 'circ-iu-group@iu.edu'),('Muhammad Haseeb','mhaseeb@fiu.edu'),('Fahad Saeed','fsaeed@fiu.edu')]"
+portal_title: "HICOPS Portal"
+
+#django_google_analytics_tracking_id: "UA-66348921-1"
+...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/hicops-deepsnap/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/hicops-deepsnap/vault.yml
new file mode 100644
index 0000000..0e67a43
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/hicops-deepsnap/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+65343532636331363838383766326637306364313564623364656535643463633730383262343961
+6238656335356538303063626137333231336465623764610a356263643833306332633965373365
+66326363346463616230306635663663623366656536336338613862653831333639383030656330
+6337313762373934640a383661333838373032626163363432323139326433353762346233373936
+36633363383738366437333166623530633465313963363331643364396466376133346134353264
+39313861636138626531373733336533643863643966346431626433633937333038643933383436
+31663164623731383737393831383866653437333062336165393861343466616435326330333662
+36303938666166623161373137306531343330623365383666333731633531323337653431636533
+33363066393261383133346263643230313263343836343239386336393165303530346662376463
+66643563396334376332653337326232383033626363633533333636353530383762663238623737
+35633864383839373235346665386561646332386437623636623130666637316161626532376331
+61633963666138326262633737663862646561393137313066353932623232633765646337343439
+64323664643966326166346437633636326239336139363234636338313162643836393165663135
+3732376230386463353264626365653566363937363636663437
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/immune/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/immune/vars.yml
new file mode 100644
index 0000000..464f0dc
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/immune/vars.yml
@@ -0,0 +1,54 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+#gateway_data_store_resource_id: "js-168-166.jetstream-cloud.org_e86fd426-201a-461a-a0b4-4368af59ca28"
+#gateway_data_store_hostname: "js-168-166.jetstream-cloud.org"
+
+vhost_servername: "immuneportal.ccbb.iupui.edu"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/immuneportal.ccbb.iupui.edu/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/immuneportal.ccbb.iupui.edu/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/immuneportal.ccbb.iupui.edu/privkey.pem"
+
+django_file_upload_max_file_size_mb: 2500
+
+## Keycloak related variables
+tenant_domain: "immune"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+auth_options:
+ password:
+ name: "Immune Portal"
+ external:
+ - name: "Existing Institution Credentials"
+ idp_alias: "cilogon"
+ logo: "images/cilogon-logo-24x24-b.png"
+
+gateway_id: "immune"
+experiment_data_dir: "{{ user_data_dir }}/immune"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCntbE2GLI5S2QNRlruR8vjmLHUbpePz9NBcSJuvffOT+R75nsWlyjVEI7Tn43qvJMPR7SpOy5W5u7mmjLYx0lphMv5RJ64Hy5tIK39RlXya3s/+0gyA//I9tS4BAt7NKmGItvIZI/JLGxyUY8ZTnkRofAbEHJy3KtW1lBWUHKNsJfXyR7KJwmEkOVMU8x4fC/C/OyfsofsipG82fYJlfAgpJc+kODAgJBZI90h9pisOmfk2Wkiqt6aC3JHUZmIF2x3w5eXyhTc6RCBgNNQUy88KPOp5neMnCEbrCMx0aZGqLZFb9Q+4DVdnsmS+QvCEEpI8eFiceSN0D1Yo5IC9bvh"
+
+admin_emails: "[('CIRC', 'circ-iu-group@iu.edu'),('Chuanpeng Dong','cpdong@iu.edu')]"
+portal_title: "Immune Portal"
+
+#django_google_analytics_tracking_id: "UA-66348921-1"
+...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/immune/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/immune/vault.yml
new file mode 100644
index 0000000..5ff053e
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/immune/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+31383835363561393637363930353739386334633762396434376139663637343630663564373937
+3836353265666639663537633034313933343361346534640a313038653239643035303033653936
+31323665333332326130313132303164373830393662353237376661313461663032646363333865
+3731623134393466310a636366343534623334666564313363633533373833323132386134656636
+38656466396631323663616138643061333730636239623461633061663136386537383165353834
+39626536333938386264366563386361323163376136613332623561616565383531663937353763
+35633933333266353634366666326538343663393534393464613431666133316430316666396638
+30623061613866383032303035616630623135396462633036373533666663663533313435323238
+36373639663930656561616339363632386662383532643538633130303932333739303536643861
+36306530363136653538643466613061353231303931326362346136633362366132316165366437
+65393264613764626331663739363632316161353761333036326630326232643533643561393238
+61313739656630653039343163663662623466326234666437653937356630343535643636393639
+64633464623934643334303763363938666538363063643765316639653833303363616133356538
+3239633763303865373836353762346139363237643662613930
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/louisiana-state/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/louisiana-state/vars.yml
new file mode 100644
index 0000000..ee0f4b5
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/louisiana-state/vars.yml
@@ -0,0 +1,54 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+#gateway_data_store_resource_id: "js-168-166.jetstream-cloud.org_e86fd426-201a-461a-a0b4-4368af59ca28"
+#gateway_data_store_hostname: "js-168-166.jetstream-cloud.org"
+
+vhost_servername: "gateway.hpc.lsu.edu"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/gateway.hpc.lsu.edu/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/gateway.hpc.lsu.edu/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/gateway.hpc.lsu.edu/privkey.pem"
+
+#django_file_upload_max_file_size_mb: 2500
+
+## Keycloak related variables
+tenant_domain: "louisiana-state"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+auth_options:
+ password:
+ name: "LSU Gateway"
+ external:
+ - name: "Existing Institution Credentials"
+ idp_alias: "cilogon"
+ logo: "images/cilogon-logo-24x24-b.png"
+
+gateway_id: "louisiana-state"
+experiment_data_dir: "{{ user_data_dir }}/louisiana-state"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGku09BKS2SsQvp6rwoKqvbGrjZ7YcUUFU3zqU7Rd+jtxaRMw/di+ejAcJ3ouQhikW1RsF5BhulWHa7YtH3D/GaDpUeosdYn7al/TuJhC+GEsdVc9hCDxbFY2b7wjF4K8Xt+5/y/ySzTCb1V40ExfH/tBC/9c1CvdkJv4+a8t9O+ZgnWdR6pSarzyFIAXe6oFHauq4o8LRYyBhWaF+4NQDOx/bC46AiaRUtwhWUG5mhEZtKJO9GTcmOMT+TD2U6BDtT6yhL+A+FSM7TepY9nBeO+YHWbZf/yydAjRh8cONWpy7QPieSYm8yAkk0sF8qqAkZusgJFIIhPK/CJQioxuv"
+
+admin_emails: "[('CIRC', 'circ-iu-group@iu.edu'),('Zach Byerly','zbyerl1@lsu.edu')]"
+portal_title: "LSU Portal"
+
+#django_google_analytics_tracking_id: "UA-66348921-1"
+...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/louisiana-state/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/louisiana-state/vault.yml
new file mode 100644
index 0000000..1240194
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/louisiana-state/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+38313835326431336534323663636437366161386238393036343134323133326262383864383635
+3332613534386432306362616637313831346663393666340a363466343433396562626533333763
+66366662313531666533323562306130666161326138643737666361613736336164633430356662
+3136616438326134360a383364363464623330333230383965336134643230393930323961663737
+66613361376330663339353663613561613135326264313131316433616332623465343434396331
+65366635313238653261373766303062643562623733366166373430373539653662663361346464
+30366262313966356430623231366161303237646631653738646266646366313531393365353062
+61303061623733353263373736396235313634613239636265613535663662666533653136353632
+62383566373865643164333532356638333034316137323061653539626561356639373334666137
+33636336306637313864633430666533306433653038393734623063633532306662636536366235
+32323336373837396537373665353632363163653437366332306264613332633034623564633634
+61363036323235363839363930643862336664663934653334656132366638643733396232643330
+61613435653534353531623561346133373864656163323763666264353335633332613533393732
+6338613461626165363163383332363838333637613934656438
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/microbial-genomes/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/microbial-genomes/vars.yml
index a6653f0..e7bcd2d 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/microbial-genomes/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/microbial-genomes/vars.yml
@@ -48,7 +48,7 @@
experiment_data_dir: "{{ user_data_dir }}/microbial-genomes"
gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCG/syNtrxrgfdHpxln172epFN36uztXhblac4uqNYW9Qlp8K5YI1MICxCW+HJu1mOkIvOLseYaZm1m8Vt7KwTvp/RP6iyZ8M/fWMPO+v9ZLjGupi/iDLA8JNfD0trpwXzW4PCFaqPG2+LtpzsfsI8Bx6UwFXbHKdEo5eC548Cc5EVkZ9xFEChCQHdUcxWI7zs7+S9wsAOY3Qbsrg/UtLAe4P8ZFxABSgBdirKusxdbw/0LgVhkj1aTKIE7n+7b7b11m4A1bzvsvhNLBlN+hRXG9ZiOOYExO1T5p3rX+HHIeUNAi1AMlc6KTa833ni0FWK3EYbGEwC1og6hSfl2ZGRp"
-admin_emails: "[('SGRC', 'sgrc-iu-group@iu.edu'),('Luis Rodriguez Rojas', 'lrr@gatech.edu')]"
+admin_emails: "[('SGRC', 'sgrc-iu-group@iu.edu'),('Luis Rodriguez Rojas', 'miguel.rodriguez@uibk.ac.at'),('Konstantinos Konstantinidis','kostas@ce.gatech.edu'),('Luis Rodriguez Rojas','lmrodriguezr@gmail.com')]"
portal_title: "Microbial Genomes Gateway"
django_google_analytics_tracking_id: "UA-177964723-1"
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/mines/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/mines/vars.yml
index 62f6f51..7947beb 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/mines/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/mines/vars.yml
@@ -1,4 +1,4 @@
-#
+ #
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/regsnps/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/regsnps/vars.yml
new file mode 100644
index 0000000..eb9d483
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/regsnps/vars.yml
@@ -0,0 +1,53 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+#gateway_data_store_resource_id: "js-168-166.jetstream-cloud.org_e86fd426-201a-461a-a0b4-4368af59ca28"
+#gateway_data_store_hostname: "js-168-166.jetstream-cloud.org"
+
+vhost_servername: "regsnps.ccbb.iupui.edu"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/regsnps.ccbb.iupui.edu/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/regsnps.ccbb.iupui.edu/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/regsnps.ccbb.iupui.edu/privkey.pem"
+
+
+## Keycloak related variables
+tenant_domain: "regsnps"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+auth_options:
+ password:
+ name: "RegSNPs Gateway"
+ external:
+ - name: "Existing Institution Credentials"
+ idp_alias: "cilogon"
+ logo: "images/cilogon-logo-24x24-b.png"
+
+gateway_id: "regsnps"
+experiment_data_dir: "{{ user_data_dir }}/regsnps"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAlldWcIK6yNgrj8Firns6JzHVv7iHEdj+VRe6GBIbPSsvY70dx6wfxxCaQvaEvfbXasdPsteTGxjYZ1qSiFQ5XWbX0azThxtMpz/ycQ0V9npsEhRMQ7dzRCI/r5RJOMryVK8KeHRxKJC3SUg4NkDqQ9TFkxYv0vWdsuhPFflpR2QvacD4kfh7nBvVhjxLqSlyDYJEJkKBuvx2n6p+Kx9sr9V1UXDZl22TXyTIHGdVwcTS6nhItqMeSCtBDsofv7U1xvKCb3u4D0tXlSAgLv7Anc+CQmJlj6QJQV4U2fsRy0eW+kkn5U3Dza9km0aXdAo+VHuBXdCGTG13e7yTgRRr"
+
+admin_emails: "[('CIRC', 'circ-iu-group@iu.edu')]"
+portal_title: "RegSNPs Gateway"
+
+#django_google_analytics_tracking_id: "UA-66348921-1"
+...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/regsnps/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/regsnps/vault.yml
new file mode 100644
index 0000000..abc9740
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/regsnps/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+34366238346164303231616665336337386235303337366338643364626430396239343862666561
+3566336332306335333264656165623165623961303065630a646139343136323837306562623863
+61656335643433396461316235306130623030383965396530353337366233316239333031653531
+3630366638356561380a303563373537343563643261343835663664303030336431366435393966
+66626264396632363331363336653565356465306365353732313732653938333836646237663361
+38656362663137623532616163393031663736633865393866646665656331613939333037393434
+35326434313031613731333063626136396461326231616262643931616266633532363630313735
+65623261386565363131353164383338303361323732643638623139323766353832646135626163
+65383631363031643164363939636233386164386261333935653239323831626130363331353963
+62393466316138353833376262386635623633616536313563393364636133643433396135346665
+30356362613366386461613934376661383033383061316636613964616138656137393263663331
+64633735373836653761383138343165646330393063653465656535356131633237663163666332
+65383537636230306233636436306430373834656438613861366538643135303731316332336238
+3265656662633865313264313536643561373661393635303436
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/rutgersgemr/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/rutgersgemr/vars.yml
deleted file mode 100644
index 7e7ede2..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/rutgersgemr/vars.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-vhost_servername: "gemr.scigap.org"
-vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/gemr.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/gemr.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/gemr.scigap.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "prostate-cancer-prediction"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-
-auth_options:
- password:
- name: "Prostate Cancer Prediction Gateway"
- # external:
- # - name: "existing institution credentials"
- # idp_alias: "cilogon"
- # logo: "images/cilogon-logo-24x24-b.png"
-
-gateway_id: "prostate-cancer-prediction"
-experiment_data_dir: "{{ user_data_dir }}/prostate-cancer-prediction"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaSojVxYa+6AS+jf+AyUnD0YqWisUeyiqjJ1Bi0p+d0FCAgxk2xyOX1m1eVvOLlxoL1KYzHV6cBqLyhSMMRsp1qiDrWkq9UdJiSywO/KvgjKfMrOrsgSj84BRo7ceJK5irAqeGIdAgDhGTJFuV+OEm+iDaRK1Om2QvkuGwEYQ1EZLY9H7JpGgU6Fw0Aoh4e2wYwp/RQ2QGNjc5EGddZJZil8W3NlibKJ+5Yl90kyX3s2tEUjQSBNYXcokUvc01ZdfAY3TUwQlTlMyJpjZyuTF8Ea4fw3p9sVHRNrLIyCmYHrMxGTNVapV5bk1NZd1LxhqRjhKvIP4kFNd7lW30k/sT"
-
-admin_emails: "[('SGRC','sgrc-iu-group@iu.edu'),('Kristina Plazonic','kp807@oarc.rutgers.edu')]"
-portal_title: "Prostate Cancer Prediction Gateway"
-
-...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/rutgersgemr/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/rutgersgemr/vault.yml
deleted file mode 100644
index 755a82f..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/rutgersgemr/vault.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-32306130313732636537656435346434323632663564333832646665326639653166393263306235
-6530363831316437343936326364613438353164396231310a323833323535623566326437616166
-64336265383533373863396432356233623236363833613865373336336330343730366339363766
-3639376533616462340a656136313436353062386463613066653936356433623966383535613962
-37646565386434326666373232663562363561663164323564383265383232343337626363393731
-36613762306461353762353963613766323532623733643464616531646263663466636437633836
-30383233636132643264353665373339613333636463616665616664646231633238636534653735
-33626532383431313363393433356135333838303736363366393332346237353066323035323739
-32316337323165383864363038656234386636313961353365353036653132323034393963623730
-31323261613238626334623539393365306337613838386531353363386536613137316365333232
-35303339336161383431623531346663656633376466393364383961393436393338356165653561
-37336637336262633933363435333833653235643961616164383737306664363730643264333739
-30303166396566333962303633353038393630633337316330643231333463656637346632356663
-6231323363646663373563663332306539613364653662616139
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index 44ab76b..239ee89 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -43,7 +43,6 @@
oscer ansible_host=156.56.104.84
phasta ansible_host=156.56.104.84
r-hpc ansible_host=156.56.104.84
-rutgersgemr ansible_host=156.56.104.84
saverx ansible_host=156.56.104.84
sdstate ansible_host=156.56.104.84
seagrid ansible_host=156.56.104.84
@@ -66,6 +65,11 @@
tsunami ansible_host=156.56.104.84
geo ansible_host=156.56.104.84
covid-geoact ansible_host=156.56.104.84
+immune ansible_host=156.56.104.84
+regsnps ansible_host=156.56.104.84
+global-flood ansible_host=156.56.104.84
+louisiana-state ansible_host=156.56.104.84
+hicops-deepsnap ansible_host=156.56.104.84
# dreg jetstream server
dreg ansible_host=149.165.156.72 ansible_user=centos
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index c819c14..007b448 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -251,6 +251,16 @@
become: yes
when: ansible_os_family == "RedHat"
+# some Python libraries want to write files to /tmp and execute them, see
+# https://bugzilla.redhat.com/show_bug.cgi?id=645193 for more details
+- name: Allow Django code to exec in tmp directory
+ seboolean:
+ name: httpd_tmp_exec
+ state: yes
+ persistent: yes
+ become: yes
+ when: ansible_os_family == "RedHat"
+
- name: run restorecon on those directories
command: restorecon -F -R {{ doc_root_dir }}
become: yes
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 20f872f..bd7ba9b 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -79,4 +79,5 @@
port: 10050/tcp
immediate: yes
become: yes
+ when: ansible_os_family == "RedHat"
...
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index a217077..2f6ea87 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -48,7 +48,6 @@
- name: enable certbot (letsencrypt) renewal
systemd:
- state: started
enabled: true
name: certbot-renew
daemon_reload: true
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/messaging/SharingServiceDBEventHandler.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/messaging/SharingServiceDBEventHandler.java
index ecc6eb8..558f63f 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/messaging/SharingServiceDBEventHandler.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/messaging/SharingServiceDBEventHandler.java
@@ -244,6 +244,19 @@
log.warn("DuplicateEntryException while consuming TENANT create message, ex: " + ex.getMessage() + ", Permission Id : " + domain.getDomainId() + ":WRITE", ex);
}
+ log.info("Creating Permission Type. Id : " + domain.getDomainId()+":MANAGE_SHARING");
+ permissionType = new PermissionType();
+ permissionType.setPermissionTypeId(domain.getDomainId()+":MANAGE_SHARING");
+ permissionType.setDomainId(domain.getDomainId());
+ permissionType.setName("MANAGE_SHARING");
+ permissionType.setDescription("Manage sharing permission type");
+ try {
+ sharingRegistryClient.createPermissionType(permissionType);
+ log.debug("Permission Type created. Id : " + domain.getDomainId() + ":MANAGE_SHARING");
+ } catch (DuplicateEntryException ex) {
+ log.warn("DuplicateEntryException while consuming TENANT create message, ex: " + ex.getMessage() + ", Permission Id : " + domain.getDomainId() + ":MANAGE_SHARING", ex);
+ }
+
break;
}
