Loading...

Xporter

XML

Word

Printable

Details

Type: Feature
Priority: Should have
Fix Version/s: PI13
Component/s: None
Labels:
None

ARTs:

Data Processing
Benefit hypothesis:

Hide

Enabling token-based authentication on our Rucio data management instance would greatly improve our ability to scale up to new sites as it would allow us to move away from user/password or X509 certificates and better understand how to integrate a future SKAO/SRC authentication service.

Show
Enabling token-based authentication on our Rucio data management instance would greatly improve our ability to scale up to new sites as it would allow us to move away from user/password or X509 certificates and better understand how to integrate a future SKAO/SRC authentication service.
Acceptance criteria:
Hide

Ability to upload data to one of the sites of the SKAO data lake prototype using only an IAM-issued token for authentication.

Ability to replicate data between two sites of the SKAO data lake prototype using only IAM-issued token for authentication.
Show
Ability to upload data to one of the sites of the SKAO data lake prototype using only an IAM-issued token for authentication. Ability to replicate data between two sites of the SKAO data lake prototype using only IAM-issued token for authentication.
Feature Points:
2.5
Initial Size:
2.5
WSJF:
0
Epic Link:
SRC Prototyping
Agile Teams:

Team_ESCAPEES
Due Sprint:
Sprint 5
Story Point Burn-up:
Overdue:
Outcomes:

Hide

This has involved a significant chunk of work, as it turned out that some of the layers of functionality had not previously been tested, and had issues/bugs that had to be resolved along the way.

The refined notes are available here: https://gitlab.com/ska-telescope/src/ska-rucio-prototype/-/blob/master/notes/enable-tokens-1.26.2.md.

Demo: https://drive.google.com/file/d/1DJtf7091-pd36AMSu9NiA7TjUKWvvpgW/view?usp=sharing

Show
This has involved a significant chunk of work, as it turned out that some of the layers of functionality had not previously been tested, and had issues/bugs that had to be resolved along the way. The refined notes are available here: https://gitlab.com/ska-telescope/src/ska-rucio-prototype/-/blob/master/notes/enable-tokens-1.26.2.md . Demo: https://drive.google.com/file/d/1DJtf7091-pd36AMSu9NiA7TjUKWvvpgW/view?usp=sharing
Resolved PI.Sprint:
13.6

Feature Checklist:

Stories Completed, Integrated, Outcomes Reviewed, NFRS met, Demonstrated, Satisfies Acceptance Criteria, Accepted by FO

Demos:
Requirement Status:

PI22 - UNCOVERED

Description

Our Rucio instances currently support only X509 or user/password based authentication. Rucio itself can also authenticate requests using an OAuth2 token, however this is made complicated by the requirement that sites contributing the storage to the data lake must also support this authentication workflow.

In the ESCAPE project it has been demonstrated that both the Rucio orchestrator and several of the contributing sites can support the token-based authentication provided by the ESCAPE IAM service. We now wish to replicate this, making use of the expertise of our ESCAPE colleagues to reproduce this aspect of the ESCAPE data lake prototype in our own.

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(2 mentioned in)

Structure

Activity

People

Assignee:: Mort, Ben

Reporter:: Collinson, James

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Feature Progress

Story Point Burn-up: (100.00%)

Feature Estimate: 2.5

	Issues	Story Points
To Do	0	0.0
In Progress	0	0.0
Complete	7	20.0
Total	7	20.0

Dates

Created:: 30/Nov/21 10:39 AM

Updated:: 15/Apr/24 9:45 AM

Resolved:: 03/Mar/22 10:30 PM

Enable token-based authentication in SKAO Rucio prototype