Merge pull request #2171 from matyasselmeci/pr/SOFTWARE-4915.subject-…

…field Add "Description" and "Subject" fields to TokenIssuers lists (SOFTWARE-4915)
opensciencegrid · Dec 2, 2021 · 4429ec9 · 4429ec9
2 parents 06fe63c + 3662117
commit 4429ec9
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 8 deletions.
diff --git a/bin/get-scitokens-mapfile b/bin/get-scitokens-mapfile
@@ -45,19 +45,30 @@ def main(argv):
     for vo_name, vo_data in all_vos_data.vos.items():
         if is_null(vo_data, "Credentials", "TokenIssuers"):
             continue
-        mapfile += f"# {vo_name}\n"
+        mapfile += f"## {vo_name} ##\n"
         for token_issuer in vo_data["Credentials"]["TokenIssuers"]:
             url = token_issuer.get("URL")
+            subject = token_issuer.get("Subject", "")
+            description = token_issuer.get("Description", "")
+            pattern = ""
             if url:
-                if args.regex:
-                    url = f'/^{re.escape(url)},/'
+                if subject:
+                    if args.regex:
+                        pattern = f'/^{re.escape(url)},{re.escape(subject)}$/'
+                    else:
+                        pattern = f'"{url},{subject}"'
                 else:
-                    url = f'"{url}"'
+                    if args.regex:
+                        pattern = f'/^{re.escape(url)},/'
+                    else:
+                        pattern = f'"{url}"'
             unix_user = token_issuer.get("DefaultUnixUser")
-            if url and unix_user:
-                mapfile += f"SCITOKENS {url} {unix_user}\n"
+            if description:
+                mapfile += f"# {description}:\n"
+            if pattern and unix_user:
+                mapfile += f"SCITOKENS {pattern} {unix_user}\n"
             else:
-                mapfile += f"# invalid SCITOKENS: {url or '<NO URL>'} {unix_user or '<NO UNIX USER>'}\n"
+                mapfile += f"# invalid SCITOKENS: {pattern or '<NO URL>'} {unix_user or '<NO UNIX USER>'}\n"
                 if args.strict:
                     print(mapfile, file=sys.stderr)
                     sys.exit("Invalid scitoken found in strict mode")

diff --git a/src/schema/vosummary.xsd b/src/schema/vosummary.xsd
@@ -187,6 +187,8 @@
                               <xsd:sequence>
                                 <xsd:element name="URL" type="xsd:string"/>
                                 <xsd:element name="DefaultUnixUser" type="xsd:string"/>
+                                <xsd:element name="Description" type="xsd:string"/>
+                                <xsd:element name="Subject" type="xsd:string"/>
                               </xsd:sequence>
                             </xsd:complexType>
                           </xsd:element>

diff --git a/src/webapp/vos_data.py b/src/webapp/vos_data.py
@@ -102,7 +102,9 @@ def _expand_vo(self, name: str, authorized: bool, filters: Filters) -> Optional[
                 new_token_issuers = [
                     OrderedDict([
                         ("URL", x.get("URL")),
-                        ("DefaultUnixUser", x.get("DefaultUnixUser"))
+                        ("DefaultUnixUser", x.get("DefaultUnixUser")),
+                        ("Description", x.get("Description")),
+                        ("Subject", x.get("Subject")),
                     ])
                     for x in token_issuers
                 ]

diff --git a/template-virtual-organization.yaml b/template-virtual-organization.yaml
@@ -48,8 +48,12 @@ Contacts:
 #   # TokenIssuers:
 #   ### URL is the https URL of your scitokens issuer, e.g. https://scitokens.org/<VO NAME>
 #   ### DefaultUnixUser is a username that jobs with tokens issued by this issuer should map to
+#   ### Description (optional) is human-readable text describing the mapping
+#   ### Subject (optional) is a token subject to restrict this mapping to
 #   # - URL: <URL>
 #   #   DefaultUnixUser: <USER>
+#   #   Description: <TEXT>
+#   #   Subject: <SUBJECT>
 
 FieldsOfScience: