search

DataBiosphere / data-store

AWS and GCP data storage system for genomic data.
https://dss.dev.ucsc-cgp-redwood.org
Other
3 stars 2 forks source link

[Enable Auth0 Part 1/4] DSS Auth: Unleash the Auth0 backend #146

Closed chmreid closed 4 years ago

chmreid commented 4 years ago

This PR turns off the Fusillade auth backend and turns on the Auth0 auth backend

Necessary to work out the CLI integration

Part 1: unleash auth0: https://github.com/DataBiosphere/data-store/pull/146 Part 2: fix decorators for auth0: https://github.com/DataBiosphere/data-store/pull/148 Part 3: fix tests: https://github.com/DataBiosphere/data-store/pull/149 Part 4: update config: https://github.com/DataBiosphere/data-store/pull/151

chmreid commented 4 years ago

deployment stage of tests are failing on toilspark due to mismatched secrets/env:

cripts/check_env.py --special
Warning: DSS_ES_ENDPOINT not defined
Warning: Found missing env variables between local and dev: 
{"dev": ["DSS_ES_ENDPOINT", "DSS_VERSION"], "local": []}
Warning: Found different env values between local and dev: 
{"ADMIN_USER_EMAILS": {"stage": "chmreid@ucsc.edu,chmreid-service-acct@platform-hca.iam.gserviceaccount.com,travis-test@platform-hca.iam.gserviceaccount.com,ajandu@platform-hca.iam.gserviceaccount.com,ajandu@ucsc.edu", "local": "test@ucsc.edu"}, "AUTH_BACKEND": {"stage": "Fusillade", "local": "Auth0"}}
scripts/check_deployment_secrets.py
Traceback (most recent call last):
  File "scripts/check_deployment_secrets.py", line 168, in <module>
    main()
  File "scripts/check_deployment_secrets.py", line 163, in main
    s = SecretsChecker(stage)
  File "scripts/check_deployment_secrets.py", line 59, in __init__
    self.service_account = self.fetch_terraform_output("service_account", "gcp_service_account").strip()
  File "scripts/check_deployment_secrets.py", line 116, in fetch_terraform_output
    self.run_cmd(cmd=f'terraform refresh', cwd=output_infra_dir)
  File "scripts/check_deployment_secrets.py", line 84, in run_cmd
    raise RuntimeError(f'While checking secrets, an error occured:\n'
RuntimeError: While checking secrets, an error occured:
stdout: b'\x1b[0m\x1b[1mdata.google_project.project: Refreshing state...\x1b[0m\n\x1b[0m\x1b[1mgoogle_service_account.dss: Refreshing state... [id=projects/platform-hca/serviceAccounts/travis-test@platform-hca.iam.gserviceaccount.com]\x1b[0m\n\x1b[0m\x1b[1mgoogle_project_iam_member.serviceaccountactor: Refreshing state... [id=platform-hca/roles/iam.serviceAccountActor/serviceaccount:travis-test@platform-hca.iam.gserviceaccount.com]\x1b[0m\n\x1b[0m\x1b[1mgoogle_project_iam_member.cloudruntimeconfiguratoradmin: Refreshing state... [id=platform-hca/roles/runtimeconfig.admin/serviceaccount:travis-test@platform-hca.iam.gserviceaccount.com]\x1b[0m\n\x1b[0m\x1b[1mgoogle_project_iam_member.storageadmin: Refreshing state... [id=platform-hca/roles/storage.admin/serviceaccount:travis-test@platform-hca.iam.gserviceaccount.com]\x1b[0m\n\x1b[0m\x1b[1mgoogle_project_iam_member.storageobjectcreator: Refreshing state... [id=platform-hca/roles/storage.objectCreator/serviceaccount:travis-test@platform-hca.iam.gserviceaccount.com]\x1b[0m\n\x1b[0m\x1b[1mgoogle_project_iam_member.viewer: Refreshing state... [id=platform-hca/roles/viewer/serviceaccount:travis-test@platform-hca.iam.gserviceaccount.com]\x1b[0m\n\x1b[0m\x1b[1mgoogle_project_iam_member.cloudfunctionsdeveloper: Refreshing state... [id=platform-hca/roles/cloudfunctions.developer/serviceaccount:travis-test@platform-hca.iam.gserviceaccount.com]\x1b[0m\n'

stderr: b'\x1b[31m\n\x1b[1m\x1b[31mError: \x1b[0m\x1b[0m\x1b[1mFailed to write state: failed to upload state: AccessDenied: Access Denied\n\tstatus code: 403, request id: 3DB3C4293C4D1F79, host id: EeGKESe9AHQIm5jnj+nYT7c+ptGDme8bLRTgdhEltHCD48PeX5OMQsI9S+Z2GVsYjObxxHPYn98=\x1b[0m\n\n\x1b[0m\x1b[0m\x1b[0m\n'

make: *** [check-secrets] Error 1
Makefile:98: recipe for target 'check-secrets' failed

https://ucsc-ci.com/databiosphere/data-store/-/jobs/44416