search

materials-data-facility / connect_server

The MDF Connect Server is the hosted ETL flow to deeply index datasets into the MDF and connected services.
https://www.materialsdatafacility.org/
Apache License 2.0
4 stars 3 forks source link

Limit submissions to users who are members of Globus Group #104

Closed BenGalewsky closed 9 months ago

BenGalewsky commented 9 months ago

Problem

Only authorized users should be able to submit datasets.

Approach

In the authorizer lambda

  1. Extract the submitting user's groups access token
  2. Use this token to get the list of user's groups
  3. From this response extract a dictionary of Group IDs along with their name and description (name and description really only used for debugging)
  4. Pass this to the submit lambda via a new property in the context dictionary

Then in the submit lambda

  1. Pick up the id for the required group from the lambda's environment var
  2. See if that group id is found in the dictionary passed in from the authorizer

The terraform code was modified to set the REQUIRED_GROUP_MEMBERSHIP environment vars for the lambdas