gplazma2-oidc: Add and test support for storage.poll WLCG claim#8089
Open
greenc-FNAL wants to merge 1 commit into11.2from
Open
gplazma2-oidc: Add and test support for storage.poll WLCG claim#8089greenc-FNAL wants to merge 1 commit into11.2from
storage.poll WLCG claim#8089greenc-FNAL wants to merge 1 commit into11.2from
Conversation
Motivation: [JWT Profiles 1.2](https://github.com/WLCG-AuthZ-WG/common-jwt-profile/blob/master/v1.2/profile.md) describes a new claim, `storage.poll` intended for obtaining online/nearline status of files without requiring full read access. We wish to add support for that claim. Modification: - `POLL("storage.poll", true, READ_METADATA)` is added to `WlcgProfileScope`. - Unit tests are added to `WlcgProfileScopeTest.java`. Result: `READ_METADATA` operations are authorized for requestors without read access if the requestor provides a token with the `storage.poll` claim. Target: master Request: 11.2 Patch: https://rb.dcache.org/r/14675/diff/raw/ Closes: Requires-notes: yes Requires-book: no Acked-by: - Tigran Mkrtchyan - Dmitry Litvintsev
There was a problem hiding this comment.
Pull request overview
Adds support in the gplazma2-oidc WLCG profile scope parsing/authorization logic for the storage.poll scope described in WLCG JWT Profiles 1.2, enabling metadata/status queries without granting read/download permissions.
Changes:
- Add
POLL("storage.poll", true, READ_METADATA)toWlcgProfileScope.Operation. - Improve the “missing path” validation message to include the operation label.
- Add unit tests covering identification, parsing, and invalid forms of
storage.poll.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
modules/gplazma2-oidc/src/main/java/org/dcache/gplazma/oidc/profiles/WlcgProfileScope.java |
Introduces the new storage.poll operation (mapping to READ_METADATA) and clarifies the error message when a required path is missing. |
modules/gplazma2-oidc/src/test/java/org/dcache/gplazma/oidc/profiles/WlcgProfileScopeTest.java |
Adds test coverage for recognizing and parsing storage.poll scopes, plus validation of invalid/relative-path variants. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
JWT Profiles 1.2 describes a new claim,
storage.pollintended for obtaining online/nearline status of files without requiring full read access. We wish to add support for that claim.Modification:
POLL("storage.poll", true, READ_METADATA)is added toWlcgProfileScope.WlcgProfileScopeTest.java.Result:
READ_METADATAoperations are authorized for requestors without read access if the requestor provides a token with thestorage.pollclaim.Target: master
Request: 11.2
Patch: https://rb.dcache.org/r/14675/diff/raw/
Closes:
Requires-notes: yes
Requires-book: no
Acked-by: