Comments (2)
mmacata
commented on June 10, 2024
The version pinning of Flask leads to a version conflict with click when the actinia-stac-plugin is installed:
{'message': '(click 7.1.2 (/usr/lib/python3.9/site-packages), '
"Requirement.parse('click>=8.0.0'), {'stac-validator'})",
'traceback': '[\' File "/src/actinia_core/src/actinia_core/endpoints.py", '
"line 272, in create_endpoints\\n check_import_plugins()\\n', "
'\' File "/src/actinia_core/src/actinia_core/endpoints.py", '
'line 266, in check_import_plugins\\n '
'exec(import_run_str)\\n\', \' File "<string>", line 1, in '
"<module>\\n', ' File "
'"/usr/lib/python3.9/site-packages/actinia_stac_plugin/endpoints.py", '
'line 33, in <module>\\n from actinia_stac_plugin.api.stac '
"import Stac\\n', ' File "
'"/usr/lib/python3.9/site-packages/actinia_stac_plugin/api/stac.py", '
'line 32, in <module>\\n from actinia_stac_plugin.core.stac '
"import createStacItemList\\n', ' File "
'"/usr/lib/python3.9/site-packages/actinia_stac_plugin/core/stac.py", '
'line 28, in <module>\\n from actinia_stac_plugin.core.common '
"import connectRedis, defaultInstance\\n', ' File "
'"/usr/lib/python3.9/site-packages/actinia_stac_plugin/core/common.py", '
'line 30, in <module>\\n from stac_validator import '
"stac_validator\\n', ' File "
'"/usr/lib/python3.9/site-packages/stac_validator/stac_validator.py", '
'line 64, in <module>\\n '
'@click.version_option(version=pkg_resources.require("stac-validator")[0].version)\\n\', '
"' File "
'"/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", '
'line 886, in require\\n needed = '
"self.resolve(parse_requirements(requirements))\\n', ' File "
'"/usr/lib/python3.9/site-packages/pkg_resources/__init__.py", '
'line 777, in resolve\\n raise VersionConflict(dist, '
"req).with_context(dependent_req)\\n']",
'type': "<class 'pkg_resources.ContextualVersionConflict'>"}
This makes this issue more urgent.
As downpinning of Flask is only needed for TimedJSONWebSignatureSerializer and JSONWebSignatureSerializer and these again are only needed for API key and token generation and validation, possible solutions are:
- Minimize authentication to basic auth with credentials only when keycloak integration is finished
- Refactoring of
user.pyto move API key and token handling to a separate plugin which cannot be used together with stac-plugin then (not very sustainable) - Rewrite API key and token handling with new tools, best using exact same hash algorithm / signature as current one to not invalidate current API keys
- dirty hack which shouldn't be used:
pip3 install --upgrade flask click \
&& sed -i "s+TimedJSONWebSignatureSerializer+BadSignature+g" /usr/lib/python3.9/site-packages/actinia_core/core/common/user.py \
&& sed -i "s+JSONWebSignatureSerializer+SignatureExpired+g" /usr/lib/python3.9/site-packages/actinia_core/core/common/user.py \
&& sed -i "s+user = ActiniaUser.verify_auth_token(username_or_token)+user = False+g" /usr/lib/python3.9/site-packages/actinia_core/rest/base/user_auth.py \
&& sed -i "s+user = ActiniaUser.verify_api_key(username_or_token)+user = False+g" /usr/lib/python3.9/site-packages/actinia_core/rest/base/user_auth.py
from actinia-core.
mmacata
commented on June 10, 2024
Decided solution:
Minimize authentication to basic auth with credentials only when keycloak integration is finished
Then actinia API will be upgraded to v4, actinia.mundialis.de v3 + v4 will be deployed in parallel.
from actinia-core.
Related Issues (20)
- latest release missing from Pypi HOT 5
- Black for actinia HOT 5
- How to manage central, persistent data as superadmin HOT 4
- Possible to send signal on finished processing? HOT 4
- Start actinia worker automatically on VM HOT 1
- Create messaging concept
- Storing and accessing credentials (e.g. database logins) as actinia user HOT 3
- Start actinia worker automatically on VM - VM start
- Start actinia worker automatically on VM - VM shutdown
- Start actinia worker automatically on VM - Monitoring
- Allow one job queue per user HOT 2
- Webhooks: support multiple webhooks and different json payloads
- COG export: remove -c flag export workaround
- Zenodo upload broken (after GitHub ORG change?) and DOI needed update HOT 8
- Add tests for different queue types HOT 1
- Dependency Dashboard
- Get rid of duplicate requirement files HOT 1
- Evaluate Sentinel-1 processing tools using SNAP GPT HOT 6
- Check if tasklist feature can help maintaining "actinia as a service" tasks
- Add reusable workflows and hooks in plugins
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from actinia-core.