Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-35788

Enable insertion of an RSP security token into a Firefly session

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Reviewed
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Firefly, SUIT
    • Labels:
      None
    • Team:
      Portal
    • Urgent?:
      No

      Description

      We need a way to get a token obtained from https://data.lsst.cloud/auth/tokens (or similar endpoint for any given instance of the RSP) into an "offsite" Firefly session - in particular, one with the FIrefly server running on a developer's own system (e.g., on a laptop), in order to facilitate debugging of Firefly behavior against the all-authenticated RSP data services.

      This could be as simple as providing for a token in an environment variable at Firefly server startup, or could include some UI support for pasting in a token to an existing session.

      Either way, the Firefly session should then apply the token to any access to data services in the Rubin domains (e.g., lsst.cloud).


      Instructions for getting a token:

      1. Go to https://data.lsst.cloud/auth/tokens (or its equivalent on another instance). This page is accessible from the login/session menu in the upper right of the RSP home page, under "Security tokens".
      2. Click "Create Token"
      3. Select scopes "read:image" and "read:tap"
      4. Set expiration date according to your risk-tolerance
      5. Click "Create"
      6. Copy the token right away to a secure place. Once the dialog displaying the token is closed, the full token cannot be retrieved again.

      NB: Tokens are unique to a specific RSP instance. A token from data.lsst.cloud cannot be used on data-int.lsst.cloud, for example.

        Attachments

          Issue Links

            Activity

            Hide
            gpdf Gregory Dubois-Felsmann added a comment -

            Linked to implementation ticket. Ticket is already merged in the upstream.

            Show
            gpdf Gregory Dubois-Felsmann added a comment - Linked to implementation ticket. Ticket is already merged in the upstream.
            Hide
            gpdf Gregory Dubois-Felsmann added a comment -

            Expected to be deployed in the next Firefly 2022.2.x point release.

            Show
            gpdf Gregory Dubois-Felsmann added a comment - Expected to be deployed in the next Firefly 2022.2.x point release.
            Hide
            gpdf Gregory Dubois-Felsmann added a comment -

            Trey Roby reported internally to IPAC that the development build with this feature works well and is enabling him to work with a remote Firefly successfully.

            Show
            gpdf Gregory Dubois-Felsmann added a comment - Trey Roby  reported internally to IPAC that the development build with this feature works well and is enabling him to work with a remote Firefly successfully.

              People

              Assignee:
              loi Loi Ly
              Reporter:
              gpdf Gregory Dubois-Felsmann
              Reviewers:
              Trey Roby
              Watchers:
              Gregory Dubois-Felsmann, Loi Ly, Trey Roby
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Jenkins Builds

                  No builds found.