add minio policy saving to minio

app/api/subsetter/app/routers/access_control/policy_generation.py

@@ -1,56 +1,41 @@
-'''
-def admin_policy_attach(target, name):
-    arguments = ['mc', '--config-dir', '/hydroshare/', 'admin', 'policy', 'attach', target, name, '--user', name]
-    logger.info(arguments)
-    try:
-        _output = subprocess.check_output(arguments, user='hydro-service')
-        logger.info(_output)
-    except subprocess.CalledProcessError as e:
-        logger.exception(e.output)
-
+import copy
+import json
+import logging as logger
+import os
 import subprocess
+import tempfile
+from typing import Dict
+
+
 def admin_policy_create(target, name, file):
-    arguments = ['mc', '--config-dir', '/hydroshare/', '--json', 'admin', 'policy', 'create', target, name, file]
+    arguments = ['mc', '--json', 'admin', 'policy', 'create', target, name, file]
     logger.info(arguments)
     try:
-        _output = subprocess.check_output(arguments, user='hydro-service')
+        _output = subprocess.check_output(arguments)
         logger.info(_output)
     except subprocess.CalledProcessError as e:
         logger.exception(e.output)
-    admin_policy_attach(target, name)
+
 
 def admin_policy_remove(target, name):
-    arguments = ['mc', '--config-dir', '/hydroshare/', '--json', 'admin', 'policy', 'remove', target, name]
+    arguments = ['mc', '--json', 'admin', 'policy', 'rm', target, name]
     logger.info(arguments)
     try:
-        _output = subprocess.check_output(arguments, user='hydro-service')
+        _output = subprocess.check_output(arguments)
         logger.info(_output)
     except subprocess.CalledProcessError as e:
         logger.exception(e.output)
 
-def refresh_minio_policy(user):
-    policy = minio_policy(user)
-    logging.info(json.dumps(policy, indent=2))
-    if policy["Statement"]:
-        with tempfile.TemporaryDirectory(dir='/hs_tmp') as tmpdirname:
-            filepath = os.path.join(tmpdirname, "metadata.json")
-            fp = open(filepath, "w")
-            fp.write(json.dumps(policy))
-            fp.close()
-            admin_policy_remove(target='cuahsi', name=user.username)
-            admin_policy_create(target='cuahsi', name=user.username, file=filepath)
-    else:
-        admin_policy_remove(target='cuahsi', name=user.username)
-'''
-
-import copy
-from typing import Dict
 
-
-def bucket_name(resource_id: str):
-    # raccess = ResourceAccess.objects.filter(resource__short_id=resource_id).first()
-    # return raccess.owners.first().username
-    return "subsetter-outputs"
+def refresh_minio_policy(user, policy):
+    logger.info(json.dumps(policy, indent=2))
+    with tempfile.TemporaryDirectory() as tmpdirname:
+        filepath = os.path.join(tmpdirname, "metadata.json")
+        fp = open(filepath, "w")
+        fp.write(json.dumps(policy))
+        fp.close()
+        admin_policy_create(target='cuahsi', name=user.username, file=filepath)
+    return policy
 
 
 def create_view_statements(user, views: Dict[str, list[str]]) -> list:
@@ -67,10 +52,7 @@ def create_view_statements(user, views: Dict[str, list[str]]) -> list:
     }
 
     get_resources = [f"arn:aws:s3:::{user.username}/*"]
-    view_statement = copy.deepcopy(view_statement_template_listing)
-    view_statement["Resource"] = [f"arn:aws:s3:::{user.username}"]
-    del view_statement["Condition"]
-    list_statements = [view_statement]
+    list_statements = []
     for bucket_owner, resource_paths in views.items():
         get_resources = get_resources + [
             f"arn:aws:s3:::{bucket_owner}/{resource_path}/*" for resource_path in resource_paths
@@ -90,11 +72,15 @@ def create_edit_statements(user, edits: Dict[str, list[str]]) -> list:
     resources = []
     for bucket_owner, resource_paths in edits.items():
         resources = resources + [f"arn:aws:s3:::{bucket_owner}/{resource_path}/*" for resource_path in resource_paths]
-    edit_statement_template["Resource"] = resources
-    return [edit_statement_template]
+    if resources:
+        edit_statement_template["Resource"] = resources
+        return [edit_statement_template]
+    else:
+        return []
 
 
 def minio_policy(user, owners: Dict[str, list[str]], edits: Dict[str, list[str]], views: Dict[str, list[str]]):
-    statements = create_view_statements(user, views)
+    statements = [{"Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": [f"arn:aws:s3:::{user.username}"]}]
+    statements = statements + create_view_statements(user, views)
     statements = statements + create_edit_statements(user, edits)
     return {"Version": "2012-10-17", "Statement": statements}

app/api/subsetter/app/routers/access_control/router.py

@@ -11,6 +11,8 @@
 from subsetter.app.routers.access_control.policy_generation import minio_policy
 from subsetter.app.users import current_active_user
 
+from .policy_generation import refresh_minio_policy
+
 router = APIRouter()
 
 
@@ -76,22 +78,7 @@ async def refresh_profile(user: User = Depends(current_active_user)):
     return user
 
 
-def admin_policy_create(name, policy, target="cuahsi"):
-    with tempfile.TemporaryDirectory() as tmpdirname:
-        print(policy)
-        filepath = os.path.join(tmpdirname, "metadata.json")
-        fp = open(filepath, "w")
-        fp.write(json.dumps(policy))
-        fp.close()
-        arguments = ['mc', '--json', 'admin', 'policy', 'create', target, name, filepath]
-        try:
-            _output = subprocess.check_output(arguments)
-        except subprocess.CalledProcessError as e:
-            raise
-
-
 @router.get('/policy/minio/cuahsi')
 async def generate_and_save_user_policy(user: User = Depends(current_active_user)):
     user_policy = await generate_user_policy(user)
-    admin_policy_create(user.username, user_policy)
-    return user_policy
+    return refresh_minio_policy(user, user_policy)

app/api/subsetter/app/routers/argo/router.py

@@ -18,6 +18,7 @@
 )
 from subsetter.app.users import current_active_user
 from subsetter.config import get_minio_client, get_settings
+
 from .transformer import transform_latlon
 
 if get_settings().cloud_run:
@@ -43,8 +44,9 @@ def parflow_submission_body(hucs: list, username: str, workflow_name: str):
             "name": workflow_name,
             "parameters": [
                 f"output-path=argo_workflows/parflow/{workflow_name}",
-                f"output-bucket={username}", 
-                "hucs=" + ",".join(hucs)],
+                f"output-bucket={username}",
+                "hucs=" + ",".join(hucs),
+            ],
         },
     }
 
@@ -123,7 +125,7 @@ async def submit_parflow(
 async def submit_nwm1(
     y_south: float, x_west: float, y_north: float, x_east: float, user: User = Depends(current_active_user)
 ) -> SubmissionResponseModel:
-    #y_south, x_west, y_north, x_east = transform_latlon(y_south, x_west, y_north, x_east)
+    # y_south, x_west, y_north, x_east = transform_latlon(y_south, x_west, y_north, x_east)
     workflow_id = str(uuid.uuid4())
     api_response = api_instance.submit_workflow(
         namespace=get_settings().argo_namespace,
@@ -139,7 +141,7 @@ async def submit_nwm1(
 async def submit_nwm2(
     y_south: float, x_west: float, y_north: float, x_east: float, user: User = Depends(current_active_user)
 ) -> SubmissionResponseModel:
-    #y_south, x_west, y_north, x_east = transform_latlon(y_south, x_west, y_north, x_east)
+    # y_south, x_west, y_north, x_east = transform_latlon(y_south, x_west, y_north, x_east)
     workflow_id = str(uuid.uuid4())
     api_response = api_instance.submit_workflow(
         namespace=get_settings().argo_namespace,