From 3b73f15c34897e0e6bd3db989c06030a2695f541 Mon Sep 17 00:00:00 2001 From: Ben Galewsky Date: Wed, 20 Dec 2023 20:31:53 -0600 Subject: [PATCH] Clean up automate resoures --- .gitignore | 4 +- automate/create_new_flow.py | 90 +++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 automate/create_new_flow.py diff --git a/.gitignore b/.gitignore index f83f4e3..175c9cb 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,8 @@ prototypes/forge_sandbox.ipynb travis.tar .mdfsecrets +.mdfsecrets.* aws/python .idea/ -secrets.env \ No newline at end of file +secrets.env + diff --git a/automate/create_new_flow.py b/automate/create_new_flow.py new file mode 100644 index 0000000..48cb383 --- /dev/null +++ b/automate/create_new_flow.py @@ -0,0 +1,90 @@ +import json +import sys + +import globus_sdk + +import minimus_mdf_flow +from globus_auth_manager import GlobusAuthManager +from globus_automate_flow import GlobusAutomateFlow, GlobusAutomateFlowDef + +if len(sys.argv) > 1: + secrets_file = f".mdfsecrets.{sys.argv[1]}" +else: + secrets_file = ".mdfsecrets" + +with open(secrets_file, 'r') as f: + globus_secrets = json.load(f) + +smtp_send_credentials = [{ + "credential_type": "smtp", + "credential_value": { + "hostname": globus_secrets['smtp_hostname'], + "username": globus_secrets['smtp_user'], + "password": globus_secrets['smtp_pass'] + } +}] + +conf_client = globus_sdk.ConfidentialAppAuthClient( + globus_secrets['API_CLIENT_ID'], globus_secrets['API_CLIENT_SECRET'] +) +cc_authorizer = globus_sdk.ClientCredentialsAuthorizer(conf_client, globus_sdk.FlowsClient.scopes.manage_flows) + +flows_client = globus_sdk.FlowsClient(authorizer=cc_authorizer) + +with open("mdf_flow_config.json") as f: + config = json.load(f) + +description = "MDF Connect Flow deployed manually" +globus_auth = GlobusAuthManager(globus_secrets['API_CLIENT_ID'], globus_secrets['API_CLIENT_SECRET']) +flow_def=minimus_mdf_flow.flow_def( + smtp_send_credentials=smtp_send_credentials, + sender_email=config['sender_email'], + flow_permissions=config['flow_permissions'], + description=description, + administered_by=[ + 'urn:globus:groups:id:5fc63928-3752-11e8-9c6f-0e00fd09bf20' # MDF Connect Admins + ]) + +flow_def.title = "Production MDF Ingest Flow" +mdf_flow = GlobusAutomateFlow.from_flow_def(client=flows_client, + flow_def=flow_def, + globus_auth=globus_auth) + +print(mdf_flow) + +mdf_flow.save_flow("mdf_flow_info.prod.json") + +print("MDF Flow deployed", mdf_flow) +submitting_user_scope_id = mdf_flow.get_scope_id_for_runAs_role('SubmittingUser')['scopes'][0]['id'] +print(f"RunAs Dependent scope ID = {submitting_user_scope_id}") + +submitting_user_scope_uri = mdf_flow.get_scope_uri_for_runAs_role('SubmittingUser') +print(f"RunAs Dependent Scope URI (will appear in the dict of dependent scopes in the authorizer) = {submitting_user_scope_uri}") + +print("PUT this to https://auth.globus.org/v2/api/scopes/:SCOPE_ID where SCOPE_ID is the ID of your API's scope") +connect_scope_def = { + "scope": { + "name": "MDF Connect", + "description": "Submit data to MDF Connect", + "scope_suffix": "connect", + "dependent_scopes": [ + { + "scope": "80fa5a88-ae26-4db7-be3a-c5f4cf4ac8d2", + "optional": False, + "requires_refresh_token": False + }, + { + "scope": "0b21a92f-2fed-4b2d-a481-50a58cc796b9", + "optional": False, + "requires_refresh_token": True + }, + { + "optional": False, + "requires_refresh_token": True, + "scope": submitting_user_scope_id + } + ] + } +} + +print(json.dumps(connect_scope_def)) \ No newline at end of file