GraceDB Server issueshttps://git.ligo.org/computing/gracedb/server/-/issues2023-09-06T05:38:29Zhttps://git.ligo.org/computing/gracedb/server/-/issues/306Adding robot SciToken support2023-09-06T05:38:29ZDuncan MeacherAdding robot SciToken supportI will now be working on adding support for robot SciTokens within GraceDB. My understanding of how to do this is to modify the [update_user_accounts_from_ligo_ldap.py](https://git.ligo.org/computing/gracedb/server/-/blob/master/gracedb/...I will now be working on adding support for robot SciTokens within GraceDB. My understanding of how to do this is to modify the [update_user_accounts_from_ligo_ldap.py](https://git.ligo.org/computing/gracedb/server/-/blob/master/gracedb/ligoauth/management/commands/update_user_accounts_from_ligo_ldap.py) management tool to scan the ldap for new robot scitoken accounts, create/modify accounts as needed, and then apply the per-pipeline permissions to those accounts as needed.
@satyanarayan.raypitambarmohapatra, @warren-anderson, what is the status of robot accounts within the ldap? Its been a while since I've looked at them, but my understanding is that they each have an eppn that will link a robot scitoken to an ldap account?
Including @duncanmmacleod in this issue.Duncan MeacherDuncan Meacherhttps://git.ligo.org/computing/gracedb/server/-/issues/211Add SciTokens support2023-07-17T15:07:39ZDuncan Macleodduncan.macleod@ligo.orgAdd SciTokens supportThe GraceDB server needs to accept a SciToken as an authorisation option.The GraceDB server needs to accept a SciToken as an authorisation option.O4 AdvanceDuncan MeacherDuncan Meacherhttps://git.ligo.org/computing/gracedb/server/-/issues/59Password expiration reminders for basic auth tokens2022-08-03T18:48:03ZTanner PrestegardPassword expiration reminders for basic auth tokensCreated January 4, 2017. Copied from redmine (https://bugs.ligo.org/redmine/issues/4976)
We'd like to implement a system where reminder e-mails are sent out when your basic auth token is about to expire.
Thoughts:
1. How long before exp...Created January 4, 2017. Copied from redmine (https://bugs.ligo.org/redmine/issues/4976)
We'd like to implement a system where reminder e-mails are sent out when your basic auth token is about to expire.
Thoughts:
1. How long before expiration date?
2. How many reminders?
3. Should update password management page with details. Emphasize 1 year expiration date.
How to implement: daily cron job that checks for any passwords expiring within the next X days?https://git.ligo.org/computing/gracedb/server/-/issues/47Adding KAGRA events to GraceDB2022-03-31T15:39:21ZTanner PrestegardAdding KAGRA events to GraceDBCreated by Alex on January 28, 2017. Copied from redmine (https://bugs.ligo.org/redmine/issues/5071)
The purpose of this ticket is to track the future development of the uploading and sharing protocol for events from KAGRA. The below po...Created by Alex on January 28, 2017. Copied from redmine (https://bugs.ligo.org/redmine/issues/5071)
The purpose of this ticket is to track the future development of the uploading and sharing protocol for events from KAGRA. The below points came as a result of a face-to-face conversation at the University of Tokyo on January 28, 2017. Open issues include:
1. ~~How to compartmentalize KAGRA events from LIGO events? Options include (but are not limited to):
Standing up a separate KAGRA GraceDB instance. KAGRA will use separate authentication to restrict access, but access to coincident LIGO events would be unavailable.~~
~~Using the existing GraceDB infrastructure, but restricting access to events to users with a separate KAGRA authentication, e.g., only KAGRA users can have access to events uploaded by KAGRA.~~
2. ~~Event data-exchange between LIGO and KAGRA users. Scenarios include events that are determined to be significant due to LIGO-KAGRA coincidence; what data about the event would be available to LIGO/KAGRA members?~~
3. ~~If and how to restrict KAGRA uploads in the age of public LIGO data? This is an open issue for VIRGO events as well.~~
4. Event data format. What will be the format of events uploaded to GraceDB? Would there need to be modification to GraceDB's data parser to accept KAGRA events?
Please add any relevant parties to this conversation, as needed. Relevant watchers for the ticket should be:
* Nobuyuki Kanda <kanda@sci.osaka-cu.ac.jp>
* Hideyuki Tagoshi <tagoshi@sci.osaka-cu.ac.jp>
---
**Updating this ticket, September 15 2021:**
As of today, KAGRA members have:
1. Access to GraceDB via X509 certificates (https://git.ligo.org/computing/helpdesk/-/issues/506)
2. Access to GraceDB via Shibboleth (https://git.ligo.org/lscsoft/gracedb/-/issues/186)
To my best understanding of the MOU and how it's implemented now, KAGRA members have equal upload and access privileges as LSC members. So the previous discussion regarding separation of GraceDB instances and restricting data access seems to be moot. That leaves the event data format.
This is just a matter of getting an example event upload that has entries for KAGRA's contribution. So, part of the `instruments` column, an additional `sngl_inspiral` table, etc. Once pipelines have an example event upload ("Sample Event?" in the table below), then I can upload and fix GraceDB's upload parser. The things I need to test are:
- Does the event file get ingested into GraceDB without error?
- Are the various event properties and and table entries parsed and input into the database? Are the KAGRA-relevent columns ingested? For example, does it recognize a `K1` instrument column; is KAGRA's `sngl_inspiral` table in the db?
- Are the tables legible and formatted correctly on the event's landing page? Is the data visible?
- Is the KAGRA data returned as part of the LVAlert and event `HTTPResponse` packet?
I started the table below to track the progress.
| Pipeline | Sample Event? | Upload Correctly? | Parse Correctly? | View Correctly? | LVAlert Contents | Link |
| --- | --- | --- | --- | --- | --- | --- |
|`CWB` | :x: | :x: | :x: | :x: | :x: | |
|`gstlal` | :white_check_mark: | :white_check_mark: | :white_check_mark:| :white_check_mark: | :white_check_mark: | [G153205](https://gracedb-test.ligo.org/events/G153205/view/) |
|`MBTAOnline` | :x: | :x: | :x: | :x: | :x: | |
|`oLIB` | :x: | :x: | :x: | :x: | :x: | |
|`pycbc` | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | [G153215](https://gracedb-test.ligo.org/events/G153215/view/) |
|`spiir` | :x: | :x: | :x: | :x: | :x: | |
Ahead of O4, I will also need a list of KAGRA members who will need to upload new events, and to what pipelines.O4 Infrastructure ImprovementsAlexander PaceAlexander Pacehttps://git.ligo.org/computing/gracedb/server/-/issues/144Remove LV-EM access2022-03-22T18:19:00ZTanner PrestegardRemove LV-EM accessWe don't have MOUs anymore from O1/O2, so the privileged access based on this should be removed. We should do it in a smart way so that the functionality remains and can be expanded to additional groups, as we may have MOUs with a few se...We don't have MOUs anymore from O1/O2, so the privileged access based on this should be removed. We should do it in a smart way so that the functionality remains and can be expanded to additional groups, as we may have MOUs with a few select groups in the future.https://git.ligo.org/computing/gracedb/server/-/issues/69IntegrityError for control room middleware2019-04-22T18:28:07ZTanner PrestegardIntegrityError for control room middlewareThe middleware that adds/removes users from the control room group is throwing IntegrityErrors suddenly. I just noticed it today when trying to test web signoffs on gracedb-dev2, and later, I got notifications when a user was trying to ...The middleware that adds/removes users from the control room group is throwing IntegrityErrors suddenly. I just noticed it today when trying to test web signoffs on gracedb-dev2, and later, I got notifications when a user was trying to GET a file on gracedb-playground. I noted that the user's REMOTE_ADDR corresponded to the H1 control room.
Potentially, this could be fixed by the new auth system which is in development on the auth_update branch, but we would have to test it extensively to be sure. I don't think there is a strong need to fix it before we merge that branch into master, since it seems to occur so rarely and moving to the new branch should happen in the near future.[error_email.log](/uploads/b8b2ceb7c413139a272ac24828cd410b/error_email.log)https://git.ligo.org/computing/gracedb/server/-/issues/102Certificate challenge2019-02-21T05:23:08ZTanner PrestegardCertificate challengeUsers who have certificates in their browsers will receive a certificate challenge when they go to anything under `/api/`. The certificate should *not* be required, but it's pretty annoying and most users won't know to just hit cancel (...Users who have certificates in their browsers will receive a certificate challenge when they go to anything under `/api/`. The certificate should *not* be required, but it's pretty annoying and most users won't know to just hit cancel (if they try to submit an invalid certificate, they will not be allowed access).
This is also happening on the main web view pages because the javascript makes calls to the API to get some information.https://git.ligo.org/computing/gracedb/server/-/issues/57Rework of authentication and authorization framework2018-12-17T19:44:16ZTanner PrestegardRework of authentication and authorization frameworkWe currently rely on Apache to do a lot of the authorization and authentication in GraceDB. We should get the information from Apache, log the user in, then handle everything else in Django. This will be important for having public acces...We currently rely on Apache to do a lot of the authorization and authentication in GraceDB. We should get the information from Apache, log the user in, then handle everything else in Django. This will be important for having public access for O3. I've started work on this in the following branch: https://git.ligo.org/lscsoft/gracedb/tree/auth_updatehttps://git.ligo.org/computing/gracedb/server/-/issues/83Clean up old X509 certificates2018-12-17T19:43:07ZTanner PrestegardClean up old X509 certificatesThere are a number of old and clearly unused X509 certificates in the database which should be cleared out.
I am also not sure if the 'refresh_users_from_ldap' script clears out old certificates or not. Should check on that.There are a number of old and clearly unused X509 certificates in the database which should be cleared out.
I am also not sure if the 'refresh_users_from_ldap' script clears out old certificates or not. Should check on that.https://git.ligo.org/computing/gracedb/server/-/issues/86Unit tests for new auth middleware and backends2018-11-26T18:24:55ZTanner PrestegardUnit tests for new auth middleware and backendsNeed unit tests for new auth middleware and backends to make sure they are working as expected. Should check both main site and API components.Need unit tests for new auth middleware and backends to make sure they are working as expected. Should check both main site and API components.Public-facing GraceDB2018-11-16https://git.ligo.org/computing/gracedb/server/-/issues/84Unit tests for event web urls2018-11-19T17:23:38ZTanner PrestegardUnit tests for event web urlsAdd unit tests to check access/authorization for web URLs in the events app.
Things which need to be tested:
* [x] Event detail pages
* [x] Event file list pages
* [x] Event file download pages
* [x] Event creation page
* [x] Event neig...Add unit tests to check access/authorization for web URLs in the events app.
Things which need to be tested:
* [x] Event detail pages
* [x] Event file list pages
* [x] Event file download pages
* [x] Event creation page
* [x] Event neighbor pages
* [x] ~~Event VOEvent creation pages~~ **(deleted)**
* [x] Modify t_90 pages
* [x] Modify permissions pages
* [x] Modify signoff pages
* [x] Log entry creation page
* [x] Log entry tag page
* [x] ~~Process EMBB event log page~~ **(deleted)**
* [x] Process EMObservation pagePublic-facing GraceDB2018-11-19https://git.ligo.org/computing/gracedb/server/-/issues/58Add backup IdP to GraceDB2018-09-06T15:30:27ZTanner PrestegardAdd backup IdP to GraceDBThe issues with login.ligo.org last week clearly demonstrate the need to allow authentication through GraceDB with the backup IdPs. I played around with it a bit but was not able to get it working in production, due to the fact that we ...The issues with login.ligo.org last week clearly demonstrate the need to allow authentication through GraceDB with the backup IdPs. I played around with it a bit but was not able to get it working in production, due to the fact that we don't pull the base LIGO metadata (we get it from InCommon).