Skip to content

Commit

Permalink
update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
dsschult committed Jan 30, 2024
1 parent 2d6a41e commit cf2bd88
Show file tree
Hide file tree
Showing 11 changed files with 57 additions and 42 deletions.
29 changes: 1 addition & 28 deletions docs/guide/login.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,31 +3,4 @@ Login

Users can log in to IceProd like any other web application.

Authentication is handled by an external plugin
such as `LDAP`_.

.. _LDAP: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

.. note::
:class: icecube

LDAP authentication is set up for IceCube users.


Two Factor Authentication
-------------------------

Certain pages and actions require additional authentication. When a new
account is registered with IceProd, two-factor authentication must be
set up.

IceProd uses time-based one-time passwords (`RFC 6238`_), as used by
Google, GitHub, and others. Using a phone app such as Google Authenticator,
a barcode image specific to each user can be scanned and registered. The
app will then generate short codes valid for 30 seconds each.

Example barcode image:

.. image:: ../static/2fa_barcode.png

.. _RFC 6238: https://tools.ietf.org/html/rfc6238
Authentication is handled by IceCube SSO.
52 changes: 47 additions & 5 deletions docs/guide/restapi.rst
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,58 @@ Authentication
To view datasets, call actions on datasets, or submit new datasets,
authentication with a token is required.

An authentication token can be obtained within the account settings
in the website. This can be added to requests as the `Authorization` header.
An authentication token can be obtained using the python package
`wipac-rest-tools`. For example::

python3 -m venv venv
. venv/bin/activate
pip install wipac-rest-tools
curl -o get_token.py https://raw.githubusercontent.com/WIPACrepo/rest-tools/master/examples/get_device_credentials_token.py
python get_device_credentials_token.py iceprod-public

The access token will be valid for 1 hour.

This can be added to requests as the `Authorization` header.
As an example, here is a query to get the list of all datasets::

curl -XGET -H 'Authorization: bearer XXXXXXXX-your-token-here-XXXXX' https://iceprod2-api.icecube.wisc.edu/datasets

.. danger::

Anyone with the authentication token is basically you. It is valid
for any action that does not require :ref:`Two Factor Authentication`.
Be careful with the token!
Anyone with the authentication token is basically you. Be careful with the token!


Scripting
^^^^^^^^^

When writing a python script, you can use our rest client to automatically
manage tokens for you. Just install `wipac-rest-tools` as shown above.
There are also sync and async code options:

Sync::

from rest_tools.client import SavedDeviceGrantAuth
api = SavedDeviceGrantAuth(
address='https://api.iceprod.wisc.edu',
token_url='https://keycloak.icecube.wisc.edu/auth/realms/IceCube',
filename='.iceprod-auth',
client_id'iceprod-public'
)
# get a list of datasets
result = api.request_seq('GET', '/datasets', {})
for dataset, metadata in result.items():
# do something with the dataset

Async::

from rest_tools.client import SavedDeviceGrantAuth
api = SavedDeviceGrantAuth(
address='https://api.iceprod.wisc.edu',
token_url='https://keycloak.icecube.wisc.edu/auth/realms/IceCube',
filename='.iceprod-auth',
client_id'iceprod-public'
)
# get a list of datasets
result = await api.request('GET', '/datasets', {})
for dataset, metadata in result.items():
# do something with the dataset
2 changes: 1 addition & 1 deletion docs/server/rest_api/auth.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Auth
===============

.. automodule:: iceprod.server.rest.auth
.. automodule:: iceprod.rest.handlers.auth
2 changes: 1 addition & 1 deletion docs/server/rest_api/config.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Config
=================

.. automodule:: iceprod.server.rest.config
.. automodule:: iceprod.rest.handlers.config
2 changes: 1 addition & 1 deletion docs/server/rest_api/datasets.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Datasets
===================

.. automodule:: iceprod.server.rest.datasets
.. automodule:: iceprod.rest.handlers.datasets
2 changes: 1 addition & 1 deletion docs/server/rest_api/grids.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Grids
================

.. automodule:: iceprod.server.rest.grids
.. automodule:: iceprod.rest.handlers.grids
2 changes: 1 addition & 1 deletion docs/server/rest_api/jobs.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Jobs
===============

.. automodule:: iceprod.server.rest.jobs
.. automodule:: iceprod.rest.handlers.jobs
2 changes: 1 addition & 1 deletion docs/server/rest_api/logs.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Logs
===============

.. automodule:: iceprod.server.rest.logs
.. automodule:: iceprod.rest.handlers.logs
2 changes: 1 addition & 1 deletion docs/server/rest_api/pilots.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Pilots
=================

.. automodule:: iceprod.server.rest.pilots
.. automodule:: iceprod.rest.handlers.pilots
2 changes: 1 addition & 1 deletion docs/server/rest_api/task_stats.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Task Stats
=====================

.. automodule:: iceprod.server.rest.task_stats
.. automodule:: iceprod.rest.handlers.task_stats
2 changes: 1 addition & 1 deletion docs/server/rest_api/tasks.rst
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REST API - Tasks
================

.. automodule:: iceprod.server.rest.tasks
.. automodule:: iceprod.rest.handlers.tasks

0 comments on commit cf2bd88

Please sign in to comment.