Skip to content
This repository has been archived by the owner on Feb 12, 2021. It is now read-only.

CSCfi/elixir-rems-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

180 Commits
.github
.github
 
 
.s2i
.s2i
 
 
deploy
deploy
 
 
elixir_rems_proxy
elixir_rems_proxy
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 

Repository files navigation

Archival Notice

REMS now supports GA4GH passports natively, which was the purpose of this proxy. As such, this repository is now archived.

ELIXIR Permissions API for REMS

Python Unit Tests Python style check Coverage Status

elixir-rems-proxy is a proxy web server, which implements the ELIXIR Permissions API, by forwarding requests to REMS and returning the responses in GA4GH Passport format.

Set Up

Download repository and install packages.

git clone https://github.com/CSCfi/elixir-rems-proxy.git
cd elixir-rems-proxy
pip install -r requirements.txt

Generate JWK set.

python elixir_rems_proxy/config/jwks.py

The private_key.json is used to sign the JWTs (keep this safe), and clients use the public_key.json from the /jwks.json endpoint to validate the JWTs.

Configuration

Options available in config.ini can be overwritten with the following environment variables.

APP_HOST=0.0.0.0
APP_PORT=8080
REMS_URL=https://<rems>/api/entitlements
GA4GH_REPOSITORY=https://www.ebi.ac.uk/ega/
JWT_EXP=3600
JWK_PUBLIC_KEY_FILE=/path/to/public_key.json
JWK_PRIVATE_KEY_FILE=/path/to/private_key.json

Environment variables outside of config.ini

DEBUG=True  # increases number of logging messages
CONFIG_FILE=/path/to/config.ini

Development Server

Run local web server.

python -m elixir_rems_proxy.app

Production Server

OpenShift integration is provided with .s2i.

A standalone image for other deployments (e.g. docker-compose or kubernetes) can be built with docker.

docker build -t cscfi/elixir-rems-proxy .

The JWK set can be included in the container with several methods:

  1. Run jwks.py before build, and the keys will be included in the built image
  2. Load keys from an external volume -v, point to key files with ENV
  3. Load keys from a ConfigMap which is based on config.ini, point to config file with ENV
  4. Create keys in running container docker exec <container> python elixir_rems_proxy/config/jwks.py

Endpoints

GET /

Returns name of service, can be used as a health-check endpoint.

curl localhost:8080

ELIXIR Permissions API proxy for REMS API

GET /permissions/{username}

Returns user's REMS permissions in GA4GH passport format (JWT). Permissions are returned as one token (GA4GH visa / JWT) per permission granted. Permissions-Api-Key is forwarded to REMS for validation.

curl -H 'Permissions-Api-Key: <api key here>' localhost:8080/permissions/user100

{
    "ga4gh_passport_v1": [
        "header.payload.signature"
    ]
}

GET /jwks.json

Returns the JWK set for validating JWTs.

curl localhost:8080/jwks.json

{
    "keys": [
        {
            "kty": "RSA",
            "n": "public key here",
            "e": "AQAB",
            "kid": "key id here",
            "alg": "RS256"
        }
    ]
}

About

ELIXIR API for REMS

Topics

jwt proxy-server python3 aiohttp jwk ga4gh ga4gh-passport

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

0 forks
Report repository

Releases 4

1.0.1 Latest
Sep 14, 2020
+ 3 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages