calcDelaysGUNW - added api credentials check and writing locally [Issue: #483] #484
Conversation
There was a problem hiding this comment.
Looks good.
A few aesthetic things.
Look at Joe's tests and add some tests to the function to make sure you catch errors correctly.
It would also be helpful for ASF development to provide an example in this PR about how this is used. They will want some interface related to AWS:
raider ++process calcGUNW ....
Super helpful, Marin!
tools/RAiDER/models/credentials.py
Outdated
| with open(api_filename_path, 'w') as f: | ||
| f.write(MODEL_API_DICT[api_filename]['api'].format(uid=UID, | ||
| key=KEY)) |
|
For the changelog - look at the latest release and the current changelog version in your forked branch (from dev branch). When I am reading this, the release on conda is 0.4.1. The release you are adding to is 0.4.2 - you would add a brief description there as to what you are adding. |
|
One more piece that you need to talk to @asjohnston-asf and @jhkennedy about. They typically write API credentials as environment variables. Please coordinate with them so that if the weather model is HRES it reads something like |
tools/RAiDER/aria/prepFromGUNW.py
Outdated
| @@ -231,6 +232,10 @@ def update_yaml(dct_cfg:dict, dst:str='GUNW.yaml'): | |||
| def main(args): | |||
| """ Read parameters needed for RAiDER from ARIA Standard Products (GUNW) """ | |||
|
|
|||
| # Check if WEATHER MODEL API credentials hidden file exists, if not create it or raise ERROR | |||
| credentials.check_api(args.weather_model, args.api_uid, args.api_key, | |||
There was a problem hiding this comment.
@mgovorcin @cmarshak I wonder if we should add this add the main riader program. The checking of credentials is applicable to all workflows where a model with API is requested?
There was a problem hiding this comment.
@jlmaurer I also wonder is there a way for us to check without doing a downlaod of data if credentials are correct? aka do the ecmwfapi and cdsa api allow for a credential check? It would not be bad if we could error out fast at the top.
There was a problem hiding this comment.
I think raider already checks if the credentials exist and has great documentation on how to setup the hidden credential files. Pretty sure errors are very helpful.
I honestly think the existing approach in raider is sufficient/preferred. It aligns well with the existing API libraries. I think passing credentials each time you want to call raider is probably not preferred choice for a user particularly when they share commands/code, they are not going want to share the credentials (just instructions for their team to update their own hidden credential files).
The main thrust of this is being able to pass environment variables that will be defined when a container is created. I don't know the details of this approach except this is a secure, reliable way to pass credentials for this type of processing.
There was a problem hiding this comment.
I think this can be included in the main raider workflow. This is why I added the prompt option to remind a user about API credentials in order to use raider.py. The majority of people do not really read all instructions.
This function serves as a double check to see if the hidden file exists, if not it creates it, and it does it only once (the first time). Later on, a user does not need to pass the credentials or think about this anymore. In the case of calcDelayGUNW, prompt_flag will be hardcoded to False, as we do not want to get stuck by waiting for the input.
For the downloading error check, maybe we can add one test dataset to download per model, and try to download it. But I do not know if this is a good option as this will run every time when we wanna run raider. I believe a good approach is to report an error if files cannot be downloaded and point user to check his credentials or use credentials.check_api with update_flag=True (to overwrite the existing hidden file)
There was a problem hiding this comment.
Got it, perhaps we could add a seperate script stand-alone from the raider workflow where we do this.
e.g. script --model
- the script checks if file exist, if not checks env variables, if nto pings users
- then script makes a dummy call to the API to check if credentials work and report out.
Half of the functionally exist with what you have already.
The dummy check i would like to see if there is a potentially handschake only option rather than fetching data.
Inclusion in the main raider code to see if the file exist would be good for that model being requested and error out if needed.
For example our HRES credentials cycle and you will want to catch that early.
|
@cmarshak will add the tests as suggested. As for the passing os.environ['HRES_API_KEY'], maybe this can be done when passing API_UID or API_KEY as raider.py ++process calcDelaysGUNW - -m HRES -uid $HRES_API_UID -key $HRES_API_KEY just not sure how to pass env ${MODEL}_API_UID |
Something like this: https://github.com/ACCESS-Cloud-Based-InSAR/DockerizedTopsApp/blob/dev/isce2_topsapp/__main__.py#L64-L68 |
@cmarshak : I applied all your suggestions. Please check it out and see if you would like to proceed with merging this PR |
|
@mgovorcin - I am loosing you with how you are setting up your reading of env variables - there seems to be nested dictionaries. I trust you are doing things correctly - just make sure they are consistent with below. For HRES:
Use these variables exactly as For ERA5:
These are how our secrets will be accessed. |
|
For the |
@cmarshak I checked cdsapi and ecwmfi and use the ones API's are looking for. I guess this is to use take into account different credentials for HRES model. I will update it to the ones above @cmarshak Comments Applied :D |
|
@mgovorcin @dbekaert I think this looks good to me! |
|
@mgovorcin @jlmaurer - when this is merged, can Raider be released to include these updates? Would it be possible to have this released this week? I am hoping ASF has the release to include ERA5 and HRES via Hyp3. |
|
@cmarshak for you to start using it via HyP3, it just needs to be merged to |
|
Cool - not worried about release then. Thanks for clarifying, Joe. |
Added option to add weather model API credentials and write it locally to a hidden file
Issue: #481
Description
added credentials.py to RAiDER.models with function check_api that check if env API credential file already exists, if not it looks for api: UID and KEY in args and writes it locally. Added options to raider.py **process calcDelysGUNW to add api key and uid
Added args parms to calcDelaysGUNW: --api_uid, --api_key
NOTE: if API_RC hidden file exists such as ~/.cdsapirc, inserted UID and KEY will be ignored, There is an update flag that overwrites hidden file, but for calcGUNWDelays is set to be False. It can be added
if api_key is not None and api_uid is not None: update_flag=True. This is will give priority to user input?Another option to add API credentials is through ENV variable, if API_UID and API_KEY are None. Credentials.py searches for the env and use them to populate API_RC hidden file: List of environmental API variables:
cdsapirc : models(ERA5, ERA5T):
$RAIDER_ECMWF_ERA5_API_KEY
$RAIDER_ECMWF_ERA5_UID
ecmwfapirc : models(HRES, ERAI):
$RAIDER_HRES_URL
$RAIDER_HRES_API_KEY
$RAIDER_HRES_EMAIL
netrc : models (GMAO)
$EARTHDATA_USERNAME
$EARTHDATA_PASSWORD
Type of change
Checklist: