Added support for NASA/URS SSO service #11
Conversation
Also added support for a new constant: pydap.lib.SSL_VALIDATE that can be used with sites that take username:password info but use self-signed certs. By default PyDAP does not work with self signed certs.
|
I'm getting requests to merge this, but I don't have write access to the repository. I'm willing to merge it and test the result, but I need the permissions. Thanks |
|
@lewismc Can you look into merging this? Thanks, James |
|
Hi @jgallagher59701 I don't have write permissions either. We are however in need to getting a release for Pydap which is Python3 and Python2.7 compliant. I'll be more than happy to test this PR out. |
@lewismc Thanks!
James Gallagher |
|
Hi @jgallagher59701, I've finally taken a good look at this PR and would be happy to include it in the next release that includes Python3. However, there are a couple modules that have been moved around within Pydap. And there are also some standard library modules that should be brought in from the |
|
Hi @jameshiebert, It was quite some time ago I worked on this, but I think it was probably the https://earthdata.nasa.gov/ site which implements OAuth2 for all of NASA's data. If this doesn't work for you, let me know and I'll sort out just how to test the stuff. Thanks! |
|
@jgallagher59701 is correct, all of the authentication goes through URS which can be seen at https://urs.earthdata.nasa.gov/ |
|
If you want me to drive this then i would be more than happy. Please let me know I work with Earthdata support quite a bit. |
|
@lewismc That would be great from my POV. |
|
OK doke. I've created a ticket (will post link here once I get a public link) to request application creation within the URS system. We should hear back reasonably soon. |
|
Hi @jameshiebert I am attempting to test out this patch over the top of your |
|
Sure, I can do a review of the patch and will make comments in line about where things should be moved to. |
|
|
||
| """ | ||
|
|
||
| import cookielib |
There was a problem hiding this comment.
This should come from six.moves.http_cookiejar
| cj = cookielib.CookieJar() | ||
|
|
||
| # Create the password manager and load with the credentials using | ||
| pwMgr = urllib2.HTTPPasswordMgrWithDefaultRealm() |
There was a problem hiding this comment.
from six.moves.urllib.request import HTTPPasswordMgrWithDefaultRealm
| if uri and user and passwd: | ||
| pwMgr.add_password(None, uri, user, passwd) | ||
|
|
||
| opener = urllib2.build_opener(urllib2.HTTPBasicAuthHandler(pwMgr), |
There was a problem hiding this comment.
Everything here can come from six.moves.urllib.request
| @@ -25,7 +25,8 @@ def request(url): | |||
| """ | |||
| h = httplib2.Http(cache=pydap.lib.CACHE, | |||
| timeout=pydap.lib.TIMEOUT, | |||
| proxy_info=pydap.lib.PROXY) | |||
| proxy_info=pydap.lib.PROXY, | |||
| disable_ssl_certificate_validation= not pydap.lib.SSL_VALIDATE) # jhrg 4/21/15 | |||
There was a problem hiding this comment.
Is this a good idea?
| @@ -25,7 +25,8 @@ def request(url): | |||
| """ | |||
There was a problem hiding this comment.
Roberto moved most of the networking code over to src/pydap/net.py, which basically just defines a function GET() which wraps a webob request. If you want to modify SSL validation or proxy settings, you probably want to do it there, with webob or with httplib (that's essentially the software stack from the top down).
| return resp, data | ||
|
|
||
| from pydap.util import http | ||
| http.request = new_request |
There was a problem hiding this comment.
Same comment as below (pydap/util/http.py) w.r.t. networking code. If you want to monkeypatch Pydap's client (though there's probably a cleaner way to do it), you would want to do so to pydap.net:GET.
|
@lewismc Should I jump in here or are you up for it? As you all can tell, this was my first python code... |
|
I'll submit a PR shortly folks sorry. End of a long week. |
|
@jgallagher59701 one other thing, I registered Pydap as an application over on urs.earthdata.nasa.gov so we 'may' be able to utilize urs authentication within the test suite here. |
|
This branch needs to be rebased off of |
|
@jameshiebert do you know if it is possible to implement SSL in Webob? I'm thinking about changing the logic in net.py from Webob to Requests so we can implement it. wdyt? BTW, once this niggle is clarified I will implement the solution and submit the PR to update this issue. |
|
Hi James, I found an issue with the URS module when using NASA’s opendap server. I noticed they switched to https instead http and now there is an issue where it adds an ‘&’ to the end of the url such as https://opendap.cr.usgs.gov/opendap/hyrax/MCD15A2H.006/h10v04.ncml?time[0:1:657]& I have fixed this issue (red) in your urs module as def new_request(url): Sorry I don’t even know where I can commit this since your commit has not been merged yet. Mitch Mitchell A. Schull, Ph.D. |
|
@lewismc I'd prefer to keep the code base consistent and just use You should be able to do HTTPS with >>> from webob.request import Request
>>> req = Request.blank('https://github.com/pydap/pydap')
>>> resp = req.get_response()
>>> resp.status
'200 OK' |
|
@jameshiebert ah... OK. I didn't realize that everything was encapsulated like that. |
|
@jgallagher59701 do you have a suitable .nc file hosted on one of the OPeNDAP test servers which requires URS authentication to access? If so then I'll code this into our tests. |
|
New PR at #26, sorry for length of time on this one @jgallagher59701 |
|
@lewismc I don't - NASA may, but I'll have to poke around a bit. That is, they have many files, but we'd like something that won't move. |
|
Here's info from fan.fang-1@nasa.gov about URLs for testing: James, Most of our data present themselves through DAP as netCDF-like. So it is a bit odd… If the data format before DAP has to be netCDF, we have Merra-2 which is netcdf-4, e.g. http://goldsmr5.gesdisc.eosdis.nasa.gov/opendap/MERRA2/contents.html (to download original granules http://goldsmr5.gesdisc.eosdis.nasa.gov/data/s4pa/MERRA2/) And this one in netcdf-3: http://hydro1.gesdisc.eosdis.nasa.gov/opendap/LPRM_AMSRE_A_SOILM3.002/contents.html (http://hydro1.gesdisc.eosdis.nasa.gov/data/s4pa/WAOB/LPRM_AMSRE_A_SOILM3.002/) Let me know if these do not satisfy. -Fan |
|
@jgallagher59701 ack, I'll continue work over on the branch at #26 |
|
This functionality should be addressed by #20 which has been merged into master. If it's not for some reason, feel free to re-open this PR. |
Roberto,
I added support for the NASA/URS SSO service (which uses OAuth2 but requires that you login using their login page; it does not support Facebook, Google, ..., logins). Also, In the process I added support for site that use things like LDAP in combination with HTTP/S and Basic Auth. My install_basic_client() function reads URIs, usernames and passwords from a .netrc file as well as taking one set as params to the function. I think this code will actually be used by NASA and some of the folks down under (ANU/NCI).
Also added support for a new constant: pydap.lib.SSL_VALIDATE that can be used with sites that take username:password info but use self-signed certs. By default httplib2 does not work with self signed certs.
Anyway, this is my first attempt at python, I tried to make the comments decent...
Can you merge this?
Thanks and hope all is well!
James