Skip to content

DM-49004 : Implement Panda WMS#163

Merged
tcjennings merged 4 commits intotickets/DM-49324/releasefrom
tickets/DM-49004/panda
Mar 21, 2025
Merged

DM-49004 : Implement Panda WMS#163
tcjennings merged 4 commits intotickets/DM-49324/releasefrom
tickets/DM-49004/panda

Conversation

@tcjennings
Copy link
Copy Markdown
Collaborator

@tcjennings tcjennings commented Feb 19, 2025
edited
Loading

Support Panda WMS

  • add configuration model for panda
  • implement idtoken refresh operations for panda auth
  • Service is bootstrapped with a panda refresh token as a k8s secret
  • At app startup, refresh token is used to obtain a current idtoken, which is added to the app's runtime configuration
  • Token is checked and refreshed as needed before wms submit operations

@tcjennings tcjennings force-pushed the tickets/DM-49004/panda branch 8 times, most recently from ec77849 to 4cf4d11 Compare February 21, 2025 18:24
@tcjennings tcjennings marked this pull request as ready for review February 21, 2025 19:48
@tcjennings tcjennings changed the base branch from main to tickets/DM-49324/release March 5, 2025 19:36
@tcjennings tcjennings force-pushed the tickets/DM-49004/panda branch 3 times, most recently from 8f5d05a to 51b2cf7 Compare March 7, 2025 15:08
ctslater
ctslater approved these changes Mar 21, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@ctslater ctslater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, nothing particularly substantive to add.

src/lsst/cmservice/templates/wms_submit_sh.j2
{%- elif wms == "panda" %}
{# what value is this LATEST_PANDA path? #}
{# LATEST_PANDA=$(ls -td /cvmfs/sw.lsst.eu/almalinux-x86_64/panda_env/v* | head -1) #}
export PANDA_SYS=${CONDA_PREFIX}
Copy link
Copy Markdown
Member

@ctslater ctslater Mar 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My read is that PANDA_SYS is a different conda env than the stack conda env, so is this going to point to the right place?

Copy link
Copy Markdown
Collaborator Author

@tcjennings tcjennings Mar 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That identity is straight from the canonical setup_panda.sh script ( /cvmfs/sw.lsst.eu/linux-x86_64/panda_env/v1.0.17/setup_panda.sh), so it ought to!

src/lsst/cmservice/common/panda.py Outdated
)

_ = refresh_panda_token(token_endpoint, data)
except httpx.HTTPStatusError:
Copy link
Copy Markdown
Member

@ctslater ctslater Mar 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could imagine wanting to catch json parsing errors or missing keys in the Panda responses somewhere too, maybe here?

@tcjennings
Update panda token logic
1c00469 
Default expiry to None.
Decode expiry from token only when needed.
Make panda token checking a noop if panda is unconfigured.
Check panda token before building bps submit environment.
@tcjennings tcjennings force-pushed the tickets/DM-49004/panda branch from 51b2cf7 to 1c00469 Compare March 21, 2025 20:27
@tcjennings tcjennings merged commit b8b6560 into tickets/DM-49324/release Mar 21, 2025
7 checks passed
@tcjennings tcjennings deleted the tickets/DM-49004/panda branch March 21, 2025 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ctslater ctslater ctslater approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tcjennings @ctslater