Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication documentation #274

Merged
merged 38 commits into from
Jun 29, 2024
Merged

Authentication documentation #274

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
5ee3c2d
Adding route dependencies module.
rhysrevans3 May 10, 2024
10d621e
Fixing pre-commit errors.
rhysrevans3 May 10, 2024
bb04359
Merge branch 'main' into route_dependencies
jonhealy1 May 10, 2024
c2c12bd
Adding to opensearch.
rhysrevans3 May 14, 2024
7b8ef5a
Adding testing.
rhysrevans3 May 14, 2024
aedf077
Merge branch 'main' into route_dependencies
jonhealy1 May 15, 2024
6a36f6b
Allow route dependencies to be passed as a variable for testing.
rhysrevans3 May 15, 2024
19b97f6
Merge branch 'route_dependencies' of github.com:rhysrevans3/stac-fast…
rhysrevans3 May 15, 2024
211d04d
Removing context extension.
rhysrevans3 May 15, 2024
8c14390
Allowing fuctions or class dependencies.
rhysrevans3 May 15, 2024
4b90d15
Updating test conf.
rhysrevans3 May 15, 2024
6891357
Fix for import error.
rhysrevans3 May 15, 2024
d718601
Add test directory to sys path for import.
rhysrevans3 May 15, 2024
a1d3929
Fix for sys path import.
rhysrevans3 May 15, 2024
65d367c
Add test dir to sys path.
rhysrevans3 May 15, 2024
53f17f8
Switching tests to use collections endpoint for rd tests.
rhysrevans3 May 15, 2024
51de3bf
Switch from post to get on test_authenticated.
rhysrevans3 May 15, 2024
ffd3912
Removing unneeded length check.
rhysrevans3 May 16, 2024
bde4b3c
Adding docker compose file and readme help for route dependencies.
rhysrevans3 May 24, 2024
bd29dcd
Merge branch 'main' of github.com:stac-utils/stac-fastapi-elasticsear…
rhysrevans3 Jun 3, 2024
cc1a30e
Adding to changelog.
rhysrevans3 Jun 3, 2024
caa45dd
Merge branch 'main' into route_dependencies
jonhealy1 Jun 11, 2024
fb931bc
Moving basic auth to route dependencies.
rhysrevans3 Jun 12, 2024
c08d25c
Merge branch 'route_dependencies' of github.com:rhysrevans3/stac-fast…
rhysrevans3 Jun 12, 2024
b689275
Removing basic_auth copy.
rhysrevans3 Jun 13, 2024
370b401
Adding route that aren't lists.
rhysrevans3 Jun 13, 2024
6a7308e
Adding schema validation to route dependencies.
rhysrevans3 Jun 17, 2024
a88f04c
pre-commit.
rhysrevans3 Jun 17, 2024
b5231f4
Merge branch 'main' of github.com:stac-utils/stac-fastapi-elasticsear…
rhysrevans3 Jun 17, 2024
deba511
Adding jsonschema install.
rhysrevans3 Jun 17, 2024
e9bba36
Fixing schema.
rhysrevans3 Jun 17, 2024
87a2294
Add docker file example for route_dependencies.json.
rhysrevans3 Jun 17, 2024
9617d39
Merge branch 'main' of github.com:stac-utils/stac-fastapi-elasticsear…
rhysrevans3 Jun 18, 2024
01b0af5
Adding Oauth2 example.
rhysrevans3 Jun 18, 2024
f9314d9
Updating changelog and opensearch auth in compose files.
rhysrevans3 Jun 21, 2024
b0429ba
Merge branch 'main' of github.com:stac-utils/stac-fastapi-elasticsear…
rhysrevans3 Jun 24, 2024
36df148
Moving authentication documentation and docker files to example direc…
rhysrevans3 Jun 24, 2024
4bda782
Fix changelog.
rhysrevans3 Jun 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.

- Updated stac-fastapi libraries to v3.0.0a1 [#265](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/265)
- Updated stac-fastapi libraries to v3.0.0a3 [#269](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/269)
- Converted Basic auth to a route dependency and merged with new route depndencies method. [#251](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/251)
- Updated docker-compose.basic_auth_protected.yml to use STAC_FASTAPI_ROUTE_DEPENDENCIES environment variable. [#251](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/251)

### Fixed

Expand Down
144 changes: 19 additions & 125 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
</p>


[![PyPI version](https://badge.fury.io/py/stac-fastapi.elasticsearch.svg)](https://badge.fury.io/py/stac-fastapi.elasticsearch)
[![PyPI version](https://badge.fury.io/py/stac-fastapi.elasticsearch.svg)](https://badge.fury.io/py/stac-fastapi.elasticsearch)
[![Join the chat at https://gitter.im/stac-fastapi-elasticsearch/community](https://badges.gitter.im/stac-fastapi-elasticsearch/community.svg)](https://gitter.im/stac-fastapi-elasticsearch/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)


---

Expand All @@ -22,41 +22,41 @@

---

### Notes:
### Notes:

- Our Api core library can be used to create custom backends. See [stac-fastapi-mongo](https://github.com/Healy-Hyperspatial/stac-fastapi-mongo) for a working example.
- Our Api core library can be used to create custom backends. See [stac-fastapi-mongo](https://github.com/Healy-Hyperspatial/stac-fastapi-mongo) for a working example.
- Reach out on our [Gitter](https://app.gitter.im/#/room/#stac-fastapi-elasticsearch_community:gitter.im) channel or feel free to add to our [Discussions](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/discussions) page here on github.
- There is [Postman](https://documenter.getpostman.com/view/12888943/2s8ZDSdRHA) documentation here for examples on how to run some of the API routes locally - after starting the elasticsearch backend via the docker-compose.yml file.
- The `/examples` folder shows an example of running stac-fastapi-elasticsearch from PyPI in docker without needing any code from the repository. There is also a Postman collection here that you can load into Postman for testing the API routes.
- For changes, see the [Changelog](CHANGELOG.md)
- We are always welcoming contributions. For the development notes: [Contributing](CONTRIBUTING.md)
- The `/examples` folder shows an example of running stac-fastapi-elasticsearch from PyPI in docker without needing any code from the repository. There is also a Postman collection here that you can load into Postman for testing the API routes.

- For changes, see the [Changelog](CHANGELOG.md)
- We are always welcoming contributions. For the development notes: [Contributing](CONTRIBUTING.md)


### To install from PyPI:

```shell
pip install stac_fastapi.elasticsearch
```
or
or
```
pip install stac_fastapi.opensearch
```

## Build Elasticsearch API backend

```shell
docker-compose up elasticsearch
docker-compose build app-elasticsearch
```

## Running Elasticsearch API on localhost:8080

```shell
docker-compose up app-elasticsearch
```

By default, docker-compose uses Elasticsearch 8.x and OpenSearch 2.11.1.
By default, docker-compose uses Elasticsearch 8.x and OpenSearch 2.11.1.
If you wish to use a different version, put the following in a
file named `.env` in the same directory you run docker-compose from:

Expand All @@ -76,7 +76,7 @@ curl -X "POST" "http://localhost:8080/collections" \
}'
```

Note: this "Collections Transaction" behavior is not part of the STAC API, but may be soon.
Note: this "Collections Transaction" behavior is not part of the STAC API, but may be soon.

## Configure the API

Expand All @@ -91,12 +91,12 @@ The application root path is left as the base url by default. If deploying to AW
The collections route handles optional `limit` and `token` parameters. The `links` field that is
returned from the `/collections` route contains a `next` link with the token that can be used to
get the next page of results.

```shell
curl -X "GET" "http://localhost:8080/collections?limit=1&token=example_token"
```

## Ingesting Sample Data CLI Tool
## Ingesting Sample Data CLI Tool

```shell
Usage: data_loader.py [OPTIONS]
Expand All @@ -114,12 +114,12 @@ Options:

```shell
python3 data_loader.py --base-url http://localhost:8080
```
```


## Elasticsearch Mappings

Mappings apply to search index, not source. The mappings are stored in index templates on application startup.
Mappings apply to search index, not source. The mappings are stored in index templates on application startup.
These templates will be used implicitly when creating new Collection and Item indices.


Expand Down Expand Up @@ -275,112 +275,6 @@ curl -X "POST" "http://localhost:9200/_aliases" \
The modified Items with lowercase identifiers will now be visible to users accessing `my-collection` in the STAC API.


## Basic Auth

#### Environment Variable Configuration

Basic authentication is an optional feature that can be enabled through [Route Dependencies](#route-dependencies).


### Example Configuration

This example illustrates the configuration for two users: an **admin** user with full permissions (*) and a **reader** user with limited permissions to specific read-only endpoints.
```json
[
{
"routes": [
{
"method": "*",
"path": "*"
}
],
"dependencies": [
{
"method": "stac_fastapi.core.basic_auth.BasicAuth",
"kwargs": {
"credentials":[
{
"username": "admin",
"password": "admin"
}
]
}
}
]
},
{
"routes": [
{"path": "/", "method": ["GET"]},
{"path": "/conformance", "method": ["GET"]},
{"path": "/collections/{collection_id}/items/{item_id}", "method": ["GET"]},
{"path": "/search", "method": ["GET", "POST"]},
{"path": "/collections", "method": ["GET"]},
{"path": "/collections/{collection_id}", "method": ["GET"]},
{"path": "/collections/{collection_id}/items", "method": ["GET"]},
{"path": "/queryables", "method": ["GET"]},
{"path": "/queryables/collections/{collection_id}/queryables", "method": ["GET"]},
{"path": "/_mgmt/ping", "method": ["GET"]}
],
"dependencies": [
{
"method": "stac_fastapi.core.basic_auth.BasicAuth",
"kwargs": {
"credentials":[
{
"username": "reader",
"password": "reader"
}
]
}
}
]
}
]
```

## Route Dependencies

### Configuration

Route dependencies for endpoints can enable through the `STAC_FASTAPI_ROUTE_DEPENDENCIES`
environment variable as a path to a JSON file or a JSON string.

#### Route Dependency

A Route Dependency must include `routes`, a list of at least one [Route](#routes), and `dependencies` a
list of at least one [Dependency](#dependencies).

#### Routes

A Route must include a `path`, the relative path to the endpoint, and a `method`, the request method of the path.

#### Dependencies

A Dependency must include the `method`, a dot seperated path to the Class or Function, and
can include any `args` or `kwargs` for the method.

#### Example
```
STAC_FASTAPI_ROUTE_DEPENDENCIES=[
{
"routes": [
{
"method": "GET",
"path": "/collections"
}
],
"dependencies": [
{
"method": "fastapi.security.OAuth2PasswordBearer",
"kwargs": {
"tokenUrl": "token"
}
}
]
}
]
```

### Docker Compose Configurations
## Auth

See `docker-compose.basic_auth_protected.yml` and `docker-compose.basic_auth_public.yml` for basic authentication configurations.
Authentication is an optional feature that can be enabled through `Route Dependencies` examples can be found and a more detailed explanation in [examples/auth](examples/auth).
Loading