Feature #25247
Improve the generation of Glideins' idtokens
0%
CMS, OSG
Description
Glideins use an idtoken to authenticate back to the VO collector.
The Frontend generates one idtoken per entry.
This may become slow for Frontends accessing many entries.
- it is in memory (no IO, no forking, faster)
- once the frontend user is given access to the condor master password file (e.g. via group read access or making a copy of it) it can generate tokens w/o sudo
https://github.com/CoffeaTeam/jhub/blob/master/charts/coffea-casa-jhub/files/hub/auth.py#L196-L235
Related issues
History
#1 Updated by Marco Mambelli 3 months ago
- Target version changed from v3_7_2 to v3_7_3
#2 Updated by Marco Mambelli 17 days ago
- Priority changed from Normal to High
#3 Updated by Dennis Box 17 days ago
- Assignee changed from Dennis Box to Marco Mambelli
- Status changed from New to Feedback
related issues: #25240 depends on some of these changes
#4 Updated by Marco Mambelli 16 days ago
- Blocks Feature #25450: Change IDTOKEN use to be more aggressive by delaying the checks added
#5 Updated by Marco Mambelli 16 days ago
- Assignee changed from Marco Mambelli to Dennis Box
Feedback sent via email.
As discussed, consider the possibility to create a new branch v37/25247_1 where the commits have messages referring to the topic of the ticket (branch the new one off branch_v3_7, apply the commit, and amend the message - changes are not possible for commits pushed already to the main repo -). Then merge this new branch to branch_v3_7 (after the feedback has been addressed).