From 3ae6abe80ec14a12ea4b44818d63182efb8bedf0 Mon Sep 17 00:00:00 2001
From: Enol Fernandez <enol.fernandez@egi.eu>
Date: Fri, 17 Jan 2025 14:35:02 +0000
Subject: [PATCH 1/3] Disable for now automatic discovery of projects

---
 cloud-info/ams-wrapper.sh | 129 +++++++++++++++++++-------------------
 1 file changed, 65 insertions(+), 64 deletions(-)

diff --git a/cloud-info/ams-wrapper.sh b/cloud-info/ams-wrapper.sh
index 36693e9..86909b5 100755
--- a/cloud-info/ams-wrapper.sh
+++ b/cloud-info/ams-wrapper.sh
@@ -17,55 +17,56 @@ export CHECKIN_SECRETS_FILE="$CHECKIN_SECRETS_PATH/secrets.yaml"
 # TODO(enolfc): avoid creating new tokens for every provider
 export ACCESS_TOKEN_FILE="$AUTO_CONFIG_PATH/token.yaml"
 if token-generator; then
-	# TODO(enolfc): even if this belows fails, we should use access token as it will provide
-	# access to more projects
-	if SECRETS_FILE="$ACCESS_TOKEN_FILE" config-generator >"$AUTO_CONFIG_PATH/site.yaml"; then
-		# this worked, let's update the env
-		export CHECKIN_SECRETS_PATH="$AUTO_CONFIG_PATH/vos"
-		export CLOUD_INFO_CONFIG="$AUTO_CONFIG_PATH/site.yaml"
-	fi
+  # TODO(enolfc): even if this belows fails, we should use access token as it will provide
+  # access to more projects
+  if SECRETS_FILE="$ACCESS_TOKEN_FILE" config-generator >"$AUTO_CONFIG_PATH/site.yaml"; then
+    # this worked, let's update the env
+    export CHECKIN_SECRETS_PATH="$AUTO_CONFIG_PATH/vos"
+    # Do not use the automatec condig generated
+    # export CLOUD_INFO_CONFIG="$AUTO_CONFIG_PATH/site.yaml"
+  fi
 fi
 
 # Any OS related parameter should be available as env variables
 if test "$CHECKIN_SECRETS_PATH" = ""; then
-	# Case 1: manual config
-	cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-		--middleware "$CLOUD_INFO_MIDDLEWARE" \
-		--ignore-share-errors \
-		--format glue21 >cloud-info.out
+  # Case 1: manual config
+  cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
+    --middleware "$CLOUD_INFO_MIDDLEWARE" \
+    --ignore-share-errors \
+    --format glue21 >cloud-info.out
 else
-	# use service account for everyone
-	export OS_DISCOVERY_ENDPOINT="https://aai.egi.eu/auth/realms/egi/.well-known/openid-configuration"
-	OS_CLIENT_ID="$(yq -r '.checkin.client_id' <"$CHECKIN_SECRETS_FILE")"
-	export OS_CLIENT_ID
-	OS_CLIENT_SECRET="$(yq -r '.checkin.client_secret' <"$CHECKIN_SECRETS_FILE")"
-	export OS_CLIENT_SECRET
-	export OS_ACCESS_TOKEN_TYPE="access_token"
-	export OS_AUTH_TYPE="v3oidcclientcredentials"
-	export OS_OPENID_SCOPE="openid profile eduperson_entitlement email"
-	cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-		--middleware "$CLOUD_INFO_MIDDLEWARE" \
-		--ignore-share-errors \
-		--format glue21 >cloud-info.out
-	# Produce the json output also
-	cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-		--middleware "$CLOUD_INFO_MIDDLEWARE" \
-		--ignore-share-errors \
-		--format glue21json >cloud-info.json
+  # use service account for everyone
+  export OS_DISCOVERY_ENDPOINT="https://aai.egi.eu/auth/realms/egi/.well-known/openid-configuration"
+  OS_CLIENT_ID="$(yq -r '.checkin.client_id' <"$CHECKIN_SECRETS_FILE")"
+  export OS_CLIENT_ID
+  OS_CLIENT_SECRET="$(yq -r '.checkin.client_secret' <"$CHECKIN_SECRETS_FILE")"
+  export OS_CLIENT_SECRET
+  export OS_ACCESS_TOKEN_TYPE="access_token"
+  export OS_AUTH_TYPE="v3oidcclientcredentials"
+  export OS_OPENID_SCOPE="openid profile eduperson_entitlement email"
+  cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
+    --middleware "$CLOUD_INFO_MIDDLEWARE" \
+    --ignore-share-errors \
+    --format glue21 >cloud-info.out
+  # Produce the json output also
+  cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
+    --middleware "$CLOUD_INFO_MIDDLEWARE" \
+    --ignore-share-errors \
+    --format glue21json >cloud-info.json
 fi
 
 # Fail if there are no shares
 grep -q GLUE2ShareID cloud-info.out ||
-	(
-		echo "No share information available, aborting!"
-		false
-	)
+  (
+    echo "No share information available, aborting!"
+    false
+  )
 
 # Publish to AMS
 if test "$AMS_TOKEN_FILE" != ""; then
-	AMS_TOKEN=$(cat "$AMS_TOKEN_FILE")
+  AMS_TOKEN=$(cat "$AMS_TOKEN_FILE")
 elif test "$HOSTCERT" != "" -a "$HOSTKEY" != ""; then
-	AMS_TOKEN=$(python -c "from argo_ams_library import ArgoMessagingService; \
+  AMS_TOKEN=$(python -c "from argo_ams_library import ArgoMessagingService; \
 			   ams = ArgoMessagingService(endpoint='$AMS_HOST', \
 						      project='$AMS_PROJECT', \
 						      cert='$HOSTCERT', \
@@ -74,43 +75,43 @@ elif test "$HOSTCERT" != "" -a "$HOSTKEY" != ""; then
 fi
 
 if test "$SITE_NAME" = ""; then
-	SITE_NAME="$(yq -r .site.name "$CLOUD_INFO_CONFIG" | tr "." "-")"
+  SITE_NAME="$(yq -r .site.name "$CLOUD_INFO_CONFIG" | tr "." "-")"
 fi
 SITE_TOPIC=$(echo "$SITE_NAME" | tr "." "-")
 AMS_TOPIC="SITE_${SITE_TOPIC}_ENDPOINT_${GOCDB_ID}"
 curl -f "https://$AMS_HOST/v1/projects/$AMS_PROJECT/topics/$AMS_TOPIC?key=$AMS_TOKEN" >/dev/null 2>&1 &&
-	(
-		# Publishing to AMS on our own to ensure message fits
-		ARGO_URL="https://$AMS_HOST/v1/projects/$AMS_PROJECT/topics/$AMS_TOPIC:publish?key=$AMS_TOKEN"
+  (
+    # Publishing to AMS on our own to ensure message fits
+    ARGO_URL="https://$AMS_HOST/v1/projects/$AMS_PROJECT/topics/$AMS_TOPIC:publish?key=$AMS_TOKEN"
 
-		printf '{"messages":[{"attributes":{},"data":"' >ams-payload
-		grep -v "UNKNOWN" cloud-info.out | grep -v "^#" | grep -v ": $" | gzip | base64 -w 0 >>ams-payload
-		printf '"}]}' >>ams-payload
+    printf '{"messages":[{"attributes":{},"data":"' >ams-payload
+    grep -v "UNKNOWN" cloud-info.out | grep -v "^#" | grep -v ": $" | gzip | base64 -w 0 >>ams-payload
+    printf '"}]}' >>ams-payload
 
-		curl -X POST "$ARGO_URL" -H "content-type: application/json" -d @ams-payload
-	)
+    curl -X POST "$ARGO_URL" -H "content-type: application/json" -d @ams-payload
+  )
 
 # Publish to object
 if test -s cloud-info.json; then
-	if test "$SWIFT_SITE_NAME" != ""; then
-		OIDC_ACCESS_TOKEN=$(yq -r '.checkin.access_token' <"$ACCESS_TOKEN_FILE")
-		export OIDC_ACCESS_TOKEN
-		export EGI_VO="$SWIFT_VO_NAME"
-		SWIFT_URL=$(/fedcloud/bin/fedcloud openstack \
-			--site "$SWIFT_SITE_NAME" \
-			catalog show swift -f json |
-			jq -r '(.endpoints[] | select(.interface=="public")).url')
-		export RCLONE_CONFIG_REMOTE_TYPE="swift"
-		export RCLONE_CONFIG_REMOTE_ENV_AUTH="false"
-		export RCLONE_CONFIG_REMOTE_STORAGE_URL="$SWIFT_URL"
-		eval "$(/fedcloud/bin/fedcloud site env --site "$SWIFT_SITE_NAME")"
-		export RCLONE_CONFIG_REMOTE_AUTH_URL="$OS_AUTH_URL"
-		OS_AUTH_TOKEN=$(/fedcloud/bin/fedcloud openstack \
-			--site "$SWIFT_SITE_NAME" token issue -c id -f value)
-		export RCLONE_CONFIG_REMOTE_AUTH_TOKEN="$OS_AUTH_TOKEN"
-		rclone mkdir "remote:$SWIFT_CONTAINER_NAME"
-		rclone copy cloud-info.json "remote:$SWIFT_CONTAINER_NAME/$SITE_NAME"
-	fi
+  if test "$SWIFT_SITE_NAME" != ""; then
+    OIDC_ACCESS_TOKEN=$(yq -r '.checkin.access_token' <"$ACCESS_TOKEN_FILE")
+    export OIDC_ACCESS_TOKEN
+    export EGI_VO="$SWIFT_VO_NAME"
+    SWIFT_URL=$(/fedcloud/bin/fedcloud openstack \
+      --site "$SWIFT_SITE_NAME" \
+      catalog show swift -f json |
+      jq -r '(.endpoints[] | select(.interface=="public")).url')
+    export RCLONE_CONFIG_REMOTE_TYPE="swift"
+    export RCLONE_CONFIG_REMOTE_ENV_AUTH="false"
+    export RCLONE_CONFIG_REMOTE_STORAGE_URL="$SWIFT_URL"
+    eval "$(/fedcloud/bin/fedcloud site env --site "$SWIFT_SITE_NAME")"
+    export RCLONE_CONFIG_REMOTE_AUTH_URL="$OS_AUTH_URL"
+    OS_AUTH_TOKEN=$(/fedcloud/bin/fedcloud openstack \
+      --site "$SWIFT_SITE_NAME" token issue -c id -f value)
+    export RCLONE_CONFIG_REMOTE_AUTH_TOKEN="$OS_AUTH_TOKEN"
+    rclone mkdir "remote:$SWIFT_CONTAINER_NAME"
+    rclone copy cloud-info.json "remote:$SWIFT_CONTAINER_NAME/$SITE_NAME"
+  fi
 fi
 
 rm -rf "$VO_CONFIG_PATH"

From a294f695e90ad77a9bbf26ea35db4873fab9aa17 Mon Sep 17 00:00:00 2001
From: Enol Fernandez <enol.fernandez@egi.eu>
Date: Fri, 17 Jan 2025 14:39:16 +0000
Subject: [PATCH 2/3] Put formatting back on

---
 cloud-info/ams-wrapper.sh | 129 +++++++++++++++++++-------------------
 1 file changed, 64 insertions(+), 65 deletions(-)

diff --git a/cloud-info/ams-wrapper.sh b/cloud-info/ams-wrapper.sh
index 86909b5..36693e9 100755
--- a/cloud-info/ams-wrapper.sh
+++ b/cloud-info/ams-wrapper.sh
@@ -17,56 +17,55 @@ export CHECKIN_SECRETS_FILE="$CHECKIN_SECRETS_PATH/secrets.yaml"
 # TODO(enolfc): avoid creating new tokens for every provider
 export ACCESS_TOKEN_FILE="$AUTO_CONFIG_PATH/token.yaml"
 if token-generator; then
-  # TODO(enolfc): even if this belows fails, we should use access token as it will provide
-  # access to more projects
-  if SECRETS_FILE="$ACCESS_TOKEN_FILE" config-generator >"$AUTO_CONFIG_PATH/site.yaml"; then
-    # this worked, let's update the env
-    export CHECKIN_SECRETS_PATH="$AUTO_CONFIG_PATH/vos"
-    # Do not use the automatec condig generated
-    # export CLOUD_INFO_CONFIG="$AUTO_CONFIG_PATH/site.yaml"
-  fi
+	# TODO(enolfc): even if this belows fails, we should use access token as it will provide
+	# access to more projects
+	if SECRETS_FILE="$ACCESS_TOKEN_FILE" config-generator >"$AUTO_CONFIG_PATH/site.yaml"; then
+		# this worked, let's update the env
+		export CHECKIN_SECRETS_PATH="$AUTO_CONFIG_PATH/vos"
+		export CLOUD_INFO_CONFIG="$AUTO_CONFIG_PATH/site.yaml"
+	fi
 fi
 
 # Any OS related parameter should be available as env variables
 if test "$CHECKIN_SECRETS_PATH" = ""; then
-  # Case 1: manual config
-  cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-    --middleware "$CLOUD_INFO_MIDDLEWARE" \
-    --ignore-share-errors \
-    --format glue21 >cloud-info.out
+	# Case 1: manual config
+	cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
+		--middleware "$CLOUD_INFO_MIDDLEWARE" \
+		--ignore-share-errors \
+		--format glue21 >cloud-info.out
 else
-  # use service account for everyone
-  export OS_DISCOVERY_ENDPOINT="https://aai.egi.eu/auth/realms/egi/.well-known/openid-configuration"
-  OS_CLIENT_ID="$(yq -r '.checkin.client_id' <"$CHECKIN_SECRETS_FILE")"
-  export OS_CLIENT_ID
-  OS_CLIENT_SECRET="$(yq -r '.checkin.client_secret' <"$CHECKIN_SECRETS_FILE")"
-  export OS_CLIENT_SECRET
-  export OS_ACCESS_TOKEN_TYPE="access_token"
-  export OS_AUTH_TYPE="v3oidcclientcredentials"
-  export OS_OPENID_SCOPE="openid profile eduperson_entitlement email"
-  cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-    --middleware "$CLOUD_INFO_MIDDLEWARE" \
-    --ignore-share-errors \
-    --format glue21 >cloud-info.out
-  # Produce the json output also
-  cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-    --middleware "$CLOUD_INFO_MIDDLEWARE" \
-    --ignore-share-errors \
-    --format glue21json >cloud-info.json
+	# use service account for everyone
+	export OS_DISCOVERY_ENDPOINT="https://aai.egi.eu/auth/realms/egi/.well-known/openid-configuration"
+	OS_CLIENT_ID="$(yq -r '.checkin.client_id' <"$CHECKIN_SECRETS_FILE")"
+	export OS_CLIENT_ID
+	OS_CLIENT_SECRET="$(yq -r '.checkin.client_secret' <"$CHECKIN_SECRETS_FILE")"
+	export OS_CLIENT_SECRET
+	export OS_ACCESS_TOKEN_TYPE="access_token"
+	export OS_AUTH_TYPE="v3oidcclientcredentials"
+	export OS_OPENID_SCOPE="openid profile eduperson_entitlement email"
+	cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
+		--middleware "$CLOUD_INFO_MIDDLEWARE" \
+		--ignore-share-errors \
+		--format glue21 >cloud-info.out
+	# Produce the json output also
+	cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
+		--middleware "$CLOUD_INFO_MIDDLEWARE" \
+		--ignore-share-errors \
+		--format glue21json >cloud-info.json
 fi
 
 # Fail if there are no shares
 grep -q GLUE2ShareID cloud-info.out ||
-  (
-    echo "No share information available, aborting!"
-    false
-  )
+	(
+		echo "No share information available, aborting!"
+		false
+	)
 
 # Publish to AMS
 if test "$AMS_TOKEN_FILE" != ""; then
-  AMS_TOKEN=$(cat "$AMS_TOKEN_FILE")
+	AMS_TOKEN=$(cat "$AMS_TOKEN_FILE")
 elif test "$HOSTCERT" != "" -a "$HOSTKEY" != ""; then
-  AMS_TOKEN=$(python -c "from argo_ams_library import ArgoMessagingService; \
+	AMS_TOKEN=$(python -c "from argo_ams_library import ArgoMessagingService; \
 			   ams = ArgoMessagingService(endpoint='$AMS_HOST', \
 						      project='$AMS_PROJECT', \
 						      cert='$HOSTCERT', \
@@ -75,43 +74,43 @@ elif test "$HOSTCERT" != "" -a "$HOSTKEY" != ""; then
 fi
 
 if test "$SITE_NAME" = ""; then
-  SITE_NAME="$(yq -r .site.name "$CLOUD_INFO_CONFIG" | tr "." "-")"
+	SITE_NAME="$(yq -r .site.name "$CLOUD_INFO_CONFIG" | tr "." "-")"
 fi
 SITE_TOPIC=$(echo "$SITE_NAME" | tr "." "-")
 AMS_TOPIC="SITE_${SITE_TOPIC}_ENDPOINT_${GOCDB_ID}"
 curl -f "https://$AMS_HOST/v1/projects/$AMS_PROJECT/topics/$AMS_TOPIC?key=$AMS_TOKEN" >/dev/null 2>&1 &&
-  (
-    # Publishing to AMS on our own to ensure message fits
-    ARGO_URL="https://$AMS_HOST/v1/projects/$AMS_PROJECT/topics/$AMS_TOPIC:publish?key=$AMS_TOKEN"
+	(
+		# Publishing to AMS on our own to ensure message fits
+		ARGO_URL="https://$AMS_HOST/v1/projects/$AMS_PROJECT/topics/$AMS_TOPIC:publish?key=$AMS_TOKEN"
 
-    printf '{"messages":[{"attributes":{},"data":"' >ams-payload
-    grep -v "UNKNOWN" cloud-info.out | grep -v "^#" | grep -v ": $" | gzip | base64 -w 0 >>ams-payload
-    printf '"}]}' >>ams-payload
+		printf '{"messages":[{"attributes":{},"data":"' >ams-payload
+		grep -v "UNKNOWN" cloud-info.out | grep -v "^#" | grep -v ": $" | gzip | base64 -w 0 >>ams-payload
+		printf '"}]}' >>ams-payload
 
-    curl -X POST "$ARGO_URL" -H "content-type: application/json" -d @ams-payload
-  )
+		curl -X POST "$ARGO_URL" -H "content-type: application/json" -d @ams-payload
+	)
 
 # Publish to object
 if test -s cloud-info.json; then
-  if test "$SWIFT_SITE_NAME" != ""; then
-    OIDC_ACCESS_TOKEN=$(yq -r '.checkin.access_token' <"$ACCESS_TOKEN_FILE")
-    export OIDC_ACCESS_TOKEN
-    export EGI_VO="$SWIFT_VO_NAME"
-    SWIFT_URL=$(/fedcloud/bin/fedcloud openstack \
-      --site "$SWIFT_SITE_NAME" \
-      catalog show swift -f json |
-      jq -r '(.endpoints[] | select(.interface=="public")).url')
-    export RCLONE_CONFIG_REMOTE_TYPE="swift"
-    export RCLONE_CONFIG_REMOTE_ENV_AUTH="false"
-    export RCLONE_CONFIG_REMOTE_STORAGE_URL="$SWIFT_URL"
-    eval "$(/fedcloud/bin/fedcloud site env --site "$SWIFT_SITE_NAME")"
-    export RCLONE_CONFIG_REMOTE_AUTH_URL="$OS_AUTH_URL"
-    OS_AUTH_TOKEN=$(/fedcloud/bin/fedcloud openstack \
-      --site "$SWIFT_SITE_NAME" token issue -c id -f value)
-    export RCLONE_CONFIG_REMOTE_AUTH_TOKEN="$OS_AUTH_TOKEN"
-    rclone mkdir "remote:$SWIFT_CONTAINER_NAME"
-    rclone copy cloud-info.json "remote:$SWIFT_CONTAINER_NAME/$SITE_NAME"
-  fi
+	if test "$SWIFT_SITE_NAME" != ""; then
+		OIDC_ACCESS_TOKEN=$(yq -r '.checkin.access_token' <"$ACCESS_TOKEN_FILE")
+		export OIDC_ACCESS_TOKEN
+		export EGI_VO="$SWIFT_VO_NAME"
+		SWIFT_URL=$(/fedcloud/bin/fedcloud openstack \
+			--site "$SWIFT_SITE_NAME" \
+			catalog show swift -f json |
+			jq -r '(.endpoints[] | select(.interface=="public")).url')
+		export RCLONE_CONFIG_REMOTE_TYPE="swift"
+		export RCLONE_CONFIG_REMOTE_ENV_AUTH="false"
+		export RCLONE_CONFIG_REMOTE_STORAGE_URL="$SWIFT_URL"
+		eval "$(/fedcloud/bin/fedcloud site env --site "$SWIFT_SITE_NAME")"
+		export RCLONE_CONFIG_REMOTE_AUTH_URL="$OS_AUTH_URL"
+		OS_AUTH_TOKEN=$(/fedcloud/bin/fedcloud openstack \
+			--site "$SWIFT_SITE_NAME" token issue -c id -f value)
+		export RCLONE_CONFIG_REMOTE_AUTH_TOKEN="$OS_AUTH_TOKEN"
+		rclone mkdir "remote:$SWIFT_CONTAINER_NAME"
+		rclone copy cloud-info.json "remote:$SWIFT_CONTAINER_NAME/$SITE_NAME"
+	fi
 fi
 
 rm -rf "$VO_CONFIG_PATH"

From 411d50d9eca2b7fbf51c15c0eec46961d9f6b5b2 Mon Sep 17 00:00:00 2001
From: Enol Fernandez <enol.fernandez@egi.eu>
Date: Fri, 17 Jan 2025 14:39:52 +0000
Subject: [PATCH 3/3] Do not use the generated config file

---
 cloud-info/ams-wrapper.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cloud-info/ams-wrapper.sh b/cloud-info/ams-wrapper.sh
index 36693e9..59270b9 100755
--- a/cloud-info/ams-wrapper.sh
+++ b/cloud-info/ams-wrapper.sh
@@ -22,7 +22,8 @@ if token-generator; then
 	if SECRETS_FILE="$ACCESS_TOKEN_FILE" config-generator >"$AUTO_CONFIG_PATH/site.yaml"; then
 		# this worked, let's update the env
 		export CHECKIN_SECRETS_PATH="$AUTO_CONFIG_PATH/vos"
-		export CLOUD_INFO_CONFIG="$AUTO_CONFIG_PATH/site.yaml"
+		# Do not use the generated config file
+		# export CLOUD_INFO_CONFIG="$AUTO_CONFIG_PATH/site.yaml"
 	fi
 fi