%global _empty_manifest_terminate_build 0 Name: python-mongogrant Version: 0.3.3 Release: 1 Summary: Generate and grant credentials for MongoDB databases License: modified BSD URL: https://github.com/materialsproject/mongogrant/ Source0: https://mirrors.nju.edu.cn/pypi/web/packages/86/ea/236c569243a19bfb7097fd6b2fd09aa68af57e3d76e3ff65ea69333c0760/mongogrant-0.3.3.tar.gz BuildArch: noarch Requires: python3-Click Requires: python3-pymongo Requires: python3-Flask Requires: python3-requests %description ## Quickstart for users So, your friendly neighborhood mongogranter says you know have access to a database through your email address. What now? First, install mongogrant: ```bash pip install mongogrant ``` Next, request a token link to be sent to your email: ``` mgrant init mcurie@espci.fr \ --endpoint https://grantmedb.materialsproject.org ``` Click the link in your email to prove you're you, copy the fetch token from the loaded page, and then run: ``` mgrant settoken wh054900d70k3ny35y0u423 ``` Finally, get credentials for your database. Here, Marie is asking mongogrant to print out db.json and my_launchpad.yaml starter files for [FireWorks](https://materialsproject.github.io/fireworks/) and [atomate](https://atomate.org/): ``` mgrant db mongodb03.nersc.gov fw_mc_polonium \ --role readWrite \ --atomate-starters ``` ## About mongogrant Mongogrant is a utility to grant username and password credentials for read and readWrite roles on various databases on various hosts to owners of email addresses. A server administrator has fine-grained control via allow/deny rules for granting tokens and credentials. People request an email that contains a one-time link. That link gives a user a fetch token. All tokens expire and expiration time is customizable. People then use the mongogrant client to make requests like ```python from mongogrant.client import Client # config file on disk has tokens and host/db aliases # `Client()` with no args looks to # ~/.mongogrant.json for config client = Client() # No config yet? Set one up with at least one remote for fetching credentials # See below for how to obtain for a given . client.set_remote("https://grantmedb.materialsproject.org", "") # Set some aliases if you'd like: client.set_alias("dev", "mongodb03.nersc.gov", "host") client.set_alias("prod", "mongodb04.nersc.gov", "host") client.set_alias("fireworks", "fw_dw_phonons", "db") # pymongo.database.Database with read role source_db = client.db("ro:dev/fireworks") # readWrite role: config stores "prod" host alias and "fireworks" db alias target_db = client.db("rw:prod/fireworks") # ...Do database stuff! ``` One can also go entirely through a running app's API: ```bash > # Using the HTTPie command line HTTP client (https://httpie.org/) > # Install via `{brew,apt-get,pip,...} install httpie` > http GET https://grantmedb.materialsproject.org/gettoken/ HTTP/1.1 200 OK Connection: keep-alive Content-Length: 59 Content-Type: application/json Date: Thu, 17 May 2018 18:05:30 GMT Server: nginx/1.10.3 { "msg": "Sent link to to retrieve token." } > http GET https://grantmedb.materialsproject.org/verifytoken/ HTTP/1.1 200 OK Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 17 May 2018 18:06:17 GMT Server: nginx/1.10.3 Transfer-Encoding: chunked Fetch token: (expires 2018-06-19 18:05:30.508000 UTC) > # end-of-line "\" below only necessary if command spans two lines. > http --form POST https://grantmedb.materialsproject.org/grant/ \ > role=readWrite host=mongodb03.nersc.gov db=dw_phonons HTTP/1.1 200 OK Connection: keep-alive Content-Length: 108 Content-Type: application/json Date: Thu, 17 May 2018 18:11:22 GMT Server: nginx/1.10.3 { "password": "", "username": "dwinston_lbl.gov_readWrite" } > ``` You can run a "server" on your laptop in a Jupyer notebook and manage allow/deny rules, grant / revoke grants of credentials, etc. A small Flask app is included as an example for deploying a server to which clients can connect to obtain tokens and credentials. ## Set up a server ```python from mongogrant.config import Config from mongogrant.server import Server, check, path, seed, Mailgun server = Server(Config(check=check, path=path, seed=seed())) server.set_mgdb("mongodb://mgserver:mgserverpass@my.host.com/mongogrant") server.set_mailer(Mailgun, dict( api_key="YOUR_KEY", base_url="https://api.mailgun.net/v3/YOUR_DOMAIN", from_addr="mongogrant@YOUR_DOMAIN")) server.set_admin_client( host="other1.host.com", username="mongoadmin", password="mongoadminpass") server.set_admin_client( host="other2.host.com", username="mongoadmin", password="mongoadminpass") ``` ### Appointing others to set allow/deny rules A mongogrant server admin can add "ruler" users who can set allow/deny rules for users via the `mgrant` CLI. An admin sets a ruler document in the `server.mgdb` collection, e.g. ```python server.mgdb.rulers.replace_one( {"email": "starlord@lbl.gov"}, { "email": "starlord@lbl.gov", "hosts": ["mongodb03.nersc.gov"], "dbs": ["mp_", "fw_"], "emails": ["@lbl.gov"], "which": ["allow"] }, upsert=True) ``` Allows user `starlord@lbl.gov` to set `allow` rules for any user with an "@lbl.gov" email address on the Mongo host "mongodb03.nersc.gov" for any database name prefixed with "mp_" or "fw_". Any field in a ruler document can be set to "all" rather than an array. %package -n python3-mongogrant Summary: Generate and grant credentials for MongoDB databases Provides: python-mongogrant BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-mongogrant ## Quickstart for users So, your friendly neighborhood mongogranter says you know have access to a database through your email address. What now? First, install mongogrant: ```bash pip install mongogrant ``` Next, request a token link to be sent to your email: ``` mgrant init mcurie@espci.fr \ --endpoint https://grantmedb.materialsproject.org ``` Click the link in your email to prove you're you, copy the fetch token from the loaded page, and then run: ``` mgrant settoken wh054900d70k3ny35y0u423 ``` Finally, get credentials for your database. Here, Marie is asking mongogrant to print out db.json and my_launchpad.yaml starter files for [FireWorks](https://materialsproject.github.io/fireworks/) and [atomate](https://atomate.org/): ``` mgrant db mongodb03.nersc.gov fw_mc_polonium \ --role readWrite \ --atomate-starters ``` ## About mongogrant Mongogrant is a utility to grant username and password credentials for read and readWrite roles on various databases on various hosts to owners of email addresses. A server administrator has fine-grained control via allow/deny rules for granting tokens and credentials. People request an email that contains a one-time link. That link gives a user a fetch token. All tokens expire and expiration time is customizable. People then use the mongogrant client to make requests like ```python from mongogrant.client import Client # config file on disk has tokens and host/db aliases # `Client()` with no args looks to # ~/.mongogrant.json for config client = Client() # No config yet? Set one up with at least one remote for fetching credentials # See below for how to obtain for a given . client.set_remote("https://grantmedb.materialsproject.org", "") # Set some aliases if you'd like: client.set_alias("dev", "mongodb03.nersc.gov", "host") client.set_alias("prod", "mongodb04.nersc.gov", "host") client.set_alias("fireworks", "fw_dw_phonons", "db") # pymongo.database.Database with read role source_db = client.db("ro:dev/fireworks") # readWrite role: config stores "prod" host alias and "fireworks" db alias target_db = client.db("rw:prod/fireworks") # ...Do database stuff! ``` One can also go entirely through a running app's API: ```bash > # Using the HTTPie command line HTTP client (https://httpie.org/) > # Install via `{brew,apt-get,pip,...} install httpie` > http GET https://grantmedb.materialsproject.org/gettoken/ HTTP/1.1 200 OK Connection: keep-alive Content-Length: 59 Content-Type: application/json Date: Thu, 17 May 2018 18:05:30 GMT Server: nginx/1.10.3 { "msg": "Sent link to to retrieve token." } > http GET https://grantmedb.materialsproject.org/verifytoken/ HTTP/1.1 200 OK Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 17 May 2018 18:06:17 GMT Server: nginx/1.10.3 Transfer-Encoding: chunked Fetch token: (expires 2018-06-19 18:05:30.508000 UTC) > # end-of-line "\" below only necessary if command spans two lines. > http --form POST https://grantmedb.materialsproject.org/grant/ \ > role=readWrite host=mongodb03.nersc.gov db=dw_phonons HTTP/1.1 200 OK Connection: keep-alive Content-Length: 108 Content-Type: application/json Date: Thu, 17 May 2018 18:11:22 GMT Server: nginx/1.10.3 { "password": "", "username": "dwinston_lbl.gov_readWrite" } > ``` You can run a "server" on your laptop in a Jupyer notebook and manage allow/deny rules, grant / revoke grants of credentials, etc. A small Flask app is included as an example for deploying a server to which clients can connect to obtain tokens and credentials. ## Set up a server ```python from mongogrant.config import Config from mongogrant.server import Server, check, path, seed, Mailgun server = Server(Config(check=check, path=path, seed=seed())) server.set_mgdb("mongodb://mgserver:mgserverpass@my.host.com/mongogrant") server.set_mailer(Mailgun, dict( api_key="YOUR_KEY", base_url="https://api.mailgun.net/v3/YOUR_DOMAIN", from_addr="mongogrant@YOUR_DOMAIN")) server.set_admin_client( host="other1.host.com", username="mongoadmin", password="mongoadminpass") server.set_admin_client( host="other2.host.com", username="mongoadmin", password="mongoadminpass") ``` ### Appointing others to set allow/deny rules A mongogrant server admin can add "ruler" users who can set allow/deny rules for users via the `mgrant` CLI. An admin sets a ruler document in the `server.mgdb` collection, e.g. ```python server.mgdb.rulers.replace_one( {"email": "starlord@lbl.gov"}, { "email": "starlord@lbl.gov", "hosts": ["mongodb03.nersc.gov"], "dbs": ["mp_", "fw_"], "emails": ["@lbl.gov"], "which": ["allow"] }, upsert=True) ``` Allows user `starlord@lbl.gov` to set `allow` rules for any user with an "@lbl.gov" email address on the Mongo host "mongodb03.nersc.gov" for any database name prefixed with "mp_" or "fw_". Any field in a ruler document can be set to "all" rather than an array. %package help Summary: Development documents and examples for mongogrant Provides: python3-mongogrant-doc %description help ## Quickstart for users So, your friendly neighborhood mongogranter says you know have access to a database through your email address. What now? First, install mongogrant: ```bash pip install mongogrant ``` Next, request a token link to be sent to your email: ``` mgrant init mcurie@espci.fr \ --endpoint https://grantmedb.materialsproject.org ``` Click the link in your email to prove you're you, copy the fetch token from the loaded page, and then run: ``` mgrant settoken wh054900d70k3ny35y0u423 ``` Finally, get credentials for your database. Here, Marie is asking mongogrant to print out db.json and my_launchpad.yaml starter files for [FireWorks](https://materialsproject.github.io/fireworks/) and [atomate](https://atomate.org/): ``` mgrant db mongodb03.nersc.gov fw_mc_polonium \ --role readWrite \ --atomate-starters ``` ## About mongogrant Mongogrant is a utility to grant username and password credentials for read and readWrite roles on various databases on various hosts to owners of email addresses. A server administrator has fine-grained control via allow/deny rules for granting tokens and credentials. People request an email that contains a one-time link. That link gives a user a fetch token. All tokens expire and expiration time is customizable. People then use the mongogrant client to make requests like ```python from mongogrant.client import Client # config file on disk has tokens and host/db aliases # `Client()` with no args looks to # ~/.mongogrant.json for config client = Client() # No config yet? Set one up with at least one remote for fetching credentials # See below for how to obtain for a given . client.set_remote("https://grantmedb.materialsproject.org", "") # Set some aliases if you'd like: client.set_alias("dev", "mongodb03.nersc.gov", "host") client.set_alias("prod", "mongodb04.nersc.gov", "host") client.set_alias("fireworks", "fw_dw_phonons", "db") # pymongo.database.Database with read role source_db = client.db("ro:dev/fireworks") # readWrite role: config stores "prod" host alias and "fireworks" db alias target_db = client.db("rw:prod/fireworks") # ...Do database stuff! ``` One can also go entirely through a running app's API: ```bash > # Using the HTTPie command line HTTP client (https://httpie.org/) > # Install via `{brew,apt-get,pip,...} install httpie` > http GET https://grantmedb.materialsproject.org/gettoken/ HTTP/1.1 200 OK Connection: keep-alive Content-Length: 59 Content-Type: application/json Date: Thu, 17 May 2018 18:05:30 GMT Server: nginx/1.10.3 { "msg": "Sent link to to retrieve token." } > http GET https://grantmedb.materialsproject.org/verifytoken/ HTTP/1.1 200 OK Connection: keep-alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Thu, 17 May 2018 18:06:17 GMT Server: nginx/1.10.3 Transfer-Encoding: chunked Fetch token: (expires 2018-06-19 18:05:30.508000 UTC) > # end-of-line "\" below only necessary if command spans two lines. > http --form POST https://grantmedb.materialsproject.org/grant/ \ > role=readWrite host=mongodb03.nersc.gov db=dw_phonons HTTP/1.1 200 OK Connection: keep-alive Content-Length: 108 Content-Type: application/json Date: Thu, 17 May 2018 18:11:22 GMT Server: nginx/1.10.3 { "password": "", "username": "dwinston_lbl.gov_readWrite" } > ``` You can run a "server" on your laptop in a Jupyer notebook and manage allow/deny rules, grant / revoke grants of credentials, etc. A small Flask app is included as an example for deploying a server to which clients can connect to obtain tokens and credentials. ## Set up a server ```python from mongogrant.config import Config from mongogrant.server import Server, check, path, seed, Mailgun server = Server(Config(check=check, path=path, seed=seed())) server.set_mgdb("mongodb://mgserver:mgserverpass@my.host.com/mongogrant") server.set_mailer(Mailgun, dict( api_key="YOUR_KEY", base_url="https://api.mailgun.net/v3/YOUR_DOMAIN", from_addr="mongogrant@YOUR_DOMAIN")) server.set_admin_client( host="other1.host.com", username="mongoadmin", password="mongoadminpass") server.set_admin_client( host="other2.host.com", username="mongoadmin", password="mongoadminpass") ``` ### Appointing others to set allow/deny rules A mongogrant server admin can add "ruler" users who can set allow/deny rules for users via the `mgrant` CLI. An admin sets a ruler document in the `server.mgdb` collection, e.g. ```python server.mgdb.rulers.replace_one( {"email": "starlord@lbl.gov"}, { "email": "starlord@lbl.gov", "hosts": ["mongodb03.nersc.gov"], "dbs": ["mp_", "fw_"], "emails": ["@lbl.gov"], "which": ["allow"] }, upsert=True) ``` Allows user `starlord@lbl.gov` to set `allow` rules for any user with an "@lbl.gov" email address on the Mongo host "mongodb03.nersc.gov" for any database name prefixed with "mp_" or "fw_". Any field in a ruler document can be set to "all" rather than an array. %prep %autosetup -n mongogrant-0.3.3 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-mongogrant -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Mon May 15 2023 Python_Bot - 0.3.3-1 - Package Spec generated