Difference between revisions of "Transferring data to/from PIC"
Jump to navigation
Jump to search
(Created page with "== How to provide data access to external users without PIC account == I will use an example for MICE === Steps === 1) Ensure you have a dCache webdav door that exports yo...") |
|||
| Line 5: | Line 5: | ||
=== Steps === | === Steps === | ||
| − | 1) | + | 1) dCache webdav door that exports your data. |
| − | + | https://webdav-mice.pic.es:8454 | |
| − | + | 2) dCacheView frontend (optional) | |
| − | + | ||
| − | + | https://webdav-mice.pic.es:8464 | |
| + | |||
| + | 3) Authentication | ||
| + | |||
| + | Either PIC credentials (user/password) or a macaroon (https://dcache.org/old/manuals/UserGuide-7.0/macaroons.shtml). | ||
| + | Any authenticated user can get a macaroon for an external user. Remember to add proper caveats to restrict privileges. | ||
| + | In the next example, I retrieve a macaroon with 7 days validity, that can only download and list, and can only access the subtree of the provided URL. | ||
| + | |||
| + | <pre> | ||
| + | $ curl -u tallada -X POST -H 'Content-Type: application/macaroon-request' \ | ||
| + | -d '{"caveats": ["activity:DOWNLOAD,LIST"], "validity": "P7D"}' \ | ||
| + | https://webdav-mice.pic.es:8454/tape/raw/production/N4096_L3072_LC3/maps/n8192/kmapgcpy/ | ||
| + | |||
| + | { | ||
| + | "macaroon": "MDA3NWxvJmc2lnbmF0dXJlIJt81Pp8G1KXMH8FqwpWhJtwYnLfUAvNPQuq7bTwNOxGCg", | ||
| + | } | ||
| + | </pre> | ||
Revision as of 08:50, 23 December 2021
How to provide data access to external users without PIC account
I will use an example for MICE
Steps
1) dCache webdav door that exports your data.
https://webdav-mice.pic.es:8454
2) dCacheView frontend (optional)
https://webdav-mice.pic.es:8464
3) Authentication
Either PIC credentials (user/password) or a macaroon (https://dcache.org/old/manuals/UserGuide-7.0/macaroons.shtml). Any authenticated user can get a macaroon for an external user. Remember to add proper caveats to restrict privileges. In the next example, I retrieve a macaroon with 7 days validity, that can only download and list, and can only access the subtree of the provided URL.
$ curl -u tallada -X POST -H 'Content-Type: application/macaroon-request' \
-d '{"caveats": ["activity:DOWNLOAD,LIST"], "validity": "P7D"}' \
https://webdav-mice.pic.es:8454/tape/raw/production/N4096_L3072_LC3/maps/n8192/kmapgcpy/
{
"macaroon": "MDA3NWxvJmc2lnbmF0dXJlIJt81Pp8G1KXMH8FqwpWhJtwYnLfUAvNPQuq7bTwNOxGCg",
}