Difference between revisions of "Transferring data to/from PIC"

From Public PIC Wiki
Jump to navigation Jump to search
(Created page with "== How to provide data access to external users without PIC account == I will use an example for MICE === Steps === 1) Ensure you have a dCache webdav door that exports yo...")
 
Line 5: Line 5:
 
=== Steps ===
 
=== Steps ===
  
1) Ensure you have a dCache webdav door that exports your data.
+
1) dCache webdav door that exports your data.
  
In our case: https://webdav-mice.pic.es:8454
+
https://webdav-mice.pic.es:8454
  
* dcacheview frontend (optional)
+
2) dCacheView frontend (optional)
* PIC account or macaroon
+
 
*
+
https://webdav-mice.pic.es:8464
 +
 
 +
3) Authentication
 +
 
 +
Either PIC credentials (user/password) or a macaroon (https://dcache.org/old/manuals/UserGuide-7.0/macaroons.shtml).
 +
Any authenticated user can get a macaroon for an external user. Remember to add proper caveats to restrict privileges.
 +
In the next example, I retrieve a macaroon with 7 days validity, that can only download and list, and can only access the subtree of the provided URL.
 +
 
 +
<pre>
 +
$ curl -u tallada -X POST -H 'Content-Type: application/macaroon-request' \
 +
-d '{"caveats": ["activity:DOWNLOAD,LIST"], "validity": "P7D"}' \
 +
https://webdav-mice.pic.es:8454/tape/raw/production/N4096_L3072_LC3/maps/n8192/kmapgcpy/
 +
 
 +
{
 +
    "macaroon": "MDA3NWxvJmc2lnbmF0dXJlIJt81Pp8G1KXMH8FqwpWhJtwYnLfUAvNPQuq7bTwNOxGCg", 
 +
}
 +
</pre>

Revision as of 08:50, 23 December 2021

How to provide data access to external users without PIC account

I will use an example for MICE

Steps

1) dCache webdav door that exports your data.

https://webdav-mice.pic.es:8454

2) dCacheView frontend (optional)

https://webdav-mice.pic.es:8464

3) Authentication

Either PIC credentials (user/password) or a macaroon (https://dcache.org/old/manuals/UserGuide-7.0/macaroons.shtml). Any authenticated user can get a macaroon for an external user. Remember to add proper caveats to restrict privileges. In the next example, I retrieve a macaroon with 7 days validity, that can only download and list, and can only access the subtree of the provided URL.

$ curl -u tallada -X POST -H 'Content-Type: application/macaroon-request' \
-d '{"caveats": ["activity:DOWNLOAD,LIST"], "validity": "P7D"}' \
https://webdav-mice.pic.es:8454/tape/raw/production/N4096_L3072_LC3/maps/n8192/kmapgcpy/

{
    "macaroon": "MDA3NWxvJmc2lnbmF0dXJlIJt81Pp8G1KXMH8FqwpWhJtwYnLfUAvNPQuq7bTwNOxGCg",   
}