Merge branch 'ponos-jwt' into 'master'

Add private key environment variable and JWT settings

See merge request !384

.gitignore

@@ -17,3 +17,4 @@ htmlcov
 ponos
 openapi/*.yml
 !openapi/patch.yml
+*.key

arkindex/project/settings.py

@@ -13,6 +13,7 @@ https://docs.djangoproject.com/en/1.11/ref/settings/
 import os
 import sys
 import logging
+from datetime import timedelta
 from corsheaders.defaults import default_headers
 
 
@@ -64,13 +65,6 @@ AWS_THUMBNAIL_BUCKET = os.environ.get('AWS_THUMBNAIL_BUCKET', 'thumbnails')
 AWS_STAGING_BUCKET = os.environ.get('AWS_STAGING_BUCKET', 'staging')
 AWS_IIIF_BUCKET = os.environ.get('S3SOURCE_BASICLOOKUPSTRATEGY_BUCKET_NAME', 'iiif')
 
-if 'test' in sys.argv:
-    # Overrides for unit tests
-    AWS_ACCESS_KEY = 'test'
-    AWS_SECRET_KEY = 'test'
-    AWS_ENDPOINT = 'http://s3'
-    PONOS_PRIVATE_KEY = '/none'
-
 # Ponos integration
 if os.environ.get('PONOS_TASK'):
     # In a ponos docker task
@@ -85,6 +79,14 @@ else:
             'ARKINDEX_API_TOKEN': os.environ.get('ARKINDEX_API_TOKEN', 'deadbeefTestToken'),
         },
     }
+    PONOS_PRIVATE_KEY = os.environ.get('PONOS_PRIVATE_KEY_PATH', os.path.join(BASE_DIR, 'ponos.key'))
+
+if 'test' in sys.argv:
+    # Overrides for unit tests
+    AWS_ACCESS_KEY = 'test'
+    AWS_SECRET_KEY = 'test'
+    AWS_ENDPOINT = 'http://s3'
+    PONOS_PRIVATE_KEY = None
 
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = os.environ.get('SECRET_KEY', 'jf0w^y&ml(caax8f&a1mub)(js9(l5mhbbhosz3gi+m01ex+lo')
@@ -223,6 +225,13 @@ REST_FRAMEWORK = {
     'PAGE_SIZE': 20,
 }
 
+SIMPLE_JWT = {
+    'USER_ID_CLAIM': 'agent_id',
+    'ROTATE_REFRESH_TOKENS': True,
+    'ACCESS_TOKEN_LIFETIME': timedelta(hours=6),
+    'SIGNING_KEY': os.environ.get('SIGNING_KEY', SECRET_KEY),
+}
+
 # Elastic search config
 ELASTIC_SEARCH_HOSTS = [
     os.environ.get('ES_HOST', 'localhost'),

openapi/patch.yml

@@ -13,6 +13,9 @@ components:
     tokenAuth:
       scheme: Token
       type: http
+    agentAuth:
+      scheme: Bearer
+      type: http
 security:
 - tokenAuth: []
 - sessionAuth: []
@@ -696,17 +699,73 @@ paths:
       security: []
       tags:
         - users
+  /ponos/v1/agent/:
+    post:
+      description: Register a Ponos agent
+      security: []
+      tags:
+        - ponos
+  /ponos/v1/agent/actions/:
+    get:
+      description: Retrieve any actions the current agent should perform
+      security:
+        - agentAuth: []
+      tags:
+        - ponos
+  /ponos/v1/agent/refresh/:
+    post:
+      operationId: RefreshAgentToken
+      description: Refresh a Ponos agent token when it expires
+      security:
+        - agentAuth: []
+      tags:
+        - ponos
+  /ponos/v1/public-key/:
+    get:
+      operationId: GetPublicKey
+      description: Get the server's public key.
+      security: []
+      tags:
+        - ponos
+      responses:
+        '200':
+          content:
+            application/x-pem-file:
+              schema:
+                type: string
+              example: |-
+                -----BEGIN PUBLIC KEY-----
+                MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEmK2L6lwGzSVZwFSo0eR1z4XV6jJwjeWK
+                YCiPKdMcQnn6u5J016k9U8xZm6XyFnmgvkhnC3wreGBTFzwLCLZCD+F3vo5x8ivz
+                aTgNWsA3WFlqjSIEGz+PAVHSNMobBaJm
+                -----END PUBLIC KEY-----
   /ponos/v1/task/{id}/:
     get:
       description: Retrieve a Ponos task status
       security: []
       tags:
         - ponos
-  /ponos/v1/task/{id}/log/:
+    put:
+      security:
+        - agentAuth: []
+      tags:
+        - ponos
+    patch:
+      security:
+        - agentAuth: []
+      tags:
+        - ponos
+  /ponos/v1/task/{id}/artifacts/:
     get:
-      operationId: RetrieveTaskLog
-      description: Retrieve the full task log as plain text
-      security: []
+      security:
+        - agentAuth: []
+      tags:
+        - ponos
+  /ponos/v1/task/{id}/definition/:
+    get:
+      operationId: RetrieveTaskDefinition
+      security:
+        - agentAuth: []
       tags:
         - ponos
   /ponos/v1/workflow/{id}/: