Scaffolding: Federation gateway setup#299
Conversation
|
Added some dedicated API endpoints, serializers, and signals for federation and configuration that defaults to disabling federation sync. |
9f94dfd to
83d51d0
Compare
83d51d0 to
4bbcbed
Compare
| # FEDERATION | ||
| # ------------------------------------------------------------------------------ | ||
| # the below environment variables are used for site federation with peers. | ||
| # By default, federation events are disabled. | ||
| # If FEDERATION_ENABLED is TRUE, deployment will need to include | ||
| # federation sync service configuration. | ||
| # FEDERATION_ENABLED=true | ||
| # FEDERATION_EVENTS_ENABLED=true | ||
| # FEDERATION_EVENTS_CHANNEL=federation:events | ||
| # FEDERATION_SYNC_USER_EMAIL= | ||
| # FEDERATION_SITE_NAME= | ||
| # FEDERATION_SYNC_HEALTH_URL=http://federation-sync:8000/sync/health | ||
| # FEDERATION_EXPORT_INTERNAL_HEADER_SECRET= | ||
| # FEDERATION_EXPORT_TRUST_X_FORWARDED_FOR=false | ||
|
|
There was a problem hiding this comment.
add a one line comment explaining each value; highlight that federation-sync is a docker service in the same network, defined in /federation
|
|
||
| # Create files | ||
| minio_client = MinioClient() | ||
| minio_client = get_minio_client() |
There was a problem hiding this comment.
Test command calls missing upload method
Low Severity
This commit switches the dev command to get_minio_client(), which returns ObjectStoreFacade with MinIO-compatible methods like fput_object, but the upload loop still calls upload_file. That method is not defined on the facade or delegated MinIO client, so the command fails at runtime when uploading fixtures.
Reviewed by Cursor Bugbot for commit 2c09fae. Configure here.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 3393c0f. Configure here.
| user=user, | ||
| source=KeySources.FederationSync, | ||
| description="Federation sync service (export endpoints only)", | ||
| ) |
There was a problem hiding this comment.
Command always rotates sync keys
Medium Severity
Each run of create_federation_sync_api_key deletes every existing FederationSync API key for the sync user before creating a new one. Re-running the command invalidates keys already configured in federation-sync without an explicit rotate flag.
Reviewed by Cursor Bugbot for commit 3393c0f. Configure here.
| # FEDERATION | ||
| # ------------------------------------------------------------------------------ | ||
| # Peer sync uses the federation-sync Docker service (same sds-network as gateway; | ||
| # service definition lives under /federation). Bootstrap: enable federation, run | ||
| # create_federation_sync_api_key, pass the key to federation-sync. Set FEDERATION_SITE_NAME | ||
| # (e.g. crc) when enabling federation; use SDS_SITE_FQDN for the public host (RFC [site].fqdn). | ||
| # FEDERATION_ENABLED=true # Master switch for export APIs and Redis federation events. | ||
| # FEDERATION_SITE_NAME=crc # RFC [site].name (short peer id); set SDS_SITE_FQDN separately for [site].fqdn. | ||
| # FEDERATION_EVENTS_CHANNEL=federation:events # Redis pub/sub channel federation-sync subscribes to. | ||
| # FEDERATION_SYNC_HEALTH_URL=http://federation-sync:8000/sync/health # Health probe target (federation-sync service). | ||
| # FEDERATION_SYNC_USER_EMAIL=federation-sync@internal.local # Service user email for create_federation_sync_api_key. | ||
| # FEDERATION_EXPORT_ALLOWED_CIDRS= # Comma-separated CIDRs allowed to call export (default: private Docker ranges). | ||
|
|
There was a problem hiding this comment.
comments need to be in a new line for .env files; otherwise the # ... will unintentionally be part of the values set:
cat .env | grep SSH_KEY
SSH_KEY= # this is not interpreted as a comment
docker exec -it ubuntu bash -c 'env | grep SSH_KEY'
SSH_KEY=# this is not interpreted as a comment

Note
Medium Risk
Introduces a new internal export surface and changes global API-key auth/permissions; misconfiguration of CIDRs or operational flags could block sync or widen access, though export is off by default and sync keys are route-scoped.
Overview
Adds gateway-side federation scaffolding so a local
federation-syncservice can pull public metadata and react to changes, controlled byFEDERATION_ENABLEDand related env settings (documented in exampledjango.env).Internal export API is registered under
/api/.../federation/with list/detail endpoints for public finalized datasets and public captures. Responses use newDatasetFederationSerializer/CaptureFederationSerializerpayloads (includingsite_namefromFEDERATION_SITE_NAME). Access requires aFederationSyncAPI key, federation operational checks (sync health URL, Redis ping, presence of sync key), and client IP inFEDERATION_EXPORT_ALLOWED_CIDRS(defaults to private ranges).Change notifications:
post_savesignals on datasets/captures publish created/updated/deleted events to Redis (FEDERATION_EVENTS_CHANNEL) when federation is operational and the record is (or ceases to be) exportable.API key behavior:
APIKeyAuthenticationnow setsrequest.authto theUserAPIKeyobject. A globalDisallowFederationSyncKeypermission blocks sync keys from normal asset APIs; export routes use the inverseIsFederationSyncKey. Newcreate_federation_sync_api_keymanagement command and DB migration extendKeySourceswithfederation_sync.Also includes contract tests against sibling
sds_federationPydantic models, hardening/operational tests, and small dev-tool tweaks (fallow-cross-file-dupes.sh,create_test_filesimport paths).Reviewed by Cursor Bugbot for commit 3393c0f. Bugbot is set up for automated code reviews on this repo. Configure here.