Ferload

Ferload is an api that allows to control access to files stored in any object store S3-compliant, and generate presigned url if user is granted. Ferload is compliant with GA4GH Data Repository Service. For now, only Bearers tokens are supported (not Passport and Visas).

Technologies

Ferload is developed in Scala3 and is based on tapir and cats-effect.

Quick start

If you don't have sbt installed already, you can use the provided wrapper script:

./sbtx -h # shows an usage of a wrapper script
./sbtx compile # build the project
./sbtx test # run the tests
./sbtx run # run the application (Main)

For more details check the sbtx usage page.

Otherwise, if sbt is already installed, you can use the standard commands:

sbt compile # build the project
sbt test # run the tests
sbt run # run the application (Main)

Build

sbt asembly
docker build -t ferload .

Environment variables

Keyckloak Authentication server information :

• AUTH_URL : Keycloak URL
• AUTH_REALM : Keycloak Realm
• AUTH_CLIENT_ID : Id of the client that contains resource definition and permissions
• AUTH_CLIENT_SECRET : Secret of the client that contains resource definition and permissions
• AUTH_AUDIENCE_CLIENT_ID : Id of the public client, with OAuth 2 device authorization granted. Required if FERLOAD_CLIENT_METHOD is device.
• AUTH_RESOURCES_POLICY_GLOBAL_NAME : Name of the resource a user should have access to be able to download all files. Works only with endpoints that fetch files by urls. Can be empty.

Ferload Client: This section is used to configure ferload clients taht can be installed to download files by requesting ferload endpoints.

• FERLOAD_CLIENT_METHOD : 3 possible values : tokenor password or device. Default token.

• FERLOAD_CLIENT_CLIENT_ID : client id to use to authenticate user (password method) or refesh token (token or device methods).

• FERLOAD_CLIENT_TOKEN_LINK : url to use to fetch new token in case of token or device method.

• FERLOAD_CLIENT_TOKEN_HELPER : text to display in ferload client to explain how to get a new token. Used only if FERLOAD_CLIENT_METHOD is token.

  AWS S3 information :

• AWS_ACCESS_KEY : Access key of the AWS account

• AWS_SECRET_KEY : Secret key of the AWS account

• AWS_BUCKET : Default bucket to use if objects are fetched by urls. Can be empty.

• AWS_ENDPOINT: Endpoint to S3 service. Can be empty.

• AWS_PATH_ACCESS_STYLE : Path access style to S3 service (true for minio, false for AWS). Default false.

• AWS_PRESIGNED_URL_EXPIRATION_IN_SECONDS : Expiration time of presigned urls. Default 3600.

• AWS_REGION : Region of the AWS account. Can be empty.

DRS Information :

• DRS_ID : DRS Server ID.
• DRS_NAME : DRS Name.
• DRS_ORGANIZATION_NAME : DRS Organization.
• DRS_ORGANIZATION_URL : DRS Organization url.
• DRS_SELF_HOST : DRS self host, used in self_uri property of DrsObject.
• DRS_VERSION : DRS Version. Default 1.3.0
• DRS_CONTACT_URL : DRS contact url. Can be empty.
• DRS_DESCRIPTION : DRS description. Can be empty.
• DRS_DOCUMENTATION_URL : DRS documentation url. Can be empty.
• DRS_ENVIRONMENT : DRS environment. Can be empty.

HTTP Server information :

• HTTP_HOST : Address HTTP server should listen to. Default 0.0.0.0 (all interfaces)
• HTTP_PORT: Port HTTP server should listen to. Default 9090

Report Api information :

• REPORT_API_MANIFEST_URL : Report Api manifest download URL.

Log configuration :

• LOG_LEVEL : Log level. Default WARN.

Endpoints :

• Swagger : /docs
• Status : /status
• Prometheus : /metrics

Links:

• tapir documentation
• tapir github
• sbtx wrapper