Ferload is an api that allows to control access to files stored in any object store S3-compliant, and generate presigned url if user is granted. Ferload is compliant with GA4GH Data Repository Service. For now, only Bearers tokens are supported (not Passport and Visas).
Ferload is developed in Scala3 and is based on tapir and cats-effect.
If you don't have sbt installed already, you can use the provided wrapper script:
./sbtx -h # shows an usage of a wrapper script
./sbtx compile # build the project
./sbtx test # run the tests
./sbtx run # run the application (Main)
For more details check the sbtx usage page.
Otherwise, if sbt is already installed, you can use the standard commands:
sbt compile # build the project
sbt test # run the tests
sbt run # run the application (Main)
sbt asembly
docker build -t ferload .
Keyckloak Authentication server information :
AUTH_URL
: Keycloak URLAUTH_REALM
: Keycloak RealmAUTH_CLIENT_ID
: Id of the client that contains resource definition and permissionsAUTH_CLIENT_SECRET
: Secret of the client that contains resource definition and permissionsAUTH_AUDIENCE_CLIENT_ID
: Id of the public client, with OAuth 2 device authorization granted. Required ifFERLOAD_CLIENT_METHOD
isdevice
.AUTH_RESOURCES_POLICY_GLOBAL_NAME
: Name of the resource a user should have access to be able to download all files. Works only with endpoints that fetch files by urls. Can be empty.
Ferload Client: This section is used to configure ferload clients taht can be installed to download files by requesting ferload endpoints.
-
FERLOAD_CLIENT_METHOD
: 3 possible values :token
orpassword
ordevice
. Defaulttoken
. -
FERLOAD_CLIENT_CLIENT_ID
: client id to use to authenticate user (password
method) or refesh token (token
ordevice
methods). -
FERLOAD_CLIENT_TOKEN_LINK
: url to use to fetch new token in case oftoken
ordevice
method. -
FERLOAD_CLIENT_TOKEN_HELPER
: text to display in ferload client to explain how to get a new token. Used only ifFERLOAD_CLIENT_METHOD
istoken
.AWS S3 information :
-
AWS_ACCESS_KEY
: Access key of the AWS account -
AWS_SECRET_KEY
: Secret key of the AWS account -
AWS_BUCKET
: Default bucket to use if objects are fetched by urls. Can be empty. -
AWS_ENDPOINT
: Endpoint to S3 service. Can be empty. -
AWS_PATH_ACCESS_STYLE
: Path access style to S3 service (true for minio, false for AWS). Default false. -
AWS_PRESIGNED_URL_EXPIRATION_IN_SECONDS
: Expiration time of presigned urls. Default 3600. -
AWS_REGION
: Region of the AWS account. Can be empty.
DRS Information :
DRS_ID
: DRS Server ID.DRS_NAME
: DRS Name.DRS_ORGANIZATION_NAME
: DRS Organization.DRS_ORGANIZATION_URL
: DRS Organization url.DRS_SELF_HOST
: DRS self host, used inself_uri
property ofDrsObject
.DRS_VERSION
: DRS Version. Default 1.3.0DRS_CONTACT_URL
: DRS contact url. Can be empty.DRS_DESCRIPTION
: DRS description. Can be empty.DRS_DOCUMENTATION_URL
: DRS documentation url. Can be empty.DRS_ENVIRONMENT
: DRS environment. Can be empty.
HTTP Server information :
HTTP_HOST
: Address HTTP server should listen to. Default 0.0.0.0 (all interfaces)HTTP_PORT
: Port HTTP server should listen to. Default 9090
Report Api information :
REPORT_API_MANIFEST_URL
: Report Api manifest download URL.
Log configuration :
LOG_LEVEL
: Log level. Default WARN.
- Swagger : /docs
- Status : /status
- Prometheus : /metrics