Processing inputs from user workspace

[rconway]

It has been reported that ADES stage-in from user workspace resources does not work - it seems that the job gets an empty catalogue response with no items - for example an input url such as http://resource-catalogue.guide-user-xbob.185.178.87.100.nip.io/csw/?mode=opensearch&service=CSW&version=3.0.0&request=GetRecords&elementsetname=full&resulttype=results&typenames=csw:Record&recordids=f.

Since the user’s workspace services and their S3 object storage bucket are protected, the ADES stage-in needs to take account of:

• security headers (Bearer token with user’s ID token) for access to the protected user resource-catalogue
• use of user’s bucket credentials for S3 access to the assets referenced in the catalogue results

[rconway]

Ticket EOEPCA-761 has been created for this issue.

[rconway]

As a quick test the protection of the resource-catalogue can be bypassed by editing the config of the agent that protects the workspace services, to set 'open' access'.

kubectl -n guide-user-xbob edit cm/guide-user-xbob-agent

Edit the field to set openAccess: true.