def getUserNameAndGroup(info): """ Get the user name and group from the DN and VOMS role """ global dnCache, roleCache owner = {} if "OwnerDN" not in info: return owner username = dnCache.get(info.get('OwnerDN')) if not username: result = getUsernameForDN(info.get('OwnerDN', 'Unknown')) if result['OK']: username = result['Value'] dnCache[info['OwnerDN']] = username elif "No username" in result['Message']: username = '******' dnCache[info['OwnerDN']] = username if username and username != 'Unknown': groups = roleCache.get('/' + info.get('OwnerRole')) if not groups: groups = getGroupsWithVOMSAttribute('/' + info['OwnerRole']) roleCache['/' + info['OwnerRole']] = groups if groups: owner['username'] = username owner['group'] = groups[0] return owner
def getUserNameAndGroup(info): """ Get the user name and group from the DN and VOMS role """ global dnCache, roleCache owner = {} username = dnCache.get(info['OwnerDN']) if not username: result = getUsernameForDN(info['OwnerDN']) if result['OK']: username = result['Value'] dnCache[info['OwnerDN']] = username elif "No username" in result['Message']: username = '******' dnCache[info['OwnerDN']] = username if username and username != 'Unknown': groups = roleCache.get('/'+info['OwnerRole']) if not groups: groups = getGroupsWithVOMSAttribute('/'+info['OwnerRole']) roleCache['/'+info['OwnerRole']] = groups if groups: owner['username'] = username owner['group'] = groups[0] return owner
def getUserNameAndGroup(info): """Get the user name and group from the DN and VOMS role""" global dnCache, roleCache owner = {} if "OwnerDN" not in info: return owner username = dnCache.get(info.get("OwnerDN")) if not username: result = getUsernameForDN(info.get("OwnerDN", "Unknown")) if result["OK"]: username = result["Value"] dnCache[info["OwnerDN"]] = username elif "No username" in result["Message"]: username = "******" dnCache[info["OwnerDN"]] = username if username and username != "Unknown": groups = roleCache.get("/" + info.get("OwnerRole")) if not groups: groups = getGroupsWithVOMSAttribute("/" + info["OwnerRole"]) roleCache["/" + info["OwnerRole"]] = groups if groups: owner["username"] = username owner["group"] = groups[0] return owner
def getProxyForLFN(self, lfn): """ get proxy for lfn :param str lfn: LFN :return: S_ERROR or S_OK( "/path/to/proxy/file" ) """ dirMeta = self.replicaManager().getCatalogDirectoryMetadata( lfn, singleFile=True) if not dirMeta["OK"]: return dirMeta dirMeta = dirMeta["Value"] ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta[ "OwnerRole"].startswith("/") else dirMeta["OwnerRole"] ownerDN = dirMeta["OwnerDN"] ownerProxy = None for ownerGroup in getGroupsWithVOMSAttribute(ownerRole): vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited=True, requiredVOMSAttribute=ownerRole) if not vomsProxy["OK"]: self.log.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % (ownerDN, ownerRole, vomsProxy["Message"])) continue ownerProxy = vomsProxy["Value"] self.log.debug("getProxyForLFN: got proxy for %s@%s [%s]" % (ownerDN, ownerGroup, ownerRole)) break if not ownerProxy: return S_ERROR("Unable to get owner proxy") dumpToFile = ownerProxy.dumpAllToFile() if not dumpToFile["OK"]: self.log.error("getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"]) return dumpToFile dumpToFile = dumpToFile["Value"] os.environ["X509_USER_PROXY"] = dumpToFile return dumpToFile
def getProxyForLFN( self, lfn ): """ get proxy for lfn :param str lfn: LFN :return: S_ERROR or S_OK( "/path/to/proxy/file" ) """ dirMeta = returnSingleResult( self.fc.getDirectoryMetadata( lfn ) ) if not dirMeta["OK"]: return dirMeta dirMeta = dirMeta["Value"] ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith( "/" ) else dirMeta["OwnerRole"] ownerDN = dirMeta["OwnerDN"] ownerProxy = None for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ): vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True, requiredVOMSAttribute = ownerRole ) if not vomsProxy["OK"]: self.log.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN, ownerRole, vomsProxy["Message"] ) ) continue ownerProxy = vomsProxy["Value"] self.log.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) ) break if not ownerProxy: return S_ERROR( "Unable to get owner proxy" ) dumpToFile = ownerProxy.dumpAllToFile() if not dumpToFile["OK"]: self.log.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] ) return dumpToFile dumpToFile = dumpToFile["Value"] os.environ["X509_USER_PROXY"] = dumpToFile return dumpToFile
def getUsersGroupsAndSEs(queryQueue, name_id_se): """ This dumps the users, groups and SEs from the LFC, converts them into DIRAC group, and create the query to insert them into the DFC. WATCH OUT !! The DIRAC group is evaluated from the VOMS attribute, since this is what is used in the LFC. So if you have several DIRAC groups that have the same voms role, the assigned group will be the first one... :param queryQueue : queue in which to put the SQL statement to be executed against the DFC :param name_id_se : cache to be filled in with the mapping {seName:id in the DFC} """ connection = cx_Oracle.Connection(prodDbAccount, prodDbAccountPassword, prodDbTNS, threaded=True) fromdbR_ = connection.cursor() fromdbR_.arraysize = 1000 # First, fetch all the UID and DN from the LFC if fromdbR_.execute("SELECT USERID, USERNAME from CNS_USERINFO"): rows = fromdbR_.fetchall() for row in rows: uid = row[0] dn = row[1] name = uid_name.get(uid) # If the name is not in cache, if not name: # We do some mangling of the DN to try to have sensitive name whatever happen # We also include the UID in case the name is not unique, or several DN are associated namePart = 'name' idPart = '' dnSplit = dn.split('CN=') try: namePart = dnSplit[-1].replace("'", " ") except Exception as e: pass try: idPart = dnSplit[2].replace("/", "") except Exception as e: pass idPart += ' uid_%s' % uid name = "Unknown (%s %s)" % (namePart, idPart) # Now, we do try to convert the DN into a DIRAC username if "Unknown" in name: result = getUsernameForDN(dn) if result['OK']: name = result['Value'] uid_name[uid] = name # Now we prepare the SQL statement to insert them into the DFC for uid in uid_name: username = uid_name[uid] queryQueue.put( "INSERT INTO FC_Users(UID, UserName) values (%s, '%s');\n" % (uid, username)) # Now, same principle on the group if fromdbR_.execute("SELECT GID, GROUPNAME from CNS_GROUPINFO"): rows = fromdbR_.fetchall() for row in rows: gid = row[0] gn = row[1] groupname = gn # CAUTION: as explained in the docstring, if multiple groups share the same voms role # we take the first one groups = getGroupsWithVOMSAttribute('/' + gn) if groups: groupname = groups[0] queryQueue.put( "INSERT INTO FC_Groups(GID, GroupName) values (%s, '%s');\n" % (gid, groupname)) # We build a cache that contains the mapping between the name and its ID in the DFC DB # The ID starts at 2 because ID=1 is taken by FakeSe seCounter = 2 # Fetch the name from the LFC if fromdbR_.execute("select unique HOST from CNS_FILE_REPLICA"): rows = fromdbR_.fetchall() for row in rows: seName = row[0] # Populate the SE cache name_id_se[seName] = seCounter # Create the query for the DFC queryQueue.put( "INSERT INTO FC_StorageElements(SEID, SEName) values (%s, '%s');\n" % (seCounter, seName)) seCounter += 1 # Also here we just insert all the statuses defined above for status in dirac_status: queryQueue.put("INSERT INTO FC_Statuses (Status) values ('%s');\n" % status) fromdbR_.close() connection.close() # Set the poison pill in the queue queryQueue.put(None) return
def getUsersGroupsAndSEs( queryQueue, name_id_se ): """ This dumps the users, groups and SEs from the LFC, converts them into DIRAC group, and create the query to insert them into the DFC. WATCH OUT !! The DIRAC group is evaluated from the VOMS attribute, since this is what is used in the LFC. So if you have several DIRAC groups that have the same voms role, the assigned group will be the first one... :param queryQueue : queue in which to put the SQL statement to be executed against the DFC :param name_id_se : cache to be filled in with the mapping {seName:id in the DFC} """ connection = cx_Oracle.Connection( prodDbAccount, prodDbAccountPassword, prodDbTNS, threaded = True ) fromdbR_ = connection.cursor() fromdbR_.arraysize = 1000 # First, fetch all the UID and DN from the LFC if fromdbR_.execute( "SELECT USERID, USERNAME from CNS_USERINFO" ): rows = fromdbR_.fetchall() for row in rows: uid = row[0] dn = row[1] name = uid_name.get( uid ) # If the name is not in cache, if not name: # We do some mangling of the DN to try to have sensitive name whatever happen # We also include the UID in case the name is not unique, or several DN are associated namePart = 'name' idPart = '' dnSplit = dn.split( 'CN=' ) try: namePart = dnSplit[-1].replace( "'", " " ) except Exception as e: pass try: idPart = dnSplit[2].replace( "/", "" ) except Exception as e: pass idPart += ' uid_%s' % uid name = "Unknown (%s %s)" % ( namePart, idPart ) # Now, we do try to convert the DN into a DIRAC username if "Unknown" in name: result = getUsernameForDN( dn ) if result['OK']: name = result['Value'] uid_name[uid] = name # Now we prepare the SQL statement to insert them into the DFC for uid in uid_name: username = uid_name[uid] queryQueue.put( "INSERT INTO FC_Users(UID, UserName) values (%s, '%s');\n" % ( uid, username ) ) # Now, same principle on the group if fromdbR_.execute( "SELECT GID, GROUPNAME from CNS_GROUPINFO" ): rows = fromdbR_.fetchall() for row in rows: gid = row[0] gn = row[1] groupname = gn # CAUTION: as explained in the docstring, if multiple groups share the same voms role # we take the first one groups = getGroupsWithVOMSAttribute( '/' + gn ) if groups: groupname = groups[0] queryQueue.put( "INSERT INTO FC_Groups(GID, GroupName) values (%s, '%s');\n" % ( gid, groupname ) ) # We build a cache that contains the mapping between the name and its ID in the DFC DB # The ID starts at 2 because ID=1 is taken by FakeSe seCounter = 2 # Fetch the name from the LFC if fromdbR_.execute( "select unique HOST from CNS_FILE_REPLICA" ): rows = fromdbR_.fetchall() for row in rows: seName = row[0] # Populate the SE cache name_id_se[seName] = seCounter # Create the query for the DFC queryQueue.put( "INSERT INTO FC_StorageElements(SEID, SEName) values (%s, '%s');\n" % ( seCounter, seName ) ) seCounter += 1 # Also here we just insert all the statuses defined above for status in dirac_status: queryQueue.put( "INSERT INTO FC_Statuses (Status) values ('%s');\n" % status ) fromdbR_.close() connection.close() # Set the poison pill in the queue queryQueue.put( None ) return