def renew(self):
"""
Renews credential if time_left()<update_frequency
Only works if type is grid_proxy
"""
remaining = self.time_left()
if (
(remaining != -1)
and (self.update_frequency != -1)
and (remaining < self.update_frequency)
and (self.creation_script is not None)
):
logSupport.log.debug("Updating proxy %s with creation_script %s" % (self.filename, self.creation_script))
condorExe.iexe_cmd(self.creation_script)
def test_iexe_cmd(self):
"""
Test the iexe_cmd function for errors. There are two sets of worker
functions that will be executed. The first set writes 20k lines to
stdout and exits normally (exit code: 0). The second also writes 20k
lines to stdout, but these exit abnormally (exit code: 1). Both sets
of scripts consist of one written in python and one written in shell
script (bash).
The original code for iexe_cmd would block if the buffer was filled and
EOF wasn't in the buffer. The code was re-written to handle that use
case, but still blocked because the write side could still fill the
buffer without appending EOF. There are two solutions. One, give the
buffer read command a ridiculously small buffer size (but even that
isn't a guarantee since the read side doesn't know hat the buffer size
should be), or two, make the read buffers non-blocking.
Option two was selected. This unittest tests both the blocking
condition and error handling in the function.
"""
# Execution should proceed normally and exit with no exceptions.
try:
for script in self.normal_exit_scripts:
cmd = os.path.join(condorExe.condor_bin_path, script)
output = iexe_cmd(cmd)
except Exception as e:
self.fail("Exception Occurred: %s" % str(e))
# Execution should exit with an exception. If no exception, then fail
for script in self.abnormal_exit_scripts:
cmd = os.path.join(condorExe.condor_bin_path, script)
self.failUnlessRaises(ExeError, iexe_cmd, cmd)
def test_iexe_cmd(self):
"""
Test the iexe_cmd function for errors. There are two sets of worker
functions that will be executed. The first set writes 20k lines to
stdout and exits normally (exit code: 0). The second also writes 20k
lines to stdout, but these exit abnormally (exit code: 1). Both sets
of scripts consist of one written in python and one written in shell
script (bash).
The original code for iexe_cmd would block if the buffer was filled and
EOF wasn't in the buffer. The code was re-written to handle that use
case, but still blocked because the write side could still fill the
buffer without appending EOF. There are two solutions. One, give the
buffer read command a ridiculously small buffer size (but even that
isn't a guarantee since the read side doesn't know hat the buffer size
should be), or two, make the read buffers non-blocking.
Option two was selected. This unittest tests both the blocking
condition and error handling in the function.
"""
# Execution should proceed normally and exit with no exceptions.
try:
for script in self.normal_exit_scripts:
cmd = os.path.join(condorExe.condor_bin_path, script)
output = iexe_cmd(cmd)
except Exception as e:
self.fail("Exception Occurred: %s" % str(e))
# Execution should exit with an exception. If no exception, then fail
for script in self.abnormal_exit_scripts:
cmd = os.path.join(condorExe.condor_bin_path, script)
self.failUnlessRaises(ExeError, iexe_cmd, cmd)
def create(self):
"""
Generate the credential
"""
if self.creation_script:
self.logger.debug(
f"Creating credential using {self.creation_script}")
try:
condorExe.iexe_cmd(self.creation_script)
except Exception:
self.logger.exception(
f"Creating credential using {self.creation_script} failed")
self.advertize = False
# Recreating the credential can result in ID change
self._id = self.file_id(self.get_id_filename())
def file_id(self, filename, ignoredn=False):
if ("grid_proxy" in self.type) and not ignoredn:
dn_list = condorExe.iexe_cmd("openssl x509 -subject -in %s -noout" % (filename))
dn = dn_list[0]
hash_str = filename + dn
else:
hash_str = filename
# logSupport.log.debug("Using hash_str=%s (%d)"%(hash_str,abs(hash(hash_str))%1000000))
return str(abs(hash(hash_str)) % 1000000)
def time_left(self):
"""
Returns the time left if a grid proxy
If missing, returns 0
If not a grid proxy or other unidentified error, return -1
"""
if not os.path.exists(self.filename):
return 0
if ("grid_proxy" in self.type) or ("cert_pair" in self.type):
time_list = condorExe.iexe_cmd("openssl x509 -in %s -noout -enddate" % self.filename)
if "notAfter=" in time_list[0]:
time_str = time_list[0].split("=")[1].strip()
timeleft = calendar.timegm(time.strptime(time_str, "%b %d %H:%M:%S %Y %Z")) - int(time.time())
return timeleft
else:
return -1
def time_left(self):
"""
Returns the time left if a grid proxy
If missing, returns 0
If not a grid proxy or other unidentified error, return -1
"""
if not os.path.exists(self.filename):
return 0
if ("grid_proxy" in self.type) or ("cert_pair" in self.type):
time_list = condorExe.iexe_cmd(
f"openssl x509 -in {self.filename} -noout -enddate")
if "notAfter=" in time_list[0]:
time_str = time_list[0].split("=")[1].strip()
timeleft = calendar.timegm(
time.strptime(time_str, "%b %d %H:%M:%S %Y %Z")) - int(
time.time())
return timeleft
else:
return -1
def do_global_advertize(self):
"""
Advertize globals with credentials
"""
global advertizeGCGounter
for factory_pool in self.global_pool:
tmpname = classadSupport.generate_classad_filename(prefix="gfi_ad_gcg")
glidein_params_to_encrypt = {}
fd = file(tmpname, "w")
x509_proxies_data = []
if self.descript_obj.x509_proxies_plugin is not None:
x509_proxies_data = self.descript_obj.x509_proxies_plugin.get_credentials()
nr_credentials = len(x509_proxies_data)
glidein_params_to_encrypt["NumberOfCredentials"] = "%s" % nr_credentials
else:
nr_credentials = 0
request_name = "Global"
if factory_pool in self.global_params:
request_name, security_name = self.global_params[factory_pool]
glidein_params_to_encrypt["SecurityName"] = security_name
classad_name = "%s@%s" % (request_name, self.descript_obj.my_name)
fd.write('MyType = "%s"\n' % frontendConfig.client_global)
fd.write('GlideinMyType = "%s"\n' % frontendConfig.client_global)
fd.write('GlideinWMSVersion = "%s"\n' % frontendConfig.glideinwms_version)
fd.write('Name = "%s"\n' % classad_name)
fd.write('FrontendName = "%s"\n' % self.descript_obj.frontend_name)
fd.write('GroupName = "%s"\n' % self.descript_obj.group_name)
fd.write('ClientName = "%s"\n' % self.descript_obj.my_name)
for i in range(nr_credentials):
cred_el = x509_proxies_data[i]
cred_el.renew()
cred_el.advertize = True
if hasattr(cred_el, "filename"):
try:
if (not os.path.exists(cred_el.filename)) and (cred_el.creation_script is not None):
logSupport.log.debug(
"Proxy %s didn not exist, calling creation_script %s"
% (cred_el.filename, cred_el.creation_script)
)
condorExe.iexe_cmd(cred_el.creation_script)
data_fd = open(cred_el.filename)
cred_data = data_fd.read()
data_fd.close()
except:
cred_el.advertize = False
logSupport.log.exception("Advertising global credential %s failed" % cred_el.filename)
continue
glidein_params_to_encrypt[cred_el.file_id(cred_el.filename)] = cred_data
if hasattr(cred_el, "security_class"):
# Convert the sec class to a string so the Factory can interpret the value correctly
glidein_params_to_encrypt["SecurityClass" + cred_el.file_id(cred_el.filename)] = str(
cred_el.security_class
)
if hasattr(cred_el, "key_fname"):
try:
data_fd = open(cred_el.key_fname)
cred_data = data_fd.read()
data_fd.close()
except:
cred_el.advertize = False
logSupport.log.exception("Advertising global credential %s failed: " % cred_el.filename)
continue
glidein_params_to_encrypt[cred_el.file_id(cred_el.key_fname)] = cred_data
if hasattr(cred_el, "security_class"):
# Convert the sec class to a string so the Factory can interpret the value correctly
glidein_params_to_encrypt["SecurityClass" + cred_el.file_id(cred_el.key_fname)] = str(
cred_el.security_class
)
if hasattr(cred_el, "pilot_fname"):
try:
data_fd = open(cred_el.pilot_fname)
cred_data = data_fd.read()
data_fd.close()
except:
cred_el.advertize = False
logSupport.log.exception("Advertising global credential %s failed: " % cred_el.filename)
continue
glidein_params_to_encrypt[cred_el.file_id(cred_el.pilot_fname)] = cred_data
if hasattr(cred_el, "security_class"):
# Convert the sec class to a string so the Factory can interpret the value correctly
glidein_params_to_encrypt["SecurityClass" + cred_el.file_id(cred_el.pilot_fname)] = str(
cred_el.security_class
)
if factory_pool in self.global_key:
key_obj = self.global_key[factory_pool]
if key_obj is not None:
fd.write(string.join(key_obj.get_key_attrs(), "\n") + "\n")
for attr in glidein_params_to_encrypt.keys():
# logSupport.log.debug("Encrypting (%s,%s)"%(attr,glidein_params_to_encrypt[attr]))
el = key_obj.encrypt_hex(glidein_params_to_encrypt[attr])
escaped_el = string.replace(string.replace(str(el), '"', '\\"'), "\n", "\\n")
fd.write('%s%s = "%s"\n' % (frontendConfig.encrypted_param_prefix, attr, escaped_el))
# Update Sequence number information
if advertizeGCGounter.has_key(classad_name):
advertizeGCGounter[classad_name] += 1
else:
advertizeGCGounter[classad_name] = 0
fd.write("UpdateSequenceNumber = %s\n" % advertizeGCGounter[classad_name])
fd.close()
try:
advertizeWorkFromFile(factory_pool, tmpname, remove_file=True)
except condorExe.ExeError:
logSupport.log.exception("Advertising globals failed for factory pool %s: " % factory_pool)
