def _getCurrentUser( self ):
res = getProxyInfo( False, False )
if not res['OK']:
return self._errorReport( 'No proxy found in local environment', res['Message'] )
proxyInfo = res['Value']
gLogger.debug( formatProxyInfoAsString( proxyInfo ) )
if 'group' not in proxyInfo:
return self._errorReport( 'Proxy information does not contain the group', res['Message'] )
res = getDNForUsername( proxyInfo['username'] )
if not res['OK']:
return self._errorReport( 'Failed to get proxies for user', res['Message'] )
return S_OK( proxyInfo['username'] )
def _getCurrentUser( self ):
res = getProxyInfo( False, False )
if not res['OK']:
return self._errorReport( 'No proxy found in local environment', res['Message'] )
proxyInfo = res['Value']
gLogger.debug( formatProxyInfoAsString( proxyInfo ) )
if 'group 'not in proxyInfo:
return self._errorReport( 'Proxy information does not contain the group', res['Message'] )
res = getDNForUsername( proxyInfo['username'] )
if not res['OK']:
return self._errorReport( 'Failed to get proxies for user', res['Message'] )
return S_OK( proxyInfo['username'] )
def execute(self):
self.log.info("Start Execution")
result = getProxyInfo()
if not result['OK']:
return result
infoDict = result['Value']
self.log.info(formatProxyInfoAsString(infoDict))
self.__lookForCE()
self.__infoFromCE()
self.log.info("End Execution")
return S_OK()
def execute(self):
self.log.info("Start Execution")
result = getProxyInfo()
if not result["OK"]:
return result
infoDict = result["Value"]
self.log.info(formatProxyInfoAsString(infoDict))
self.__lookForCE()
self.__infoFromCE()
self.log.info("End Execution")
return S_OK()
def _getCurrentUser(self):
"""Get current user
:return: S_OK(dict)/S_ERROR()
"""
res = getProxyInfo(False, False)
if not res["OK"]:
return self._errorReport("No proxy found in local environment", res["Message"])
proxyInfo = res["Value"]
gLogger.debug(formatProxyInfoAsString(proxyInfo))
if "group" not in proxyInfo:
return self._errorReport("Proxy information does not contain the group", res["Message"])
res = getDNForUsername(proxyInfo["username"])
if not res["OK"]:
return self._errorReport("Failed to get proxies for user", res["Message"])
return S_OK(proxyInfo["username"])
def execute( self ):
self.log.info( "Start Execution" )
result = getProxyInfo()
if not result[ 'OK' ]:
return result
infoDict = result[ 'Value' ]
self.log.info( formatProxyInfoAsString( infoDict ) )
#Get a "fresh" copy of the CS data
result = self.csAPI.downloadCSData()
if not result[ 'OK' ]:
self.log.warn( "Could not download a fresh copy of the CS data", result[ 'Message' ] )
self.__lookForCE()
self.__infoFromCE()
self.log.info( "End Execution" )
return S_OK()
def execute( self ):
self.log.info( "Start Execution" )
result = getProxyInfo()
if not result[ 'OK' ]:
return result
infoDict = result[ 'Value' ]
self.log.info( formatProxyInfoAsString( infoDict ) )
#Get a "fresh" copy of the CS data
result = self.csAPI.downloadCSData()
if not result[ 'OK' ]:
self.log.warn( "Could not download a fresh copy of the CS data", result[ 'Message' ] )
self.__lookForCE()
self.__infoFromCE()
self.log.info( "End Execution" )
return S_OK()
def _monitorProxy(self, pilotProxy, payloadProxy):
"""Base class for the monitor and update of the payload proxy, to be used in
derived classes for the basic renewal of the proxy, if further actions are
necessary they should be implemented there
"""
retVal = getProxyInfo(payloadProxy)
if not retVal['OK']:
self.log.error('Could not get payload proxy info', retVal)
return retVal
self.log.verbose('Payload Proxy information:\n%s' %
formatProxyInfoAsString(retVal['Value']))
payloadProxyDict = retVal['Value']
payloadSecs = payloadProxyDict['chain'].getRemainingSecs()['Value']
if payloadSecs > self.minProxyTime:
self.log.verbose('No need to renew payload Proxy')
return S_OK()
# if there is no pilot proxy, assume there is a certificate and try a renewal
if not pilotProxy:
self.log.info(
'Using default credentials to get a new payload Proxy')
return gProxyManager.renewProxy(
proxyToBeRenewed=payloadProxy,
minLifeTime=self.minProxyTime,
newProxyLifeTime=self.defaultProxyTime,
proxyToConnect=pilotProxy)
# if there is pilot proxy
retVal = getProxyInfo(pilotProxy)
if not retVal['OK']:
return retVal
pilotProxyDict = retVal['Value']
if not 'groupProperties' in pilotProxyDict:
self.log.error('Invalid Pilot Proxy',
'Group has no properties defined')
return S_ERROR('Proxy has no group properties defined')
pilotProps = pilotProxyDict['groupProperties']
# if running with a pilot proxy, use it to renew the proxy of the payload
if Properties.PILOT in pilotProps or Properties.GENERIC_PILOT in pilotProps:
self.log.info('Using Pilot credentials to get a new payload Proxy')
return gProxyManager.renewProxy(
proxyToBeRenewed=payloadProxy,
minLifeTime=self.minProxyTime,
newProxyLifeTime=self.defaultProxyTime,
proxyToConnect=pilotProxy)
# if we are running with other type of proxy check if they are for the same user and group
# and copy the pilot proxy if necessary
self.log.info('Trying to copy pilot Proxy to get a new payload Proxy')
pilotProxySecs = pilotProxyDict['chain'].getRemainingSecs()['Value']
if pilotProxySecs <= payloadSecs:
errorStr = 'Pilot Proxy is not longer than payload Proxy'
self.log.error(errorStr)
return S_ERROR('Can not renew by copy: %s' % errorStr)
# check if both proxies belong to the same user and group
pilotDN = pilotProxyDict['chain'].getIssuerCert(
)['Value'].getSubjectDN()['Value']
retVal = pilotProxyDict['chain'].getDIRACGroup()
if not retVal['OK']:
return retVal
pilotGroup = retVal['Value']
payloadDN = payloadProxyDict['chain'].getIssuerCert(
)['Value'].getSubjectDN()['Value']
retVal = payloadProxyDict['chain'].getDIRACGroup()
if not retVal['OK']:
return retVal
payloadGroup = retVal['Value']
if pilotDN != payloadDN or pilotGroup != payloadGroup:
errorStr = 'Pilot Proxy and payload Proxy do not have same DN and Group'
self.log.error(errorStr)
return S_ERROR('Can not renew by copy: %s' % errorStr)
if pilotProxyDict.get('hasVOMS', False):
return pilotProxyDict['chain'].dumpAllToFile(payloadProxy)
attribute = CS.getVOMSAttributeForGroup(payloadGroup)
vo = CS.getVOMSVOForGroup(payloadGroup)
retVal = VOMS().setVOMSAttributes(pilotProxyDict['chain'],
attribute=attribute,
vo=vo)
if not retVal['OK']:
return retVal
chain = retVal['Value']
return chain.dumpAllToFile(payloadProxy)
def _monitorProxy(self, pilotProxy, payloadProxy):
"""Base class for the monitor and update of the payload proxy, to be used in
derived classes for the basic renewal of the proxy, if further actions are
necessary they should be implemented there
"""
retVal = getProxyInfo(payloadProxy)
if not retVal["OK"]:
self.log.error("Could not get payload proxy info", retVal)
return retVal
self.log.verbose("Payload Proxy information:\n%s" % formatProxyInfoAsString(retVal["Value"]))
payloadProxyDict = retVal["Value"]
payloadSecs = payloadProxyDict["chain"].getRemainingSecs()["Value"]
if payloadSecs > self.minProxyTime:
self.log.verbose("No need to renew payload Proxy")
return S_OK()
# if there is no pilot proxy, assume there is a certificate and try a renewal
if not pilotProxy:
self.log.info("Using default credentials to get a new payload Proxy")
return gProxyManager.renewProxy(
proxyToBeRenewed=payloadProxy,
minLifeTime=self.minProxyTime,
newProxyLifeTime=self.defaultProxyTime,
proxyToConnect=pilotProxy,
)
# if there is pilot proxy
retVal = getProxyInfo(pilotProxy)
if not retVal["OK"]:
return retVal
pilotProxyDict = retVal["Value"]
if not "groupProperties" in pilotProxyDict:
self.log.error("Invalid Pilot Proxy", "Group has no properties defined")
return S_ERROR("Proxy has no group properties defined")
pilotProps = pilotProxyDict["groupProperties"]
# if running with a pilot proxy, use it to renew the proxy of the payload
if Properties.PILOT in pilotProps or Properties.GENERIC_PILOT in pilotProps:
self.log.info("Using Pilot credentials to get a new payload Proxy")
return gProxyManager.renewProxy(
proxyToBeRenewed=payloadProxy,
minLifeTime=self.minProxyTime,
newProxyLifeTime=self.defaultProxyTime,
proxyToConnect=pilotProxy,
)
# if we are running with other type of proxy check if they are for the same user and group
# and copy the pilot proxy if necessary
self.log.info("Trying to copy pilot Proxy to get a new payload Proxy")
pilotProxySecs = pilotProxyDict["chain"].getRemainingSecs()["Value"]
if pilotProxySecs <= payloadSecs:
errorStr = "Pilot Proxy is not longer than payload Proxy"
self.log.error(errorStr)
return S_ERROR("Can not renew by copy: %s" % errorStr)
# check if both proxies belong to the same user and group
pilotDN = pilotProxyDict["chain"].getIssuerCert()["Value"].getSubjectDN()["Value"]
retVal = pilotProxyDict["chain"].getDIRACGroup()
if not retVal["OK"]:
return retVal
pilotGroup = retVal["Value"]
payloadDN = payloadProxyDict["chain"].getIssuerCert()["Value"].getSubjectDN()["Value"]
retVal = payloadProxyDict["chain"].getDIRACGroup()
if not retVal["OK"]:
return retVal
payloadGroup = retVal["Value"]
if pilotDN != payloadDN or pilotGroup != payloadGroup:
errorStr = "Pilot Proxy and payload Proxy do not have same DN and Group"
self.log.error(errorStr)
return S_ERROR("Can not renew by copy: %s" % errorStr)
if pilotProxyDict.get("hasVOMS", False):
return pilotProxyDict["chain"].dumpAllToFile(payloadProxy)
attribute = CS.getVOMSAttributeForGroup(payloadGroup)
vo = CS.getVOMSVOForGroup(payloadGroup)
retVal = VOMS().setVOMSAttributes(pilotProxyDict["chain"], attribute=attribute, vo=vo)
if not retVal["OK"]:
return retVal
chain = retVal["Value"]
return chain.dumpAllToFile(payloadProxy)
if result[ 'OK' ]:
deviation = result[ 'Value' ]
if deviation > 600:
gLogger.error( "Your host clock seems to be off by more than TEN MINUTES! Thats really bad." )
elif deviation > 180:
gLogger.error( "Your host clock seems to be off by more than THREE minutes! Thats bad." )
elif deviation > 60:
gLogger.error( "Your host clock seems to be off by more than a minute! Thats not good." )
result = getProxyInfo( params.proxyLoc, not params.vomsEnabled )
if not result[ 'OK' ]:
gLogger.error( result[ 'Message' ] )
sys.exit( 1 )
infoDict = result[ 'Value' ]
gLogger.notice( formatProxyInfoAsString( infoDict ) )
if not infoDict['isProxy']:
gLogger.error( '==============================\n!!! The proxy is not valid !!!' )
if params.steps:
gLogger.notice( "== Steps extended info ==" )
chain = infoDict[ 'chain' ]
stepInfo = getProxyStepsInfo( chain )[ 'Value' ]
gLogger.notice( formatProxyStepsInfoAsString( stepInfo ) )
def invalidProxy( msg ):
gLogger.error( "Invalid proxy:", msg )
sys.exit( 1 )
if params.uploadedInfo:
result = gProxyManager.getUserProxiesInfo()
def main():
params = Params()
Script.registerSwitch("f:", "file=", "File to use as user key", params.setProxyLocation)
Script.registerSwitch("i", "version", "Print version", params.showVersion)
Script.registerSwitch("n", "novoms", "Disable VOMS", params.disableVOMS)
Script.registerSwitch("v", "checkvalid", "Return error if the proxy is invalid", params.validityCheck)
Script.registerSwitch("x", "nocs", "Disable CS", params.disableCS)
Script.registerSwitch("e", "steps", "Show steps info", params.showSteps)
Script.registerSwitch("j", "noclockcheck", "Disable checking if time is ok", params.disableClockCheck)
Script.registerSwitch("m", "uploadedinfo", "Show uploaded proxies info", params.setManagerInfo)
Script.disableCS()
Script.parseCommandLine()
from DIRAC.Core.Utilities.NTP import getClockDeviation
from DIRAC import gLogger
from DIRAC.Core.Security.ProxyInfo import getProxyInfo, getProxyStepsInfo
from DIRAC.Core.Security.ProxyInfo import formatProxyInfoAsString, formatProxyStepsInfoAsString
from DIRAC.Core.Security import VOMS
from DIRAC.FrameworkSystem.Client.ProxyManagerClient import gProxyManager
from DIRAC.ConfigurationSystem.Client.Helpers import Registry
if params.csEnabled:
retVal = Script.enableCS()
if not retVal["OK"]:
print("Cannot contact CS to get user list")
if params.checkClock:
result = getClockDeviation()
if result["OK"]:
deviation = result["Value"]
if deviation > 600:
gLogger.error("Your host clock seems to be off by more than TEN MINUTES! Thats really bad.")
elif deviation > 180:
gLogger.error("Your host clock seems to be off by more than THREE minutes! Thats bad.")
elif deviation > 60:
gLogger.error("Your host clock seems to be off by more than a minute! Thats not good.")
result = getProxyInfo(params.proxyLoc, not params.vomsEnabled)
if not result["OK"]:
gLogger.error(result["Message"])
sys.exit(1)
infoDict = result["Value"]
gLogger.notice(formatProxyInfoAsString(infoDict))
if not infoDict["isProxy"]:
gLogger.error("==============================\n!!! The proxy is not valid !!!")
if params.steps:
gLogger.notice("== Steps extended info ==")
chain = infoDict["chain"]
stepInfo = getProxyStepsInfo(chain)["Value"]
gLogger.notice(formatProxyStepsInfoAsString(stepInfo))
def invalidProxy(msg):
gLogger.error("Invalid proxy:", msg)
sys.exit(1)
if params.uploadedInfo:
result = gProxyManager.getUserProxiesInfo()
if not result["OK"]:
gLogger.error("Could not retrieve the uploaded proxies info", result["Message"])
else:
uploadedInfo = result["Value"]
if not uploadedInfo:
gLogger.notice("== No proxies uploaded ==")
if uploadedInfo:
gLogger.notice("== Proxies uploaded ==")
maxDNLen = 0
maxGroupLen = 0
for userDN in uploadedInfo:
maxDNLen = max(maxDNLen, len(userDN))
for group in uploadedInfo[userDN]:
maxGroupLen = max(maxGroupLen, len(group))
gLogger.notice(" %s | %s | Until (GMT)" % ("DN".ljust(maxDNLen), "Group".ljust(maxGroupLen)))
for userDN in uploadedInfo:
for group in uploadedInfo[userDN]:
gLogger.notice(
" %s | %s | %s"
% (
userDN.ljust(maxDNLen),
group.ljust(maxGroupLen),
uploadedInfo[userDN][group].strftime("%Y/%m/%d %H:%M"),
)
)
if params.checkValid:
if infoDict["secondsLeft"] == 0:
invalidProxy("Proxy is expired")
if params.csEnabled and not infoDict["validGroup"]:
invalidProxy("Group %s is not valid" % infoDict["group"])
if "hasVOMS" in infoDict and infoDict["hasVOMS"]:
requiredVOMS = Registry.getVOMSAttributeForGroup(infoDict["group"])
if "VOMS" not in infoDict or not infoDict["VOMS"]:
invalidProxy("Unable to retrieve VOMS extension")
if len(infoDict["VOMS"]) > 1:
invalidProxy("More than one voms attribute found")
if requiredVOMS not in infoDict["VOMS"]:
invalidProxy(
"Unexpected VOMS extension %s. Extension expected for DIRAC group is %s"
% (infoDict["VOMS"][0], requiredVOMS)
)
result = VOMS.VOMS().getVOMSProxyInfo(infoDict["chain"], "actimeleft")
if not result["OK"]:
invalidProxy("Cannot determine life time of VOMS attributes: %s" % result["Message"])
if int(result["Value"].strip()) == 0:
invalidProxy("VOMS attributes are expired")
sys.exit(0)
def _monitorProxy(self, payloadProxy=None):
"""Base class for the monitor and update of the payload proxy, to be used in
derived classes for the basic renewal of the proxy, if further actions are
necessary they should be implemented there
:param str payloadProxy: location of the payload proxy file
:returns: S_OK(filename)/S_ERROR
"""
if not payloadProxy:
return S_ERROR("No payload proxy")
# This will get the pilot proxy
ret = getProxyInfo()
if not ret["OK"]:
pilotProxy = None
else:
pilotProxy = ret["Value"]["path"]
self.log.notice("Pilot Proxy:", pilotProxy)
retVal = getProxyInfo(payloadProxy)
if not retVal["OK"]:
self.log.error("Could not get payload proxy info", retVal)
return retVal
self.log.verbose("Payload Proxy information:\n%s" %
formatProxyInfoAsString(retVal["Value"]))
payloadProxyDict = retVal["Value"]
payloadSecs = payloadProxyDict["chain"].getRemainingSecs()["Value"]
if payloadSecs > self.minProxyTime:
self.log.verbose("No need to renew payload Proxy")
return S_OK()
# if there is no pilot proxy, assume there is a certificate and try a renewal
if not pilotProxy:
self.log.info(
"Using default credentials to get a new payload Proxy")
return gProxyManager.renewProxy(
proxyToBeRenewed=payloadProxy,
minLifeTime=self.minProxyTime,
newProxyLifeTime=self.defaultProxyTime,
proxyToConnect=pilotProxy,
)
# if there is pilot proxy
retVal = getProxyInfo(pilotProxy)
if not retVal["OK"]:
return retVal
pilotProxyDict = retVal["Value"]
if "groupProperties" not in pilotProxyDict:
self.log.error("Invalid Pilot Proxy",
"Group has no properties defined")
return S_ERROR("Proxy has no group properties defined")
pilotProps = pilotProxyDict["groupProperties"]
# if running with a pilot proxy, use it to renew the proxy of the payload
if Properties.PILOT in pilotProps or Properties.GENERIC_PILOT in pilotProps:
self.log.info("Using Pilot credentials to get a new payload Proxy")
return gProxyManager.renewProxy(
proxyToBeRenewed=payloadProxy,
minLifeTime=self.minProxyTime,
newProxyLifeTime=self.defaultProxyTime,
proxyToConnect=pilotProxy,
)
# if we are running with other type of proxy check if they are for the same user and group
# and copy the pilot proxy if necessary
self.log.info("Trying to copy pilot Proxy to get a new payload Proxy")
pilotProxySecs = pilotProxyDict["chain"].getRemainingSecs()["Value"]
if pilotProxySecs <= payloadSecs:
errorStr = "Pilot Proxy is not longer than payload Proxy"
self.log.error(errorStr)
return S_ERROR("Can not renew by copy: %s" % errorStr)
# check if both proxies belong to the same user and group
pilotDN = pilotProxyDict["chain"].getIssuerCert(
)["Value"].getSubjectDN()["Value"]
retVal = pilotProxyDict["chain"].getDIRACGroup()
if not retVal["OK"]:
return retVal
pilotGroup = retVal["Value"]
payloadDN = payloadProxyDict["chain"].getIssuerCert(
)["Value"].getSubjectDN()["Value"]
retVal = payloadProxyDict["chain"].getDIRACGroup()
if not retVal["OK"]:
return retVal
payloadGroup = retVal["Value"]
if pilotDN != payloadDN or pilotGroup != payloadGroup:
errorStr = "Pilot Proxy and payload Proxy do not have same DN and Group"
self.log.error(errorStr)
return S_ERROR("Can not renew by copy: %s" % errorStr)
if pilotProxyDict.get("hasVOMS", False):
return pilotProxyDict["chain"].dumpAllToFile(payloadProxy)
attribute = Registry.getVOMSAttributeForGroup(payloadGroup)
vo = Registry.getVOMSVOForGroup(payloadGroup)
retVal = VOMS().setVOMSAttributes(pilotProxyDict["chain"],
attribute=attribute,
vo=vo)
if not retVal["OK"]:
return retVal
chain = retVal["Value"]
return chain.dumpAllToFile(payloadProxy)
# Show infomation message only if the current state of the user environment does not match the authorization result
if (useTokens and (self.response == "proxy")) or (not useTokens and (self.response == "token")):
gLogger.notice(msg)
def getAuthStatus(self):
"""Try to get user authorization status.
:return: S_OK()/S_ERROR()
"""
if not (result := self.__enableCS())["OK"]:
return result
if self.response == "proxy":
result = getProxyInfo(self.outputFile)
if result["OK"]:
gLogger.notice(formatProxyInfoAsString(result["Value"]))
else:
result = readTokenFromFile(self.outputFile)
if result["OK"]:
gLogger.notice(result["Value"].getInfoAsString())
return result
@Script()
def main():
userParams = Params()
userParams.registerCLISwitches()
# Check time
deviation = getClockDeviation()
)
elif deviation > 180:
gLogger.error(
"Your host clock seems to be off by more than THREE minutes! Thats bad."
)
elif deviation > 60:
gLogger.error(
"Your host clock seems to be off by more than a minute! Thats not good."
)
result = getProxyInfo(params.proxyLoc, not params.vomsEnabled)
if not result['OK']:
gLogger.error(result['Message'])
sys.exit(1)
infoDict = result['Value']
gLogger.notice(formatProxyInfoAsString(infoDict))
if not infoDict['isProxy']:
gLogger.error(
'==============================\n!!! The proxy is not valid !!!')
if params.steps:
gLogger.notice("== Steps extended info ==")
chain = infoDict['chain']
stepInfo = getProxyStepsInfo(chain)['Value']
gLogger.notice(formatProxyStepsInfoAsString(stepInfo))
def invalidProxy(msg):
gLogger.error("Invalid proxy:", msg)
sys.exit(1)
