def setupProxy(self): """ download and dump request owner proxy to file and env :return: S_OK with name of newly created owner proxy file and shifter name if any """ self.__managersDict = {} shifterProxies = self.__setupManagerProxies() if not shifterProxies["OK"]: self.log.error(shifterProxies["Message"]) ownerDN = self.request.OwnerDN ownerGroup = self.request.OwnerGroup isShifter = [] for shifter, creds in self.__managersDict.items(): if creds["ShifterDN"] == ownerDN and creds[ "ShifterGroup"] == ownerGroup: isShifter.append(shifter) if isShifter: proxyFile = self.__managersDict[isShifter[0]]["ProxyFile"] os.environ["X509_USER_PROXY"] = proxyFile return S_OK({"Shifter": isShifter, "ProxyFile": proxyFile}) # # if we're here owner is not a shifter at all ownerProxyFile = gProxyManager.downloadVOMSProxyToFile( ownerDN, ownerGroup) if not ownerProxyFile["OK"] or not ownerProxyFile["Value"]: reason = ownerProxyFile.get( "Message", "No valid proxy found in ProxyManager.") return S_ERROR("Change proxy error for '%s'@'%s': %s" % (ownerDN, ownerGroup, reason)) ownerProxyFile = ownerProxyFile["Value"] os.environ["X509_USER_PROXY"] = ownerProxyFile return S_OK({"Shifter": isShifter, "ProxyFile": ownerProxyFile})
def getProxy(userDNs, userGroup, vomsAttr, proxyFilePath): """do the actual download of the proxy, trying the different DNs""" for userDN in userDNs: if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute=vomsAttr, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600, ) else: result = gProxyManager.downloadProxyToFile(userDN, userGroup, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600) if not result["OK"]: gLogger.error( "Can't download %sproxy " % ("VOMS" if vomsAttr else ""), "of '%s', group %s to file: " % (userDN, userGroup) + result["Message"], ) else: return result # If proxy not found for any DN, return an error return S_ERROR("Can't download proxy")
def setupProxy(self): """ download and dump request owner proxy to file and env :return: S_OK with name of newly created owner proxy file and shifter name if any """ self.__managersDict = {} shifterProxies = self.__setupManagerProxies() if not shifterProxies["OK"]: self.log.error(shifterProxies["Message"]) ownerDN = self.request.OwnerDN ownerGroup = self.request.OwnerGroup isShifter = [] for shifter, creds in self.__managersDict.items(): if creds["ShifterDN"] == ownerDN and creds["ShifterGroup"] == ownerGroup: isShifter.append(shifter) if isShifter: proxyFile = self.__managersDict[isShifter[0]]["ProxyFile"] os.environ["X509_USER_PROXY"] = proxyFile return S_OK({"Shifter": isShifter, "ProxyFile": proxyFile}) # # if we're here owner is not a shifter at all ownerProxyFile = gProxyManager.downloadVOMSProxyToFile(ownerDN, ownerGroup) if not ownerProxyFile["OK"] or not ownerProxyFile["Value"]: reason = ownerProxyFile.get("Message", "No valid proxy found in ProxyManager.") return S_ERROR("Change proxy error for '%s'@'%s': %s" % (ownerDN, ownerGroup, reason)) ownerProxyFile = ownerProxyFile["Value"] os.environ["X509_USER_PROXY"] = ownerProxyFile return S_OK({"Shifter": isShifter, "ProxyFile": ownerProxyFile})
def getProxy(userDNs, userGroup, vomsAttr, proxyFilePath): """ do the actual download of the proxy, trying the different DNs """ for userDN in userDNs: if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute=vomsAttr, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600) else: result = gProxyManager.downloadProxyToFile(userDN, userGroup, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600) if not result['OK']: gLogger.warn("Can't download proxy of '%s' to file" % userDN, result['Message']) else: return result return S_ERROR("Can't download proxy")
def wrapped_fcn( *args, **kwargs ): userName = kwargs.pop( 'proxyUserName', '' ) userDN = kwargs.pop( 'proxyUserDN', '' ) userGroup = kwargs.pop( 'proxyUserGroup', '' ) vomsFlag = kwargs.pop( 'proxyWithVOMS', True ) proxyFilePath = kwargs.pop( 'proxyFilePath', False ) if ( userName or userDN ) and userGroup: # Setup user proxy originalUserProxy = os.environ.get( 'X509_USER_PROXY' ) if not userDN: result = getDNForUsername( userName ) if not result[ 'OK' ]: return result userDN = result[ 'Value' ][0] vomsAttr = '' if vomsFlag: vomsAttr = getVOMSAttributeForGroup( userGroup ) if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute = vomsAttr, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) else: result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) if not result['OK']: gLogger.warn( "Can't download proxy to file", result['Message'] ) return result proxyFile = result['Value'] os.environ['X509_USER_PROXY'] = proxyFile # Check if the caller is executing with the host certificate useServerCertificate = gConfig.useServerCertificate() if useServerCertificate: gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' ) try: resultFcn = fcn( *args, **kwargs ) except Exception, x: resultFcn = S_ERROR( "Exception: %s" % str( x ) ) # Restore the default host certificate usage if necessary if useServerCertificate: gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' ) if originalUserProxy: os.environ['X509_USER_PROXY'] = originalUserProxy else: os.environ.pop( 'X509_USER_PROXY' ) return resultFcn
def wrapped_fcn(*args, **kwargs): userName = kwargs.pop("proxyUserName", "") userGroup = kwargs.pop("proxyUserGroup", "") vomsFlag = kwargs.pop("proxyWithVOMS", True) proxyFilePath = kwargs.pop("proxyFilePath", False) if userName and userGroup: # Setup user proxy originalUserProxy = os.environ.get("X509_USER_PROXY") result = getDNForUsername(userName) if not result["OK"]: return result userDN = result["Value"][0] vomsAttr = "" if vomsFlag: vomsAttr = getVOMSAttributeForGroup(userGroup) if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute=vomsAttr, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600, ) else: result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600 ) if not result["OK"]: return result proxyFile = result["Value"] os.environ["X509_USER_PROXY"] = proxyFile # Check if the caller is executing with the host certificate useServerCertificate = gConfig.useServerCertificate() if useServerCertificate: gConfigurationData.setOptionInCFG("/DIRAC/Security/UseServerCertificate", "false") try: resultFcn = fcn(*args, **kwargs) except Exception, x: resultFcn = S_ERROR("Exception: %s" % str(x)) # Restore the default host certificate usage if necessary if useServerCertificate: gConfigurationData.setOptionInCFG("/DIRAC/Security/UseServerCertificate", "true") if originalUserProxy: os.environ["X509_USER_PROXY"] = originalUserProxy else: os.environ.pop("X509_USER_PROXY") return resultFcn
def getFTS3Context(self, username, group, ftsServer, threadID): """ Returns an fts3 context for a given user, group and fts server The context pool is per thread, and there is one context per tuple (user, group, server). We dump the proxy of a user to a file (shared by all the threads), and use it to make the context. The proxy needs a lifetime of at least 2h, is cached for 1.5h, and the lifetime of the context is 45mn :param username: name of the user :param group: group of the user :param ftsServer: address of the server :returns: S_OK with the context object """ log = gLogger.getSubLogger("getFTS3Context", child=True) contextes = self._globalContextCache.setdefault(threadID, DictCache()) idTuple = (username, group, ftsServer) log.debug("Getting context for %s" % (idTuple, )) if not contextes.exists(idTuple, 2700): res = getDNForUsername(username) if not res['OK']: return res # We take the first DN returned userDN = res['Value'][0] log.debug("UserDN %s" % userDN) # We dump the proxy to a file. # It has to have a lifetime of at least 2 hours # and we cache it for 1.5 hours res = gProxyManager.downloadVOMSProxyToFile(userDN, group, requiredTimeLeft=7200, cacheTime=5400) if not res['OK']: return res proxyFile = res['Value'] log.debug("Proxy file %s" % proxyFile) # We generate the context res = FTS3Job.generateContext(ftsServer, proxyFile) if not res['OK']: return res context = res['Value'] # we add it to the cache for this thread for 1h contextes.add(idTuple, 3600, context) return S_OK(contextes.get(idTuple))
def wrapped_fcn( *args, **kwargs ): userName = kwargs.pop( 'proxyUserName', '' ) userGroup = kwargs.pop( 'proxyUserGroup', '' ) vomsFlag = kwargs.pop( 'proxyWithVOMS', True ) proxyFilePath = kwargs.pop( 'proxyFilePath', False ) if userName and userGroup: # Setup user proxy originalUserProxy = os.environ.get( 'X509_USER_PROXY' ) result = getDNForUsername( userName ) if not result[ 'OK' ]: return result userDN = result[ 'Value' ][0] vomsAttr = '' if vomsFlag: vomsAttr = getVOMSAttributeForGroup( userGroup ) if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute = vomsAttr, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) else: result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) if not result['OK']: return result proxyFile = result['Value'] os.environ['X509_USER_PROXY'] = proxyFile # Check if the caller is executing with the host certificate useServerCertificate = gConfig.useServerCertificate() if useServerCertificate: gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' ) try: resultFcn = fcn( *args, **kwargs ) except Exception, x: resultFcn = S_ERROR( "Exception: %s" % str( x ) ) # Restore the default host certificate usage if necessary if useServerCertificate: gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' ) if originalUserProxy: os.environ['X509_USER_PROXY'] = originalUserProxy else: os.environ.pop( 'X509_USER_PROXY' ) return resultFcn
def getFTS3Context(self, username, group, ftsServer, threadID): """ Returns an fts3 context for a given user, group and fts server The context pool is per thread, and there is one context per tuple (user, group, server). We dump the proxy of a user to a file (shared by all the threads), and use it to make the context. The proxy needs a lifetime of at least 2h, is cached for 1.5h, and the lifetime of the context is 45mn :param username: name of the user :param group: group of the user :param ftsServer: address of the server :returns: S_OK with the context object """ log = gLogger.getSubLogger("getFTS3Context", child=True) contextes = self._globalContextCache.setdefault(threadID, DictCache()) idTuple = (username, group, ftsServer) log.debug("Getting context for %s" % (idTuple, )) if not contextes.exists(idTuple, 2700): res = getDNForUsername(username) if not res['OK']: return res # We take the first DN returned userDN = res['Value'][0] log.debug("UserDN %s" % userDN) # We dump the proxy to a file. # It has to have a lifetime of at least 2 hours # and we cache it for 1.5 hours res = gProxyManager.downloadVOMSProxyToFile( userDN, group, requiredTimeLeft=7200, cacheTime=5400) if not res['OK']: return res proxyFile = res['Value'] log.debug("Proxy file %s" % proxyFile) # We generate the context res = FTS3Job.generateContext(ftsServer, proxyFile) if not res['OK']: return res context = res['Value'] # we add it to the cache for this thread for 1h contextes.add(idTuple, 3600, context) return S_OK(contextes.get(idTuple))
def getShifterProxy(shifterType, fileName=False): """ This method returns a shifter's proxy :param shifterType: ProductionManager / DataManager... """ if fileName: try: os.makedirs(os.path.dirname(fileName)) except OSError: pass opsHelper = Operations() userName = opsHelper.getValue(cfgPath('Shifter', shifterType, 'User'), '') if not userName: return S_ERROR("No shifter User defined for %s" % shifterType) result = CS.getDNForUsername(userName) if not result['OK']: return result userDN = result['Value'][0] result = CS.findDefaultGroupForDN(userDN) if not result['OK']: return result defaultGroup = result['Value'] userGroup = opsHelper.getValue(cfgPath('Shifter', shifterType, 'Group'), defaultGroup) vomsAttr = CS.getVOMSAttributeForGroup(userGroup) if vomsAttr: gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) result = gProxyManager.downloadVOMSProxyToFile(userDN, userGroup, filePath=fileName, requiredTimeLeft=86400, cacheTime=86400) else: gLogger.info("Getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) result = gProxyManager.downloadProxyToFile(userDN, userGroup, filePath=fileName, requiredTimeLeft=86400, cacheTime=86400) if not result['OK']: return result chain = result['chain'] fileName = result['Value'] return S_OK({ 'DN': userDN, 'username': userName, 'group': userGroup, 'chain': chain, 'proxyFile': fileName })
def __setupManagerProxies(self): """ setup grid proxy for all defined managers """ oHelper = Operations() shifters = oHelper.getSections("Shifter") if not shifters["OK"]: self.log.error(shifters["Message"]) return shifters shifters = shifters["Value"] for shifter in shifters: shifterDict = oHelper.getOptionsDict("Shifter/%s" % shifter) if not shifterDict["OK"]: self.log.error(shifterDict["Message"]) continue userName = shifterDict["Value"].get("User", "") userGroup = shifterDict["Value"].get("Group", "") userDN = CS.getDNForUsername(userName) if not userDN["OK"]: self.log.error(userDN["Message"]) continue userDN = userDN["Value"][0] vomsAttr = CS.getVOMSAttributeForGroup(userGroup) if vomsAttr: self.log.debug( "getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) getProxy = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredTimeLeft=1200, cacheTime=4 * 43200) else: self.log.debug("getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) getProxy = gProxyManager.downloadProxyToFile( userDN, userGroup, requiredTimeLeft=1200, cacheTime=4 * 43200) if not getProxy["OK"]: self.log.error(getProxy["Message"]) return S_ERROR("unable to setup shifter proxy for %s: %s" % (shifter, getProxy["Message"])) chain = getProxy["chain"] fileName = getProxy["Value"] self.log.debug("got %s: %s %s" % (shifter, userName, userGroup)) self.__managersDict[shifter] = { "ShifterDN": userDN, "ShifterName": userName, "ShifterGroup": userGroup, "Chain": chain, "ProxyFile": fileName } return S_OK()
def getShifterProxy(shifterType, fileName=False): """This method returns a shifter's proxy :param str shifterType: ProductionManager / DataManager... :param str fileName: file name :return: S_OK(dict)/S_ERROR() """ if fileName: mkDir(os.path.dirname(fileName)) opsHelper = Operations() userName = opsHelper.getValue(cfgPath("Shifter", shifterType, "User"), "") if not userName: return S_ERROR("No shifter User defined for %s" % shifterType) result = Registry.getDNForUsername(userName) if not result["OK"]: return result userDN = result["Value"][0] result = Registry.findDefaultGroupForDN(userDN) if not result["OK"]: return result defaultGroup = result["Value"] userGroup = opsHelper.getValue(cfgPath("Shifter", shifterType, "Group"), defaultGroup) vomsAttr = Registry.getVOMSAttributeForGroup(userGroup) if vomsAttr: gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) result = gProxyManager.downloadVOMSProxyToFile(userDN, userGroup, filePath=fileName, requiredTimeLeft=86400, cacheTime=86400) else: gLogger.info("Getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) result = gProxyManager.downloadProxyToFile(userDN, userGroup, filePath=fileName, requiredTimeLeft=86400, cacheTime=86400) if not result["OK"]: return result chain = result["chain"] fileName = result["Value"] return S_OK({ "DN": userDN, "username": userName, "group": userGroup, "chain": chain, "proxyFile": fileName })
def getShifterProxy( shifterType, fileName = False ): """ This method returns a shifter's proxy :param shifterType: ProductionManager / DataManager... """ if fileName: try: os.makedirs( os.path.dirname( fileName ) ) except OSError: pass opsHelper = Operations() userName = opsHelper.getValue( cfgPath( 'Shifter', shifterType, 'User' ), '' ) if not userName: return S_ERROR( "No shifter User defined for %s" % shifterType ) result = CS.getDNForUsername( userName ) if not result[ 'OK' ]: return result userDN = result[ 'Value' ][0] result = CS.findDefaultGroupForDN( userDN ) if not result['OK']: return result defaultGroup = result['Value'] userGroup = opsHelper.getValue( cfgPath( 'Shifter', shifterType, 'Group' ), defaultGroup ) vomsAttr = CS.getVOMSAttributeForGroup( userGroup ) if vomsAttr: gLogger.info( "Getting VOMS [%s] proxy for shifter %s@%s (%s)" % ( vomsAttr, userName, userGroup, userDN ) ) result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, filePath = fileName, requiredTimeLeft = 86400, cacheTime = 86400 ) else: gLogger.info( "Getting proxy for shifter %s@%s (%s)" % ( userName, userGroup, userDN ) ) result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath = fileName, requiredTimeLeft = 86400, cacheTime = 86400 ) if not result[ 'OK' ]: return result chain = result[ 'chain' ] fileName = result[ 'Value' ] return S_OK( { 'DN' : userDN, 'username' : userName, 'group' : userGroup, 'chain' : chain, 'proxyFile' : fileName } )
def __setupManagerProxies( self ): """ setup grid proxy for all defined managers """ oHelper = Operations() shifters = oHelper.getSections( "Shifter" ) if not shifters["OK"]: self.log.error( shifters["Message"] ) return shifters shifters = shifters["Value"] for shifter in shifters: shifterDict = oHelper.getOptionsDict( "Shifter/%s" % shifter ) if not shifterDict["OK"]: self.log.error( shifterDict["Message"] ) continue userName = shifterDict["Value"].get( "User", "" ) userGroup = shifterDict["Value"].get( "Group", "" ) userDN = CS.getDNForUsername( userName ) if not userDN["OK"]: self.log.error( userDN["Message"] ) continue userDN = userDN["Value"][0] vomsAttr = CS.getVOMSAttributeForGroup( userGroup ) if vomsAttr: self.log.debug( "getting VOMS [%s] proxy for shifter %s@%s (%s)" % ( vomsAttr, userName, userGroup, userDN ) ) getProxy = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredTimeLeft = 1200, cacheTime = 4 * 43200 ) else: self.log.debug( "getting proxy for shifter %s@%s (%s)" % ( userName, userGroup, userDN ) ) getProxy = gProxyManager.downloadProxyToFile( userDN, userGroup, requiredTimeLeft = 1200, cacheTime = 4 * 43200 ) if not getProxy["OK"]: self.log.error( getProxy["Message" ] ) return S_ERROR( "unable to setup shifter proxy for %s: %s" % ( shifter, getProxy["Message"] ) ) chain = getProxy["chain"] fileName = getProxy["Value" ] self.log.debug( "got %s: %s %s" % ( shifter, userName, userGroup ) ) self.__managersDict[shifter] = { "ShifterDN" : userDN, "ShifterName" : userName, "ShifterGroup" : userGroup, "Chain" : chain, "ProxyFile" : fileName } return S_OK()
def getShifterProxy(shifterType, fileName=False): """ This method returns a shifter's proxy - shifterType : ProductionManager / DataManager... """ if fileName: try: os.makedirs(os.path.dirname(fileName)) except OSError: pass opsHelper = Operations() userName = opsHelper.getValue(cfgPath("Shifter", shifterType, "User"), "") if not userName: return S_ERROR("No shifter User defined for %s" % shifterType) result = CS.getDNForUsername(userName) if not result["OK"]: return result userDN = result["Value"][0] result = CS.findDefaultGroupForDN(userDN) if not result["OK"]: return result defaultGroup = result["Value"] userGroup = opsHelper.getValue(cfgPath("Shifter", shifterType, "Group"), defaultGroup) vomsAttr = CS.getVOMSAttributeForGroup(userGroup) if vomsAttr: gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, filePath=fileName, requiredTimeLeft=1200, cacheTime=4 * 43200 ) else: gLogger.info("Getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath=fileName, requiredTimeLeft=1200, cacheTime=4 * 43200 ) if not result["OK"]: return result chain = result["chain"] fileName = result["Value"] return S_OK({"DN": userDN, "username": userName, "group": userGroup, "chain": chain, "proxyFile": fileName})
def __prepareSecurityDetails( self, vomsFlag = True ): """ Obtains the connection details for the client """ try: credDict = self.getRemoteCredentials() clientDN = credDict[ 'DN' ] clientUsername = credDict['username'] clientGroup = credDict['group'] gLogger.debug( "Getting proxy for %s@%s (%s)" % ( clientUsername, clientGroup, clientDN ) ) if vomsFlag: result = gProxyManager.downloadVOMSProxyToFile( clientDN, clientGroup ) else: result = gProxyManager.downloadProxyToFile( clientDN, clientGroup ) if not result['OK']: return result gLogger.debug( "Updating environment." ) os.environ['X509_USER_PROXY'] = result['Value'] return result except Exception, error: exStr = "__getConnectionDetails: Failed to get client connection details." gLogger.exception( exStr, '', error ) return S_ERROR( exStr )
def getProxy(userDNs, userGroup, vomsAttr, proxyFilePath): """ do the actual download of the proxy, trying the different DNs """ for userDN in userDNs: if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute = vomsAttr, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) else: result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) if not result['OK']: gLogger.warn( "Can't download proxy of '%s' to file" %userDN, result['Message'] ) else: return result return S_ERROR("Can't download proxy")
def getProxy( userDNs, userGroup, vomsAttr, proxyFilePath ): """ do the actual download of the proxy, trying the different DNs """ for userDN in userDNs: if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute = vomsAttr, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) else: result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) if not result['OK']: gLogger.error( "Can't download %sproxy " % ( 'VOMS' if vomsAttr else '' ), "of '%s', group %s to file: " % ( userDN, userGroup ) + result['Message'] ) else: return result # If proxy not found for any DN, return an error return S_ERROR( "Can't download proxy" )
def getFTS3Context(self, username, group, ftsServer, threadID): """ Returns an fts3 context for a given user, group and fts server The context pool is per thread, and there is one context per tuple (user, group, server). We dump the proxy of a user to a file (shared by all the threads), and use it to make the context. The proxy needs a lifetime of self.proxyLifetime, is cached for cacheTime = (2*lifeTime/3) - 10mn, and the lifetime of the context is 45mn The reason for cacheTime to be what it is is because the FTS3 server will ask for a new proxy after 2/3rd of the existing proxy has expired, so we renew it just before :param str username: name of the user :param str group: group of the user :param str ftsServer: address of the server :param str threadID: thread ID :returns: S_OK with the context object """ log = gLogger.getSubLogger("getFTS3Context", child=True) contextes = self._globalContextCache.setdefault(threadID, DictCache()) idTuple = (username, group, ftsServer) log.debug("Getting context for %s" % (idTuple, )) # We keep a context in the cache for 45 minutes # (so it needs to be valid at least 15 since we add it for one hour) if not contextes.exists(idTuple, 15 * 60): res = getDNForUsername(username) if not res['OK']: return res # We take the first DN returned userDN = res['Value'][0] log.debug("UserDN %s" % userDN) # We dump the proxy to a file. # It has to have a lifetime of self.proxyLifetime # Because the FTS3 servers cache it for 2/3rd of the lifetime # we should make our cache a bit less than 2/3rd of the lifetime cacheTime = int(2 * self.proxyLifetime / 3) - 600 res = gProxyManager.downloadVOMSProxyToFile( userDN, group, requiredTimeLeft=self.proxyLifetime, cacheTime=cacheTime) if not res['OK']: return res proxyFile = res['Value'] log.debug("Proxy file %s" % proxyFile) # We generate the context # In practice, the lifetime will be less than proxyLifetime # because we reuse a cached proxy. However, the cached proxy will # never forced a redelegation, because it is recent enough for FTS3 servers. # The delegation is forced when 2/3 rd of the lifetime are left, and we get a fresh # one just before. So no problem res = FTS3Job.generateContext(ftsServer, proxyFile, lifetime=self.proxyLifetime) if not res['OK']: return res context = res['Value'] # we add it to the cache for this thread for 1h contextes.add(idTuple, 3600, context) return S_OK(contextes.get(idTuple))
def wrapped_fcn( *args, **kwargs ): userName = kwargs.pop( 'proxyUserName', '' ) userDN = kwargs.pop( 'proxyUserDN', '' ) userGroup = kwargs.pop( 'proxyUserGroup', '' ) vomsFlag = kwargs.pop( 'proxyWithVOMS', True ) proxyFilePath = kwargs.pop( 'proxyFilePath', False ) if ( userName or userDN ) and userGroup: # Setup user proxy originalUserProxy = os.environ.get( 'X509_USER_PROXY' ) if not userDN: result = getDNForUsername( userName ) if not result[ 'OK' ]: return result userDN = result[ 'Value' ][0] vomsAttr = '' if vomsFlag: vomsAttr = getVOMSAttributeForGroup( userGroup ) if vomsAttr: result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredVOMSAttribute = vomsAttr, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) else: result = gProxyManager.downloadProxyToFile( userDN, userGroup, filePath = proxyFilePath, requiredTimeLeft = 3600, cacheTime = 3600 ) if not result['OK']: gLogger.warn( "Can't download proxy to file", result['Message'] ) return result proxyFile = result['Value'] os.environ['X509_USER_PROXY'] = proxyFile # Check if the caller is executing with the host certificate useServerCertificate = gConfig.useServerCertificate() if useServerCertificate: gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' ) try: return fcn( *args, **kwargs ) except Exception as lException: value = ','.join( [str( arg ) for arg in lException.args] ) exceptType = lException.__class__.__name__ return S_ERROR( "Exception - %s: %s" % ( exceptType, value ) ) finally: # Restore the default host certificate usage if necessary if useServerCertificate: gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' ) if originalUserProxy: os.environ['X509_USER_PROXY'] = originalUserProxy else: os.environ.pop( 'X509_USER_PROXY' ) else: # No proxy substitution requested return fcn( *args, **kwargs )