def getPayloadProxyFromVOMSGroup(self,
userDN,
vomsAttr,
token,
requiredTimeLeft,
proxyToConnect=None):
""" Download a payload proxy with VOMS extensions depending on the VOMS attr
:param basestring userDN: user DN
:param basestring vomsAttr: VOMS attribute
:param basestring token: valid token to get a proxy
:param int requiredTimeLeft: required proxy live time in a seconds
:param X509Chain proxyToConnect: proxy as a chain
:return: S_OK(X509Chain)/S_ERROR()
"""
groups = Registry.getGroupsWithVOMSAttribute(vomsAttr)
if not groups:
return S_ERROR("No group found that has %s as voms attrs" %
vomsAttr)
userGroup = groups[0]
return self.downloadVOMSProxy(userDN,
userGroup,
limited=True,
requiredTimeLeft=requiredTimeLeft,
requiredVOMSAttribute=vomsAttr,
proxyToConnect=proxyToConnect,
token=token)
def getPilotProxyFromVOMSGroup(self,
userDN,
vomsAttr,
requiredTimeLeft=43200,
proxyToConnect=None):
""" Download a pilot proxy with VOMS extensions depending on the group
:param basestring userDN: user DN
:param basestring vomsAttr: VOMS attribute
:param int requiredTimeLeft: required proxy live time in a seconds
:param X509Chain proxyToConnect: proxy as a chain
:return: S_OK(X509Chain)/S_ERROR()
"""
groups = Registry.getGroupsWithVOMSAttribute(vomsAttr)
if not groups:
return S_ERROR("No group found that has %s as voms attrs" %
vomsAttr)
for userGroup in groups:
result = self.downloadVOMSProxy(userDN,
userGroup,
limited=False,
requiredTimeLeft=requiredTimeLeft,
requiredVOMSAttribute=vomsAttr,
proxyToConnect=proxyToConnect)
if result['OK']:
return result
return result
def __getProxyAndRemoveReplica(self, diracSE, lfn):
"""
get a proxy from the owner of the file and try to remove it
returns True if it succeeds, False otherwise
"""
result = self.replicaManager.getCatalogDirectoryMetadata(
lfn, singleFile=True)
if not result['OK']:
gLogger.error("Could not get metadata info", result['Message'])
return False
ownerRole = result['Value']['OwnerRole']
ownerDN = result['Value']['OwnerDN']
if ownerRole[0] != "/":
ownerRole = "/%s" % ownerRole
userProxy = ''
for ownerGroup in Registry.getGroupsWithVOMSAttribute(ownerRole):
result = gProxyManager.downloadVOMSProxy(
ownerDN,
ownerGroup,
limited=True,
requiredVOMSAttribute=ownerRole)
if not result['OK']:
gLogger.verbose(
'Failed to retrieve voms proxy for %s : %s:' %
(ownerDN, ownerRole), result['Message'])
continue
userProxy = result['Value']
gLogger.verbose("Got proxy for %s@%s [%s]" %
(ownerDN, ownerGroup, ownerRole))
break
if not userProxy:
return False
result = userProxy.dumpAllToFile()
if not result['OK']:
gLogger.verbose(result['Message'])
return False
upFile = result['Value']
prevProxyEnv = os.environ['X509_USER_PROXY']
os.environ['X509_USER_PROXY'] = upFile
try:
res = self.replicaManager.removeReplica(diracSE, lfn)
if res['OK'] and lfn in res['Value']['Successful']:
gLogger.verbose('Removed %s from %s' % (lfn, diracSE))
return True
finally:
os.environ['X509_USER_PROXY'] = prevProxyEnv
os.unlink(upFile)
return False
def __getProxyAndRemoveReplica( self, diracSE, lfn ):
"""
get a proxy from the owner of the file and try to remove it
returns True if it succeeds, False otherwise
"""
result = self.replicaManager.getCatalogDirectoryMetadata( lfn, singleFile = True )
if not result[ 'OK' ]:
gLogger.error( "Could not get metadata info", result[ 'Message' ] )
return False
ownerRole = result[ 'Value' ][ 'OwnerRole' ]
ownerDN = result[ 'Value' ][ 'OwnerDN' ]
if ownerRole[0] != "/":
ownerRole = "/%s" % ownerRole
userProxy = ''
for ownerGroup in Registry.getGroupsWithVOMSAttribute( ownerRole ):
result = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True,
requiredVOMSAttribute = ownerRole )
if not result[ 'OK' ]:
gLogger.verbose ( 'Failed to retrieve voms proxy for %s : %s:' % ( ownerDN, ownerRole ),
result[ 'Message' ] )
continue
userProxy = result[ 'Value' ]
gLogger.verbose( "Got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) )
break
if not userProxy:
return False
result = userProxy.dumpAllToFile()
if not result[ 'OK' ]:
gLogger.verbose( result[ 'Message' ] )
return False
upFile = result[ 'Value' ]
prevProxyEnv = os.environ[ 'X509_USER_PROXY' ]
os.environ[ 'X509_USER_PROXY' ] = upFile
try:
res = self.replicaManager.removeReplica( diracSE, lfn )
if res['OK'] and lfn in res[ 'Value' ]['Successful']:
gLogger.verbose( 'Removed %s from %s' % ( lfn, diracSE ) )
return True
finally:
os.environ[ 'X509_USER_PROXY' ] = prevProxyEnv
os.unlink( upFile )
return False
def addFile(self, name, fileDict, repDict, numericid):
""" Pretty print of the file ls output
"""
perm = fileDict['Mode']
date = fileDict['ModificationDate']
#nlinks = fileDict.get('NumberOfLinks',0)
nreplicas = len(repDict)
size = fileDict['Size']
if 'Owner' in fileDict:
uname = fileDict['Owner']
elif 'OwnerDN' in fileDict:
result = Registry.getUsernameForDN(fileDict['OwnerDN'])
if result['OK']:
uname = result['Value']
else:
uname = 'unknown'
else:
uname = 'unknown'
if numericid:
uname = str(fileDict['UID'])
if 'OwnerGroup' in fileDict:
gname = fileDict['OwnerGroup']
elif 'OwnerRole' in fileDict:
groups = Registry.getGroupsWithVOMSAttribute('/' +
fileDict['OwnerRole'])
if groups:
if len(groups) > 1:
gname = groups[0]
default_group = gConfig.getValue('/Registry/DefaultGroup',
'unknown')
if default_group in groups:
gname = default_group
else:
gname = groups[0]
else:
gname = 'unknown'
else:
gname = 'unknown'
if numericid:
gname = str(fileDict['GID'])
self.entries.append(('-' + self.__getModeString(perm), nreplicas,
uname, gname, size, date, name))
def addFile(self, name, fileDict, repDict, numericid):
"""Pretty print of the file ls output"""
perm = fileDict["Mode"]
date = fileDict["ModificationDate"]
# nlinks = fileDict.get('NumberOfLinks',0)
nreplicas = len(repDict)
size = fileDict["Size"]
if "Owner" in fileDict:
uname = fileDict["Owner"]
elif "OwnerDN" in fileDict:
result = Registry.getUsernameForDN(fileDict["OwnerDN"])
if result["OK"]:
uname = result["Value"]
else:
uname = "unknown"
else:
uname = "unknown"
if numericid:
uname = str(fileDict["UID"])
if "OwnerGroup" in fileDict:
gname = fileDict["OwnerGroup"]
elif "OwnerRole" in fileDict:
groups = Registry.getGroupsWithVOMSAttribute("/" +
fileDict["OwnerRole"])
if groups:
if len(groups) > 1:
gname = groups[0]
default_group = gConfig.getValue("/Registry/DefaultGroup",
"unknown")
if default_group in groups:
gname = default_group
else:
gname = groups[0]
else:
gname = "unknown"
else:
gname = "unknown"
if numericid:
gname = str(fileDict["GID"])
self.entries.append(("-" + self.__getModeString(perm), nreplicas,
uname, gname, size, date, name))
def addDirectory(self, name, dirDict, numericid):
""" Pretty print of the file ls output
"""
perm = dirDict['Mode']
date = dirDict['ModificationDate']
nlinks = 0
size = 0
if 'Owner' in dirDict:
uname = dirDict['Owner']
elif 'OwnerDN' in dirDict:
result = Registry.getUsernameForDN(dirDict['OwnerDN'])
if result['OK']:
uname = result['Value']
else:
uname = 'unknown'
else:
uname = 'unknown'
if numericid:
uname = str(dirDict['UID'])
if 'OwnerGroup' in dirDict:
gname = dirDict['OwnerGroup']
elif 'OwnerRole' in dirDict:
groups = Registry.getGroupsWithVOMSAttribute('/' +
dirDict['OwnerRole'])
if groups:
if len(groups) > 1:
gname = groups[0]
default_group = gConfig.getValue('/Registry/DefaultGroup',
'unknown')
if default_group in groups:
gname = default_group
else:
gname = groups[0]
else:
gname = 'unknown'
if numericid:
gname = str(dirDict['GID'])
self.entries.append(('d' + self.__getModeString(perm), nlinks, uname,
gname, size, date, name))
def addDirectory(self, name, dirDict, numericid):
"""Pretty print of the file ls output"""
perm = dirDict["Mode"]
date = dirDict["ModificationDate"]
nlinks = 0
size = 0
if "Owner" in dirDict:
uname = dirDict["Owner"]
elif "OwnerDN" in dirDict:
result = Registry.getUsernameForDN(dirDict["OwnerDN"])
if result["OK"]:
uname = result["Value"]
else:
uname = "unknown"
else:
uname = "unknown"
if numericid:
uname = str(dirDict["UID"])
if "OwnerGroup" in dirDict:
gname = dirDict["OwnerGroup"]
elif "OwnerRole" in dirDict:
groups = Registry.getGroupsWithVOMSAttribute("/" +
dirDict["OwnerRole"])
if groups:
if len(groups) > 1:
gname = groups[0]
default_group = gConfig.getValue("/Registry/DefaultGroup",
"unknown")
if default_group in groups:
gname = default_group
else:
gname = groups[0]
else:
gname = "unknown"
if numericid:
gname = str(dirDict["GID"])
self.entries.append(("d" + self.__getModeString(perm), nlinks, uname,
gname, size, date, name))
def getPayloadProxyFromVOMSGroup(self,
userDN,
vomsAttr,
token,
requiredTimeLeft,
proxyToConnect=False):
"""
Download a payload proxy with VOMS extensions depending on the VOMS attr
"""
groups = Registry.getGroupsWithVOMSAttribute(vomsAttr)
if not groups:
return S_ERROR("No group found that has %s as voms attrs" %
vomsAttr)
userGroup = groups[0]
return self.downloadVOMSProxy(userDN,
userGroup,
limited=True,
requiredTimeLeft=requiredTimeLeft,
requiredVOMSAttribute=vomsAttr,
proxyToConnect=proxyToConnect,
token=token)
def getPilotProxyFromVOMSGroup(self,
userDN,
vomsAttr,
requiredTimeLeft=43200,
proxyToConnect=False):
"""
Download a pilot proxy with VOMS extensions depending on the group
"""
groups = Registry.getGroupsWithVOMSAttribute(vomsAttr)
if not groups:
return S_ERROR("No group found that has %s as voms attrs" %
vomsAttr)
for userGroup in groups:
result = self.downloadVOMSProxy(userDN,
userGroup,
limited=False,
requiredTimeLeft=requiredTimeLeft,
requiredVOMSAttribute=vomsAttr,
proxyToConnect=proxyToConnect)
if result['OK']:
return result
return result
def __getOwnerProxy(self, dirPath):
''' get owner creds for :dirPath: '''
self.log.verbose("Retrieving dir metadata...")
# get owner form the cached information, if not, try getDirectoryMetadata
ownerName, ownerGroup = self.__directoryOwners.pop(
dirPath, (None, None))
if not ownerName or not ownerGroup:
result = returnSingleResult(
self.catalog.getDirectoryMetadata(dirPath))
if not result['OK'] or 'OwnerRole' not in result['Value']:
self.log.error("Could not get metadata info",
result['Message'])
return result
ownerRole = result['Value']['OwnerRole']
ownerDN = result['Value']['OwnerDN']
if ownerRole[0] != "/":
ownerRole = "/%s" % ownerRole
cacheKey = (ownerDN, ownerRole)
ownerName = 'unknown'
byGroup = False
else:
ownerDN = Registry.getDNForUsername(ownerName)
if not ownerDN['OK']:
self.log.error("Could not get DN from user name",
ownerDN['Message'])
return ownerDN
ownerDN = ownerDN['Value'][0]
# This bloody method returns directly a string!!!!
ownerRole = Registry.getVOMSAttributeForGroup(ownerGroup)
byGroup = True
# Get all groups for that VOMS Role, and add lhcb_user as in DFC this is a safe value
ownerGroups = Registry.getGroupsWithVOMSAttribute(ownerRole) + [
'lhcb_user'
]
downErrors = []
for ownerGroup in ownerGroups:
if byGroup:
ownerRole = None
cacheKey = (ownerDN, ownerGroup)
if cacheKey in self.__noProxy:
return S_ERROR("Proxy not available")
# Getting the proxy...
upFile = self.proxyCache.get(cacheKey, 3600)
if upFile and os.path.exists(upFile):
self.log.verbose(
'Returning cached proxy for %s %s@%s [%s] in %s' %
(ownerName, ownerDN, ownerGroup, ownerRole, upFile))
return S_OK(upFile)
if ownerRole:
result = gProxyManager.downloadVOMSProxy(
ownerDN,
ownerGroup,
limited=False,
requiredVOMSAttribute=ownerRole)
else:
result = gProxyManager.downloadProxy(ownerDN,
ownerGroup,
limited=False)
if not result['OK']:
downErrors.append("%s : %s" % (cacheKey, result['Message']))
continue
userProxy = result['Value']
secsLeft = max(0, userProxy.getRemainingSecs()['Value'])
upFile = userProxy.dumpAllToFile()
if upFile['OK']:
upFile = upFile['Value']
else:
return upFile
self.proxyCache.add(cacheKey, secsLeft, upFile)
self.log.info("Got proxy for %s %s@%s [%s]" %
(ownerName, ownerDN, ownerGroup, ownerRole))
return S_OK(upFile)
self.__noProxy.add(cacheKey)
return S_ERROR("Could not download proxy for user (%s, %s):\n%s " %
(ownerDN, ownerRole, "\n ".join(downErrors)))
