def __prepareSecurityDetails(self): """ Obtains the connection details for the client """ try: credDict = self.getRemoteCredentials() clientDN = credDict['DN'] clientUsername = credDict['username'] clientGroup = credDict['group'] gLogger.debug( "Getting proxy for %s@%s (%s)" % ( clientUsername, clientGroup, clientDN ) ) res = gProxyManager.downloadVOMSProxy( clientDN, clientGroup ) if not res['OK']: return res chain = res['Value'] proxyBase = "%s/proxies" % BASE_PATH if not os.path.exists(proxyBase): os.makedirs(proxyBase) proxyLocation = "%s/proxies/%s-%s" % ( BASE_PATH, clientUsername, clientGroup ) gLogger.debug("Obtained proxy chain, dumping to %s." % proxyLocation) res = gProxyManager.dumpProxyToFile( chain, proxyLocation ) if not res['OK']: return res gLogger.debug("Updating environment.") os.environ['X509_USER_PROXY'] = res['Value'] return res except Exception, error: exStr = "__getConnectionDetails: Failed to get client connection details." gLogger.exception( exStr, '', error ) return S_ERROR(exStr)
def __prepareSecurityDetails(self): """ This function get the proxy details to submit the job """ print "S42" self.defaultProxyLength = gConfig.getValue('/Security/DefaultProxyLifeTime', 86400*5) ownerDN = self._clientTransport.peerCredentials['DN'] clientUsername = self._clientTransport.peerCredentials['username'] ownerGroup = self._clientTransport.peerCredentials['group'] retVal = gProxyManager.downloadVOMSProxy(ownerDN, ownerGroup, limited = False, requiredTimeLeft = self.defaultProxyLength) if not retVal[ 'OK' ]: print "AQUI RETVAL" os.system('dirac-proxy-info') sys.stdout.flush() chain = retVal[ 'Value' ] proxyChain = chain proxy = proxyChain.dumpAllToString() payloadProxy=proxy['Value'] result = File.writeToProxyFile(payloadProxy) if not result['OK']: return result proxyLocation = result['Value'] #os.environ[ 'X509_USER_PROXY' ] = proxyLocation return S_OK(chain)
def setupProxy( self ): """ download and dump request owner proxy to file and env :return: S_OK with name of newly created owner proxy file and shifter name if any """ self.__managersDict = {} shifterProxies = self.__setupManagerProxies() if not shifterProxies["OK"]: self.log.error( shifterProxies["Message"] ) ownerDN = self.request.OwnerDN ownerGroup = self.request.OwnerGroup isShifter = [] for shifter, creds in self.__managersDict.items(): if creds["ShifterDN"] == ownerDN and creds["ShifterGroup"] == ownerGroup: isShifter.append( shifter ) if isShifter: proxyFile = self.__managersDict[isShifter[0]]["ProxyFile"] os.environ["X509_USER_PROXY"] = proxyFile return S_OK( { "Shifter": isShifter, "ProxyFile": proxyFile } ) # # if we're here owner is not a shifter at all ownerProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup ) if not ownerProxy["OK"] or not ownerProxy["Value"]: reason = ownerProxy["Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager." return S_ERROR( "Change proxy error for '%s'@'%s': %s" % ( ownerDN, ownerGroup, reason ) ) ownerProxyFile = ownerProxy["Value"].dumpAllToFile() if not ownerProxyFile["OK"]: return S_ERROR( ownerProxyFile["Message"] ) ownerProxyFile = ownerProxyFile["Value"] os.environ["X509_USER_PROXY"] = ownerProxyFile return S_OK( { "Shifter": isShifter, "ProxyFile": ownerProxyFile } )
def __prepareSecurityDetails(self): """Obtains the connection details for the client""" try: credDict = self.getRemoteCredentials() clientDN = credDict["DN"] clientUsername = credDict["username"] clientGroup = credDict["group"] gLogger.debug("Getting proxy for %s@%s (%s)" % (clientUsername, clientGroup, clientDN)) res = gProxyManager.downloadVOMSProxy(clientDN, clientGroup) if not res["OK"]: return res chain = res["Value"] proxyBase = "%s/proxies" % BASE_PATH mkDir(proxyBase) proxyLocation = "%s/proxies/%s-%s" % (BASE_PATH, clientUsername, clientGroup) gLogger.debug("Obtained proxy chain, dumping to %s." % proxyLocation) res = gProxyManager.dumpProxyToFile(chain, proxyLocation) if not res["OK"]: return res gLogger.debug("Updating environment.") os.environ["X509_USER_PROXY"] = res["Value"] return res except Exception as error: exStr = "__getConnectionDetails: Failed to get client connection details." gLogger.exception(exStr, "", error) return S_ERROR(exStr)
def _getPilotProxyFromDIRACGroup(self, ownerDN, ownerGroup, requiredTimeLeft): """ Download a limited pilot proxy with VOMS extensions depending on the group """ #Assign VOMS attribute vomsAttr = CS.getVOMSAttributeForGroup(ownerGroup) if not vomsAttr: self.log.info( "Downloading a proxy without VOMS extensions for %s@%s" % (ownerDN, ownerGroup)) return gProxyManager.downloadProxy( ownerDN, ownerGroup, limited=True, requiredTimeLeft=requiredTimeLeft) else: self.log.info( "Downloading a proxy with '%s' VOMS extension for %s@%s" % (vomsAttr, ownerDN, ownerGroup)) return gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited=True, requiredTimeLeft=requiredTimeLeft, requiredVOMSAttribute=vomsAttr)
def setupProxy(self): """ download and dump request owner proxy to file and env :return: S_OK with name of newly created owner proxy file and shifter name if any """ self.__managersDict = {} shifterProxies = self.__setupManagerProxies() if not shifterProxies["OK"]: self.log.error(shifterProxies["Message"]) ownerDN = self.request.OwnerDN ownerGroup = self.request.OwnerGroup isShifter = [] for shifter, creds in self.__managersDict.items(): if creds["ShifterDN"] == ownerDN and creds[ "ShifterGroup"] == ownerGroup: isShifter.append(shifter) if isShifter: proxyFile = self.__managersDict[isShifter[0]]["ProxyFile"] os.environ["X509_USER_PROXY"] = proxyFile return S_OK({"Shifter": isShifter, "ProxyFile": proxyFile}) # # if we're here owner is not a shifter at all ownerProxy = gProxyManager.downloadVOMSProxy(ownerDN, ownerGroup) if not ownerProxy["OK"] or not ownerProxy["Value"]: reason = ownerProxy[ "Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager." return S_ERROR("Change proxy error for '%s'@'%s': %s" % (ownerDN, ownerGroup, reason)) ownerProxyFile = ownerProxy["Value"].dumpAllToFile() if not ownerProxyFile["OK"]: return S_ERROR(ownerProxyFile["Message"]) ownerProxyFile = ownerProxyFile["Value"] os.environ["X509_USER_PROXY"] = ownerProxyFile return S_OK({"Shifter": isShifter, "ProxyFile": ownerProxyFile})
def __prepareSecurityDetails(self): """ Obtains the connection details for the client """ try: credDict = self.getRemoteCredentials() clientDN = credDict['DN'] clientUsername = credDict['username'] clientGroup = credDict['group'] gLogger.debug("Getting proxy for %s@%s (%s)" % (clientUsername, clientGroup, clientDN)) res = gProxyManager.downloadVOMSProxy(clientDN, clientGroup) if not res['OK']: return res chain = res['Value'] proxyBase = "%s/proxies" % BASE_PATH if not os.path.exists(proxyBase): os.makedirs(proxyBase) proxyLocation = "%s/proxies/%s-%s" % (BASE_PATH, clientUsername, clientGroup) gLogger.debug("Obtained proxy chain, dumping to %s." % proxyLocation) res = gProxyManager.dumpProxyToFile(chain, proxyLocation) if not res['OK']: return res gLogger.debug("Updating environment.") os.environ['X509_USER_PROXY'] = res['Value'] return res except Exception, error: exStr = "__getConnectionDetails: Failed to get client connection details." gLogger.exception(exStr, '', error) return S_ERROR(exStr)
def __prepareSecurityDetails(self): """ Obtains the connection details for the client """ try: clientDN, clientGroup, clientUserName = self.__getOwnerGroupDN( 'ProductionManager') gLogger.debug("Getting proxy for %s %s" % (clientGroup, clientDN)) res = gProxyManager.downloadVOMSProxy(clientDN, clientGroup) if not res['OK']: return res chain = res['Value'] base = "" base = gConfig.getValue( "Systems/DataManagement/boincInstance/Services/StorageElementProxy/BasePath" ) proxyBase = "%s/proxies" % base mkDir(proxyBase) proxyLocation = "%s/proxies/%s-%s" % (base, clientUserName, clientGroup) gLogger.debug("Obtained proxy chain, dumping to %s." % proxyLocation) res = gProxyManager.dumpProxyToFile(chain, proxyLocation) if not res['OK']: return res gLogger.debug("Updating environment.") os.environ['X509_USER_PROXY'] = res['Value'] return res except Exception as error: exStr = "__getConnectionDetails: Failed to get client connection details." gLogger.exception(exStr, '', error) return S_ERROR(exStr)
def __getProxyAndRemoveReplica(self, diracSE, lfn): """ get a proxy from the owner of the file and try to remove it returns True if it succeeds, False otherwise """ result = self.replicaManager.getCatalogDirectoryMetadata( lfn, singleFile=True) if not result['OK']: gLogger.error("Could not get metadata info", result['Message']) return False ownerRole = result['Value']['OwnerRole'] ownerDN = result['Value']['OwnerDN'] if ownerRole[0] != "/": ownerRole = "/%s" % ownerRole userProxy = '' for ownerGroup in Registry.getGroupsWithVOMSAttribute(ownerRole): result = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited=True, requiredVOMSAttribute=ownerRole) if not result['OK']: gLogger.verbose( 'Failed to retrieve voms proxy for %s : %s:' % (ownerDN, ownerRole), result['Message']) continue userProxy = result['Value'] gLogger.verbose("Got proxy for %s@%s [%s]" % (ownerDN, ownerGroup, ownerRole)) break if not userProxy: return False result = userProxy.dumpAllToFile() if not result['OK']: gLogger.verbose(result['Message']) return False upFile = result['Value'] prevProxyEnv = os.environ['X509_USER_PROXY'] os.environ['X509_USER_PROXY'] = upFile try: res = self.replicaManager.removeReplica(diracSE, lfn) if res['OK'] and lfn in res['Value']['Successful']: gLogger.verbose('Removed %s from %s' % (lfn, diracSE)) return True finally: os.environ['X509_USER_PROXY'] = prevProxyEnv os.unlink(upFile) return False
def getShifterProxy(shifterType, fileName=False): """ This method returns a shifter's proxy - shifterType : ProductionManager / DataManager... """ if fileName: try: os.makedirs(os.path.dirname(fileName)) except OSError: pass opsHelper = Operations() userName = opsHelper.getValue(cfgPath('Shifter', shifterType, 'User'), '') if not userName: return S_ERROR("No shifter User defined for %s" % shifterType) result = CS.getDNForUsername(userName) if not result['OK']: return result userDN = result['Value'][0] result = CS.findDefaultGroupForDN(userDN) if not result['OK']: return result defaultGroup = result['Value'] userGroup = opsHelper.getValue(cfgPath('Shifter', shifterType, 'Group'), defaultGroup) vomsAttr = CS.getVOMSAttributeForGroup(userGroup) if vomsAttr: gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) result = gProxyManager.downloadVOMSProxy(userDN, userGroup, requiredTimeLeft=4 * 43200) else: gLogger.info("Getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) result = gProxyManager.downloadProxy(userDN, userGroup, requiredTimeLeft=4 * 43200) if not result['OK']: return result chain = result['Value'] result = gProxyManager.dumpProxyToFile(chain, destinationFile=fileName) if not result['OK']: return result fileName = result['Value'] return S_OK({ 'DN': userDN, 'username': userName, 'group': userGroup, 'chain': chain, 'proxyFile': fileName })
def getProxyForLFN(self, lfn): """ get proxy for LFN :param self: self reference :param str lfn: LFN """ dirMeta = self.replicaManager().getCatalogDirectoryMetadata( lfn, singleFile=True) if not dirMeta["OK"]: return dirMeta dirMeta = dirMeta["Value"] ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta[ "OwnerRole"].startswith("/") else dirMeta["OwnerRole"] ownerDN = dirMeta["OwnerDN"] ownerProxy = None # Execute with server certificate gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true') for ownerGroup in getGroupsWithVOMSAttribute(ownerRole): vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited=True, requiredVOMSAttribute=ownerRole) if not vomsProxy["OK"]: self.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % (ownerDN, ownerRole, vomsProxy["Message"])) continue ownerProxy = vomsProxy["Value"] self.debug("getProxyForLFN: got proxy for %s@%s [%s]" % (ownerDN, ownerGroup, ownerRole)) break gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false') if not ownerProxy: return S_ERROR("Unable to get owner proxy") dumpToFile = ownerProxy.dumpAllToFile() if not dumpToFile["OK"]: self.error("getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"]) return dumpToFile dumpToFile = dumpToFile["Value"] os.environ["X509_USER_PROXY"] = dumpToFile return S_OK()
def getVOMSProxy( self, userDN, userGroup, vomsAttr = False, validity = 43200, limited = False ): """Retrieves a proxy with default 12hr validity and VOMS extensions and stores this in a file in the local directory by default. Example usage: >>> print diracAdmin.getVOMSProxy() {'OK': True, 'Value': } @return: S_OK,S_ERROR """ return gProxyManager.downloadVOMSProxy( userDN, userGroup, limited = limited, requiredVOMSAttribute = vomsAttr, requiredTimeLeft = validity )
def getVOMSProxy( self, userDN, userGroup, vomsAttr = False, validity = 43200, limited = False ): """Retrieves a proxy with default 12hr validity and VOMS extensions and stores this in a file in the local directory by default. Example usage: >>> print diracAdmin.getVOMSProxy() {'OK': True, 'Value': } @return: S_OK,S_ERROR """ return gProxyManager.downloadVOMSProxy( userDN, userGroup, limited = limited, requiredVOMSAttribute = vomsAttr, requiredTimeLeft = validity )
def __getProxyAndRemoveReplica( self, diracSE, lfn ): """ get a proxy from the owner of the file and try to remove it returns True if it succeeds, False otherwise """ result = self.replicaManager.getCatalogDirectoryMetadata( lfn, singleFile = True ) if not result[ 'OK' ]: gLogger.error( "Could not get metadata info", result[ 'Message' ] ) return False ownerRole = result[ 'Value' ][ 'OwnerRole' ] ownerDN = result[ 'Value' ][ 'OwnerDN' ] if ownerRole[0] != "/": ownerRole = "/%s" % ownerRole userProxy = '' for ownerGroup in Registry.getGroupsWithVOMSAttribute( ownerRole ): result = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True, requiredVOMSAttribute = ownerRole ) if not result[ 'OK' ]: gLogger.verbose ( 'Failed to retrieve voms proxy for %s : %s:' % ( ownerDN, ownerRole ), result[ 'Message' ] ) continue userProxy = result[ 'Value' ] gLogger.verbose( "Got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) ) break if not userProxy: return False result = userProxy.dumpAllToFile() if not result[ 'OK' ]: gLogger.verbose( result[ 'Message' ] ) return False upFile = result[ 'Value' ] prevProxyEnv = os.environ[ 'X509_USER_PROXY' ] os.environ[ 'X509_USER_PROXY' ] = upFile try: res = self.replicaManager.removeReplica( diracSE, lfn ) if res['OK'] and lfn in res[ 'Value' ]['Successful']: gLogger.verbose( 'Removed %s from %s' % ( lfn, diracSE ) ) return True finally: os.environ[ 'X509_USER_PROXY' ] = prevProxyEnv os.unlink( upFile ) return False
def getShifterProxy(shifterType, fileName=False): """ This method returns a shifter's proxy - shifterType : ProductionManager / DataManager... """ if fileName: try: os.makedirs(os.path.dirname(fileName)) except: pass shifterSection = "/Operations/Shifter/%s" % shifterType userName = gConfig.getValue('%s/User' % shifterSection, '') if not userName: return S_ERROR("No shifter defined in %s/User" % shifterSection) result = CS.getDNForUsername(userName) if not result['OK']: return result userDN = result['Value'][0] userGroup = gConfig.getValue('%s/Group' % shifterSection, CS.getDefaultUserGroup()) vomsAttr = CS.getVOMSAttributeForGroup(userGroup) if vomsAttr: gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) result = gProxyManager.downloadVOMSProxy(userDN, userGroup, requiredTimeLeft=4 * 43200) else: gLogger.info("Getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) result = gProxyManager.downloadProxy(userDN, userGroup, requiredTimeLeft=4 * 43200) if not result['OK']: return result chain = result['Value'] result = gProxyManager.dumpProxyToFile(chain, destinationFile=fileName) if not result['OK']: return result fileName = result['Value'] return S_OK({ 'DN': userDN, 'username': userName, 'group': userGroup, 'chain': chain, 'proxyFile': fileName })
def _getPilotProxyFromDIRACGroup( self, ownerDN, ownerGroup, requiredTimeLeft ): """ Download a limited pilot proxy with VOMS extensions depending on the group """ #Assign VOMS attribute vomsAttr = CS.getVOMSAttributeForGroup( ownerGroup ) if not vomsAttr: self.log.info( "Downloading a proxy without VOMS extensions for %s@%s" % ( ownerDN, ownerGroup ) ) return gProxyManager.downloadProxy( ownerDN, ownerGroup, limited = True, requiredTimeLeft = requiredTimeLeft ) else: self.log.info( "Downloading a proxy with '%s' VOMS extension for %s@%s" % ( vomsAttr, ownerDN, ownerGroup ) ) return gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True, requiredTimeLeft = requiredTimeLeft, requiredVOMSAttribute = vomsAttr )
def changeProxy( self, ownerDN, ownerGroup ): """ get proxy from gProxyManager, save it to file :param self: self reference :param str ownerDN: request owner DN :param str ownerGroup: request owner group :return: S_OK with name of newly created owner proxy file """ ownerProxy = gProxyManager.downloadVOMSProxy( str(ownerDN), str(ownerGroup) ) if not ownerProxy["OK"] or not ownerProxy["Value"]: reason = ownerProxy["Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager." return S_ERROR( "Change proxy error for '%s'@'%s': %s" % ( ownerDN, ownerGroup, reason ) ) ownerProxyFile = ownerProxy["Value"].dumpAllToFile() if not ownerProxyFile["OK"]: return S_ERROR( ownerProxyFile["Message"] ) ownerProxyFile = ownerProxyFile["Value"] os.environ["X509_USER_PROXY"] = ownerProxyFile return S_OK( ownerProxyFile )
def changeProxy( self, ownerDN, ownerGroup ): """ get proxy from gProxyManager, save it to file :param self: self reference :param str ownerDN: request owner DN :param str ownerGroup: request owner group :return: S_OK with name of newly created owner proxy file """ ownerProxy = gProxyManager.downloadVOMSProxy( str(ownerDN), str(ownerGroup) ) if not ownerProxy["OK"] or not ownerProxy["Value"]: reason = ownerProxy["Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager." return S_ERROR( "Change proxy error for '%s'@'%s': %s" % ( ownerDN, ownerGroup, reason ) ) ownerProxyFile = ownerProxy["Value"].dumpAllToFile() if not ownerProxyFile["OK"]: return S_ERROR( ownerProxyFile["Message"] ) ownerProxyFile = ownerProxyFile["Value"] os.environ["X509_USER_PROXY"] = ownerProxyFile return S_OK( ownerProxyFile )
def getProxyForLFN(self, lfn): """ get proxy for lfn :param str lfn: LFN :return: S_ERROR or S_OK( "/path/to/proxy/file" ) """ dirMeta = self.replicaManager().getCatalogDirectoryMetadata( lfn, singleFile=True) if not dirMeta["OK"]: return dirMeta dirMeta = dirMeta["Value"] ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta[ "OwnerRole"].startswith("/") else dirMeta["OwnerRole"] ownerDN = dirMeta["OwnerDN"] ownerProxy = None for ownerGroup in getGroupsWithVOMSAttribute(ownerRole): vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited=True, requiredVOMSAttribute=ownerRole) if not vomsProxy["OK"]: self.log.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % (ownerDN, ownerRole, vomsProxy["Message"])) continue ownerProxy = vomsProxy["Value"] self.log.debug("getProxyForLFN: got proxy for %s@%s [%s]" % (ownerDN, ownerGroup, ownerRole)) break if not ownerProxy: return S_ERROR("Unable to get owner proxy") dumpToFile = ownerProxy.dumpAllToFile() if not dumpToFile["OK"]: self.log.error("getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"]) return dumpToFile dumpToFile = dumpToFile["Value"] os.environ["X509_USER_PROXY"] = dumpToFile return dumpToFile
def getShifterProxy( shifterType, fileName = False ): """ This method returns a shifter's proxy - shifterType : ProductionManager / DataManager... """ if fileName: try: os.makedirs( os.path.dirname( fileName ) ) except OSError: pass opsHelper = Operations() userName = opsHelper.getValue( cfgPath( 'Shifter', shifterType, 'User' ), '' ) if not userName: return S_ERROR( "No shifter User defined for %s" % shifterType ) result = CS.getDNForUsername( userName ) if not result[ 'OK' ]: return result userDN = result[ 'Value' ][0] result = CS.findDefaultGroupForDN( userDN ) if not result['OK']: return result defaultGroup = result['Value'] userGroup = opsHelper.getValue( cfgPath( 'Shifter', shifterType, 'Group' ), defaultGroup ) vomsAttr = CS.getVOMSAttributeForGroup( userGroup ) if vomsAttr: gLogger.info( "Getting VOMS [%s] proxy for shifter %s@%s (%s)" % ( vomsAttr, userName, userGroup, userDN ) ) result = gProxyManager.downloadVOMSProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 ) else: gLogger.info( "Getting proxy for shifter %s@%s (%s)" % ( userName, userGroup, userDN ) ) result = gProxyManager.downloadProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 ) if not result[ 'OK' ]: return result chain = result[ 'Value' ] result = gProxyManager.dumpProxyToFile( chain, destinationFile = fileName ) if not result[ 'OK' ]: return result fileName = result[ 'Value' ] return S_OK( { 'DN' : userDN, 'username' : userName, 'group' : userGroup, 'chain' : chain, 'proxyFile' : fileName } )
def getProxyByVO( user, vo ): group = vo.lower() + '_user' userDN = Registry.getDNForUsername( user ) if not userDN[ 'OK' ]: return S_ERROR( 'Cannot discover DN for user %s: %s' % ( user, userDN[ 'Message' ] ) ) userDN = userDN[ 'Value' ][ 0 ] chain = gProxyManager.downloadVOMSProxy( userDN, group ) if not chain[ 'OK' ]: return S_ERROR( 'Proxy file cannot be retrieved: %s' % chain[ 'Message' ] ) chain = chain[ 'Value' ] proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), user, group ) result = chain.dumpAllToFile( proxyPath ) if not result[ 'OK' ]: return S_ERROR( 'Proxy file cannot be written to %s: %s' % ( proxyPath, result[ 'Message' ] ) ) return S_OK( proxyPath )
def getProxyByVO( user, vo ): group = vo.lower() + '_user' userDN = Registry.getDNForUsername( user ) if not userDN[ 'OK' ]: return S_ERROR( 'Cannot discover DN for user %s: %s' % ( user, userDN[ 'Message' ] ) ) userDN = userDN[ 'Value' ][ 0 ] chain = gProxyManager.downloadVOMSProxy( userDN, group ) if not chain[ 'OK' ]: return S_ERROR( 'Proxy file cannot be retrieved: %s' % chain[ 'Message' ] ) chain = chain[ 'Value' ] proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), user, group ) result = chain.dumpAllToFile( proxyPath ) if not result[ 'OK' ]: return S_ERROR( 'Proxy file cannot be written to %s: %s' % ( proxyPath, result[ 'Message' ] ) ) return S_OK( proxyPath )
def getProxyForLFN( self, lfn ): """ get proxy for LFN :param self: self reference :param str lfn: LFN """ dirMeta = Utils.executeSingleFileOrDirWrapper( self.fc.getDirectoryMetadata( lfn ) ) if not dirMeta["OK"]: return dirMeta dirMeta = dirMeta["Value"] ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith( "/" ) else dirMeta["OwnerRole"] ownerDN = dirMeta["OwnerDN"] ownerProxy = None # Execute with server certificate gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' ) for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ): vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True, requiredVOMSAttribute = ownerRole ) if not vomsProxy["OK"]: self.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN, ownerRole, vomsProxy["Message"] ) ) continue ownerProxy = vomsProxy["Value"] self.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) ) break gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' ) if not ownerProxy: return S_ERROR( "Unable to get owner proxy" ) dumpToFile = ownerProxy.dumpAllToFile() if not dumpToFile["OK"]: self.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] ) return dumpToFile dumpToFile = dumpToFile["Value"] os.environ["X509_USER_PROXY"] = dumpToFile return S_OK()
def getShifterProxy( shifterType, fileName = False ): """ This method returns a shifter's proxy - shifterType : ProductionManager / DataManager... """ if fileName: try: os.makedirs( os.path.dirname( fileName ) ) except: pass shifterSection = "/Operations/Shifter/%s" % shifterType userName = gConfig.getValue( '%s/User' % shifterSection, '' ) if not userName: return S_ERROR( "No shifter defined in %s/User" % shifterSection ) result = CS.getDNForUsername( userName ) if not result[ 'OK' ]: return result userDN = result[ 'Value' ][0] userGroup = gConfig.getValue( '%s/Group' % shifterSection, CS.getDefaultUserGroup() ) vomsAttr = CS.getVOMSAttributeForGroup( userGroup ) if vomsAttr: gLogger.info( "Getting VOMS [%s] proxy for shifter %s@%s (%s)" % ( vomsAttr, userName, userGroup, userDN ) ) result = gProxyManager.downloadVOMSProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 ) else: gLogger.info( "Getting proxy for shifter %s@%s (%s)" % ( userName, userGroup, userDN ) ) result = gProxyManager.downloadProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 ) if not result[ 'OK' ]: return result chain = result[ 'Value' ] result = gProxyManager.dumpProxyToFile( chain, destinationFile = fileName ) if not result[ 'OK' ]: return result fileName = result[ 'Value' ] return S_OK( { 'DN' : userDN, 'username' : userName, 'group' : userGroup, 'chain' : chain, 'proxyFile' : fileName } )
def getProxyForLFN( self, lfn ): """ get proxy for LFN :param self: self reference :param str lfn: LFN """ dirMeta = self.replicaManager().getCatalogDirectoryMetadata( lfn, singleFile = True ) if not dirMeta["OK"]: return dirMeta dirMeta = dirMeta["Value"] ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith("/") else dirMeta["OwnerRole"] ownerDN = dirMeta["OwnerDN"] ownerProxy = None for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ): vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True, requiredVOMSAttribute = ownerRole ) if not vomsProxy["OK"]: self.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN, ownerRole, vomsProxy["Message"] ) ) continue ownerProxy = vomsProxy["Value"] self.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) ) break if not ownerProxy: return S_ERROR("Unable to get owner proxy") dumpToFile = ownerProxy.dumpAllToFile() if not dumpToFile["OK"]: self.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] ) return dumpToFile dumpToFile = dumpToFile["Value"] os.environ["X509_USER_PROXY"] = dumpToFile return S_OK()
def getProxyForLFN( self, lfn ): """ get proxy for lfn :param str lfn: LFN :return: S_ERROR or S_OK( "/path/to/proxy/file" ) """ dirMeta = returnSingleResult( self.fc.getDirectoryMetadata( os.path.dirname( lfn ) ) ) if not dirMeta["OK"]: return dirMeta dirMeta = dirMeta["Value"] ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith( "/" ) else dirMeta["OwnerRole"] ownerDN = dirMeta["OwnerDN"] ownerProxy = None for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ): vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True, requiredVOMSAttribute = ownerRole ) if not vomsProxy["OK"]: self.log.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN, ownerRole, vomsProxy["Message"] ) ) continue ownerProxy = vomsProxy["Value"] self.log.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) ) break if not ownerProxy: return S_ERROR( "Unable to get owner proxy" ) dumpToFile = ownerProxy.dumpAllToFile() if not dumpToFile["OK"]: self.log.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] ) else: os.environ["X509_USER_PROXY"] = dumpToFile["Value"] return dumpToFile
def __getOwnerProxy(self, dirPath): ''' get owner creds for :dirPath: ''' self.log.verbose("Retrieving dir metadata...") # get owner form the cached information, if not, try getDirectoryMetadata ownerName, ownerGroup = self.__directoryOwners.pop( dirPath, (None, None)) if not ownerName or not ownerGroup: result = returnSingleResult( self.catalog.getDirectoryMetadata(dirPath)) if not result['OK'] or 'OwnerRole' not in result['Value']: self.log.error("Could not get metadata info", result['Message']) return result ownerRole = result['Value']['OwnerRole'] ownerDN = result['Value']['OwnerDN'] if ownerRole[0] != "/": ownerRole = "/%s" % ownerRole cacheKey = (ownerDN, ownerRole) ownerName = 'unknown' byGroup = False else: ownerDN = Registry.getDNForUsername(ownerName) if not ownerDN['OK']: self.log.error("Could not get DN from user name", ownerDN['Message']) return ownerDN ownerDN = ownerDN['Value'][0] # This bloody method returns directly a string!!!! ownerRole = Registry.getVOMSAttributeForGroup(ownerGroup) byGroup = True # Get all groups for that VOMS Role, and add lhcb_user as in DFC this is a safe value ownerGroups = Registry.getGroupsWithVOMSAttribute(ownerRole) + [ 'lhcb_user' ] downErrors = [] for ownerGroup in ownerGroups: if byGroup: ownerRole = None cacheKey = (ownerDN, ownerGroup) if cacheKey in self.__noProxy: return S_ERROR("Proxy not available") # Getting the proxy... upFile = self.proxyCache.get(cacheKey, 3600) if upFile and os.path.exists(upFile): self.log.verbose( 'Returning cached proxy for %s %s@%s [%s] in %s' % (ownerName, ownerDN, ownerGroup, ownerRole, upFile)) return S_OK(upFile) if ownerRole: result = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited=False, requiredVOMSAttribute=ownerRole) else: result = gProxyManager.downloadProxy(ownerDN, ownerGroup, limited=False) if not result['OK']: downErrors.append("%s : %s" % (cacheKey, result['Message'])) continue userProxy = result['Value'] secsLeft = max(0, userProxy.getRemainingSecs()['Value']) upFile = userProxy.dumpAllToFile() if upFile['OK']: upFile = upFile['Value'] else: return upFile self.proxyCache.add(cacheKey, secsLeft, upFile) self.log.info("Got proxy for %s %s@%s [%s]" % (ownerName, ownerDN, ownerGroup, ownerRole)) return S_OK(upFile) self.__noProxy.add(cacheKey) return S_ERROR("Could not download proxy for user (%s, %s):\n%s " % (ownerDN, ownerRole, "\n ".join(downErrors)))
def main(): params = Params() params.registerCLISwitches() Script.parseCommandLine(ignoreErrors=True) args = Script.getPositionalArgs() if len(args) != 2: Script.showHelp() userGroup = str(args[1]) userDN = str(args[0]) userName = False if userDN.find("/") != 0: userName = userDN retVal = Registry.getDNForUsername(userName) if not retVal['OK']: gLogger.notice("Cannot discover DN for username %s\n\t%s" % (userName, retVal['Message'])) DIRAC.exit(2) DNList = retVal['Value'] if len(DNList) > 1: gLogger.notice("Username %s has more than one DN registered" % userName) ind = 0 for dn in DNList: gLogger.notice("%d %s" % (ind, dn)) ind += 1 inp = six.moves.input( "Which DN do you want to download? [default 0] ") if not inp: inp = 0 else: inp = int(inp) userDN = DNList[inp] else: userDN = DNList[0] if not params.proxyPath: if not userName: result = Registry.getUsernameForDN(userDN) if not result['OK']: gLogger.notice("DN '%s' is not registered in DIRAC" % userDN) DIRAC.exit(2) userName = result['Value'] params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName, userGroup) if params.enableVOMS: result = gProxyManager.downloadVOMSProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime, requiredVOMSAttribute=params.vomsAttr) else: result = gProxyManager.downloadProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime) if not result['OK']: gLogger.notice('Proxy file cannot be retrieved: %s' % result['Message']) DIRAC.exit(2) chain = result['Value'] result = chain.dumpAllToFile(params.proxyPath) if not result['OK']: gLogger.notice('Proxy file cannot be written to %s: %s' % (params.proxyPath, result['Message'])) DIRAC.exit(2) gLogger.notice("Proxy downloaded to %s" % params.proxyPath) DIRAC.exit(0)
DIRAC.exit(2) userDN = DNList[0] if not params.proxyPath: if not userName: result = CS.getUsernameForDN(userDN) if not result['OK']: print "DN '%s' is not registered in DIRAC" % userDN DIRAC.exit(2) userName = result['Value'] params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName, userGroup) if params.enableVOMS: result = gProxyManager.downloadVOMSProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime, requiredVOMSAttribute=params.vomsAttr) else: result = gProxyManager.downloadProxy(userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime) if not result['OK']: print 'Proxy file cannot be retrieved: %s' % result['Message'] DIRAC.exit(2) chain = result['Value'] result = chain.dumpAllToFile(params.proxyPath) if not result['OK']: print 'Proxy file cannot be written to %s: %s' % (params.proxyPath, result['Message'])
def main(): params = Params() params.registerCLISwitches() # Registering arguments will automatically add their description to the help menu Script.registerArgument(( "DN: DN of the user", "user: DIRAC user name (will fail if there is more than 1 DN registered)" )) Script.registerArgument(" group: DIRAC group name") Script.parseCommandLine(ignoreErrors=True) # parseCommandLine show help when mandatory arguments are not specified or incorrect argument userDN, userGroup = Script.getPositionalArgs(group=True) userName = False if userDN.find("/") != 0: userName = userDN retVal = Registry.getDNForUsername(userName) if not retVal["OK"]: gLogger.notice("Cannot discover DN for username %s\n\t%s" % (userName, retVal["Message"])) DIRAC.exit(2) DNList = retVal["Value"] if len(DNList) > 1: gLogger.notice("Username %s has more than one DN registered" % userName) ind = 0 for dn in DNList: gLogger.notice("%d %s" % (ind, dn)) ind += 1 inp = input("Which DN do you want to download? [default 0] ") if not inp: inp = 0 else: inp = int(inp) userDN = DNList[inp] else: userDN = DNList[0] if not params.proxyPath: if not userName: result = Registry.getUsernameForDN(userDN) if not result["OK"]: gLogger.notice("DN '%s' is not registered in DIRAC" % userDN) DIRAC.exit(2) userName = result["Value"] params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName, userGroup) if params.enableVOMS: result = gProxyManager.downloadVOMSProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime, requiredVOMSAttribute=params.vomsAttr, ) else: result = gProxyManager.downloadProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime) if not result["OK"]: gLogger.notice("Proxy file cannot be retrieved: %s" % result["Message"]) DIRAC.exit(2) chain = result["Value"] result = chain.dumpAllToFile(params.proxyPath) if not result["OK"]: gLogger.notice("Proxy file cannot be written to %s: %s" % (params.proxyPath, result["Message"])) DIRAC.exit(2) gLogger.notice("Proxy downloaded to %s" % params.proxyPath) DIRAC.exit(0)
print "Which dn do you want to download?" DIRAC.exit( 2 ) userDN = DNList[0] if not params.proxyPath: if not userName: result = Registry.getUsernameForDN( userDN ) if not result[ 'OK' ]: print "DN '%s' is not registered in DIRAC" % userDN DIRAC.exit( 2 ) userName = result[ 'Value' ] params.proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), userName, userGroup ) if params.enableVOMS: result = gProxyManager.downloadVOMSProxy( userDN, userGroup, limited = params.limited, requiredTimeLeft = params.proxyLifeTime, requiredVOMSAttribute = params.vomsAttr ) else: result = gProxyManager.downloadProxy( userDN, userGroup, limited = params.limited, requiredTimeLeft = params.proxyLifeTime ) if not result['OK']: print 'Proxy file cannot be retrieved: %s' % result['Message'] DIRAC.exit( 2 ) chain = result[ 'Value' ] result = chain.dumpAllToFile( params.proxyPath ) if not result['OK']: print 'Proxy file cannot be written to %s: %s' % ( params.proxyPath, result['Message'] ) DIRAC.exit( 2 ) print "Proxy downloaded to %s" % params.proxyPath DIRAC.exit( 0 )