def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN, serverCert=serverCert, serverKey=serverKey,
myproxySrv='myproxy.cern.ch', proxyDir='/tmp/', logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN,
serverCert=serverCert,
serverKey=serverKey,
myproxySrv='myproxy.cern.ch',
proxyDir='/tmp/',
logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
class Proxy(object):
'''
CMS uses proxies constantly. This class is a wrapper function around WMCore
proxy handling, to allow the user to update/check/delete their proxy in
myproxy and update/check the local proxy
'''
def __init__(self):
'''
Constructor
'''
self.helper = WMCoreProxy({'logger' : logging})
def getProxyFilename(self):
return self.helper.getProxyFilename()
def initProxy(self):
self.helper.create()
def deleteProxy(self):
self.helper.destroy()
def uploadToMyproxy(self, allowedDN):
self.helper.serverDN = allowedDN
self.helper.delegate( None, True )
def createNewVomsProxy(self, timeleftthreshold=0):
"""
Handles the proxy creation:
- checks if a valid proxy still exists
- performs the creation if it is expired
"""
## TODO add the change to have user-cert/key defined in the config.
userproxy = Proxy( self.defaultDelegation )
userproxy.userDN = userproxy.getSubject()
proxytimeleft = 0
self.logger.debug("Getting proxy life time left")
# does it return an integer that indicates?
proxytimeleft = userproxy.getTimeLeft()
self.logger.debug("Proxy is valid: %i" % proxytimeleft)
#if it is not expired I check if role and/or group are changed
if not proxytimeleft < timeleftthreshold and self.defaultDelegation['role']!=None and self.defaultDelegation['group']!=None:
group , role = userproxy.getUserGroupAndRoleFromProxy( userproxy.getProxyFilename())
if group != self.defaultDelegation['group'] or role != self.defaultDelegation['role']:
self.proxyChanged = True
#if the proxy is expired, or we changed role and/or group, we need to create a new one
if proxytimeleft < timeleftthreshold or self.proxyChanged:
# creating the proxy
self.logger.debug("Creating a proxy for %s hours" % self.defaultDelegation['proxyValidity'] )
userproxy.create()
proxytimeleft = userproxy.getTimeLeft()
group , role = userproxy.getUserGroupAndRoleFromProxy( userproxy.getProxyFilename())
if proxytimeleft > 0 and group == self.defaultDelegation['group'] and role == self.defaultDelegation['role']:
self.logger.debug("Proxy created.")
else:
raise ProxyCreationException("Problems creating proxy.")
return userproxy.getSubject( ), userproxy.getProxyFilename()
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger,
'server_key' : '/home/crab/.globus/hostkey.pem', 'server_cert' : '/home/crab/.globus/hostcert.pem',
'vo': 'cms', 'group': 'integration', 'role': 'NULL', 'myProxySvr': 'myproxy.cern.ch',
'proxyValidity' : '192:00', 'min_time_left' : 36000, 'uisource' : '/afs/cern.ch/cms/LCG/LCG-2/UI/cms_ui_env.sh'}
#, 'serverDN' : '/C=IT/O=INFN/OU=Host/L=Perugia/CN=crab.pg.infn.it'}
self.proxyPath = None
self.proxy = Proxy( self.dict )
self.serverKey = self.dict['server_key']
self.serverDN = None
if self.dict.has_key('serverDN'): self.serverDN = self.dict['serverDN']
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
self.proxy.destroy()
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testDestroyBeforeCreation(self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
assert not os.path.exists(self.proxyPath)
@attr("integration")
def testCreateProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
time.sleep( 5 )
proxyPath = self.proxy.getProxyFilename()
assert os.path.exists(proxyPath)
@attr("integration")
def testCheckProxyTimeLeft( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
timeLeft = self.proxy.getTimeLeft()
print timeLeft
assert ( int(timeLeft) / 3600 ) == 192
@attr("integration")
def testRenewProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
time.sleep( 70 )
self.proxy.renew()
time.sleep( 10 )
timeLeft = self.proxy.getTimeLeft()
assert ( int(timeLeft) / 3600 ) == 191
@attr("integration")
def testDestroyProxy(self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
assert not os.path.exists(self.proxyPath)
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
if os.path.exists(self.serverKey):
return
self.testCreateProxy()
subject = self.proxy.getSubject( )
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName( self ):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
if os.path.exists( self.serverKey ):
return
self.testCreateProxy()
user = self.proxy.getUserName( )
identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:]
self.assertEqual(user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def checkAttribute( self ):
"""
"""
if not os.path.exists( self.serverKey ):
valid = self.proxy.checkAttribute( )
assert valid == True
@attr("integration")
def testCheckTimeLeft( self ):
"""
"""
if not os.path.exists( self.serverKey ):
valid = self.proxy.check( self.proxyPath )
assert valid == True
@attr("integration")
def testDelegateMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
self.proxy.delegate( credential = self.proxyPath )
valid = self.proxy.checkMyProxy( )
assert valid == True
@attr("integration")
def testDelegateServerAndMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
self.proxy.delegate( credential = self.proxyPath, serverRenewer = True )
valid = self.proxy.checkMyProxy( checkRenewer = True )
assert valid == True
@attr("integration")
def testCheckMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ) and self.serverDN:
self.proxy.create()
self.proxy.delegate( )
valid = self.proxy.checkMyProxy( )
assert valid == True
@attr("integration")
def testCheckMyProxyServer( self ):
"""
"""
if not os.path.exists( self.serverKey ) and self.serverDN:
self.proxy.create()
self.proxy.delegate( serverRenewer = True )
valid = self.proxy.checkMyProxy( checkRenewer = True )
assert valid == True
@attr("integration")
def testLogonRenewMyProxy( self ):
"""
"""
if os.path.exists( self.serverKey ):
proxyFile = self.proxy.logonRenewMyProxy( )
assert os.path.exists( proxyFile )
@attr("integration")
def testRenewMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
time.sleep( 70 )
self.proxy.renewMyProxy( proxy = self.proxyPath )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath )
assert ( int(timeLeft) / 3600 ) == 167
@attr("integration")
def testRenewMyProxyForServer( self ):
"""
"""
if not os.path.exists( self.serverKey ) and self.serverDN:
self.proxy.create()
time.sleep( 70 )
self.proxy.renewMyProxy( proxy = self.proxyPath, serverRenewer = True )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath, serverRenewer = True )
assert ( int(timeLeft) / 3600 ) == 167
@attr("integration")
def testRenewMyProxyByServer( self ):
"""
"""
if os.path.exists( self.serverKey ):
proxyPath = self.proxy.getProxyFilename( serverRenewer = True )
self.proxy.logonRenewMyProxy( proxyPath )
timeLeft = self.proxy.getTimeLeft( proxyPath )
assert ( int(timeLeft) / 3600 ) > 120
@attr("integration")
def testVomsRenewal( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
proxyPath = self.proxy.getProxyFilename( )
time.sleep( 70 )
attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
vomsTimeLeft = self.proxy.getVomsLife( proxyPath )
assert ( int(vomsTimeLeft) / 3600 ) == 191
@attr("integration")
def testElevateAttribute( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
proxyPath = self.proxy.getProxyFilename( )
# getProxyDetails allows to buid the proxy attribute from the parameters given
attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
assert self.proxy.getAttributeFromProxy( proxyPath ) == '/cms/Role=NULL/Capability=NULL'
@attr("integration")
def testUserGroupInProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
assert self.proxy.group == self.getUserAttributes().split('\n')[0].split('/')[2]
@attr("integration")
def testUserRoleInProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
assert self.proxy.role == self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1]
@attr("integration")
def testGetAttributes( self ):
"""
"""
if not os.path.exists( self.serverKey ):
if not self.dict['role']:
role = 'NULL'
self.proxy.create()
assert self.proxy.getAttributeFromProxy().split('/')[2] == self.dict['group']
assert self.proxy.getAttributeFromProxy().split('/')[3].split('=')[1] == role
@attr("integration")
def testGetAttributes( self ):
"""
"""
if not os.path.exists( self.serverKey ):
if not self.dict['role']:
role = 'NULL'
self.proxy.create()
proxyPath = self.proxy.getProxyFilename( )
if self.dict['group'] and self.dict['role']:
assert self.proxy.getUserGroupAndRoleFromProxy( proxyPath )[0] == self.dict['group']
assert self.proxy.getUserGroupAndRoleFromProxy( proxyPath )[1] == self.dict['role']
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(
level=logging.DEBUG,
format="%(asctime)s %(name)-12s %(levelname)-8s %(message)s",
datefmt="%m-%d %H:%M",
filename="proxy_unittests.log",
filemode="w",
)
logger_name = "ProxyTest"
self.logger = logging.getLogger(logger_name)
self.dict = {
"logger": self.logger,
"vo": "cms",
"group": group,
"role": role,
"myProxySvr": myProxySvr,
"proxyValidity": "192:00",
"min_time_left": 36000,
"uisource": uiPath,
}
self.proxyPath = None
self.proxy = Proxy(self.dict)
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(
["voms-proxy-info", "-identity"], stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(
["voms-proxy-info", "-fqan"], stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testGetUserCertEnddate(self):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
daysleft = self.proxy.getUserCertEnddate()
self.assertEqual(daysleft, 29) # set this as the number of days left in .globus/usercert.pem
@attr("integration")
def testAAACreateProxy(self):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep(5)
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft(self):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testRenewProxy(self):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep(70)
self.proxy.renew()
time.sleep(10)
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testDestroyProxy(self):
"""
Test the proxy destroy method.
"""
self.proxy.destroy()
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject()
self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.")
return
@attr("integration")
def testGetUserName(self):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName()
identity = self.getUserIdentity().split("/")[len(self.getUserIdentity().split("/")) - 1][3:]
self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute(self):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute()
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft(self):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check(self.proxyPath)
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal(self):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename()
time.sleep(70)
attribute = self.proxy.prepareAttForVomsRenewal(self.proxy.getAttributeFromProxy(proxyPath))
self.proxy.vomsExtensionRenewal(proxyPath, attribute)
vomsTimeLeft = self.proxy.getVomsLife(proxyPath)
self.assertEqual(int(vomsTimeLeft) / 3600, 191)
@attr("integration")
def testElevateAttribute(self):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename()
attribute = self.proxy.prepareAttForVomsRenewal("/cms/Role=NULL/Capability=NULL")
self.proxy.vomsExtensionRenewal(proxyPath, attribute)
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), "/cms/Role=NULL/Capability=NULL")
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy(self):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, "No group set. Testing incomplete.")
self.assertEqual(self.proxy.group, self.getUserAttributes().split("\n")[0].split("/")[2])
@attr("integration")
def testUserRoleInProxy(self):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(self.proxy.role, self.getUserAttributes().split("\n")[0].split("/")[3].split("=")[1])
@attr("integration")
def testGetAttributes(self):
"""
Test getAttributeFromProxy method.
"""
self.assertTrue(self.proxy.group, "No group set. Testing incomplete.")
if not self.dict["role"]:
role = "NULL"
else:
role = self.dict["role"]
proxyPath = self.proxy.getProxyFilename()
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[2], self.dict["group"])
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[3].split("=")[1], role)
@attr("integration")
def testGetUserGroupAndRole(self):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict["role"]:
role = "NULL"
else:
role = self.dict["role"]
proxyPath = self.proxy.getProxyFilename()
if self.dict["group"] and self.dict["role"]:
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict["group"])
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {
'logger': self.logger,
'vo': 'cms',
'group': group,
'role': role,
'myProxySvr': myProxySvr,
'proxyValidity': '192:00',
'min_time_left': 36000,
'uisource': uiPath
}
self.proxyPath = None
self.proxy = Proxy(self.dict)
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testAAACreateProxy(self):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep(5)
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft(self):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testRenewProxy(self):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep(70)
self.proxy.renew()
time.sleep(10)
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testDestroyProxy(self):
"""
Test the proxy destroy method.
"""
self.proxy.destroy()
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject()
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName(self):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName()
identity = self.getUserIdentity().split("/")[
len(self.getUserIdentity().split("/")) - 1][3:]
self.assertEqual(
user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute(self):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute()
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft(self):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check(self.proxyPath)
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal(self):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename()
time.sleep(70)
attribute = self.proxy.prepareAttForVomsRenewal(
self.proxy.getAttributeFromProxy(proxyPath))
self.proxy.vomsExtensionRenewal(proxyPath, attribute)
vomsTimeLeft = self.proxy.getVomsLife(proxyPath)
self.assertEqual(int(vomsTimeLeft) / 3600, 191)
@attr("integration")
def testElevateAttribute(self):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename()
attribute = self.proxy.prepareAttForVomsRenewal(
'/cms/Role=NULL/Capability=NULL')
self.proxy.vomsExtensionRenewal(proxyPath, attribute)
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath),
'/cms/Role=NULL/Capability=NULL')
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy(self):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
self.assertEqual(self.proxy.group,
self.getUserAttributes().split('\n')[0].split('/')[2])
@attr("integration")
def testUserRoleInProxy(self):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(
self.proxy.role,
self.getUserAttributes().split('\n')[0].split('/')[3].split('=')
[1])
@attr("integration")
def testGetAttributes(self):
"""
Test getAttributeFromProxy method.
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename()
self.assertEqual(
self.proxy.getAttributeFromProxy(proxyPath).split('/')[2],
self.dict['group'])
self.assertEqual(
self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split(
'=')[1], role)
@attr("integration")
def testGetUserGroupAndRole(self):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename()
if self.dict['group'] and self.dict['role']:
self.assertEqual(
self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0],
self.dict['group'])
self.assertEqual(
self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
class MyProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role,
'myProxySvr': myProxySvr, 'proxyValidity' : '192:00', 'min_time_left' : 36000,
'uisource' : uiPath, 'serverDN' : serverDN}
self.proxyPath = None
self.proxy = Proxy( self.dict )
self.serverDN = self.dict['serverDN']
def tearDown(self):
"""
_tearDown_
"""
return
@attr("integration")
def testAAACreateMyProxy( self ):
"""
Test if delegate method create correctly the MyProxy.
"""
self.proxy.create()
self.proxy.delegate( credential = self.proxyPath )
valid = self.proxy.checkMyProxy( )
self.assertTrue(valid, 'Could not create MyProxy')
@attr("integration")
def testDelegateServer( self ):
"""
Test if delegate method create MyProxy and delegate
the retrieval to the server correctly.
"""
self.proxy.delegate( credential = self.proxyPath, serverRenewer = True )
valid = self.proxy.checkMyProxy( checkRenewer = True )
self.assertTrue(valid)
@attr("integration")
def testCheckMyProxy( self ):
"""
Test if checkMyProxy checks correctly the MyProxy validity.
"""
valid = self.proxy.checkMyProxy( )
self.assertTrue(valid)
@attr("integration")
def testRenewMyProxy( self ):
"""
Test if renewMyProxy method renews correctly the MyProxy.
"""
self.proxy.renewMyProxy( proxy = self.proxyPath )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath )
self.assertEqual(int(timeLeft) / 3600, 167)
@attr("integration")
def testRenewMyProxyForServer( self ):
"""
Renew MyProxy which the retrieval is delegated to a server.
"""
time.sleep( 70 )
self.proxy.renewMyProxy( proxy = self.proxyPath, serverRenewer = True )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath, serverRenewer = True )
self.assertEqual(int(timeLeft) / 3600, 167)
@attr("integration")
def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN, serverCert=serverCert, serverKey=serverKey,
myproxySrv='myproxy.cern.ch', proxyDir='/tmp/', logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
class MyProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {
'logger': self.logger,
'vo': 'cms',
'group': group,
'role': role,
'myProxySvr': myProxySvr,
'proxyValidity': '192:00',
'min_time_left': 36000,
'uisource': uiPath,
'serverDN': serverDN
}
self.proxyPath = None
self.proxy = Proxy(self.dict)
self.serverDN = self.dict['serverDN']
def tearDown(self):
"""
_tearDown_
"""
return
@attr("integration")
def testAAACreateMyProxy(self):
"""
Test if delegate method create correctly the MyProxy.
"""
self.proxy.create()
self.proxy.delegate(credential=self.proxyPath)
valid = self.proxy.checkMyProxy()
self.assertTrue(valid, 'Could not create MyProxy')
@attr("integration")
def testDelegateServer(self):
"""
Test if delegate method create MyProxy and delegate
the retrieval to the server correctly.
"""
self.proxy.delegate(credential=self.proxyPath, serverRenewer=True)
valid = self.proxy.checkMyProxy(checkRenewer=True)
self.assertTrue(valid)
@attr("integration")
def testCheckMyProxy(self):
"""
Test if checkMyProxy checks correctly the MyProxy validity.
"""
valid = self.proxy.checkMyProxy()
self.assertTrue(valid)
@attr("integration")
def testRenewMyProxy(self):
"""
Test if renewMyProxy method renews correctly the MyProxy.
"""
self.proxy.renewMyProxy(proxy=self.proxyPath)
time.sleep(5)
timeLeft = self.proxy.getMyProxyTimeLeft(proxy=self.proxyPath)
self.assertEqual(int(int(timeLeft) // 3600), 167)
@attr("integration")
def testRenewMyProxyForServer(self):
"""
Renew MyProxy which the retrieval is delegated to a server.
"""
time.sleep(70)
self.proxy.renewMyProxy(proxy=self.proxyPath, serverRenewer=True)
time.sleep(5)
timeLeft = self.proxy.getMyProxyTimeLeft(proxy=self.proxyPath,
serverRenewer=True)
self.assertEqual(int(int(timeLeft) // 3600), 167)
@attr("integration")
def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN,
serverCert=serverCert,
serverKey=serverKey,
myproxySrv='myproxy.cern.ch',
proxyDir='/tmp/',
logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger,
'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr,
'proxyValidity' : '192:00', 'min_time_left' : 36000}
self.proxyPath = None
self.proxy = Proxy( self.dict )
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testGetUserCertEnddate( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
daysleft = self.proxy.getUserCertEnddate()
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
daysleft = self.proxy.getUserCertEnddate(openSSL=False)
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
@attr("integration")
def testAAACreateProxy( self ):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep( 5 )
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testRenewProxy( self ):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep( 70 )
self.proxy.renew()
time.sleep( 10 )
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testDestroyProxy(self ):
"""
Test the proxy destroy method.
"""
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject( )
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName( self ):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName( )
identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:]
self.assertEqual(user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute( self ):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute( )
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft( self ):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check( self.proxyPath )
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal( self ):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename( )
time.sleep( 70 )
attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
vomsTimeLeft = self.proxy.getVomsLife( proxyPath )
self.assertEqual(int(vomsTimeLeft) / 3600, 191)
@attr("integration")
def testElevateAttribute( self ):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename( )
attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL')
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2])
@attr("integration")
def testUserRoleInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1])
@attr("integration")
def testGetAttributes( self ):
"""
Test getAttributeFromProxy method.
Can tested this with:
voms-proxy-init -voms cms:/cms/integration #or any group of yours
export PROXY_GROUP=integration
python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group'])
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role)
#test with the allAttributes flag
self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1)
@attr("integration")
def testGetUserGroupAndRole( self ):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
if self.dict['group'] and self.dict['role']:
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group'])
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
@attr("integration")
def testGetAllUserGroups( self ):
"""
Test GetAllUserGroups method.
"""
proxyPath = self.proxy.getProxyFilename( )
groups = self.proxy.getAllUserGroups(proxyPath)
print(list(groups))
