def execute(self, *args, **kwargs):
result = None
proxycfg = {'vo': kwargs['task']['tm_user_vo'],
'logger': self.logger,
'myProxySvr': self.config.Services.MyProxy,
'proxyValidity' : '144:0',
'min_time_left' : 36000, ## do we need this ? or should we use self.myproxylen?
'userDN' : kwargs['task']['tm_user_dn'],
'group' : kwargs['task']['tm_user_group'] if kwargs['task']['tm_user_group'] else '',
'role' : kwargs['task']['tm_user_role'] if kwargs['task']['tm_user_role'] else '',
'server_key': self.config.MyProxy.serverhostkey,
'server_cert': self.config.MyProxy.serverhostcert,
'serverDN': self.config.MyProxy.serverdn,
'uisource': getattr(self.config.MyProxy, 'uisource', ''),
'credServerPath': self.config.MyProxy.credpath,
'myproxyAccount' : self.server['host'],
'cleanEnvironment' : getattr(self.config.MyProxy, 'cleanEnvironment', False)
}
proxy = Proxy(proxycfg)
userproxy = proxy.getProxyFilename(serverRenewer=True)
proxy.logonRenewMyProxy()
timeleft = proxy.getTimeLeft(userproxy)
usergroups = set(proxy.getAllUserGroups(userproxy))
if timeleft is None or timeleft <= 0:
msg = "Impossible to retrieve proxy from %s for %s." % (proxycfg['myProxySvr'], proxycfg['userDN'])
raise TaskWorkerException(msg)
else:
kwargs['task']['user_proxy'] = userproxy
kwargs['task']['user_groups'] = usergroups
result = Result(task=kwargs['task'], result='OK')
return result
def execute(self, *args, **kwargs):
result = None
proxycfg = {'vo': kwargs['task']['tm_user_vo'],
'logger': self.logger,
'myProxySvr': self.config.Services.MyProxy,
'proxyValidity' : '144:0',
'min_time_left' : 36000, ## do we need this ? or should we use self.myproxylen?
'userDN' : kwargs['task']['tm_user_dn'],
'group' : kwargs['task']['tm_user_group'] if kwargs['task']['tm_user_group'] else '',
'role' : kwargs['task']['tm_user_role'] if kwargs['task']['tm_user_role'] else '',
'server_key': self.config.MyProxy.serverhostkey,
'server_cert': self.config.MyProxy.serverhostcert,
'serverDN': self.config.MyProxy.serverdn,
'uisource': getattr(self.config.MyProxy, 'uisource', ''),
'credServerPath': self.config.MyProxy.credpath,
'myproxyAccount' : self.server['host'],
'cleanEnvironment' : getattr(self.config.MyProxy, 'cleanEnvironment', False)
}
# WMCore proxy methods are awfully verbode, reduce logging level when using them
with tempSetLogLevel(logger=self.logger, level=logging.ERROR):
proxy = Proxy(proxycfg)
userproxy = proxy.getProxyFilename(serverRenewer=True)
proxy.logonRenewMyProxy()
timeleft = proxy.getTimeLeft(userproxy)
usergroups = set(proxy.getAllUserGroups(userproxy))
if timeleft is None or timeleft <= 0:
msg = "Impossible to retrieve proxy from %s for %s." % (proxycfg['myProxySvr'], proxycfg['userDN'])
self.logger.error(msg)
self.logger.error("\n Will try again in verbose mode")
self.logger.error("===========PROXY ERROR START ==========================")
with tempSetLogLevel(logger=self.logger, level=logging.DEBUG):
userproxy = proxy.getProxyFilename(serverRenewer=True)
proxy.logonRenewMyProxy()
timeleft = proxy.getTimeLeft(userproxy)
usergroups = set(proxy.getAllUserGroups(userproxy))
self.logger.error("===========PROXY ERROR END ==========================")
raise TaskWorkerException(msg)
else:
kwargs['task']['user_proxy'] = userproxy
kwargs['task']['user_groups'] = usergroups
self.logger.debug("Valid proxy for %s now in %s", proxycfg['userDN'], userproxy)
result = Result(task=kwargs['task'], result='OK')
return result
def execute(self, *args, **kwargs):
result = None
proxycfg = {
'vo':
kwargs['task']['tm_user_vo'],
'logger':
self.logger,
'myProxySvr':
self.config.Services.MyProxy,
'proxyValidity':
'144:0',
'min_time_left':
36000, ## do we need this ? or should we use self.myproxylen?
'userDN':
kwargs['task']['tm_user_dn'],
'group':
kwargs['task']['tm_user_group']
if kwargs['task']['tm_user_group'] else '',
'role':
kwargs['task']['tm_user_role']
if kwargs['task']['tm_user_role'] else '',
'server_key':
self.config.MyProxy.serverhostkey,
'server_cert':
self.config.MyProxy.serverhostcert,
'serverDN':
self.config.MyProxy.serverdn,
'uisource':
getattr(self.config.MyProxy, 'uisource', ''),
'credServerPath':
self.config.MyProxy.credpath,
'myproxyAccount':
self.server['host'],
'cleanEnvironment':
getattr(self.config.MyProxy, 'cleanEnvironment', False)
}
proxy = Proxy(proxycfg)
userproxy = proxy.getProxyFilename(serverRenewer=True)
proxy.logonRenewMyProxy()
timeleft = proxy.getTimeLeft(userproxy)
usergroups = set(proxy.getAllUserGroups(userproxy))
if timeleft is None or timeleft <= 0:
msg = "Impossible to retrieve proxy from %s for %s." % (
proxycfg['myProxySvr'], proxycfg['userDN'])
raise TaskWorkerException(msg)
else:
kwargs['task']['user_proxy'] = userproxy
kwargs['task']['user_groups'] = usergroups
result = Result(task=kwargs['task'], result='OK')
return result
def tryProxyLogon(self, proxycfg=None):
"""
Utility function to allow trying with diffenent myproxy configurations.
It tries to retrieve a valid proxy from myproxy using the configuration
passed as argument. See WMCore.Credential.Proxy for configuration details.
If successful returns the proxy filename and list of VOMS groups
for later addition via voms-proxy-init. If not rises a TW exception.
Note that logonRenewMyProxy() does not rise exceptions.
"""
# WMCore proxy methods are awfully verbose, reduce logging level when using them
with tempSetLogLevel(logger=self.logger, level=logging.ERROR):
proxy = Proxy(proxycfg)
userproxy = proxy.getProxyFilename(
serverRenewer=True) # this only returns a filename
proxy.logonRenewMyProxy(
) # this tries to create the proxy, but if it fails it does not rise
usergroups = set(proxy.getAllUserGroups(
userproxy)) # get VOMS groups from created proxy (if any)
timeleft = proxy.getTimeLeft(
userproxy
) # this is the way to tell if proxy creation succeeded
errmsg = ''
if timeleft is None or timeleft <= 0:
errmsg = "Impossible to retrieve proxy from %s for %s." % (
proxycfg['myProxySvr'], proxycfg['userDN'])
if timeleft < (5 * 24 * 3600):
errmsg = "Could not get a proxy valid for at least 5-days from %s for %s." % (
proxycfg['myProxySvr'], proxycfg['userDN'])
if errmsg:
self.logger.error(errmsg)
self.logger.error("Will try again in verbose mode")
self.logger.error(
"===========PROXY ERROR START ==========================")
with tempSetLogLevel(logger=self.logger, level=logging.DEBUG):
proxy.logonRenewMyProxy()
self.logger.error(
"===========PROXY ERROR END ==========================")
raise TaskWorkerException(errmsg)
hoursleft = timeleft / 3600
minutesleft = (timeleft % 3600) / 60
self.logger.info('retrieved proxy lifetime in h:m: %d:%d', hoursleft,
minutesleft)
return (userproxy, usergroups)
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger,
'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr,
'proxyValidity' : '192:00', 'min_time_left' : 36000}
self.proxyPath = None
self.proxy = Proxy( self.dict )
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
stdout, _ = vomsProxyInfoCall.communicate()
stdout = decodeBytesToUnicode(stdout) if PY3 else stdout
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
stdout, _ = vomsProxyInfoCall.communicate()
stdout = decodeBytesToUnicode(stdout) if PY3 else stdout
return stdout[0:-1]
@attr("integration")
def testGetUserCertEnddate( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
daysleft = self.proxy.getUserCertEnddate()
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
daysleft = self.proxy.getUserCertEnddate(openSSL=False)
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
@attr("integration")
def testAAACreateProxy( self ):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep( 5 )
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(int(timeLeft) // 3600), 191)
@attr("integration")
def testRenewProxy( self ):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep( 70 )
self.proxy.renew()
time.sleep( 10 )
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(int(timeLeft) // 3600), 191)
@attr("integration")
def testDestroyProxy(self ):
"""
Test the proxy destroy method.
"""
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject( )
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName( self ):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName( )
identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:]
self.assertEqual(user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute( self ):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute( )
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft( self ):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check( self.proxyPath )
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal( self ):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename( )
time.sleep( 70 )
attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
vomsTimeLeft = self.proxy.getVomsLife( proxyPath )
self.assertEqual(int(int(vomsTimeLeft) // 3600), 191)
@attr("integration")
def testElevateAttribute( self ):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename( )
attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL')
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2])
@attr("integration")
def testUserRoleInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1])
@attr("integration")
def testGetAttributes( self ):
"""
Test getAttributeFromProxy method.
Can tested this with:
voms-proxy-init -voms cms:/cms/integration #or any group of yours
export PROXY_GROUP=integration
python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group'])
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role)
#test with the allAttributes flag
self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1)
@attr("integration")
def testGetUserGroupAndRole( self ):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
if self.dict['group'] and self.dict['role']:
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group'])
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
@attr("integration")
def testGetAllUserGroups( self ):
"""
Test GetAllUserGroups method.
"""
proxyPath = self.proxy.getProxyFilename( )
groups = self.proxy.getAllUserGroups(proxyPath)
print(list(groups))
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger,
'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr,
'proxyValidity' : '192:00', 'min_time_left' : 36000}
self.proxyPath = None
self.proxy = Proxy( self.dict )
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testGetUserCertEnddate( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
daysleft = self.proxy.getUserCertEnddate()
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
daysleft = self.proxy.getUserCertEnddate(openSSL=False)
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
@attr("integration")
def testAAACreateProxy( self ):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep( 5 )
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testRenewProxy( self ):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep( 70 )
self.proxy.renew()
time.sleep( 10 )
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testDestroyProxy(self ):
"""
Test the proxy destroy method.
"""
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject( )
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName( self ):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName( )
identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:]
self.assertEqual(user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute( self ):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute( )
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft( self ):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check( self.proxyPath )
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal( self ):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename( )
time.sleep( 70 )
attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
vomsTimeLeft = self.proxy.getVomsLife( proxyPath )
self.assertEqual(int(vomsTimeLeft) / 3600, 191)
@attr("integration")
def testElevateAttribute( self ):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename( )
attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL')
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2])
@attr("integration")
def testUserRoleInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1])
@attr("integration")
def testGetAttributes( self ):
"""
Test getAttributeFromProxy method.
Can tested this with:
voms-proxy-init -voms cms:/cms/integration #or any group of yours
export PROXY_GROUP=integration
python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group'])
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role)
#test with the allAttributes flag
self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1)
@attr("integration")
def testGetUserGroupAndRole( self ):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
if self.dict['group'] and self.dict['role']:
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group'])
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
@attr("integration")
def testGetAllUserGroups( self ):
"""
Test GetAllUserGroups method.
"""
proxyPath = self.proxy.getProxyFilename( )
groups = self.proxy.getAllUserGroups(proxyPath)
print(list(groups))
