def testMyProxyEnvironment(self): """ Test the myProxyEnvironment context manager In this test a new Proxy and MyProxy are initialized """ myProxy = Proxy(self.dict) # Create the proxy myProxy.create() proxyPath = myProxy.getProxyFilename() userDN = myProxy.getSubject() self.assertTrue(os.path.exists(proxyPath)) # Delegate and check the proxy myProxy.delegate(credential=proxyPath, serverRenewer=True) valid = myProxy.checkMyProxy() self.assertTrue(valid) # Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file if 'X509_USER_PROXY' in os.environ: del os.environ['X509_USER_PROXY'] self.assertFalse('X509_USER_PROXY' in os.environ) with myProxyEnvironment(userDN=userDN, serverCert=serverCert, serverKey=serverKey, myproxySrv='myproxy.cern.ch', proxyDir='/tmp/', logger=self.logger): self.assertTrue('X509_USER_PROXY' in os.environ) self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY'])) self.assertFalse('X509_USER_PROXY' in os.environ) return
def __init__(self, config): BasePlugin.__init__(self, config) self.locationDict = {} myThread = threading.currentThread() daoFactory = DAOFactory(package="WMCore.WMBS", logger=myThread.logger, dbinterface=myThread.dbi) self.locationAction = daoFactory(classname="Locations.GetSiteInfo") self.packageDir = None if os.path.exists( os.path.join(getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py')): self.unpacker = os.path.join( getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py') else: self.unpacker = os.path.join(getWMBASE(), 'WMCore/WMRuntime/Unpacker.py') self.agent = getattr(config.Agent, 'agentName', 'WMAgent') self.sandbox = None self.scriptFile = config.JobSubmitter.submitScript self.defaultTaskPriority = getattr(config.BossAir, 'defaultTaskPriority', 0) self.maxTaskPriority = getattr(config.BossAir, 'maxTaskPriority', 1e7) self.jobsPerSubmit = getattr(config.JobSubmitter, 'jobsPerSubmit', 200) self.extraMem = getattr(config.JobSubmitter, 'extraMemoryPerCore', 500) # Required for global pool accounting self.acctGroup = getattr(config.BossAir, 'acctGroup', "production") self.acctGroupUser = getattr(config.BossAir, 'acctGroupUser', "cmsdataops") # Build a requirement string. All CMS resources match DESIRED_Sites on the START # expression side; however, there are currently some resources (T2_CH_CERN_HLT) # that are missing the REQUIRED_OS logic. Hence, we duplicate it here. # TODO(bbockelm): Remove reqStr once HLT has upgraded. self.reqStr = ( '((REQUIRED_OS=?="any") || ' '(GLIDEIN_REQUIRED_OS =?= "any") || ' 'stringListMember(GLIDEIN_REQUIRED_OS, REQUIRED_OS)) && ' '(AuthenticatedIdentity =!= "*****@*****.**")') if hasattr(config.BossAir, 'condorRequirementsString'): self.reqStr = config.BossAir.condorRequirementsString # x509 proxy handling proxy = Proxy({'logger': myThread.logger}) self.x509userproxy = proxy.getProxyFilename() self.x509userproxysubject = proxy.getSubject() self.x509userproxyfqan = proxy.getAttributeFromProxy( self.x509userproxy) # Remove the x509 ads if the job is matching a volunteer resource self.x509Expr = 'ifThenElse("$$(GLIDEIN_CMSSite)" =?= "T3_CH_Volunteer",undefined,"%s")' return
def createNewMyProxy(self, timeleftthreshold=0, nokey=False): """ Handles the MyProxy creation Let the following variables be timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days) myproxytimeleft: current validity of your proxy in myproxy usercertDaysLeft: the number of days left before your user certificate expire myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days) If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for less time than timeleftthreshold then we do it. Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold) we delegate the proxy just for the time we need (checking first if we did not already do it since at some point usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold). Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold """ myproxy = Proxy ( self.defaultDelegation ) myproxy.userDN = myproxy.getSubject() myproxytimeleft = 0 self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"]) # return an integer that indicates the number of seconds to the expiration of the proxy in myproxy myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) self.logger.debug("Myproxy is valid: %i" % myproxytimeleft) trustRetrListChanged = myproxy.trustedRetrievers!=self.defaultDelegation['serverDN'] #list on the REST and on myproxy are different if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged: # checking the enddate of the user certificate usercertDaysLeft = myproxy.getUserCertEnddate() if usercertDaysLeft == 0: msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). CANNOT SUBMIT%s"\ % (colors.RED, colors.NORMAL) raise ProxyCreationException(msg) #if the certificate is going to expire print a warning. This is going to bre printed at every command if #the myproxytimeleft is inferior to the timeleftthreshold if usercertDaysLeft < self.myproxyDesiredValidity: self.logger.info("%sYour user certificate is going to expire in %s days. Please renew it! %s"\ % (colors.RED, usercertDaysLeft, colors.NORMAL) ) #check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could if abs(usercertDaysLeft*60*60*24 - myproxytimeleft) < 60*60*24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft return #adjust the myproxy delegation time accordingly to the user cert validity self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\ % (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) ) myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft*24) # creating the proxy self.logger.debug("Delegating a myproxy for %s hours" % self.defaultDelegation['myproxyValidity'] ) try: myproxy.delegate(serverRenewer = True, nokey=nokey) self.logger.debug("My-proxy delegated.") except Exception, ex: raise ProxyCreationException("Problems delegating My-proxy. %s"%ex._message)
def __init__(self, config): BasePlugin.__init__(self, config) self.locationDict = {} myThread = threading.currentThread() daoFactory = DAOFactory(package="WMCore.WMBS", logger=myThread.logger, dbinterface=myThread.dbi) self.locationAction = daoFactory(classname="Locations.GetSiteInfo") self.packageDir = None if os.path.exists(os.path.join(getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py')): self.unpacker = os.path.join(getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py') else: self.unpacker = os.path.join(getWMBASE(), 'WMCore/WMRuntime/Unpacker.py') self.agent = getattr(config.Agent, 'agentName', 'WMAgent') self.sandbox = None self.scriptFile = config.JobSubmitter.submitScript self.defaultTaskPriority = getattr(config.BossAir, 'defaultTaskPriority', 0) self.maxTaskPriority = getattr(config.BossAir, 'maxTaskPriority', 1e7) self.jobsPerSubmit = getattr(config.JobSubmitter, 'jobsPerSubmit', 200) self.extraMem = getattr(config.JobSubmitter, 'extraMemoryPerCore', 500) # Required for global pool accounting self.acctGroup = getattr(config.BossAir, 'acctGroup', "production") self.acctGroupUser = getattr(config.BossAir, 'acctGroupUser', "cmsdataops") # Build a requirement string. All CMS resources match DESIRED_Sites on the START # expression side; however, there are currently some resources (T2_CH_CERN_HLT) # that are missing the REQUIRED_OS logic. Hence, we duplicate it here. # TODO(bbockelm): Remove reqStr once HLT has upgraded. self.reqStr = ('((REQUIRED_OS=?="any") || ' '(GLIDEIN_REQUIRED_OS =?= "any") || ' 'stringListMember(GLIDEIN_REQUIRED_OS, REQUIRED_OS)) && ' '(AuthenticatedIdentity =!= "*****@*****.**")') if hasattr(config.BossAir, 'condorRequirementsString'): self.reqStr = config.BossAir.condorRequirementsString # x509 proxy handling proxy = Proxy({'logger': myThread.logger}) self.x509userproxy = proxy.getProxyFilename() self.x509userproxysubject = proxy.getSubject() self.x509userproxyfqan = proxy.getAttributeFromProxy(self.x509userproxy) # Remove the x509 ads if the job is matching a volunteer resource self.x509Expr = 'ifThenElse("$$(GLIDEIN_CMSSite)" =?= "T3_CH_Volunteer",undefined,"%s")' return
def createNewVomsProxy(self, timeleftthreshold=0): """ Handles the proxy creation: - checks if a valid proxy still exists - performs the creation if it is expired """ ## TODO add the change to have user-cert/key defined in the config. userproxy = Proxy( self.defaultDelegation ) userproxy.userDN = userproxy.getSubject() proxytimeleft = 0 self.logger.debug("Getting proxy life time left") # does it return an integer that indicates? proxytimeleft = userproxy.getTimeLeft() self.logger.debug("Proxy is valid: %i" % proxytimeleft) #if it is not expired I check if role and/or group are changed if not proxytimeleft < timeleftthreshold and self.defaultDelegation['role']!=None and self.defaultDelegation['group']!=None: group , role = userproxy.getUserGroupAndRoleFromProxy( userproxy.getProxyFilename()) if group != self.defaultDelegation['group'] or role != self.defaultDelegation['role']: self.proxyChanged = True #if the proxy is expired, or we changed role and/or group, we need to create a new one if proxytimeleft < timeleftthreshold or self.proxyChanged: # creating the proxy self.logger.debug("Creating a proxy for %s hours" % self.defaultDelegation['proxyValidity'] ) userproxy.create() proxytimeleft = userproxy.getTimeLeft() group , role = userproxy.getUserGroupAndRoleFromProxy( userproxy.getProxyFilename()) if proxytimeleft > 0 and group == self.defaultDelegation['group'] and role == self.defaultDelegation['role']: self.logger.debug("Proxy created.") else: raise ProxyCreationException("Problems creating proxy.") return userproxy.getSubject( ), userproxy.getProxyFilename()
def __init__(self, config): BasePlugin.__init__(self, config) self.locationDict = {} myThread = threading.currentThread() daoFactory = DAOFactory(package="WMCore.WMBS", logger=myThread.logger, dbinterface=myThread.dbi) self.locationAction = daoFactory(classname="Locations.GetSiteInfo") self.packageDir = None if os.path.exists( os.path.join(getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py')): self.unpacker = os.path.join( getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py') else: self.unpacker = os.path.join(getWMBASE(), 'WMCore/WMRuntime/Unpacker.py') self.agent = getattr(config.Agent, 'agentName', 'WMAgent') self.sandbox = None self.scriptFile = config.JobSubmitter.submitScript self.defaultTaskPriority = getattr(config.BossAir, 'defaultTaskPriority', 0) self.maxTaskPriority = getattr(config.BossAir, 'maxTaskPriority', 1e7) self.jobsPerSubmit = getattr(config.JobSubmitter, 'jobsPerSubmit', 200) # Required for global pool accounting self.acctGroup = getattr(config.BossAir, 'acctGroup', "production") self.acctGroupUser = getattr(config.BossAir, 'acctGroupUser', "cmsdataops") # Build a requirement string self.reqStr = "stringListMember(GLIDEIN_CMSSite, DESIRED_Sites) && ((REQUIRED_OS=?=\"any\") || (GLIDEIN_REQUIRED_OS=?=REQUIRED_OS)) && (TARGET.Cpus >= RequestCpus)" if hasattr(config.BossAir, 'condorRequirementsString'): self.reqStr = config.BossAir.condorRequirementsString # x509 proxy handling proxy = Proxy({'logger': myThread.logger}) self.x509userproxy = proxy.getProxyFilename() self.x509userproxysubject = proxy.getSubject() return
def __init__(self, config): BasePlugin.__init__(self, config) self.locationDict = {} myThread = threading.currentThread() daoFactory = DAOFactory(package="WMCore.WMBS", logger=myThread.logger, dbinterface=myThread.dbi) self.locationAction = daoFactory(classname="Locations.GetSiteInfo") self.packageDir = None if os.path.exists(os.path.join(getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py')): self.unpacker = os.path.join(getWMBASE(), 'src/python/WMCore/WMRuntime/Unpacker.py') else: self.unpacker = os.path.join(getWMBASE(), 'WMCore/WMRuntime/Unpacker.py') self.agent = getattr(config.Agent, 'agentName', 'WMAgent') self.sandbox = None self.scriptFile = config.JobSubmitter.submitScript self.defaultTaskPriority = getattr(config.BossAir, 'defaultTaskPriority', 0) self.maxTaskPriority = getattr(config.BossAir, 'maxTaskPriority', 1e7) self.jobsPerSubmit = getattr(config.JobSubmitter, 'jobsPerSubmit', 200) self.extraMem = getattr(config.JobSubmitter, 'extraMemoryPerCore', 500) # Required for global pool accounting self.acctGroup = getattr(config.BossAir, 'acctGroup', "production") self.acctGroupUser = getattr(config.BossAir, 'acctGroupUser', "cmsdataops") # Build a requirement string self.reqStr = ('stringListMember(GLIDEIN_CMSSite, DESIRED_Sites) ' '&& ((REQUIRED_OS=?="any") || stringListMember(GLIDEIN_REQUIRED_OS, REQUIRED_OS))' '&& (TARGET.Cpus >= RequestCpus)') if hasattr(config.BossAir, 'condorRequirementsString'): self.reqStr = config.BossAir.condorRequirementsString # x509 proxy handling proxy = Proxy({'logger': myThread.logger}) self.x509userproxy = proxy.getProxyFilename() self.x509userproxysubject = proxy.getSubject() return
def createNewMyProxy(self, timeleftthreshold=0, nokey=False): """ Handles the MyProxy creation """ myproxy = Proxy ( self.defaultDelegation ) myproxy.userDN = myproxy.getSubject() myproxytimeleft = 0 self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"]) # does it return an integer that indicates? myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) self.logger.debug("Myproxy is valid: %i" % myproxytimeleft) if myproxytimeleft < timeleftthreshold or self.proxyChanged: # creating the proxy self.logger.debug("Delegating a myproxy for %s hours" % self.defaultDelegation['myproxyValidity'] ) try: myproxy.delegate(serverRenewer = True, nokey=nokey) self.logger.debug("My-proxy delegated.") except Exception, ex: raise ProxyCreationException("Problems delegating My-proxy. Problem %s"%ex)
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M', filename='proxy_unittests.log', filemode='w') logger_name = 'ProxyTest' self.logger = logging.getLogger(logger_name) self.dict = {'logger': self.logger, 'server_key' : '/home/crab/.globus/hostkey.pem', 'server_cert' : '/home/crab/.globus/hostcert.pem', 'vo': 'cms', 'group': 'integration', 'role': 'NULL', 'myProxySvr': 'myproxy.cern.ch', 'proxyValidity' : '192:00', 'min_time_left' : 36000, 'uisource' : '/afs/cern.ch/cms/LCG/LCG-2/UI/cms_ui_env.sh'} #, 'serverDN' : '/C=IT/O=INFN/OU=Host/L=Perugia/CN=crab.pg.infn.it'} self.proxyPath = None self.proxy = Proxy( self.dict ) self.serverKey = self.dict['server_key'] self.serverDN = None if self.dict.has_key('serverDN'): self.serverDN = self.dict['serverDN'] def tearDown(self): """ _tearDown_ Tear down the proxy. """ self.proxy.destroy() return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] @attr("integration") def testDestroyBeforeCreation(self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.destroy( ) self.proxyPath = self.proxy.getProxyFilename() assert not os.path.exists(self.proxyPath) @attr("integration") def testCreateProxy( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() time.sleep( 5 ) proxyPath = self.proxy.getProxyFilename() assert os.path.exists(proxyPath) @attr("integration") def testCheckProxyTimeLeft( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() timeLeft = self.proxy.getTimeLeft() print timeLeft assert ( int(timeLeft) / 3600 ) == 192 @attr("integration") def testRenewProxy( self ): """ """ if not os.path.exists( self.serverKey ): time.sleep( 70 ) self.proxy.renew() time.sleep( 10 ) timeLeft = self.proxy.getTimeLeft() assert ( int(timeLeft) / 3600 ) == 191 @attr("integration") def testDestroyProxy(self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.destroy( ) self.proxyPath = self.proxy.getProxyFilename() assert not os.path.exists(self.proxyPath) @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ if os.path.exists(self.serverKey): return self.testCreateProxy() subject = self.proxy.getSubject( ) self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName( self ): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ if os.path.exists( self.serverKey ): return self.testCreateProxy() user = self.proxy.getUserName( ) identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def checkAttribute( self ): """ """ if not os.path.exists( self.serverKey ): valid = self.proxy.checkAttribute( ) assert valid == True @attr("integration") def testCheckTimeLeft( self ): """ """ if not os.path.exists( self.serverKey ): valid = self.proxy.check( self.proxyPath ) assert valid == True @attr("integration") def testDelegateMyProxy( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() self.proxy.delegate( credential = self.proxyPath ) valid = self.proxy.checkMyProxy( ) assert valid == True @attr("integration") def testDelegateServerAndMyProxy( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() self.proxy.delegate( credential = self.proxyPath, serverRenewer = True ) valid = self.proxy.checkMyProxy( checkRenewer = True ) assert valid == True @attr("integration") def testCheckMyProxy( self ): """ """ if not os.path.exists( self.serverKey ) and self.serverDN: self.proxy.create() self.proxy.delegate( ) valid = self.proxy.checkMyProxy( ) assert valid == True @attr("integration") def testCheckMyProxyServer( self ): """ """ if not os.path.exists( self.serverKey ) and self.serverDN: self.proxy.create() self.proxy.delegate( serverRenewer = True ) valid = self.proxy.checkMyProxy( checkRenewer = True ) assert valid == True @attr("integration") def testLogonRenewMyProxy( self ): """ """ if os.path.exists( self.serverKey ): proxyFile = self.proxy.logonRenewMyProxy( ) assert os.path.exists( proxyFile ) @attr("integration") def testRenewMyProxy( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() time.sleep( 70 ) self.proxy.renewMyProxy( proxy = self.proxyPath ) time.sleep( 5 ) timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath ) assert ( int(timeLeft) / 3600 ) == 167 @attr("integration") def testRenewMyProxyForServer( self ): """ """ if not os.path.exists( self.serverKey ) and self.serverDN: self.proxy.create() time.sleep( 70 ) self.proxy.renewMyProxy( proxy = self.proxyPath, serverRenewer = True ) time.sleep( 5 ) timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath, serverRenewer = True ) assert ( int(timeLeft) / 3600 ) == 167 @attr("integration") def testRenewMyProxyByServer( self ): """ """ if os.path.exists( self.serverKey ): proxyPath = self.proxy.getProxyFilename( serverRenewer = True ) self.proxy.logonRenewMyProxy( proxyPath ) timeLeft = self.proxy.getTimeLeft( proxyPath ) assert ( int(timeLeft) / 3600 ) > 120 @attr("integration") def testVomsRenewal( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() proxyPath = self.proxy.getProxyFilename( ) time.sleep( 70 ) attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) vomsTimeLeft = self.proxy.getVomsLife( proxyPath ) assert ( int(vomsTimeLeft) / 3600 ) == 191 @attr("integration") def testElevateAttribute( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() proxyPath = self.proxy.getProxyFilename( ) # getProxyDetails allows to buid the proxy attribute from the parameters given attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) assert self.proxy.getAttributeFromProxy( proxyPath ) == '/cms/Role=NULL/Capability=NULL' @attr("integration") def testUserGroupInProxy( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() assert self.proxy.group == self.getUserAttributes().split('\n')[0].split('/')[2] @attr("integration") def testUserRoleInProxy( self ): """ """ if not os.path.exists( self.serverKey ): self.proxy.create() assert self.proxy.role == self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1] @attr("integration") def testGetAttributes( self ): """ """ if not os.path.exists( self.serverKey ): if not self.dict['role']: role = 'NULL' self.proxy.create() assert self.proxy.getAttributeFromProxy().split('/')[2] == self.dict['group'] assert self.proxy.getAttributeFromProxy().split('/')[3].split('=')[1] == role @attr("integration") def testGetAttributes( self ): """ """ if not os.path.exists( self.serverKey ): if not self.dict['role']: role = 'NULL' self.proxy.create() proxyPath = self.proxy.getProxyFilename( ) if self.dict['group'] and self.dict['role']: assert self.proxy.getUserGroupAndRoleFromProxy( proxyPath )[0] == self.dict['group'] assert self.proxy.getUserGroupAndRoleFromProxy( proxyPath )[1] == self.dict['role']
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig( level=logging.DEBUG, format="%(asctime)s %(name)-12s %(levelname)-8s %(message)s", datefmt="%m-%d %H:%M", filename="proxy_unittests.log", filemode="w", ) logger_name = "ProxyTest" self.logger = logging.getLogger(logger_name) self.dict = { "logger": self.logger, "vo": "cms", "group": group, "role": role, "myProxySvr": myProxySvr, "proxyValidity": "192:00", "min_time_left": 36000, "uisource": uiPath, } self.proxyPath = None self.proxy = Proxy(self.dict) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen( ["voms-proxy-info", "-identity"], stdout=subprocess.PIPE, stderr=subprocess.PIPE ) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen( ["voms-proxy-info", "-fqan"], stdout=subprocess.PIPE, stderr=subprocess.PIPE ) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] @attr("integration") def testGetUserCertEnddate(self): """ Test if getTimeLeft method returns correctly the proxy time left. """ daysleft = self.proxy.getUserCertEnddate() self.assertEqual(daysleft, 29) # set this as the number of days left in .globus/usercert.pem @attr("integration") def testAAACreateProxy(self): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep(5) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft(self): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testRenewProxy(self): """ Test if the renew method renews correctly the user proxy. """ time.sleep(70) self.proxy.renew() time.sleep(10) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testDestroyProxy(self): """ Test the proxy destroy method. """ self.proxy.destroy() self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject() self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName(self): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName() identity = self.getUserIdentity().split("/")[len(self.getUserIdentity().split("/")) - 1][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute(self): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute() self.assertTrue(valid) @attr("integration") def testCheckTimeLeft(self): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check(self.proxyPath) self.assertTrue(valid) @attr("integration") def testVomsRenewal(self): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename() time.sleep(70) attribute = self.proxy.prepareAttForVomsRenewal(self.proxy.getAttributeFromProxy(proxyPath)) self.proxy.vomsExtensionRenewal(proxyPath, attribute) vomsTimeLeft = self.proxy.getVomsLife(proxyPath) self.assertEqual(int(vomsTimeLeft) / 3600, 191) @attr("integration") def testElevateAttribute(self): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename() attribute = self.proxy.prepareAttForVomsRenewal("/cms/Role=NULL/Capability=NULL") self.proxy.vomsExtensionRenewal(proxyPath, attribute) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), "/cms/Role=NULL/Capability=NULL") # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy(self): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, "No group set. Testing incomplete.") self.assertEqual(self.proxy.group, self.getUserAttributes().split("\n")[0].split("/")[2]) @attr("integration") def testUserRoleInProxy(self): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual(self.proxy.role, self.getUserAttributes().split("\n")[0].split("/")[3].split("=")[1]) @attr("integration") def testGetAttributes(self): """ Test getAttributeFromProxy method. """ self.assertTrue(self.proxy.group, "No group set. Testing incomplete.") if not self.dict["role"]: role = "NULL" else: role = self.dict["role"] proxyPath = self.proxy.getProxyFilename() self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[2], self.dict["group"]) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[3].split("=")[1], role) @attr("integration") def testGetUserGroupAndRole(self): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict["role"]: role = "NULL" else: role = self.dict["role"] proxyPath = self.proxy.getProxyFilename() if self.dict["group"] and self.dict["role"]: self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict["group"]) self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig( level=logging.DEBUG, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M', filename='proxy_unittests.log', filemode='w') logger_name = 'ProxyTest' self.logger = logging.getLogger(logger_name) self.dict = { 'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr, 'proxyValidity': '192:00', 'min_time_left': 36000, 'uisource': uiPath } self.proxyPath = None self.proxy = Proxy(self.dict) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] @attr("integration") def testAAACreateProxy(self): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep(5) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft(self): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testRenewProxy(self): """ Test if the renew method renews correctly the user proxy. """ time.sleep(70) self.proxy.renew() time.sleep(10) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testDestroyProxy(self): """ Test the proxy destroy method. """ self.proxy.destroy() self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject() self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName(self): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName() identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1][3:] self.assertEqual( user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute(self): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute() self.assertTrue(valid) @attr("integration") def testCheckTimeLeft(self): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check(self.proxyPath) self.assertTrue(valid) @attr("integration") def testVomsRenewal(self): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename() time.sleep(70) attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy(proxyPath)) self.proxy.vomsExtensionRenewal(proxyPath, attribute) vomsTimeLeft = self.proxy.getVomsLife(proxyPath) self.assertEqual(int(vomsTimeLeft) / 3600, 191) @attr("integration") def testElevateAttribute(self): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename() attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL') self.proxy.vomsExtensionRenewal(proxyPath, attribute) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL') # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy(self): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2]) @attr("integration") def testUserRoleInProxy(self): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual( self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=') [1]) @attr("integration") def testGetAttributes(self): """ Test getAttributeFromProxy method. """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename() self.assertEqual( self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group']) self.assertEqual( self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split( '=')[1], role) @attr("integration") def testGetUserGroupAndRole(self): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename() if self.dict['group'] and self.dict['role']: self.assertEqual( self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group']) self.assertEqual( self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
def createNewMyProxy(self, timeleftthreshold=0, nokey=False): """ Handles the MyProxy creation Let the following variables be timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days) myproxytimeleft: current validity of your proxy in myproxy usercertDaysLeft: the number of days left before your user certificate expire myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days) If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for less time than timeleftthreshold then we do it. Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold) we delegate the proxy just for the time we need (checking first if we did not already do it since at some point usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold). Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold :returns a tupla with info in the credential in myprosxy: (credentialName, myproxytimeleft) credentialName : username to use in myproxy -l username myproxytimeleft: validity of the credential in seconds """ # create a WMCore/Proxy object to get DN myproxy = Proxy(self.defaultDelegation) userDNFromProxy = myproxy.getSubject() # now use that to compute the credentila name to pass in input to a new Proxy object credentialName = sha1(userDNFromProxy).hexdigest() self.defaultDelegation['userName'] = credentialName myproxy = Proxy(self.defaultDelegation) myproxytimeleft = 0 self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"]) # return an integer that indicates the number of seconds to the expiration of the proxy in myproxy # Also catch the exception in case WMCore encounters a problem with the proxy itself (one such case was #4532) try: myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) except Exception as ex: logging.exception( "Problems calculating proxy lifetime, logging stack trace and raising ProxyCreationException" ) # WMException may contain the _message attribute. Otherwise, take the exception as a string. msg = ex._message if hasattr(ex, "_message") else str(ex) # pylint: disable=protected-access, no-member raise ProxyCreationException( "Problems calculating the time left until the expiration of the proxy.\n" + " Please reset your environment or contact [email protected] if the problem persists.\n%s" % msg) self.logger.debug("Myproxy is valid: %i" % myproxytimeleft) trustRetrListChanged = myproxy.trustedRetrievers != self.defaultDelegation[ 'serverDN'] #list on the REST and on myproxy are different if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged: # checking the enddate of the user certificate usercertDaysLeft = myproxy.getUserCertEnddate() if usercertDaysLeft == 0: msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY)." % colors.RED msg += " YOU CANNOT USE THE CRAB3 CLIENT." msg += " PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/" msg += " AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s" % colors.NORMAL raise ProxyCreationException(msg) #if the certificate is going to expire print a warning. This is going to bre printed at every command if #the myproxytimeleft is inferior to the timeleftthreshold if usercertDaysLeft < self.myproxyDesiredValidity: msg = "%sYour user certificate is going to expire in %s days." % ( colors.RED, usercertDaysLeft) msg += " See: https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s" % colors.NORMAL self.logger.info(msg) #check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could if abs( usercertDaysLeft * 60 * 60 * 24 - myproxytimeleft ) < 60 * 60 * 24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft return (credentialName, myproxytimeleft) #adjust the myproxy delegation time accordingly to the user cert validity self.logger.info( "%sDelegating your proxy for %s days instead of %s %s", colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft * 24) # creating the proxy self.logger.debug("Delegating a myproxy for %s hours", myproxy.myproxyValidity) try: myproxy.delegate(serverRenewer=True, nokey=nokey) myproxytimeleft = myproxy.getMyProxyTimeLeft( serverRenewer=True, nokey=nokey) if myproxytimeleft <= 0: raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\ "(Maybe you simply typed a wrong password)") else: self.logger.debug("My-proxy delegated.") except Exception as ex: msg = ex._message if hasattr(ex, '_message') else str(ex) # pylint: disable=protected-access, no-member raise ProxyCreationException( "Problems delegating My-proxy. %s" % msg) return (credentialName, myproxytimeleft)
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M', filename='proxy_unittests.log', filemode='w') logger_name = 'ProxyTest' self.logger = logging.getLogger(logger_name) self.dict = {'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr, 'proxyValidity' : '192:00', 'min_time_left' : 36000} self.proxyPath = None self.proxy = Proxy( self.dict ) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] @attr("integration") def testGetUserCertEnddate( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ daysleft = self.proxy.getUserCertEnddate() self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem daysleft = self.proxy.getUserCertEnddate(openSSL=False) self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem @attr("integration") def testAAACreateProxy( self ): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep( 5 ) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testRenewProxy( self ): """ Test if the renew method renews correctly the user proxy. """ time.sleep( 70 ) self.proxy.renew() time.sleep( 10 ) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testDestroyProxy(self ): """ Test the proxy destroy method. """ self.proxy.destroy( ) self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject( ) self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName( self ): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName( ) identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute( self ): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute( ) self.assertTrue(valid) @attr("integration") def testCheckTimeLeft( self ): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check( self.proxyPath ) self.assertTrue(valid) @attr("integration") def testVomsRenewal( self ): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename( ) time.sleep( 70 ) attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) vomsTimeLeft = self.proxy.getVomsLife( proxyPath ) self.assertEqual(int(vomsTimeLeft) / 3600, 191) @attr("integration") def testElevateAttribute( self ): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename( ) attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL') # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy( self ): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2]) @attr("integration") def testUserRoleInProxy( self ): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1]) @attr("integration") def testGetAttributes( self ): """ Test getAttributeFromProxy method. Can tested this with: voms-proxy-init -voms cms:/cms/integration #or any group of yours export PROXY_GROUP=integration python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group']) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role) #test with the allAttributes flag self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1) @attr("integration") def testGetUserGroupAndRole( self ): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) if self.dict['group'] and self.dict['role']: self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group']) self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role) @attr("integration") def testGetAllUserGroups( self ): """ Test GetAllUserGroups method. """ proxyPath = self.proxy.getProxyFilename( ) groups = self.proxy.getAllUserGroups(proxyPath) print(list(groups))