def createNewMyProxy(self, timeleftthreshold=0, nokey=False): """ Handles the MyProxy creation Let the following variables be timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days) myproxytimeleft: current validity of your proxy in myproxy usercertDaysLeft: the number of days left before your user certificate expire myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days) If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for less time than timeleftthreshold then we do it. Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold) we delegate the proxy just for the time we need (checking first if we did not already do it since at some point usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold). Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold """ myproxy = Proxy ( self.defaultDelegation ) myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation) myproxytimeleft = 0 self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"]) # return an integer that indicates the number of seconds to the expiration of the proxy in myproxy myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) self.logger.debug("Myproxy is valid: %i" % myproxytimeleft) trustRetrListChanged = myproxy.trustedRetrievers!=self.defaultDelegation['serverDN'] #list on the REST and on myproxy are different if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged: # checking the enddate of the user certificate usercertDaysLeft = myproxy.getUserCertEnddate() if usercertDaysLeft == 0: msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). CANNOT SUBMIT%s"\ % (colors.RED, colors.NORMAL) raise ProxyCreationException(msg) #if the certificate is going to expire print a warning. This is going to bre printed at every command if #the myproxytimeleft is inferior to the timeleftthreshold if usercertDaysLeft < self.myproxyDesiredValidity: self.logger.info("%sYour user certificate is going to expire in %s days. Please renew it! %s"\ % (colors.RED, usercertDaysLeft, colors.NORMAL) ) #check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could if abs(usercertDaysLeft*60*60*24 - myproxytimeleft) < 60*60*24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft return #adjust the myproxy delegation time accordingly to the user cert validity self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\ % (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) ) myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft*24) # creating the proxy self.logger.debug("Delegating a myproxy for %s hours" % self.defaultDelegation['myproxyValidity'] ) try: myproxy.delegate(serverRenewer = True, nokey=nokey) self.logger.debug("My-proxy delegated.") except Exception, ex: raise ProxyCreationException("Problems delegating My-proxy. %s"%ex._message)
def createNewMyProxy(self, timeleftthreshold=0, nokey=False): """ Handles the MyProxy creation Let the following variables be timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days) myproxytimeleft: current validity of your proxy in myproxy usercertDaysLeft: the number of days left before your user certificate expire myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days) If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for less time than timeleftthreshold then we do it. Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold) we delegate the proxy just for the time we need (checking first if we did not already do it since at some point usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold). Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold """ myproxy = Proxy(self.defaultDelegation) myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation) myproxytimeleft = 0 self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"]) # return an integer that indicates the number of seconds to the expiration of the proxy in myproxy myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) self.logger.debug("Myproxy is valid: %i" % myproxytimeleft) trustRetrListChanged = myproxy.trustedRetrievers != self.defaultDelegation[ 'serverDN'] #list on the REST and on myproxy are different if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged: # checking the enddate of the user certificate usercertDaysLeft = myproxy.getUserCertEnddate() if usercertDaysLeft == 0: msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). YOU CANNOT USE THE CRAB3 CLIENT. PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/ AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s"\ % (colors.RED, colors.NORMAL) raise ProxyCreationException(msg) #if the certificate is going to expire print a warning. This is going to bre printed at every command if #the myproxytimeleft is inferior to the timeleftthreshold if usercertDaysLeft < self.myproxyDesiredValidity: self.logger.info("%sYour user certificate is going to expire in %s days. https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s"\ % (colors.RED, usercertDaysLeft, colors.NORMAL) ) #check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could if abs( usercertDaysLeft * 60 * 60 * 24 - myproxytimeleft ) < 60 * 60 * 24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft return #adjust the myproxy delegation time accordingly to the user cert validity self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\ % (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) ) myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft * 24) # creating the proxy self.logger.debug("Delegating a myproxy for %s hours" % myproxy.myproxyValidity) try: myproxy.delegate(serverRenewer=True, nokey=nokey) myproxytimeleft = myproxy.getMyProxyTimeLeft( serverRenewer=True, nokey=nokey) if myproxytimeleft <= 0: raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\ "(it might simply you typed a wrong password)") else: self.logger.debug("My-proxy delegated.") except Exception as ex: msg = ex._message if hasattr(ex, '_message') else str(ex) raise ProxyCreationException( "Problems delegating My-proxy. %s" % msg)
def createNewMyProxy(self, timeleftthreshold=0, nokey=False): """ Handles the MyProxy creation Let the following variables be timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days) myproxytimeleft: current validity of your proxy in myproxy usercertDaysLeft: the number of days left before your user certificate expire myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days) If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for less time than timeleftthreshold then we do it. Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold) we delegate the proxy just for the time we need (checking first if we did not already do it since at some point usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold). Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold """ myproxy = Proxy ( self.defaultDelegation ) myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation) myproxytimeleft = 0 self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"]) # return an integer that indicates the number of seconds to the expiration of the proxy in myproxy # Also catch the exception in case WMCore encounters a problem with the proxy itself (one such case was #4532) try: myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) except Exception as ex: logging.exception("Problems calculating proxy lifetime, logging stack trace and raising ProxyCreationException") # WMException may contain the _message attribute. Otherwise, take the exception as a string. msg = ex._message if hasattr(ex, "_message") else str(ex) raise ProxyCreationException("Problems calculating the time left until the expiration of the proxy." " Please reset your environment or contact [email protected] if the problem persists.\n%s" % msg) self.logger.debug("Myproxy is valid: %i" % myproxytimeleft) trustRetrListChanged = myproxy.trustedRetrievers!=self.defaultDelegation['serverDN'] #list on the REST and on myproxy are different if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged: # checking the enddate of the user certificate usercertDaysLeft = myproxy.getUserCertEnddate() if usercertDaysLeft == 0: msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). YOU CANNOT USE THE CRAB3 CLIENT. PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/ AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s"\ % (colors.RED, colors.NORMAL) raise ProxyCreationException(msg) #if the certificate is going to expire print a warning. This is going to bre printed at every command if #the myproxytimeleft is inferior to the timeleftthreshold if usercertDaysLeft < self.myproxyDesiredValidity: self.logger.info("%sYour user certificate is going to expire in %s days. https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s"\ % (colors.RED, usercertDaysLeft, colors.NORMAL) ) #check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could if abs(usercertDaysLeft*60*60*24 - myproxytimeleft) < 60*60*24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft return #adjust the myproxy delegation time accordingly to the user cert validity self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\ % (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) ) myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft*24) # creating the proxy self.logger.debug("Delegating a myproxy for %s hours" % myproxy.myproxyValidity ) try: myproxy.delegate(serverRenewer = True, nokey=nokey) myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) if myproxytimeleft <= 0: raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\ "(it might simply you typed a wrong password)") else: self.logger.debug("My-proxy delegated.") except Exception as ex: msg = ex._message if hasattr(ex, '_message') else str(ex) raise ProxyCreationException("Problems delegating My-proxy. %s" % msg)
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig( level=logging.DEBUG, format="%(asctime)s %(name)-12s %(levelname)-8s %(message)s", datefmt="%m-%d %H:%M", filename="proxy_unittests.log", filemode="w", ) logger_name = "ProxyTest" self.logger = logging.getLogger(logger_name) self.dict = { "logger": self.logger, "vo": "cms", "group": group, "role": role, "myProxySvr": myProxySvr, "proxyValidity": "192:00", "min_time_left": 36000, "uisource": uiPath, } self.proxyPath = None self.proxy = Proxy(self.dict) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen( ["voms-proxy-info", "-identity"], stdout=subprocess.PIPE, stderr=subprocess.PIPE ) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen( ["voms-proxy-info", "-fqan"], stdout=subprocess.PIPE, stderr=subprocess.PIPE ) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] @attr("integration") def testGetUserCertEnddate(self): """ Test if getTimeLeft method returns correctly the proxy time left. """ daysleft = self.proxy.getUserCertEnddate() self.assertEqual(daysleft, 29) # set this as the number of days left in .globus/usercert.pem @attr("integration") def testAAACreateProxy(self): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep(5) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft(self): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testRenewProxy(self): """ Test if the renew method renews correctly the user proxy. """ time.sleep(70) self.proxy.renew() time.sleep(10) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testDestroyProxy(self): """ Test the proxy destroy method. """ self.proxy.destroy() self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject() self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName(self): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName() identity = self.getUserIdentity().split("/")[len(self.getUserIdentity().split("/")) - 1][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute(self): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute() self.assertTrue(valid) @attr("integration") def testCheckTimeLeft(self): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check(self.proxyPath) self.assertTrue(valid) @attr("integration") def testVomsRenewal(self): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename() time.sleep(70) attribute = self.proxy.prepareAttForVomsRenewal(self.proxy.getAttributeFromProxy(proxyPath)) self.proxy.vomsExtensionRenewal(proxyPath, attribute) vomsTimeLeft = self.proxy.getVomsLife(proxyPath) self.assertEqual(int(vomsTimeLeft) / 3600, 191) @attr("integration") def testElevateAttribute(self): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename() attribute = self.proxy.prepareAttForVomsRenewal("/cms/Role=NULL/Capability=NULL") self.proxy.vomsExtensionRenewal(proxyPath, attribute) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), "/cms/Role=NULL/Capability=NULL") # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy(self): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, "No group set. Testing incomplete.") self.assertEqual(self.proxy.group, self.getUserAttributes().split("\n")[0].split("/")[2]) @attr("integration") def testUserRoleInProxy(self): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual(self.proxy.role, self.getUserAttributes().split("\n")[0].split("/")[3].split("=")[1]) @attr("integration") def testGetAttributes(self): """ Test getAttributeFromProxy method. """ self.assertTrue(self.proxy.group, "No group set. Testing incomplete.") if not self.dict["role"]: role = "NULL" else: role = self.dict["role"] proxyPath = self.proxy.getProxyFilename() self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[2], self.dict["group"]) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[3].split("=")[1], role) @attr("integration") def testGetUserGroupAndRole(self): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict["role"]: role = "NULL" else: role = self.dict["role"] proxyPath = self.proxy.getProxyFilename() if self.dict["group"] and self.dict["role"]: self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict["group"]) self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
def createNewMyProxy2(self, timeleftthreshold=0, nokey=False): """ Handles the MyProxy creation. In this version the credential name will be simply <username>_CRAB like e.g. belforte_CRAB where username is the CERN username Let the following variables be timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days) myproxytimeleft: current validity of your proxy in myproxy usercertDaysLeft: the number of days left before your user certificate expire myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days) If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for less time than timeleftthreshold then we do it. Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold) we delegate the proxy just for the time we need (checking first if we did not already do it since at some point usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold). Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold :returns a tupla with info in the credential in myprosxy: (credentialName, myproxytimeleft) credentialName : username to use in myproxy -l username myproxytimeleft: validity of the credential in seconds """ defaultDelegation = self.defaultDelegation defaultDelegation['myproxyAccount'] = None from CRABClient.UserUtilities import getUsername username = getUsername(proxyFile=self.proxyInfo['filename'], logger=self.logger) credentialName = username + '_CRAB' defaultDelegation['userName'] = credentialName myproxy = Proxy(defaultDelegation) #userDNFromCert = myproxy.getSubjectFromCert(self.certLocation) #if userDNFromCert: # myproxy.userDN = userDNFromCert myproxytimeleft = 0 self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"]) # return an integer that indicates the number of seconds to the expiration of the proxy in myproxy # Also catch the exception in case WMCore encounters a problem with the proxy itself (one such case was #4532) try: myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey) except CredentialException as ex: msg = "WMCore could not computer valid time for credential %s .\n Error detail: " % credentialName msg += "%s" % str(ex._message) msg += "\nTry to remove old myproxy credentials as per https://twiki.cern.ch/twiki/bin/view/CMSPublic/CRAB3FAQ#crab_command_fails_with_Impossib" self.logger.error(msg) raise ProxyCreationException("no valid credential for %s" % credentialName) except Exception as ex: logging.exception( "Problems calculating proxy lifetime, logging stack trace and raising ProxyCreationException" ) # WMException may contain the _message attribute. Otherwise, take the exception as a string. msg = ex._message if hasattr(ex, "_message") else str(ex) # pylint: disable=protected-access, no-member raise ProxyCreationException( "Problems calculating the time left until the expiration of the proxy." + " Please reset your environment or contact [email protected] if the problem persists.\n%s" % msg) self.logger.debug("Myproxy is valid: %i", myproxytimeleft) trustRetrListChanged = myproxy.trustedRetrievers != self.defaultDelegation[ 'serverDN'] #list on the REST and on myproxy are different if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged: # checking the enddate of the user certificate usercertDaysLeft = myproxy.getUserCertEnddate() if usercertDaysLeft == 0: msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY)." % colors.RED msg += " YOU CANNOT USE THE CRAB3 CLIENT." msg += " PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/" msg += " AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s" % colors.NORMAL raise ProxyCreationException(msg) #if the certificate is going to expire print a warning. This is going to bre printed at every command if #the myproxytimeleft is inferior to the timeleftthreshold if usercertDaysLeft < self.myproxyDesiredValidity: msg = "%sYour user certificate is going to expire in %s days." % ( colors.RED, usercertDaysLeft) msg += " See: https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s" % colors.NORMAL self.logger.info(msg) #check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could if abs( usercertDaysLeft * 60 * 60 * 24 - myproxytimeleft ) < 60 * 60 * 24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft return (credentialName, myproxytimeleft) #adjust the myproxy delegation time accordingly to the user cert validity self.logger.info( "%sDelegating your proxy for %s days instead of %s %s", colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft * 24) # creating the proxy self.logger.debug("Delegating a myproxy for %s hours", myproxy.myproxyValidity) try: myproxy.delegate(serverRenewer=True, nokey=nokey) myproxytimeleft = myproxy.getMyProxyTimeLeft( serverRenewer=True, nokey=nokey) if myproxytimeleft <= 0: raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\ "(it might simply you typed a wrong password)") else: self.logger.debug("My-proxy delegated.") except Exception as ex: msg = ex._message if hasattr(ex, '_message') else str(ex) # pylint: disable=protected-access, no-member raise ProxyCreationException( "Problems delegating My-proxy. %s" % msg) return (credentialName, myproxytimeleft)
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M', filename='proxy_unittests.log', filemode='w') logger_name = 'ProxyTest' self.logger = logging.getLogger(logger_name) self.dict = {'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr, 'proxyValidity' : '192:00', 'min_time_left' : 36000} self.proxyPath = None self.proxy = Proxy( self.dict ) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None stdout, _ = vomsProxyInfoCall.communicate() stdout = decodeBytesToUnicode(stdout) if PY3 else stdout return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None stdout, _ = vomsProxyInfoCall.communicate() stdout = decodeBytesToUnicode(stdout) if PY3 else stdout return stdout[0:-1] @attr("integration") def testGetUserCertEnddate( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ daysleft = self.proxy.getUserCertEnddate() self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem daysleft = self.proxy.getUserCertEnddate(openSSL=False) self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem @attr("integration") def testAAACreateProxy( self ): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep( 5 ) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(int(timeLeft) // 3600), 191) @attr("integration") def testRenewProxy( self ): """ Test if the renew method renews correctly the user proxy. """ time.sleep( 70 ) self.proxy.renew() time.sleep( 10 ) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(int(timeLeft) // 3600), 191) @attr("integration") def testDestroyProxy(self ): """ Test the proxy destroy method. """ self.proxy.destroy( ) self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject( ) self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName( self ): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName( ) identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute( self ): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute( ) self.assertTrue(valid) @attr("integration") def testCheckTimeLeft( self ): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check( self.proxyPath ) self.assertTrue(valid) @attr("integration") def testVomsRenewal( self ): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename( ) time.sleep( 70 ) attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) vomsTimeLeft = self.proxy.getVomsLife( proxyPath ) self.assertEqual(int(int(vomsTimeLeft) // 3600), 191) @attr("integration") def testElevateAttribute( self ): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename( ) attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL') # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy( self ): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2]) @attr("integration") def testUserRoleInProxy( self ): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1]) @attr("integration") def testGetAttributes( self ): """ Test getAttributeFromProxy method. Can tested this with: voms-proxy-init -voms cms:/cms/integration #or any group of yours export PROXY_GROUP=integration python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group']) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role) #test with the allAttributes flag self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1) @attr("integration") def testGetUserGroupAndRole( self ): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) if self.dict['group'] and self.dict['role']: self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group']) self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role) @attr("integration") def testGetAllUserGroups( self ): """ Test GetAllUserGroups method. """ proxyPath = self.proxy.getProxyFilename( ) groups = self.proxy.getAllUserGroups(proxyPath) print(list(groups))
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M', filename='proxy_unittests.log', filemode='w') logger_name = 'ProxyTest' self.logger = logging.getLogger(logger_name) self.dict = {'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr, 'proxyValidity' : '192:00', 'min_time_left' : 36000} self.proxyPath = None self.proxy = Proxy( self.dict ) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] @attr("integration") def testGetUserCertEnddate( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ daysleft = self.proxy.getUserCertEnddate() self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem daysleft = self.proxy.getUserCertEnddate(openSSL=False) self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem @attr("integration") def testAAACreateProxy( self ): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep( 5 ) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testRenewProxy( self ): """ Test if the renew method renews correctly the user proxy. """ time.sleep( 70 ) self.proxy.renew() time.sleep( 10 ) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testDestroyProxy(self ): """ Test the proxy destroy method. """ self.proxy.destroy( ) self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject( ) self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName( self ): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName( ) identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute( self ): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute( ) self.assertTrue(valid) @attr("integration") def testCheckTimeLeft( self ): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check( self.proxyPath ) self.assertTrue(valid) @attr("integration") def testVomsRenewal( self ): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename( ) time.sleep( 70 ) attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) vomsTimeLeft = self.proxy.getVomsLife( proxyPath ) self.assertEqual(int(vomsTimeLeft) / 3600, 191) @attr("integration") def testElevateAttribute( self ): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename( ) attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL') # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy( self ): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2]) @attr("integration") def testUserRoleInProxy( self ): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1]) @attr("integration") def testGetAttributes( self ): """ Test getAttributeFromProxy method. Can tested this with: voms-proxy-init -voms cms:/cms/integration #or any group of yours export PROXY_GROUP=integration python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group']) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role) #test with the allAttributes flag self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1) @attr("integration") def testGetUserGroupAndRole( self ): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) if self.dict['group'] and self.dict['role']: self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group']) self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role) @attr("integration") def testGetAllUserGroups( self ): """ Test GetAllUserGroups method. """ proxyPath = self.proxy.getProxyFilename( ) groups = self.proxy.getAllUserGroups(proxyPath) print(list(groups))