def createNewMyProxy(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
"""
myproxy = Proxy ( self.defaultDelegation )
myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation)
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey)
self.logger.debug("Myproxy is valid: %i" % myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers!=self.defaultDelegation['serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). CANNOT SUBMIT%s"\
% (colors.RED, colors.NORMAL)
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
self.logger.info("%sYour user certificate is going to expire in %s days. Please renew it! %s"\
% (colors.RED, usercertDaysLeft, colors.NORMAL) )
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(usercertDaysLeft*60*60*24 - myproxytimeleft) < 60*60*24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\
% (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) )
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft*24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours" % self.defaultDelegation['myproxyValidity'] )
try:
myproxy.delegate(serverRenewer = True, nokey=nokey)
self.logger.debug("My-proxy delegated.")
except Exception, ex:
raise ProxyCreationException("Problems delegating My-proxy. %s"%ex._message)
def createNewMyProxy(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
"""
myproxy = Proxy(self.defaultDelegation)
myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation)
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" %
self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True,
nokey=nokey)
self.logger.debug("Myproxy is valid: %i" % myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers != self.defaultDelegation[
'serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). YOU CANNOT USE THE CRAB3 CLIENT. PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/ AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s"\
% (colors.RED, colors.NORMAL)
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
self.logger.info("%sYour user certificate is going to expire in %s days. https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s"\
% (colors.RED, usercertDaysLeft, colors.NORMAL) )
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(
usercertDaysLeft * 60 * 60 * 24 - myproxytimeleft
) < 60 * 60 * 24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\
% (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) )
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft * 24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours" %
myproxy.myproxyValidity)
try:
myproxy.delegate(serverRenewer=True, nokey=nokey)
myproxytimeleft = myproxy.getMyProxyTimeLeft(
serverRenewer=True, nokey=nokey)
if myproxytimeleft <= 0:
raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\
"(it might simply you typed a wrong password)")
else:
self.logger.debug("My-proxy delegated.")
except Exception as ex:
msg = ex._message if hasattr(ex, '_message') else str(ex)
raise ProxyCreationException(
"Problems delegating My-proxy. %s" % msg)
def createNewMyProxy(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
"""
myproxy = Proxy ( self.defaultDelegation )
myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation)
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
# Also catch the exception in case WMCore encounters a problem with the proxy itself (one such case was #4532)
try:
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey)
except Exception as ex:
logging.exception("Problems calculating proxy lifetime, logging stack trace and raising ProxyCreationException")
# WMException may contain the _message attribute. Otherwise, take the exception as a string.
msg = ex._message if hasattr(ex, "_message") else str(ex)
raise ProxyCreationException("Problems calculating the time left until the expiration of the proxy."
" Please reset your environment or contact [email protected] if the problem persists.\n%s" % msg)
self.logger.debug("Myproxy is valid: %i" % myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers!=self.defaultDelegation['serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). YOU CANNOT USE THE CRAB3 CLIENT. PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/ AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s"\
% (colors.RED, colors.NORMAL)
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
self.logger.info("%sYour user certificate is going to expire in %s days. https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s"\
% (colors.RED, usercertDaysLeft, colors.NORMAL) )
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(usercertDaysLeft*60*60*24 - myproxytimeleft) < 60*60*24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\
% (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) )
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft*24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours" % myproxy.myproxyValidity )
try:
myproxy.delegate(serverRenewer = True, nokey=nokey)
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey)
if myproxytimeleft <= 0:
raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\
"(it might simply you typed a wrong password)")
else:
self.logger.debug("My-proxy delegated.")
except Exception as ex:
msg = ex._message if hasattr(ex, '_message') else str(ex)
raise ProxyCreationException("Problems delegating My-proxy. %s" % msg)
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(
level=logging.DEBUG,
format="%(asctime)s %(name)-12s %(levelname)-8s %(message)s",
datefmt="%m-%d %H:%M",
filename="proxy_unittests.log",
filemode="w",
)
logger_name = "ProxyTest"
self.logger = logging.getLogger(logger_name)
self.dict = {
"logger": self.logger,
"vo": "cms",
"group": group,
"role": role,
"myProxySvr": myProxySvr,
"proxyValidity": "192:00",
"min_time_left": 36000,
"uisource": uiPath,
}
self.proxyPath = None
self.proxy = Proxy(self.dict)
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(
["voms-proxy-info", "-identity"], stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(
["voms-proxy-info", "-fqan"], stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testGetUserCertEnddate(self):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
daysleft = self.proxy.getUserCertEnddate()
self.assertEqual(daysleft, 29) # set this as the number of days left in .globus/usercert.pem
@attr("integration")
def testAAACreateProxy(self):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep(5)
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft(self):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testRenewProxy(self):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep(70)
self.proxy.renew()
time.sleep(10)
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testDestroyProxy(self):
"""
Test the proxy destroy method.
"""
self.proxy.destroy()
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject()
self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.")
return
@attr("integration")
def testGetUserName(self):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName()
identity = self.getUserIdentity().split("/")[len(self.getUserIdentity().split("/")) - 1][3:]
self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute(self):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute()
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft(self):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check(self.proxyPath)
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal(self):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename()
time.sleep(70)
attribute = self.proxy.prepareAttForVomsRenewal(self.proxy.getAttributeFromProxy(proxyPath))
self.proxy.vomsExtensionRenewal(proxyPath, attribute)
vomsTimeLeft = self.proxy.getVomsLife(proxyPath)
self.assertEqual(int(vomsTimeLeft) / 3600, 191)
@attr("integration")
def testElevateAttribute(self):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename()
attribute = self.proxy.prepareAttForVomsRenewal("/cms/Role=NULL/Capability=NULL")
self.proxy.vomsExtensionRenewal(proxyPath, attribute)
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), "/cms/Role=NULL/Capability=NULL")
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy(self):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, "No group set. Testing incomplete.")
self.assertEqual(self.proxy.group, self.getUserAttributes().split("\n")[0].split("/")[2])
@attr("integration")
def testUserRoleInProxy(self):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(self.proxy.role, self.getUserAttributes().split("\n")[0].split("/")[3].split("=")[1])
@attr("integration")
def testGetAttributes(self):
"""
Test getAttributeFromProxy method.
"""
self.assertTrue(self.proxy.group, "No group set. Testing incomplete.")
if not self.dict["role"]:
role = "NULL"
else:
role = self.dict["role"]
proxyPath = self.proxy.getProxyFilename()
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[2], self.dict["group"])
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split("/")[3].split("=")[1], role)
@attr("integration")
def testGetUserGroupAndRole(self):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict["role"]:
role = "NULL"
else:
role = self.dict["role"]
proxyPath = self.proxy.getProxyFilename()
if self.dict["group"] and self.dict["role"]:
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict["group"])
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
def createNewMyProxy2(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation. In this version the credential name will be simply
<username>_CRAB like e.g. belforte_CRAB where username is the CERN username
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
:returns a tupla with info in the credential in myprosxy: (credentialName, myproxytimeleft)
credentialName : username to use in myproxy -l username
myproxytimeleft: validity of the credential in seconds
"""
defaultDelegation = self.defaultDelegation
defaultDelegation['myproxyAccount'] = None
from CRABClient.UserUtilities import getUsername
username = getUsername(proxyFile=self.proxyInfo['filename'],
logger=self.logger)
credentialName = username + '_CRAB'
defaultDelegation['userName'] = credentialName
myproxy = Proxy(defaultDelegation)
#userDNFromCert = myproxy.getSubjectFromCert(self.certLocation)
#if userDNFromCert:
# myproxy.userDN = userDNFromCert
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" %
self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
# Also catch the exception in case WMCore encounters a problem with the proxy itself (one such case was #4532)
try:
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True,
nokey=nokey)
except CredentialException as ex:
msg = "WMCore could not computer valid time for credential %s .\n Error detail: " % credentialName
msg += "%s" % str(ex._message)
msg += "\nTry to remove old myproxy credentials as per https://twiki.cern.ch/twiki/bin/view/CMSPublic/CRAB3FAQ#crab_command_fails_with_Impossib"
self.logger.error(msg)
raise ProxyCreationException("no valid credential for %s" %
credentialName)
except Exception as ex:
logging.exception(
"Problems calculating proxy lifetime, logging stack trace and raising ProxyCreationException"
)
# WMException may contain the _message attribute. Otherwise, take the exception as a string.
msg = ex._message if hasattr(ex, "_message") else str(ex) # pylint: disable=protected-access, no-member
raise ProxyCreationException(
"Problems calculating the time left until the expiration of the proxy."
+
" Please reset your environment or contact [email protected] if the problem persists.\n%s"
% msg)
self.logger.debug("Myproxy is valid: %i", myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers != self.defaultDelegation[
'serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY)." % colors.RED
msg += " YOU CANNOT USE THE CRAB3 CLIENT."
msg += " PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/"
msg += " AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s" % colors.NORMAL
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
msg = "%sYour user certificate is going to expire in %s days." % (
colors.RED, usercertDaysLeft)
msg += " See: https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s" % colors.NORMAL
self.logger.info(msg)
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(
usercertDaysLeft * 60 * 60 * 24 - myproxytimeleft
) < 60 * 60 * 24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return (credentialName, myproxytimeleft)
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info(
"%sDelegating your proxy for %s days instead of %s %s",
colors.RED, usercertDaysLeft, self.myproxyDesiredValidity,
colors.NORMAL)
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft * 24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours",
myproxy.myproxyValidity)
try:
myproxy.delegate(serverRenewer=True, nokey=nokey)
myproxytimeleft = myproxy.getMyProxyTimeLeft(
serverRenewer=True, nokey=nokey)
if myproxytimeleft <= 0:
raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\
"(it might simply you typed a wrong password)")
else:
self.logger.debug("My-proxy delegated.")
except Exception as ex:
msg = ex._message if hasattr(ex, '_message') else str(ex) # pylint: disable=protected-access, no-member
raise ProxyCreationException(
"Problems delegating My-proxy. %s" % msg)
return (credentialName, myproxytimeleft)
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger,
'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr,
'proxyValidity' : '192:00', 'min_time_left' : 36000}
self.proxyPath = None
self.proxy = Proxy( self.dict )
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
stdout, _ = vomsProxyInfoCall.communicate()
stdout = decodeBytesToUnicode(stdout) if PY3 else stdout
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
stdout, _ = vomsProxyInfoCall.communicate()
stdout = decodeBytesToUnicode(stdout) if PY3 else stdout
return stdout[0:-1]
@attr("integration")
def testGetUserCertEnddate( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
daysleft = self.proxy.getUserCertEnddate()
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
daysleft = self.proxy.getUserCertEnddate(openSSL=False)
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
@attr("integration")
def testAAACreateProxy( self ):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep( 5 )
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(int(timeLeft) // 3600), 191)
@attr("integration")
def testRenewProxy( self ):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep( 70 )
self.proxy.renew()
time.sleep( 10 )
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(int(timeLeft) // 3600), 191)
@attr("integration")
def testDestroyProxy(self ):
"""
Test the proxy destroy method.
"""
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject( )
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName( self ):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName( )
identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:]
self.assertEqual(user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute( self ):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute( )
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft( self ):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check( self.proxyPath )
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal( self ):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename( )
time.sleep( 70 )
attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
vomsTimeLeft = self.proxy.getVomsLife( proxyPath )
self.assertEqual(int(int(vomsTimeLeft) // 3600), 191)
@attr("integration")
def testElevateAttribute( self ):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename( )
attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL')
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2])
@attr("integration")
def testUserRoleInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1])
@attr("integration")
def testGetAttributes( self ):
"""
Test getAttributeFromProxy method.
Can tested this with:
voms-proxy-init -voms cms:/cms/integration #or any group of yours
export PROXY_GROUP=integration
python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group'])
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role)
#test with the allAttributes flag
self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1)
@attr("integration")
def testGetUserGroupAndRole( self ):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
if self.dict['group'] and self.dict['role']:
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group'])
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
@attr("integration")
def testGetAllUserGroups( self ):
"""
Test GetAllUserGroups method.
"""
proxyPath = self.proxy.getProxyFilename( )
groups = self.proxy.getAllUserGroups(proxyPath)
print(list(groups))
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger,
'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr,
'proxyValidity' : '192:00', 'min_time_left' : 36000}
self.proxyPath = None
self.proxy = Proxy( self.dict )
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testGetUserCertEnddate( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
daysleft = self.proxy.getUserCertEnddate()
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
daysleft = self.proxy.getUserCertEnddate(openSSL=False)
self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem
@attr("integration")
def testAAACreateProxy( self ):
"""
Test if create method creates correctly the proxy.
This is sort of bad form to require that this test run first, but the alternative is
entering a password for every single invocation
"""
self.proxy.create()
time.sleep( 5 )
proxyPath = self.proxy.getProxyFilename()
self.assertTrue(os.path.exists(proxyPath))
@attr("integration")
def testCheckProxyTimeLeft( self ):
"""
Test if getTimeLeft method returns correctly the proxy time left.
"""
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testRenewProxy( self ):
"""
Test if the renew method renews correctly the user proxy.
"""
time.sleep( 70 )
self.proxy.renew()
time.sleep( 10 )
timeLeft = self.proxy.getTimeLeft()
self.assertEqual(int(timeLeft) / 3600, 191)
@attr("integration")
def testDestroyProxy(self ):
"""
Test the proxy destroy method.
"""
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
self.assertFalse(os.path.exists(self.proxyPath))
# Create the proxy after the destroy
self.proxy.create()
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
subject = self.proxy.getSubject( )
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName( self ):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
user = self.proxy.getUserName( )
identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:]
self.assertEqual(user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def testCheckAttribute( self ):
"""
Test if the checkAttribute method checks correctly the attributes validity.
"""
valid = self.proxy.checkAttribute( )
self.assertTrue(valid)
@attr("integration")
def testCheckTimeLeft( self ):
"""
Test if the check method checks correctly the proxy validity.
"""
valid = self.proxy.check( self.proxyPath )
self.assertTrue(valid)
@attr("integration")
def testVomsRenewal( self ):
"""
Test if vomsExtensionRenewal method renews correctly the voms-proxy.
"""
proxyPath = self.proxy.getProxyFilename( )
time.sleep( 70 )
attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
vomsTimeLeft = self.proxy.getVomsLife( proxyPath )
self.assertEqual(int(vomsTimeLeft) / 3600, 191)
@attr("integration")
def testElevateAttribute( self ):
"""
Test if the vomsExtensionRenewal method elevate last attributes given.
"""
proxyPath = self.proxy.getProxyFilename( )
attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL')
# Restore the original configuration of the proxy
self.proxy.create()
@attr("integration")
def testUserGroupInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user group.
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2])
@attr("integration")
def testUserRoleInProxy( self ):
"""
Test if getUserAttributes method returns correctly the user role.
"""
self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1])
@attr("integration")
def testGetAttributes( self ):
"""
Test getAttributeFromProxy method.
Can tested this with:
voms-proxy-init -voms cms:/cms/integration #or any group of yours
export PROXY_GROUP=integration
python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes
"""
self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.')
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group'])
self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role)
#test with the allAttributes flag
self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1)
@attr("integration")
def testGetUserGroupAndRole( self ):
"""
Test GetUserGroupAndRoleFromProxy method.
"""
if not self.dict['role']:
role = 'NULL'
else:
role = self.dict['role']
proxyPath = self.proxy.getProxyFilename( )
if self.dict['group'] and self.dict['role']:
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group'])
self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role)
@attr("integration")
def testGetAllUserGroups( self ):
"""
Test GetAllUserGroups method.
"""
proxyPath = self.proxy.getProxyFilename( )
groups = self.proxy.getAllUserGroups(proxyPath)
print(list(groups))
