def __getProxyStatus(self,secondsOverride = None):
from DIRAC.FrameworkSystem.Client.ProxyManagerClient import ProxyManagerClient
proxyManager = ProxyManagerClient()
group = str(credentials.getSelectedGroup())
if group == "visitor":
return {"success":"false","error":"User is anonymous or is not registered in the system"}
userDN = str(credentials.getUserDN())
if secondsOverride and str(secondsOverride).isdigit():
validSeconds = int(secondsOverride)
else:
defaultSeconds = 24 * 3600 + 60 # 24H + 1min
validSeconds = gConfig.getValue("/Registry/DefaultProxyLifeTime",defaultSeconds)
gLogger.info("\033[0;31m userHasProxy(%s, %s, %s) \033[0m" % (userDN,group,validSeconds))
result = proxyManager.userHasProxy(userDN,group,validSeconds)
if result["OK"]:
if result["Value"]:
c.result = {"success":"true","result":"true"}
else:
c.result = {"success":"true","result":"false"}
else:
c.result = {"success":"false","error":"false"}
gLogger.info("\033[0;31m PROXY: \033[0m",result)
return c.result
def __getProxyStatus(self, secondsOverride=None):
from DIRAC.FrameworkSystem.Client.ProxyManagerClient import ProxyManagerClient
proxyManager = ProxyManagerClient()
userData = self.getSessionData()
group = str(userData["user"]["group"])
if group == "visitor":
return {"success":"false", "error":"User is anonymous or is not registered in the system"}
userDN = str(userData["user"]["DN"])
defaultSeconds = 24 * 3600 + 60 # 24H + 1min
validSeconds = gConfig.getValue("/Registry/DefaultProxyLifeTime", defaultSeconds)
gLogger.info("\033[0;31m userHasProxy(%s, %s, %s) \033[0m" % (userDN, group, validSeconds))
result = proxyManager.userHasProxy(userDN, group, validSeconds)
if result["OK"]:
if result["Value"]:
return {"success":"true", "result":"true"}
else:
return {"success":"true", "result":"false"}
else:
return {"success":"false", "error":"false"}
gLogger.info("\033[0;31m PROXY: \033[0m", result)
def __init__(self):
self.db = AuthDB() # place to store session information
self.log = sLog
self.idps = IdProviderFactory()
self.proxyCli = ProxyManagerClient() # take care about proxies
self.tokenCli = TokenManagerClient() # take care about tokens
# The authorization server has its own settings, but they are standardized
self.metadata = collectMetadata()
self.metadata.validate()
# Initialize AuthorizationServer
_AuthorizationServer.__init__(self, scopes_supported=self.metadata["scopes_supported"])
# authlib requires the following methods:
# The following `save_token` method is called when requesting a new access token to save it after it is generated.
# Let's skip this step, because getting tokens and saving them if necessary has already taken place in `generate_token` method.
self.save_token = lambda x, y: None
# Framework integration can re-implement this method to support signal system.
# But in this implementation, this system is not used.
self.send_signal = lambda *x, **y: None
# The main method that will return an access token to the user (this can be a proxy)
self.generate_token = self.generateProxyOrToken
# Register configured grants
self.register_grant(RefreshTokenGrant) # Enable refreshing tokens
# Enable device code flow
self.register_grant(DeviceCodeGrant)
self.register_endpoint(DeviceAuthorizationEndpoint)
self.register_endpoint(RevocationEndpoint) # Enable revokation tokens
self.register_grant(AuthorizationCodeGrant, [CodeChallenge(required=True)]) # Enable authorization code flow
def __init__(self, **kwargs):
GridBackend.__init__(self, catalogue_prefix='', **kwargs)
from DIRAC.Core.Base import Script
Script.initialize()
from DIRAC.FrameworkSystem.Client.ProxyManagerClient import ProxyManagerClient
self.pm = ProxyManagerClient()
proxy = self.pm.getUserProxiesInfo()
if not proxy['OK']:
raise BackendException("Proxy error.")
from DIRAC.Interfaces.API.Dirac import Dirac
self.dirac = Dirac()
from DIRAC.Resources.Catalog.FileCatalog import FileCatalog
self.fc = FileCatalog()
from DIRAC.DataManagementSystem.Client.DataManager import DataManager
self.dm = DataManager()
self._xattr_cmd = sh.Command('gfal-xattr').bake(_tty_out=False)
self._replica_checksum_cmd = sh.Command('gfal-sum').bake(_tty_out=False)
self._bringonline_cmd = sh.Command('gfal-legacy-bringonline').bake(_tty_out=False)
self._cp_cmd = sh.Command('gfal-copy').bake(_tty_out=False)
self._ls_se_cmd = sh.Command('gfal-ls').bake(color='never', _tty_out=False)
self._move_cmd = sh.Command('gfal-rename').bake(_tty_out=False)
self._mkdir_cmd = sh.Command('gfal-mkdir').bake(_tty_out=False)
self._replicate_cmd = sh.Command('dirac-dms-replicate-lfn').bake(_tty_out=False)
self._add_cmd = sh.Command('dirac-dms-add-file').bake(_tty_out=False)
def __getProxyStatus(self, validSeconds=0):
from DIRAC.FrameworkSystem.Client.ProxyManagerClient import ProxyManagerClient
proxyManager = ProxyManagerClient()
group = str(credentials.getSelectedGroup())
if group == "visitor":
return {"success": "false", "error": "User not registered"}
userDN = str(credentials.getUserDN())
gLogger.info("\033[0;31m userHasProxy(%s, %s, %s) \033[0m" %
(userDN, group, validSeconds))
result = proxyManager.userHasProxy(userDN, group, validSeconds)
if result["OK"]:
if result["Value"]:
c.result = {"success": "true", "result": "true"}
else:
c.result = {"success": "true", "result": "false"}
else:
c.result = {"success": "false", "error": "false"}
gLogger.info("\033[0;31m PROXY: \033[0m", result)
return c.result
def _renewCloudProxy(self):
"""Takes short lived proxy from the site director and
promotes it to a long lived proxy keeping the DIRAC group.
:returns: True on success, false otherwise.
:rtype: bool
"""
if not self._cloudDN or not self._cloudGroup:
self.log.error(
"Could not renew cloud proxy, DN and/or Group not set.")
return False
proxyLifetime = int(
self.ceParameters.get("Context_ProxyLifetime", DEF_PROXYLIFETIME))
# only renew proxy if lifetime is less than configured lifetime
# self.valid is a datetime
if self.valid - datetime.datetime.utcnow(
) > proxyLifetime * datetime.timedelta(seconds=1):
return True
proxyLifetime += DEF_PROXYGRACE
proxyManager = ProxyManagerClient()
self.log.info("Downloading proxy with cloudDN and cloudGroup: %s, %s" %
(self._cloudDN, self._cloudGroup))
res = proxyManager.downloadProxy(self._cloudDN,
self._cloudGroup,
limited=True,
requiredTimeLeft=proxyLifetime)
if not res["OK"]:
self.log.error("Could not download proxy", res["Message"])
return False
resdump = res["Value"].dumpAllToString()
if not resdump["OK"]:
self.log.error("Failed to dump proxy to string",
resdump["Message"])
return False
self.proxy = resdump["Value"]
self.valid = datetime.datetime.utcnow(
) + proxyLifetime * datetime.timedelta(seconds=1)
return True
'issuer']:
print "You can only query info about yourself!"
sys.exit(1)
result = CS.getDNForUsername(userName)
if not result['OK']:
print "Oops %s" % result['Message']
dnList = result['Value']
if not dnList:
print "User %s has no DN defined!" % userName
sys.exit(1)
userDNs = dnList
else:
userDNs = [userName]
print "Checking for DNs %s" % " | ".join(userDNs)
pmc = ProxyManagerClient()
result = pmc.getDBContents({'UserDN': userDNs})
if not result['OK']:
print "Could not retrieve the proxy list: %s" % result['Value']
sys.exit(1)
data = result['Value']
colLengths = []
for pN in data['ParameterNames']:
colLengths.append(len(pN))
for row in data['Records']:
for i in range(len(row)):
colLengths[i] = max(colLengths[i], len(str(row[i])))
lines = [""]
for i in range(len(data['ParameterNames'])):
def main():
global userName
Script.registerSwitch("u:", "user="******"User to query (by default oneself)", setUser)
Script.parseCommandLine()
result = getProxyInfo()
if not result["OK"]:
gLogger.notice("Do you have a valid proxy?")
gLogger.notice(result["Message"])
sys.exit(1)
proxyProps = result["Value"]
userName = userName or proxyProps.get("username")
if not userName:
gLogger.notice("Your proxy don`t have username extension")
sys.exit(1)
if userName in Registry.getAllUsers():
if Properties.PROXY_MANAGEMENT not in proxyProps["groupProperties"]:
if userName != proxyProps["username"] and userName != proxyProps["issuer"]:
gLogger.notice("You can only query info about yourself!")
sys.exit(1)
result = Registry.getDNForUsername(userName)
if not result["OK"]:
gLogger.notice("Oops %s" % result["Message"])
dnList = result["Value"]
if not dnList:
gLogger.notice("User %s has no DN defined!" % userName)
sys.exit(1)
userDNs = dnList
else:
userDNs = [userName]
gLogger.notice("Checking for DNs %s" % " | ".join(userDNs))
pmc = ProxyManagerClient()
result = pmc.getDBContents({"UserDN": userDNs})
if not result["OK"]:
gLogger.notice("Could not retrieve the proxy list: %s" % result["Value"])
sys.exit(1)
data = result["Value"]
colLengths = []
for pN in data["ParameterNames"]:
colLengths.append(len(pN))
for row in data["Records"]:
for i in range(len(row)):
colLengths[i] = max(colLengths[i], len(str(row[i])))
lines = [""]
for i in range(len(data["ParameterNames"])):
pN = data["ParameterNames"][i]
lines[0] += "| %s " % pN.ljust(colLengths[i])
lines[0] += "|"
tL = len(lines[0])
lines.insert(0, "-" * tL)
lines.append("-" * tL)
for row in data["Records"]:
nL = ""
for i in range(len(row)):
nL += "| %s " % str(row[i]).ljust(colLengths[i])
nL += "|"
lines.append(nL)
lines.append("-" * tL)
gLogger.notice("\n".join(lines))
def web_proxy(self):
""" Proxy management endpoint, use:
GET /proxy?<options> -- retrieve personal proxy
* options:
* voms - to get VOMSproxy(optional)
* lifetime - requested proxy live time(optional)
GET /proxy/<user>/<group>?<options> -- retrieve proxy
* user - user name
* group - group name
* options:
* voms - to get VOMSproxy(optional)
* lifetime - requested proxy live time(optional)
GET /proxy/metadata?<options> -- retrieve proxy metadata..
* options:
:return: json
"""
voms = self.args.get('voms')
proxyLifeTime = 3600 * 12
if re.match('[0-9]+', self.args.get('lifetime') or ''):
proxyLifeTime = int(self.args.get('lifetime'))
optns = self.overpath.strip('/').split('/')
# GET
if self.request.method == 'GET':
# Return content of Proxy DB
if 'metadata' in optns:
pass
# Return personal proxy
elif not self.overpath:
result = yield self.threadTask(ProxyManagerClient().downloadPersonalProxy, self.getUserName(),
self.getUserGroup(), requiredTimeLeft=proxyLifeTime, voms=voms)
if not result['OK']:
raise WErr(500, result['Message'])
self.log.notice('Proxy was created.')
result = result['Value'].dumpAllToString()
if not result['OK']:
raise WErr(500, result['Message'])
self.finishJEncode(result['Value'])
# Return proxy
elif len(optns) == 2:
user = optns[0]
group = optns[1]
# Get proxy to string
result = getDNForUsernameInGroup(user, group)
if not result['OK'] or not result.get('Value'):
raise WErr(500, '%s@%s has no registred DN: %s' % (user, group, result.get('Message') or ""))
if voms:
result = yield self.threadTask(ProxyManagerClient().downloadVOMSProxy, user, group, requiredTimeLeft=proxyLifeTime)
else:
result = yield self.threadTask(ProxyManagerClient().downloadProxy, user, group, requiredTimeLeft=proxyLifeTime)
if not result['OK']:
raise WErr(500, result['Message'])
self.log.notice('Proxy was created.')
result = result['Value'].dumpAllToString()
if not result['OK']:
raise WErr(500, result['Message'])
self.finishJEncode(result['Value'])
else:
raise WErr(404, "Wrone way")
