def execute(self, *args, **kwargs): result = None proxycfg = {'vo': kwargs['task']['tm_user_vo'], 'logger': self.logger, 'myProxySvr': self.config.Services.MyProxy, 'proxyValidity' : '144:0', 'min_time_left' : 36000, ## do we need this ? or should we use self.myproxylen? 'userDN' : kwargs['task']['tm_user_dn'], 'group' : kwargs['task']['tm_user_group'] if kwargs['task']['tm_user_group'] else '', 'role' : kwargs['task']['tm_user_role'] if kwargs['task']['tm_user_role'] else '', 'server_key': self.config.MyProxy.serverhostkey, 'server_cert': self.config.MyProxy.serverhostcert, 'serverDN': self.config.MyProxy.serverdn, 'uisource': getattr(self.config.MyProxy, 'uisource', ''), 'credServerPath': self.config.MyProxy.credpath, 'myproxyAccount' : self.server['host'], 'cleanEnvironment' : getattr(self.config.MyProxy, 'cleanEnvironment', False) } proxy = Proxy(proxycfg) userproxy = proxy.getProxyFilename(serverRenewer=True) proxy.logonRenewMyProxy() timeleft = proxy.getTimeLeft(userproxy) usergroups = set(proxy.getAllUserGroups(userproxy)) if timeleft is None or timeleft <= 0: msg = "Impossible to retrieve proxy from %s for %s." % (proxycfg['myProxySvr'], proxycfg['userDN']) raise TaskWorkerException(msg) else: kwargs['task']['user_proxy'] = userproxy kwargs['task']['user_groups'] = usergroups result = Result(task=kwargs['task'], result='OK') return result
def execute(self, *args, **kwargs): result = None proxycfg = {'vo': kwargs['task']['tm_user_vo'], 'logger': self.logger, 'myProxySvr': self.config.Services.MyProxy, 'proxyValidity' : '144:0', 'min_time_left' : 36000, ## do we need this ? or should we use self.myproxylen? 'userDN' : kwargs['task']['tm_user_dn'], 'group' : kwargs['task']['tm_user_group'] if kwargs['task']['tm_user_group'] else '', 'role' : kwargs['task']['tm_user_role'] if kwargs['task']['tm_user_role'] else '', 'server_key': self.config.MyProxy.serverhostkey, 'server_cert': self.config.MyProxy.serverhostcert, 'serverDN': self.config.MyProxy.serverdn, 'uisource': getattr(self.config.MyProxy, 'uisource', ''), 'credServerPath': self.config.MyProxy.credpath, 'myproxyAccount' : self.server['host'], 'cleanEnvironment' : getattr(self.config.MyProxy, 'cleanEnvironment', False) } # WMCore proxy methods are awfully verbode, reduce logging level when using them with tempSetLogLevel(logger=self.logger, level=logging.ERROR): proxy = Proxy(proxycfg) userproxy = proxy.getProxyFilename(serverRenewer=True) proxy.logonRenewMyProxy() timeleft = proxy.getTimeLeft(userproxy) usergroups = set(proxy.getAllUserGroups(userproxy)) if timeleft is None or timeleft <= 0: msg = "Impossible to retrieve proxy from %s for %s." % (proxycfg['myProxySvr'], proxycfg['userDN']) self.logger.error(msg) self.logger.error("\n Will try again in verbose mode") self.logger.error("===========PROXY ERROR START ==========================") with tempSetLogLevel(logger=self.logger, level=logging.DEBUG): userproxy = proxy.getProxyFilename(serverRenewer=True) proxy.logonRenewMyProxy() timeleft = proxy.getTimeLeft(userproxy) usergroups = set(proxy.getAllUserGroups(userproxy)) self.logger.error("===========PROXY ERROR END ==========================") raise TaskWorkerException(msg) else: kwargs['task']['user_proxy'] = userproxy kwargs['task']['user_groups'] = usergroups self.logger.debug("Valid proxy for %s now in %s", proxycfg['userDN'], userproxy) result = Result(task=kwargs['task'], result='OK') return result
def execute(self, *args, **kwargs): result = None proxycfg = { 'vo': kwargs['task']['tm_user_vo'], 'logger': self.logger, 'myProxySvr': self.config.Services.MyProxy, 'proxyValidity': '144:0', 'min_time_left': 36000, ## do we need this ? or should we use self.myproxylen? 'userDN': kwargs['task']['tm_user_dn'], 'group': kwargs['task']['tm_user_group'] if kwargs['task']['tm_user_group'] else '', 'role': kwargs['task']['tm_user_role'] if kwargs['task']['tm_user_role'] else '', 'server_key': self.config.MyProxy.serverhostkey, 'server_cert': self.config.MyProxy.serverhostcert, 'serverDN': self.config.MyProxy.serverdn, 'uisource': getattr(self.config.MyProxy, 'uisource', ''), 'credServerPath': self.config.MyProxy.credpath, 'myproxyAccount': self.server['host'], 'cleanEnvironment': getattr(self.config.MyProxy, 'cleanEnvironment', False) } proxy = Proxy(proxycfg) userproxy = proxy.getProxyFilename(serverRenewer=True) proxy.logonRenewMyProxy() timeleft = proxy.getTimeLeft(userproxy) usergroups = set(proxy.getAllUserGroups(userproxy)) if timeleft is None or timeleft <= 0: msg = "Impossible to retrieve proxy from %s for %s." % ( proxycfg['myProxySvr'], proxycfg['userDN']) raise TaskWorkerException(msg) else: kwargs['task']['user_proxy'] = userproxy kwargs['task']['user_groups'] = usergroups result = Result(task=kwargs['task'], result='OK') return result
def tryProxyLogon(self, proxycfg=None): """ Utility function to allow trying with diffenent myproxy configurations. It tries to retrieve a valid proxy from myproxy using the configuration passed as argument. See WMCore.Credential.Proxy for configuration details. If successful returns the proxy filename and list of VOMS groups for later addition via voms-proxy-init. If not rises a TW exception. Note that logonRenewMyProxy() does not rise exceptions. """ # WMCore proxy methods are awfully verbose, reduce logging level when using them with tempSetLogLevel(logger=self.logger, level=logging.ERROR): proxy = Proxy(proxycfg) userproxy = proxy.getProxyFilename( serverRenewer=True) # this only returns a filename proxy.logonRenewMyProxy( ) # this tries to create the proxy, but if it fails it does not rise usergroups = set(proxy.getAllUserGroups( userproxy)) # get VOMS groups from created proxy (if any) timeleft = proxy.getTimeLeft( userproxy ) # this is the way to tell if proxy creation succeeded errmsg = '' if timeleft is None or timeleft <= 0: errmsg = "Impossible to retrieve proxy from %s for %s." % ( proxycfg['myProxySvr'], proxycfg['userDN']) if timeleft < (5 * 24 * 3600): errmsg = "Could not get a proxy valid for at least 5-days from %s for %s." % ( proxycfg['myProxySvr'], proxycfg['userDN']) if errmsg: self.logger.error(errmsg) self.logger.error("Will try again in verbose mode") self.logger.error( "===========PROXY ERROR START ==========================") with tempSetLogLevel(logger=self.logger, level=logging.DEBUG): proxy.logonRenewMyProxy() self.logger.error( "===========PROXY ERROR END ==========================") raise TaskWorkerException(errmsg) hoursleft = timeleft / 3600 minutesleft = (timeleft % 3600) / 60 self.logger.info('retrieved proxy lifetime in h:m: %d:%d', hoursleft, minutesleft) return (userproxy, usergroups)
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M', filename='proxy_unittests.log', filemode='w') logger_name = 'ProxyTest' self.logger = logging.getLogger(logger_name) self.dict = {'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr, 'proxyValidity' : '192:00', 'min_time_left' : 36000} self.proxyPath = None self.proxy = Proxy( self.dict ) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None stdout, _ = vomsProxyInfoCall.communicate() stdout = decodeBytesToUnicode(stdout) if PY3 else stdout return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None stdout, _ = vomsProxyInfoCall.communicate() stdout = decodeBytesToUnicode(stdout) if PY3 else stdout return stdout[0:-1] @attr("integration") def testGetUserCertEnddate( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ daysleft = self.proxy.getUserCertEnddate() self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem daysleft = self.proxy.getUserCertEnddate(openSSL=False) self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem @attr("integration") def testAAACreateProxy( self ): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep( 5 ) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(int(timeLeft) // 3600), 191) @attr("integration") def testRenewProxy( self ): """ Test if the renew method renews correctly the user proxy. """ time.sleep( 70 ) self.proxy.renew() time.sleep( 10 ) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(int(timeLeft) // 3600), 191) @attr("integration") def testDestroyProxy(self ): """ Test the proxy destroy method. """ self.proxy.destroy( ) self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject( ) self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName( self ): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName( ) identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute( self ): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute( ) self.assertTrue(valid) @attr("integration") def testCheckTimeLeft( self ): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check( self.proxyPath ) self.assertTrue(valid) @attr("integration") def testVomsRenewal( self ): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename( ) time.sleep( 70 ) attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) vomsTimeLeft = self.proxy.getVomsLife( proxyPath ) self.assertEqual(int(int(vomsTimeLeft) // 3600), 191) @attr("integration") def testElevateAttribute( self ): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename( ) attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL') # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy( self ): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2]) @attr("integration") def testUserRoleInProxy( self ): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1]) @attr("integration") def testGetAttributes( self ): """ Test getAttributeFromProxy method. Can tested this with: voms-proxy-init -voms cms:/cms/integration #or any group of yours export PROXY_GROUP=integration python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group']) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role) #test with the allAttributes flag self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1) @attr("integration") def testGetUserGroupAndRole( self ): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) if self.dict['group'] and self.dict['role']: self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group']) self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role) @attr("integration") def testGetAllUserGroups( self ): """ Test GetAllUserGroups method. """ proxyPath = self.proxy.getProxyFilename( ) groups = self.proxy.getAllUserGroups(proxyPath) print(list(groups))
class ProxyTest(unittest.TestCase): def setUp(self): """ Setup for unit tests """ logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', datefmt='%m-%d %H:%M', filename='proxy_unittests.log', filemode='w') logger_name = 'ProxyTest' self.logger = logging.getLogger(logger_name) self.dict = {'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role, 'myProxySvr': myProxySvr, 'proxyValidity' : '192:00', 'min_time_left' : 36000} self.proxyPath = None self.proxy = Proxy( self.dict ) def tearDown(self): """ _tearDown_ Tear down the proxy. """ return def getUserIdentity(self): """ _getUserIdentity_ Retrieve the user's subject from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] def getUserAttributes(self): """ _getUserAttributes_ Retrieve the user's attributes from the voms-proxy-info call. """ vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"], stdout = subprocess.PIPE, stderr = subprocess.PIPE) if vomsProxyInfoCall.wait() != 0: return None (stdout, stderr) = vomsProxyInfoCall.communicate() return stdout[0:-1] @attr("integration") def testGetUserCertEnddate( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ daysleft = self.proxy.getUserCertEnddate() self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem daysleft = self.proxy.getUserCertEnddate(openSSL=False) self.assertEqual(daysleft, 58) #set this as the number of days left in .globus/usercert.pem @attr("integration") def testAAACreateProxy( self ): """ Test if create method creates correctly the proxy. This is sort of bad form to require that this test run first, but the alternative is entering a password for every single invocation """ self.proxy.create() time.sleep( 5 ) proxyPath = self.proxy.getProxyFilename() self.assertTrue(os.path.exists(proxyPath)) @attr("integration") def testCheckProxyTimeLeft( self ): """ Test if getTimeLeft method returns correctly the proxy time left. """ timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testRenewProxy( self ): """ Test if the renew method renews correctly the user proxy. """ time.sleep( 70 ) self.proxy.renew() time.sleep( 10 ) timeLeft = self.proxy.getTimeLeft() self.assertEqual(int(timeLeft) / 3600, 191) @attr("integration") def testDestroyProxy(self ): """ Test the proxy destroy method. """ self.proxy.destroy( ) self.proxyPath = self.proxy.getProxyFilename() self.assertFalse(os.path.exists(self.proxyPath)) # Create the proxy after the destroy self.proxy.create() @attr("integration") def testGetSubject(self): """ _testGetSubject_ Verify that the getSubject() method works correctly. """ subject = self.proxy.getSubject( ) self.assertEqual(subject, self.getUserIdentity(), "Error: Wrong subject.") return @attr("integration") def testGetUserName( self ): """ _testGetUserName_ Verify that the getUserName() method correctly determines the user's name. """ user = self.proxy.getUserName( ) identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:] self.assertEqual(user, identity, "Error: User name is wrong: |%s|\n|%s|" % (user, identity)) return @attr("integration") def testCheckAttribute( self ): """ Test if the checkAttribute method checks correctly the attributes validity. """ valid = self.proxy.checkAttribute( ) self.assertTrue(valid) @attr("integration") def testCheckTimeLeft( self ): """ Test if the check method checks correctly the proxy validity. """ valid = self.proxy.check( self.proxyPath ) self.assertTrue(valid) @attr("integration") def testVomsRenewal( self ): """ Test if vomsExtensionRenewal method renews correctly the voms-proxy. """ proxyPath = self.proxy.getProxyFilename( ) time.sleep( 70 ) attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) vomsTimeLeft = self.proxy.getVomsLife( proxyPath ) self.assertEqual(int(vomsTimeLeft) / 3600, 191) @attr("integration") def testElevateAttribute( self ): """ Test if the vomsExtensionRenewal method elevate last attributes given. """ proxyPath = self.proxy.getProxyFilename( ) attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' ) self.proxy.vomsExtensionRenewal( proxyPath, attribute ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath), '/cms/Role=NULL/Capability=NULL') # Restore the original configuration of the proxy self.proxy.create() @attr("integration") def testUserGroupInProxy( self ): """ Test if getUserAttributes method returns correctly the user group. """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') self.assertEqual(self.proxy.group, self.getUserAttributes().split('\n')[0].split('/')[2]) @attr("integration") def testUserRoleInProxy( self ): """ Test if getUserAttributes method returns correctly the user role. """ self.assertEqual(self.proxy.role, self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1]) @attr("integration") def testGetAttributes( self ): """ Test getAttributeFromProxy method. Can tested this with: voms-proxy-init -voms cms:/cms/integration #or any group of yours export PROXY_GROUP=integration python test/python/WMCore_t/Credential_t/Proxy_t.py ProxyTest.testGetAttributes """ self.assertTrue(self.proxy.group, 'No group set. Testing incomplete.') if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[2], self.dict['group']) self.assertEqual(self.proxy.getAttributeFromProxy(proxyPath).split('/')[3].split('=')[1], role) #test with the allAttributes flag self.assertTrue(self.proxy.getAttributeFromProxy(proxyPath, allAttributes=True)>1) @attr("integration") def testGetUserGroupAndRole( self ): """ Test GetUserGroupAndRoleFromProxy method. """ if not self.dict['role']: role = 'NULL' else: role = self.dict['role'] proxyPath = self.proxy.getProxyFilename( ) if self.dict['group'] and self.dict['role']: self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[0], self.dict['group']) self.assertEqual(self.proxy.getUserGroupAndRoleFromProxy(proxyPath)[1], role) @attr("integration") def testGetAllUserGroups( self ): """ Test GetAllUserGroups method. """ proxyPath = self.proxy.getProxyFilename( ) groups = self.proxy.getAllUserGroups(proxyPath) print(list(groups))