def connect(self):
agave_connection_type = self._config.get('connection_type',
'impersonate')
if agave_connection_type == 'impersonate':
token_username = '******'.format(
self._config['domain'], '/' if self._config['domain'] else '',
self._config['token_username'])
Log.some().debug('user impersonation: %s', token_username)
self._agave = Agave(api_server=self._config['server'],
username=self._config['username'],
password=self._config['password'],
token_username=token_username,
client_name=self._config['client'],
api_key=self._config['key'],
api_secret=self._config['secret'],
verify=False)
elif agave_connection_type == 'agave-cli':
# get credentials from ~/.agave/current
agave_clients = Agave._read_clients()
agave_clients[0]['verify'] = False # don't verify ssl
self._agave = Agave(**agave_clients[0])
# when using agave-cli, token_username must be the same as the
# stored creds in user's home directory, this can be different
# from job username
self._config['token_username'] \
= agave_clients[0]['username']
else:
Log.an().error('invalid agave connection type: %s',
agave_connection_type)
return False
return True
def init_clients(self, parsed_args):
"""Override CommandBase to set up client with passed token
"""
api_server = getattr(parsed_args, 'api_server', None)
token = getattr(parsed_args, 'access_token', None)
nonce = getattr(parsed_args, 'nonce', None)
verify_ssl = getattr(parsed_args, 'verify_ssl', True)
if (token is not None or nonce is not None) and api_server is None:
try:
client = Agave._read_current(agave_kwargs=True)
api_server = client['api_server']
except Exception:
raise AgaveError('Unable to discover Tapis API server URL.')
# Initialize the AgavePy client
try:
if api_server is not None and token is not None:
self.tapis_client = Agave(api_server=api_server,
token=token,
verify=verify_ssl)
elif api_server is not None and nonce is not None:
self.tapis_client = Agave(api_server=api_server,
use_nonce=True,
verify=verify_ssl)
self.client_extra_args['nonce'] = nonce
else:
# Load from disk cache
# client = Agave.restore()
clients = Agave._read_clients()
client0 = clients[0]
# Override SSL verification from stored client
client0['verify'] = verify_ssl
client = Agave(**client0)
self.tapis_client = client
self.tapis_client.refresh()
except Exception:
raise AgaveError(constants.TAPIS_AUTH_FAIL)
# Initialize the direct requests client
try:
# Direct client will inherit SSL check behavior from Tapis client
self.requests_client = self._get_direct(self.tapis_client)
except Exception:
raise AgaveError(constants.TAPIS_AUTH_FAIL)
return self
def _agave_connect(self):
"""
Connect to Agave.
Args:
self: class instance.
Returns:
On success: True.
On failure: False.
"""
agave_connection_type = self._config['agave'].get(
'connection_type', 'impersonate')
if agave_connection_type == 'impersonate':
if not self._agave_username:
Log.an().error('agave username required if impersonating')
return False
self._agave = Agave(api_server=self._config['agave']['server'],
username=self._config['agave']['username'],
password=self._config['agave']['password'],
token_username=self._agave_username,
client_name=self._config['agave']['client'],
api_key=self._config['agave']['key'],
api_secret=self._config['agave']['secret'],
verify=False)
elif agave_connection_type == 'agave-cli':
# get credentials from ~/.agave/current
agave_clients = Agave._read_clients()
agave_clients[0]['verify'] = False # don't verify ssl
self._agave = Agave(**agave_clients[0])
# when using agave-cli, token_username must be the same as the
# stored creds in user's home directory, this can be different
# from job username
self._agave_username = agave_clients[0]['username']
else:
Log.an().error('invalid agave connection type: %s',
agave_connection_type)
return False
return True
def _agave_connect(self):
agave_connection_type = self._config['agave'].get(
'connection_type', 'impersonate')
if agave_connection_type == 'impersonate':
self._agave = Agave(api_server=self._config['agave']['server'],
username=self._config['agave']['username'],
password=self._config['agave']['password'],
token_username=self._job['username'],
client_name=self._config['agave']['client'],
api_key=self._config['agave']['key'],
api_secret=self._config['agave']['secret'],
verify=False)
# when using impersonate, token_username is taken from the job
# description and is used to access archived job data
self._config['agave']['token_username'] = self._job['username']
elif agave_connection_type == 'agave-cli':
# get credentials from ~/.agave/current
agave_clients = Agave._read_clients()
agave_clients[0]['verify'] = False # don't verify ssl
self._agave = Agave(**agave_clients[0])
# when using agave-cli, token_username must be the same as the
# stored creds in user's home directory, this can be different
# from job username
self._config['agave']['token_username'] \
= agave_clients[0]['username']
else:
Log.an().error('invalid agave connection type: %s',
agave_connection_type)
return False
return True
def wrapped_func(that, *args, **kwargs):
"""
Wrap function for executing an AgavePy command.
Args:
that: AgaveWrapper class instance.
*args: Any arguments to be sent to the AgavePy command.
**kwargs: Any keyword-value arguments to be sent to the
AgavePy command.
Returns:
result of the AgavePy command call.
"""
num_tries = 0
num_token_tries = 0
retry = that._config.get(self._func_key + '_retry',
that._config['retry'])
retry_delay = that._config.get(self._func_key + '_retry_delay',
that._config['retry_delay'])
while (num_tries < retry
and num_token_tries < that._config['token_retry']):
try:
try:
result = func(that, *args, **kwargs)
return result
except Exception as err:
# check for expired token error
if str(err).startswith('401'):
num_token_tries += 1
Log.a().warning('agave token error [%s]',
str(err))
time.sleep(that._config['token_retry_delay'])
# token could not be refreshed, most likely
# because token was refreshed in a different
# thread/process
# create new token
if that._config['connection_type']\
== 'impersonate':
token_username = '******'.format(
that._config['domain'],
'/' if that._config['domain'] else '',
that._config['token_username'])
Log.some().debug('user impersonation: %s',
token_username)
# re-init object without losing object
# binding
that._agave.__init__(
api_server=that._config['server'],
username=that._config['username'],
password=that._config['password'],
token_username=token_username,
client_name=that._config['client'],
api_key=that._config['key'],
api_secret=that._config['secret'],
verify=False)
elif that._config['connection_type']\
== 'agave-cli':
# get updated credentials from
# ~/.agave/current
agave_clients = Agave._read_clients()
# don't verify ssl
agave_clients[0]['verify'] = False
# re-init object without losing object
# binding
that._agave.__init__(**agave_clients[0])
else:
# shouldn't reach this condition, but raise
# exception just in case
raise Exception(
'invalid agave connection type: {}'\
.format(
that._config['connection_type']
)
)
if '404' in str(err):
if not self._silent_404:
Log.a().warning(
'agave file/dir/object not found [%s]',
str(err))
# don't retry if 404 error
return False
# not a token error, re-raise
raise err
except Exception as err:
num_tries += 1
Log.a().warning('agave call failed [%s]', str(err))
time.sleep(retry_delay)
if num_token_tries == that._config['token_retry']:
# failed after reaching token refresh attempt limit
Log.an().error(
'agave token refresh max tries (%s) exceeded',
that._config['token_retry'])
return False
if num_tries == retry:
# failed due to other exceptions
Log.an().error('agave call max tries (%s) exceeded', retry)
return False
return result
def call(self, *args, **kwargs):
"""
Wrap function for executing an AgavePy command.
Args:
self: class instance.
*args: Any arguments to be sent to the agavePy command.
**kwargs: Any keyword-value arguments to be sent to the agavePy
command.
Returns:
result of the agavePy command call.
"""
num_tries = 0
num_token_tries = 0
while (num_tries < self._retry
and num_token_tries < self._config['token_retry']):
try:
try:
result = self._call(*args, **kwargs)
return result
except Exception as err:
# check for expired token error
if '401' in str(err):
num_token_tries += 1
Log.a().warning('agave token error [%s]', str(err))
time.sleep(self._config['token_retry_delay'])
# token could not be refreshed, most likely because
# token was refreshed in a different thread/process
# create new token
if self._config['connection_type'] == 'impersonate':
# re-init object without losing object binding
self._agave.__init__(
api_server=self._config['server'],
username=self._config['username'],
password=self._config['password'],
token_username=self._config['token_username'],
client_name=self._config['client'],
api_key=self._config['key'],
api_secret=self._config['secret'],
verify=False)
elif self._config['connection_type'] == 'agave-cli':
# get updated credentials from ~/.agave/current
agave_clients = Agave._read_clients()
# don't verify ssl
agave_clients[0]['verify'] = False
# re-init object without losing object binding
self._agave.__init__(**agave_clients[0])
else:
# shouldn't reach this condition, but raise
# exception just in case
raise Exception(
'invalid agave connection type: {}'.format(
self._config['connection_type']))
if '404' in str(err):
# don't retry if 404 error
return False
# not a token error, re-raise
raise err
except Exception as err:
num_tries += 1
Log.a().warning('agave call failed [%s]', str(err))
time.sleep(self._retry_delay)
if num_token_tries == self._config['token_retry']:
# failed after reaching token refresh attempt limit
Log.an().error('agave token refresh max tries (%s) exceeded',
self._config['token_retry'])
return False
if num_tries == self._retry:
# failed due to other exceptions
Log.an().error('agave call max tries (%s) exceeded', self._retry)
return False
return result