def generateAuthTokens(): for validUser in config['globus']['valid_users']: logger.info("- generating auth token for %s" % validUser) config['globus']['valid_users'][validUser]['auth_token'] = goauth.get_access_token( username=validUser, password=config['globus']['valid_users'][validUser]['password'] ).token
def get_goauth_data(self): """ Get GOAuth data The file at $EMOP_HOME/.globus-auth (settings.globus_auth_file) is read, if it exists. If the .globus-auth file does not exist, the data is pulled from Globus Online by prompting user for username (if not provided in config.ini) and password. This function will save the goauth token to .globus-auth if it did not already exist. Args: Returns: tuple: username and goauth token """ data = None _fetch_goauth = False if os.path.isfile(self.settings.globus_auth_file): logger.debug("Globus#get_goauth_data: Reading GOAuth toke from file %s", self.settings.globus_auth_file) with open(self.settings.globus_auth_file) as datafile: data = datafile.read().strip() token = data parsed_token = self._parse_goauth_token(token) username = parsed_token['un'] expiry = parsed_token['expiry'] if not self._check_goauth_expiration(expiry=expiry): logger.warn("Globus#get_goauth_data: GOAuth expires soon!") _fetch_goauth = True else: _fetch_goauth = True if _fetch_goauth: logger.info("Globus#get_goauth_data: Getting GOAuth token from Globus") api_token = get_access_token(username=self.settings.globus_username) username = api_token.username token = api_token.token parsed_token = self._parse_goauth_token(token) with os.fdopen(os.open(self.settings.globus_auth_file, os.O_WRONLY | os.O_CREAT, 0600), 'w') as datafile: datafile.write(token)
def get_api(conf): username = conf.get_go_username() if username is None: print("Globus Username: "******"Globus Password: "******"Test": globusonline.transfer.api_client.goauth.HOST = \ "graph.api.test.globuscs.info" nexus_cert = os.path.join( os.path.dirname( globus.connect.security.__file__), "graph.api.test.globuscs.info.pem") api_ca = os.path.join( os.path.dirname( globus.connect.security.__file__), "go-ca-cert.pem") globusonline.transfer.api_client.verified_https.match_hostname = \ lambda cert, hostname: True base_url = "https://transfer.test.api.globusonline.org/" + globusonline.transfer.api_client.API_VERSION socket.setdefaulttimeout(300) for tries in range(0,10): try: auth_result = get_access_token( username=username, password=password, ca_certs=nexus_cert) if auth_result is not None: break except ssl.SSLError as e: if "timed out" not in str(e): raise e time.sleep(30) except GOCredentialsError as e: print("Globus Username: "******"Globus Password: ") api = TransferAPIClient( username=auth_result.username, goauth=auth_result.token, base_url=base_url, server_ca_file=api_ca, max_attempts=10) api.password = password return api
def generateAuthToken(): logger.info("- generating auth token for "+config['globus']['username']) t = goauth.get_access_token( username=config['globus']['username'], password=config['globus']['password'] ).token config['globus']['auth_token'] = t logger.debug("- generated: "+t)
def generateAuthTokens(): for validUser in config['globus']['valid_users']: logger.info("- generating auth token for %s" % validUser) config['globus']['valid_users'][validUser][ 'auth_token'] = goauth.get_access_token( username=validUser, password=config['globus']['valid_users'][validUser] ['password']).token
def generateAuthToken(): logger.info("- generating auth token for " + config['globus']['username']) t = goauth.get_access_token(config['globus']['username'], config['globus']['password'], os.path.join(rootPath, "globus_amazon.pem")).token config['globus']['auth_token'] = t logger.debug("- generated: " + t)
def get_api(conf): username = conf.get_go_username() if username is None: print("Globus Id: ", end=' ') username = sys.stdin.readline().strip() atglobusidorg = username.rfind("@globusid.org") if atglobusidorg != -1: username = username[:atglobusidorg] password = conf.get_go_password() if password is None: password = getpass.getpass("Password: "******"Production": globusonline.transfer.api_client.goauth.HOST = \ "nexus.api.%s.globuscs.info" % (go_instance) base_url = \ "https://transfer.%s.api.globusonline.org/%s" \ % (go_instance, globusonline.transfer.api_client.API_VERSION) nexus_cert = os.path.join( os.path.dirname(globus.connect.security.__file__), "lets_encrypt_fullchain.pem") api_cert = nexus_cert globusonline.transfer.api_client.verified_https.match_hostname = \ lambda cert, hostname: True socket.setdefaulttimeout(300) for tries in range(0, 10): try: auth_result = get_access_token(username=username, password=password, ca_certs=nexus_cert) if auth_result is not None: break except ssl.SSLError as e: if "timed out" not in str(e): raise e time.sleep(30) except GOCredentialsError as e: print("Globus Id: ", end=' ') username = sys.stdin.readline().strip() password = getpass.getpass("Globus Password: ") api = TransferAPIClient(username=auth_result.username, goauth=auth_result.token, base_url=base_url, server_ca_file=api_ca, timeout=300.0, max_attempts=10) api.password = password return api
def transfer(options): # Map legacy endpoint names to UUIDs srcendpoint = options.srcendpoint dstendpoint = options.dstendpoint if '#' in srcendpoint: srcendpoint = config['endpoint'][srcendpoint] if '#' in dstendpoint: dstendpoint = config['endpoint'][dstendpoint] # Get access token (This method of getting an acces token is deprecated and should be replaced by OAuth2 calls). auth_result = get_access_token(config['globus']['username'], config['globus']['password']) # Create a transfer submission api_client = TransferAPIClient(config['globus']['username'], goauth=auth_result.token) activate_endpoint(api_client, srcendpoint) activate_endpoint(api_client, dstendpoint) code, message, data = api_client.transfer_submission_id() submission_id = data["value"] deadline = datetime.utcnow() + timedelta(days=10) transfer_task = Transfer(submission_id, srcendpoint, dstendpoint, deadline) # Add srcpath to the transfer task if options.srcpath: transfer_task.add_item(options.srcpath, get_destination_path(options.srcpath, options.dstpath, options.recursive), recursive=options.recursive) # Add srclist to the transfer task if options.srclist: with open(options.srclist) as f: srcpath = f.readline().rstrip('\n') transfer_task.add_item(srcpath, get_destination_path(srcpath, options.dstpath, options.recursive), recursive=options.recursive) # Start the transfer task_id = None try: code, reason, data = api_client.transfer(transfer_task) task_id = data["task_id"] print 'task_id %s' % task_id except Exception as e: msg = "Could not submit the transfer. Error: %s" % str(e) sys.exit(1) # Check a status of the transfer every minute (60 secs) while True: code, reason, data = api_client.task(task_id) print data['status'] if data['status'] == 'SUCCEEDED': print 'progress %d/%d' % (data['files_transferred'], data['files']) return ('success', '') elif data['status'] == 'FAILED': return ('error', data['nice_status_details']) elif data['status'] == 'ACTIVE': print 'progress %d/%d' % (data['files_transferred'], data['files']) time.sleep(10)
def generateAuthTokens(): for validUser in config['globus']['valid_users']: logger.info("- generating auth token for %s using cert %s" % (validUser, os.path.join(rootPath, "globus_amazon.pem"))) config['globus']['valid_users'][validUser][ 'auth_token'] = goauth.get_access_token( validUser, config['globus']['valid_users'][validUser]['password'], os.path.join(rootPath, "globus_amazon.pem")).token
def transfer(options): # Map legacy endpoint names to UUIDs srcendpoint = options.srcendpoint dstendpoint = options.dstendpoint if '#' in srcendpoint: srcendpoint = config['endpoint'][srcendpoint] if '#' in dstendpoint: dstendpoint = config['endpoint'][dstendpoint] # Get access token (This method of getting an acces token is deprecated and should be replaced by OAuth2 calls). auth_result = get_access_token(config['globus']['username'], config['globus']['password']) # Create a transfer submission api_client = TransferAPIClient(config['globus']['username'], goauth=auth_result.token) activate_endpoint(api_client, srcendpoint) activate_endpoint(api_client, dstendpoint) code, message, data = api_client.transfer_submission_id() submission_id = data["value"] deadline = datetime.utcnow() + timedelta(days=10) transfer_task = Transfer(submission_id, srcendpoint, dstendpoint, deadline) # Add srcpath to the transfer task if options.srcpath: transfer_task.add_item(options.srcpath, get_destination_path(options.srcpath, options.dstpath, options.recursive), recursive=options.recursive) # Add srclist to the transfer task if options.srclist: with open(options.srclist) as f: srcpath = f.readline().rstrip('\n') transfer_task.add_item(srcpath, get_destination_path(srcpath, options.dstpath, options.recursive), recursive=options.recursive) # Start the transfer task_id = None try: code, reason, data = api_client.transfer(transfer_task) task_id = data["task_id"] print 'task_id %s' % task_id except Exception as e: msg = "Could not submit the transfer. Error: %s" % str(e) sys.exit(1) # Check a status of the transfer every minute (60 secs) while True: code, reason, data = api_client.task(task_id) if data['status'] == 'SUCCEEDED': print 'progress %d/%d' % (data['files_transferred'], data['files']) return ('success', '') elif data['status'] == 'FAILED': return ('error', data['nice_status_details']) elif data['status'] == 'ACTIVE': print 'progress %d/%d' % (data['files_transferred'], data['files']) time.sleep(10)
def generateAuthTokens(): for end_id in config['globus']['destinations']: if end_id == "endpoint_id": continue # skip example entry logger.info("- generating auth token for "+config['globus']['destinations'][end_id]['username']+" (%s)" % end_id) t = goauth.get_access_token( config['globus']['destinations'][end_id]['username'], config['globus']['destinations'][end_id]['password'], os.path.join(rootPath, "globus_amazon.pem") ).token config['globus']['destinations'][end_id]['auth_token'] = t logger.debug("- generated: "+t)
def main(): # Derive command line options from the method args, making # the endpoint name positional and the rest options. argspec = inspect.getargspec(TransferAPIClient.endpoint_create) fargs = [ arg.replace("_", "-") for arg in argspec.args if arg not in ("self", "endpoint_name") ] parser = OptionParser(usage="Usage: %prog [options] endpoint_name") for i, arg in enumerate(fargs): default = argspec.defaults[i] action = "store" type_ = "string" if arg in "public is-globus-connect".split(): action = "store_true" type_ = None elif arg == "port": type_ = "int" if default not in (None, ""): doc = "[DEFAULT: %s]" % default else: doc = None parser.add_option("--%s" % arg, action=action, type=type_, default=default, help=doc) options, args = parser.parse_args(sys.argv) if len(args) != 2: parser.error("requires one positional argument with endpoint name") # Convert options object into a keyword dict we can pass to the method kw = {} for arg in fargs: name = arg.replace("-", "_") value = getattr(options, name) if value is not None: kw[name] = value # will prompt for username and password auth_result = get_access_token() api = TransferAPIClient(username=auth_result.username, goauth=auth_result.token) _, _, data = api.endpoint_create(args[1], **kw) setup_key = data.get("globus_connect_setup_key") if setup_key: print "GC Setup Key: %s" % setup_key print "Endpoint Name: %s" % data["canonical_name"] print data["message"]
def get_token(username, token_file='globus-token.txt'): token = None if os.path.exists(token_file): with open(token_file, 'r') as f: token = f.read() if token == None: token = get_access_token(username) with open(token_file, 'w') as f: f.write(token.token) return token
def __init__(self, auth=['', ''], resource_file_path='', debug=False): """ Initialize the Globus session: login with Globus username and password Credentials can also be passed through a resource json file like this: { "globus_username":"", "globus_password":"", "myproxy_username": "", "myproxy_password": "", "PEM_passphrase": "" } :param auth: a list containing username[0], password[1], certfile[2] and keyfile[3] :param resource_file_path: path to a json file containing the credentials :param debug: set True to enable debug messages """ if debug: LOGGER.setLevel(logging.DEBUG) ch = logging.StreamHandler() ch.setLevel(logging.DEBUG) LOGGER.addHandler(ch) # Read resources from file: self.globus_init = None if resource_file_path and os.path.isfile(resource_file_path): self.globus_init = json.load(open(resource_file_path)) if not auth[0]: auth[0] = self.globus_init['globus_username'] if not auth[1]: auth[1] = self.globus_init['globus_password'] if not auth[0] or not auth[1]: print "Can not init session without a username and password.." return self.api = None self.proxy_name = 'credential-' + auth[0] + '.pem' try: result = get_access_token(username=auth[0], password=auth[1]) goauth = result.token self.api = TransferAPIClient(username=auth[0], goauth=goauth) self.api.set_debug_print(False, False) LOGGER.info("Successfully logged in with Globus Online!") except Exception as e: print "Globus Online authentication failed: {0}".format(e)
def main(): # Derive command line options from the method args, making # the endpoint name positional and the rest options. argspec = inspect.getargspec(TransferAPIClient.endpoint_create) fargs = [arg.replace("_", "-") for arg in argspec.args if arg not in ("self", "endpoint_name")] parser = OptionParser(usage="Usage: %prog [options] endpoint_name") for i, arg in enumerate(fargs): default = argspec.defaults[i] action = "store" type_ = "string" if arg in "public is-globus-connect".split(): action = "store_true" type_ = None elif arg == "port": type_ = "int" if default not in (None, ""): doc = "[DEFAULT: %s]" % default else: doc = None parser.add_option("--%s" % arg, action=action, type=type_, default=default, help=doc) options, args = parser.parse_args(sys.argv) if len(args) != 2: parser.error("requires one positional argument with endpoint name") # Convert options object into a keyword dict we can pass to the method kw = {} for arg in fargs: name = arg.replace("-", "_") value = getattr(options, name) if value is not None: kw[name] = value # will prompt for username and password auth_result = get_access_token() api = TransferAPIClient(username=auth_result.username, goauth=auth_result.token) _, _, data = api.endpoint_create(args[1], **kw) setup_key = data.get("globus_connect_setup_key") if setup_key: print "GC Setup Key: %s" % setup_key print "Endpoint Name: %s" % data["canonical_name"] print data["message"]
def get_api(conf): username = conf.get_go_username() if username is None: print "Globus Online Username: "******"Globus Online Password: "******"Test": globusonline.transfer.api_client.goauth.HOST = \ "graph.api.test.globuscs.info" nexus_cert = os.path.join( os.path.dirname(globus.connect.security.__file__), "graph.api.test.globuscs.info.pem") api_ca = os.path.join( os.path.dirname(globus.connect.security.__file__), "go-ca-cert.pem") globusonline.transfer.api_client.verified_https.match_hostname = \ lambda cert, hostname: True base_url = "https://transfer.test.api.globusonline.org/" + globusonline.transfer.api_client.API_VERSION socket.setdefaulttimeout(300) for tries in xrange(0, 10): try: auth_result = get_access_token(username=username, password=password, ca_certs=nexus_cert) if auth_result is not None: break except ssl.SSLError, e: if "timed out" not in str(e): raise e time.sleep(30) except GOCredentialsError, e: print "Globus Online Username: "******"Globus Online Password: ")
def __init__(self, service_url): self.service_url = service_url result = urlparse.urlparse(service_url) self.host = result.netloc self.query = result.path self.ep = self.__get_ep(self.query) self.path = self.__get_path(self.query) self.user = result.username self.password = result.password #result = get_go_auth(ca_certs=None, username=self.user, password=self.password) result = get_access_token(ca_certs=None, username=self.user, password=self.password) #saml_cookie = result.cookie saml_cookie = result.token self.api = api_client.TransferAPIClient(username=self.user, goauth=saml_cookie ) status_code, status_message, data = self.api.task_list() # initialize ssh client self.__state=State.New
def transferfile(results): src_file_path = results['file_abs_path'] dest_file_path = "~/example-copy" save_json(results, src_file_path) auth = get_access_token() src = "mattbest#NICHO-LENO5" # source endpoint dst = "mattbest#Oba-Nicho5-Dell" # destination endpoint # authenticate using access token api = api_client.TransferAPIClient( username=auth.username, goauth=auth.token ) # activate endpoints status, message, data = api.endpoint_autoactivate(src) status, message, data = api.endpoint_autoactivate(dst) # get submission id code, reason, result = api.transfer_submission_id() submission_id = result["value"] # designate endpoints(1) and items(2) for transfer(3) def transfer(id, source, dest): t = Transfer(id, source, dest) t.add_item(src_file_path, dest_file_path) status, reason, result = api.transfer(t) os._exit(1) ### SCHEDULE TRANSFER JOB ### scheduler = BlockingScheduler() now = datetime.now() scheduler.add_job(lambda: transfer(submission_id, src, dst), 'date', run_date=datetime(now.year, now.month, now.day, now.hour, now.minute+1, 0) ) # returns 0 in the child, pid of the child in the parent if os.fork(): sys.exit() scheduler.start() scheduler.shutdown()
def __init__(self, service_url): self.service_url = service_url result = urlparse.urlparse(service_url) self.host = result.netloc self.query = result.path self.ep = self.__get_ep(self.query) self.path = self.__get_path(self.query) self.user = result.username self.password = result.password #result = get_go_auth(ca_certs=None, username=self.user, password=self.password) result = get_access_token(ca_certs=None, username=self.user, password=self.password) #saml_cookie = result.cookie saml_cookie = result.token self.api = api_client.TransferAPIClient(username=self.user, goauth=saml_cookie) status_code, status_message, data = self.api.task_list() # initialize ssh client self.__state = State.New
def process_args(args=None, parser=None): from optparse import OptionParser if not parser: usage = "usage: %prog username [options]" parser = OptionParser(usage=usage) parser.add_option("-C", "--server-ca-file", dest="server_ca_file", help="ca file for validating server", metavar="SERVER_CA_FILE") parser.add_option("-c", "--cert", dest="cert_file", help="client cert file", metavar="CERT_FILE") parser.add_option("-k", "--key", dest="key_file", help="client key file", metavar="KEY_FILE") parser.add_option("-p", "--password-prompt", dest="password_prompt", action="store_true", default=False, help="prompt for GO password for authentication") parser.add_option("-b", "--base-url", dest="base_url", help="alternate base URL", metavar="URL") parser.add_option("-t", "--socket-timeout", dest="timeout", type="int", help="timeout in seconds for underlying TCP socket", metavar="TIMEOUT_SECONDS") parser.add_option("-a", "--max-attempts", dest="max_attempts", type="int", help="retry up to this many times on connection errors", metavar="ATTEMPTS") parser.add_option("-B", "--bearer", dest="header_auth", help="Use header-based authentication", metavar="BEARER", type="str") parser.add_option("-g", "--goauth", dest="goauth", help="Use goauth authentication", metavar="TOKEN", type="str") parser.set_defaults(base_url=DEFAULT_BASE_URL, max_attempts=1, timeout=socket._GLOBAL_DEFAULT_TIMEOUT) options, args = parser.parse_args(args) if len(args) < 1: parser.error("username arguments is required") auth_method_error = ("use only one authentication method:" + " -p, -k/-c, -B, or -g") if options.password_prompt: if (options.goauth or options.header_auth or options.key_file or options.cert_file): parser.error(auth_method_error) username = args[0] success = False for i in xrange(5): try: result = get_access_token(username=username) args[0] = result.username options.goauth = result.token success = True break except InterfaceError: sys.stderr.write("authentication to GO failed") if i < 4: sys.stderr.write(", please try again") sys.stderr.write("\n") username = None if not success: sys.stderr.write("too many failed attempts, exiting\n") sys.exit(2) elif options.header_auth: if options.key_file or options.cert_file or options.goauth: parser.error(auth_method_error) elif options.goauth: if options.key_file or options.cert_file: parser.error(auth_method_error) else: # If only one of -k/-c is specified, assume both the key and cert are # in the same file. if not options.key_file: if not options.cert_file: parser.error(auth_method_error) options.key_file = options.cert_file if not options.cert_file: options.cert_file = options.key_file return options, args
def generateAuthToken(): logger.info("- generating auth token for " + config['globus']['username']) t = goauth.get_access_token(username=config['globus']['username'], password=config['globus']['password']).token config['globus']['auth_token'] = t logger.debug("- generated: " + t)
def process_args(args=None, parser=None): from optparse import OptionParser if not parser: usage = "usage: %prog username [options]" parser = OptionParser(usage=usage) parser.add_option("-C", "--server-ca-file", dest="server_ca_file", help="ca file for validating server", metavar="SERVER_CA_FILE") parser.add_option("-c", "--cert", dest="cert_file", help="client cert file", metavar="CERT_FILE") parser.add_option("-k", "--key", dest="key_file", help="client key file", metavar="KEY_FILE") parser.add_option("-p", "--password-prompt", dest="password_prompt", action="store_true", default=False, help="prompt for GO password for authentication") parser.add_option("-b", "--base-url", dest="base_url", help="alternate base URL", metavar="URL") parser.add_option("-t", "--socket-timeout", dest="timeout", type="int", help="timeout in seconds for underlying TCP socket", metavar="TIMEOUT_SECONDS") parser.add_option("-a", "--max-attempts", dest="max_attempts", type="int", help="retry up to this many times on connection errors", metavar="ATTEMPTS") parser.add_option("-g", "--goauth", dest="goauth", help="Use goauth authentication", metavar="TOKEN", type="str") parser.set_defaults(base_url=DEFAULT_BASE_URL, max_attempts=1, timeout=socket._GLOBAL_DEFAULT_TIMEOUT) options, args = parser.parse_args(args) if len(args) < 1: parser.error("username arguments is required") auth_method_error = ("use only one authentication method:" + " -p, -k/-c, or -g") if options.password_prompt: if options.goauth or options.key_file or options.cert_file: parser.error(auth_method_error) username = args[0] success = False for i in xrange(5): try: result = get_access_token(username=username) args[0] = result.username options.goauth = result.token success = True break except InterfaceError: sys.stderr.write("authentication to GO failed") if i < 4: sys.stderr.write(", please try again") sys.stderr.write("\n") username = None if not success: sys.stderr.write("too many failed attempts, exiting\n") sys.exit(2) elif options.goauth: if options.key_file or options.cert_file: parser.error(auth_method_error) else: # If only one of -k/-c is specified, assume both the key and cert are # in the same file. if not options.key_file: if not options.cert_file: parser.error(auth_method_error) options.key_file = options.cert_file if not options.cert_file: options.cert_file = options.key_file return options, args
""" import re import os import sys import json import datetime from collections import defaultdict as dd from apscheduler.schedulers.blocking import BlockingScheduler from globusonline.transfer import api_client from globusonline.transfer.api_client import Transfer from globusonline.transfer.api_client.goauth import get_access_token # Get Globus nexus access token. Prompts for username and password auth = get_access_token() def autodict(): return dd(autodict) d = autodict() def prompt_for(question, options=[], regex=''): if options: print question, "\n" for (i, opt) in enumerate(options): print("\t{} - {}".format(i, opt)) print resp = int(raw_input('>>> ')) if 0 <= resp < len(options): return options[resp]