job_submitter_client_id = mrsldict['USER_CERT'] o.out('job_submitter_client_id: %s' % job_submitter_client_id) mrsl_jobid = mrsldict['JOB_ID'] if not jobid == mrsl_jobid: o.out('requestinteractivejob error! Wrong job_id specified!') o.reply_and_exit(o.ERROR) # TODO: check the status of the specified job(id) and verify it has not previously been executed. # The status must be ? (What about RETRY?) if mrsldict['STATUS'] == 'FINISHED': o.out('requestinteractivejob error! Job already executed!') o.reply_and_exit(o.ERROR) if not is_resource(unique_resource_name, configuration.resource_home): o.out('requestinteractivejob error! Your unique_resource_name ' + ' is not recognized as a %s resource!' % configuration.short_title ) o.reply_and_exit(o.ERROR) (status, resource_config) = \ get_resource_configuration(configuration.resource_home, unique_resource_name, logger) if not status: o.out("No resouce_config for: '" + unique_resource_name + "'\n") o.reply_and_exit(o.ERROR) logger.info('getting exe') (status, exe) = get_resource_exe(resource_config, exe_name, logger) if not status:
def main(client_id, user_arguments_dict): """Main function used by front end""" (configuration, logger, output_objects, op_name) = \ initialize_main_variables(client_id, op_header=False, op_title=False, op_menu=client_id) defaults = signature()[1] (validate_status, accepted) = validate_input(user_arguments_dict, defaults, output_objects, allow_rejects=False) if not validate_status: return (accepted, returnvalues.CLIENT_ERROR) remote_ip = str(os.getenv('REMOTE_ADDR')) unique_resource_name = accepted['unique_resource_name'][-1] exe = accepted['exe'][-1] cputime = int(accepted['cputime'][-1]) nodecount = int(accepted['nodecount'][-1]) localjobname = accepted['localjobname'][-1] sandboxkey = accepted['sandboxkey'][-1] execution_delay = int(accepted['execution_delay'][-1]) exe_pgid = int(accepted['exe_pgid'][-1]) status = returnvalues.OK # No header and footer here output_objects.append({'object_type': 'start'}) output_objects.append({'object_type': 'script_status', 'text': ''}) # Please note that base_dir must end in slash to avoid access to other # resource dirs when own name is a prefix of another resource name base_dir = os.path.abspath(os.path.join(configuration.resource_home, unique_resource_name)) + os.sep if not is_resource(unique_resource_name, configuration.resource_home): output_objects.append( {'object_type': 'error_text', 'text': "Failure: You must be an owner of '%s' to get the PGID!" % \ unique_resource_name}) return (output_objects, returnvalues.CLIENT_ERROR) # is_resource incorporates unique_resource_name verification - no need to # specifically check for illegal directory traversal on that variable. (load_status, resource_conf) = \ get_resource_configuration(configuration.resource_home, unique_resource_name, logger) if not load_status: logger.error("Invalid requestnewjob - no resouce_conf for: %s : %s" % \ (unique_resource_name, resource_conf)) output_objects.append({'object_type': 'error_text', 'text': 'invalid request: no such resource!'}) return (output_objects, returnvalues.CLIENT_ERROR) # Check that resource address matches request source to make DoS harder proxy_fqdn = resource_conf.get('FRONTENDPROXY', None) try: check_source_ip(remote_ip, unique_resource_name, proxy_fqdn) except ValueError, vae: logger.error("Invalid requestnewjob: %s (%s)" % (vae, accepted)) output_objects.append({'object_type': 'error_text', 'text': 'invalid request: %s' % vae}) return (output_objects, returnvalues.CLIENT_ERROR)
def init_vgrid_script_add_rem( vgrid_name, client_id, subject, subject_type, configuration, ): """Initialize vgrid specific add and remove scripts""" msg = '' if not vgrid_name: msg += 'Please specify vgrid_name in the querystring' return (False, msg, None) if not subject: msg += 'Please provide the name of the %s' % subject_type return (False, msg, None) if not valid_dir_input(configuration.vgrid_home, vgrid_name): msg += 'Illegal vgrid_name: %s' % vgrid_name return (False, msg, None) if subject_type == 'member' or subject_type == 'owner': if not is_user(subject, configuration.mig_server_home): msg += '%s is not a valid %s user!' % \ (subject, configuration.short_title) return (False, msg, None) elif subject_type == 'resource': if not is_resource(subject, configuration.resource_home): msg += '%s is not a valid %s resource' % \ (subject, configuration.short_title) msg += \ ' (OK, if removing or e.g. the resource creation is pending)' elif subject_type == 'trigger': # Rules are checked later pass else: msg += 'unknown subject type in init_vgrid_script_add_rem' return (False, msg, []) # special case: members may terminate own membership if (subject_type == 'member') and (client_id == subject) \ and (vgrid_is_member(vgrid_name, subject, configuration)): return (True, msg, []) # special case: members may remove own triggers and add new ones if (subject_type == 'trigger') and \ (not vgrid_is_trigger(vgrid_name, subject, configuration) or \ vgrid_is_trigger_owner(vgrid_name, subject, client_id, configuration)): return (True, msg, []) # otherwise: only owners may add or remove: if not vgrid_is_owner(vgrid_name, client_id, configuration): msg += 'You must be an owner of the %s vgrid to add/remove %s'\ % (vgrid_name, subject_type) return (False, msg, None) return (True, msg, [])
job_submitter_client_id = mrsldict['USER_CERT'] o.out('job_submitter_client_id: %s' % job_submitter_client_id) mrsl_jobid = mrsldict['JOB_ID'] if not jobid == mrsl_jobid: o.out('requestinteractivejob error! Wrong job_id specified!') o.reply_and_exit(o.ERROR) # TODO: check the status of the specified job(id) and verify it has not previously been executed. # The status must be ? (What about RETRY?) if mrsldict['STATUS'] == 'FINISHED': o.out('requestinteractivejob error! Job already executed!') o.reply_and_exit(o.ERROR) if not is_resource(unique_resource_name, configuration.resource_home): o.out('requestinteractivejob error! Your unique_resource_name ' + ' is not recognized as a %s resource!' % configuration.short_title ) o.reply_and_exit(o.ERROR) (status, resource_conf) = \ get_resource_configuration(configuration.resource_home, unique_resource_name, logger) if not status: o.out("No resouce_conf for: '" + unique_resource_name + "'\n") o.reply_and_exit(o.ERROR) logger.info('getting exe') (status, exe_conf) = get_resource_exe(resource_conf, exe, logger) if not status: