def multiProxyArgument(proxy=False):
"""
Load a proxy:
proxyChain param can be:
: Default -> use current proxy
: string -> upload file specified as proxy
: X509Chain -> use chain
returns:
S_OK( { 'file' : <string with file location>,
'chain' : X509Chain object,
'tempFile' : <True if file is temporal>
}
S_ERROR
"""
tempFile = False
#Set env
if type(proxy) == g_X509ChainType:
tempFile = True
retVal = writeChainToTemporaryFile(proxy)
if not retVal['OK']:
return retVal
proxyLoc = retVal['Value']
else:
if not proxy:
proxyLoc = getProxyLocation()
if not proxyLoc:
return S_ERROR("Can't find proxy")
if type(proxy) == types.StringType:
proxyLoc = proxy
#Load proxy
proxy = X509Chain()
retVal = proxy.loadProxyFromFile(proxyLoc)
if not retVal['OK']:
return S_ERROR("Can't load proxy at %s" % proxyLoc)
return S_OK({'file': proxyLoc, 'chain': proxy, 'tempFile': tempFile})
def __call__(self, name, plugins=None, vo=None, hideExceptions=False):
self.seCache.purgeExpired(expiredInSeconds=60)
tId = threading.current_thread().ident
if not vo:
result = getVOfromProxyGroup()
if not result['OK']:
return
vo = result['Value']
# Because the gfal2 context caches the proxy location,
# we also use the proxy location as a key.
# In practice, there should almost always be one, except for the REA
# If we see its memory consumtpion exploding, this might be a place to look
proxyLoc = getProxyLocation()
argTuple = (tId, name, plugins, vo, proxyLoc)
seObj = self.seCache.get(argTuple)
if not seObj:
seObj = StorageElementItem(name, plugins, vo, hideExceptions=hideExceptions)
# Add the StorageElement to the cache for 1/2 hour
self.seCache.add(argTuple, 1800, seObj)
return seObj
def __getProxy( self ):
"""
return proxy string from current environment
"""
proxyLocation = getProxyLocation()
fopen = open( proxyLocation, 'r' )
proxyString = fopen.read()
fopen.close()
return proxyString
def __getProxy( self ):
"""
return proxy string from current environment
"""
proxyLocation = getProxyLocation()
fopen = open( proxyLocation, 'r' )
proxyString = fopen.read()
fopen.close()
return proxyString
def do_connect(self, args):
"""Choose the specified cloud endpoint for connection
usage:
connect <site> [<endpoint> [project]]
"""
self.site = None
self.endpoint = None
self.project = None
argss = args.split()
self.site = argss.pop(0)
if argss:
self.endpoint = argss.pop(0)
if argss:
self.project = argss.pop(0)
result = getVMTypeConfig(self.site, self.endpoint)
if not result["OK"]:
print("ERROR: can not get the cloud endpoint configuration \n%s" %
result["Message"])
return
ceDict = result["Value"]
if not self.project:
self.project = ceDict.get("Project")
if not self.endpoint:
self.endpoint = ceDict["CEName"]
# Check for authentication details
authType = ceDict.get("Auth")
if authType and authType in ["x509", "voms"]:
# We need proxy to proceed
self.proxyLocation = None
proxy = getProxyLocation()
if not proxy:
print(
"ERROR: Requested endpoint requires proxy but it is not found"
)
return
self.proxyLocation = proxy
else:
# We need user/login to proceed
if not ceDict.get("User") or not ceDict.get("Password"):
print("Endpoint requires user/password")
self.user = input(["Login:"******"Password:"******"Connection: site=%s, endpoint=%s, project=%s" %
(self.site, self.endpoint, self.project))
self.prompt = "%s/%s/%s> " % (self.site, self.endpoint, self.project)
def do_connect(self, args):
""" Choose the specified cloud endpoint for connection
usage:
connect <site> [<endpoint> [project]]
"""
self.site = None
self.endpoint = None
self.project = None
argss = args.split()
self.site = argss.pop(0)
if argss:
self.endpoint = argss.pop(0)
if argss:
self.project = argss.pop(0)
result = getVMTypeConfig(self.site, self.endpoint)
if not result['OK']:
print "ERROR: can not get the cloud endpoint configuration \n%s" % result[
'Message']
return
ceDict = result['Value']
if not self.project:
self.project = ceDict.get('Project')
if not self.endpoint:
self.endpoint = ceDict['CEName']
# Check for authentication details
authType = ceDict.get('Auth')
if authType and authType in ['x509', 'voms']:
# We need proxy to proceed
self.proxyLocation = None
proxy = getProxyLocation()
if not proxy:
print "ERROR: Requested endpoint requires proxy but it is not found"
return
self.proxyLocation = proxy
else:
# We need user/login to proceed
if not ceDict.get('User') or not ceDict.get('Password'):
print "Endpoint requires user/password"
self.user = raw_input(["Login:"******"Password:"******"Connection: site=%s, endpoint=%s, project=%s" % (
self.site, self.endpoint, self.project)
self.prompt = '%s/%s/%s> ' % (self.site, self.endpoint, self.project)
def multiProxyArgument( proxy = False ):
"""
Load a proxy:
:param proxy: param can be:
* Default -> use current proxy
* string -> upload file specified as proxy
* X509Chain -> use chain
:returns: S_OK/S_ERROR
.. code-block:: python
S_OK( { 'file' : <string with file location>,
'chain' : X509Chain object,
'tempFile' : <True if file is temporal>
} )
S_ERROR
"""
tempFile = False
# Set env
if type( proxy ) == g_X509ChainType:
tempFile = True
retVal = writeChainToTemporaryFile( proxy )
if not retVal[ 'OK' ]:
return retVal
proxyLoc = retVal[ 'Value' ]
else:
if not proxy:
proxyLoc = getProxyLocation()
if not proxyLoc:
return S_ERROR( DErrno.EPROXYFIND )
if isinstance( proxy, basestring ):
proxyLoc = proxy
# Load proxy
proxy = X509Chain()
retVal = proxy.loadProxyFromFile( proxyLoc )
if not retVal[ 'OK' ]:
return S_ERROR( DErrno.EPROXYREAD, "ProxyLocation: %s" % proxyLoc )
return S_OK( { 'file' : proxyLoc,
'chain' : proxy,
'tempFile' : tempFile } )
def multiProxyArgument(proxy=False):
"""
Load a proxy:
:param proxy: param can be:
* Default -> use current proxy
* string -> upload file specified as proxy
* X509Chain -> use chain
:returns: S_OK/S_ERROR
.. code-block:: python
S_OK( { 'file' : <string with file location>,
'chain' : X509Chain object,
'tempFile' : <True if file is temporal>
} )
S_ERROR
"""
tempFile = False
# Set env
if isinstance(proxy, X509Chain):
tempFile = True
retVal = writeChainToTemporaryFile(proxy)
if not retVal['OK']:
return retVal
proxyLoc = retVal['Value']
else:
if not proxy:
proxyLoc = getProxyLocation()
if not proxyLoc:
return S_ERROR(DErrno.EPROXYFIND)
if isinstance(proxy, six.string_types):
proxyLoc = proxy
# Load proxy
proxy = X509Chain()
retVal = proxy.loadProxyFromFile(proxyLoc)
if not retVal['OK']:
return S_ERROR(DErrno.EPROXYREAD, "ProxyLocation: %s" % proxyLoc)
return S_OK({'file': proxyLoc,
'chain': proxy,
'tempFile': tempFile})
def __addDoubleSlash(self, res):
"""Utilities to add the double slash between the host(:port) and the path
:param res: DIRAC return structure which contains an URL if S_OK
:return: DIRAC structure with corrected URL
"""
if not res["OK"]:
return res
url = res["Value"]
res = pfnparse(url, srmSpecific=self.srmSpecificParse)
if not res["OK"]:
return res
urlDict = res["Value"]
urlDict["Path"] = "/" + urlDict["Path"]
# Now, that's one heck of a disgusting hack
# xrootd client is a bit faulty when managing
# the connection cache, and ends up reusing an
# existing connection for different users (security flaw...)
# they have fixed it (to some extent starting from xrootd 4.10)
# (https://github.com/xrootd/xrootd/issues/976)
# BUT. They still can't consume properly the information when
# the identity is passed in the url (root://url?gsiusrpxy=/tmp/myproxy)
# So we apply a trick here which is to specify the proxy filename as a virtual user
# This has no consequence (developer's own words), but to distinguish between users
# Another ticket has been opened for that https://github.com/xrootd/xrootd/issues/992
try:
proxyLoc = getProxyLocation()
if proxyLoc:
# xroot does not support dots in the virtual user
proxyLoc = os.path.basename(proxyLoc).replace(".", "")
urlDict["Host"] = "%s@%s" % (proxyLoc, urlDict["Host"])
except Exception as e:
self.log.warn("Exception trying to add virtual user in the url",
repr(e))
return pfnunparse(urlDict, srmSpecific=self.srmSpecificParse)
def multiProxyArgument( proxy = False ):
"""
Load a proxy:
proxyChain param can be:
: Default -> use current proxy
: string -> upload file specified as proxy
: X509Chain -> use chain
returns:
S_OK( { 'file' : <string with file location>,
'chain' : X509Chain object,
'tempFile' : <True if file is temporal>
}
S_ERROR
"""
tempFile = False
#Set env
if type( proxy ) == g_X509ChainType:
tempFile = True
retVal = writeChainToTemporaryFile( proxy )
if not retVal[ 'OK' ]:
return retVal
proxyLoc = retVal[ 'Value' ]
else:
if not proxy:
proxyLoc = getProxyLocation()
if not proxyLoc:
return S_ERROR( "Can't find proxy" )
if type( proxy ) == types.StringType:
proxyLoc = proxy
#Load proxy
proxy = X509Chain()
retVal = proxy.loadProxyFromFile( proxyLoc )
if not retVal[ 'OK' ]:
return S_ERROR( "Can't load proxy at %s" % proxyLoc )
return S_OK( { 'file' : proxyLoc,
'chain' : proxy,
'tempFile' : tempFile } )
def getUsers(self):
""" Get all the users of the VOMS VO with their detailed information
:return: user dictionary keyed by the user DN
"""
userProxy = getProxyLocation()
caPath = os.environ['X509_CERT_DIR']
rawUserList = []
result = None
for url in self.urls:
rawUserList = []
startIndex = 0
result = None
error = None
urlDone = False
while not urlDone:
try:
result = requests.get(url,
headers={"X-VOMS-CSRF-GUARD": "y"},
cert=userProxy,
verify=caPath,
params={"startIndex": str(startIndex),
"pageSize": "100"})
except requests.ConnectionError as exc:
error = "%s:%s" % (url, repr(exc))
urlDone = True
continue
if result.status_code != 200:
error = "Failed to contact the VOMS server: %s" % result.text
urlDone = True
continue
userList = result.json()['result']
rawUserList.extend(userList)
if len(userList) < 100:
urlDone = True
startIndex += 100
# This URL did not work, try another one
if error:
continue
else:
break
if error:
return S_ERROR(DErrno.ENOAUTH, "Failed to contact the VOMS server: %s" % error)
# We have got the user info, reformat it
resultDict = {}
for user in rawUserList:
for cert in user['certificates']:
dn = cert['subjectString']
resultDict[dn] = user
resultDict[dn]['CA'] = cert['issuerString']
resultDict[dn]['certSuspended'] = cert['suspended']
resultDict[dn]['certSuspensionReason'] = cert['suspensionReason']
resultDict[dn]['mail'] = user['emailAddress']
resultDict[dn]['Roles'] = user['fqans']
attributes = user.get('attributes')
if attributes:
for attribute in user.get('attributes', []):
if attribute.get('name') == 'nickname':
resultDict[dn]['nickname'] = attribute.get('value')
self.userDict = dict(resultDict)
return S_OK(resultDict)
def getUsers(self):
"""Get all the users of the VOMS VO with their detailed information
:return: user dictionary keyed by the user DN
"""
if not self.urls:
return S_ERROR(DErrno.ENOAUTH, "No VOMS server defined")
userProxy = getProxyLocation()
caPath = getCAsLocation()
rawUserList = []
result = None
for url in self.urls:
rawUserList = []
startIndex = 0
result = None
error = None
urlDone = False
while not urlDone:
try:
result = requests.get(
url,
headers={"X-VOMS-CSRF-GUARD": "y"},
cert=userProxy,
verify=caPath,
params={"startIndex": str(startIndex), "pageSize": "100"},
)
except requests.ConnectionError as exc:
error = "%s:%s" % (url, repr(exc))
urlDone = True
continue
if result.status_code != 200:
error = "Failed to contact the VOMS server: %s" % result.text
urlDone = True
continue
userList = result.json()["result"]
rawUserList.extend(userList)
if len(userList) < 100:
urlDone = True
startIndex += 100
# This URL did not work, try another one
if error:
continue
else:
break
if error:
return S_ERROR(DErrno.ENOAUTH, "Failed to contact the VOMS server: %s" % error)
# We have got the user info, reformat it
resultDict = {}
for user in rawUserList:
for cert in user["certificates"]:
dn = cert["subjectString"]
resultDict[dn] = user
resultDict[dn]["CA"] = cert["issuerString"]
resultDict[dn]["certSuspended"] = cert.get("suspended")
resultDict[dn]["suspended"] = user.get("suspended")
resultDict[dn]["mail"] = user.get("emailAddress")
resultDict[dn]["Roles"] = user.get("fqans")
attributes = user.get("attributes")
if attributes:
for attribute in user.get("attributes", []):
if attribute.get("name") == "nickname":
resultDict[dn]["nickname"] = attribute.get("value")
self.userDict = dict(resultDict)
return S_OK(resultDict)
#
# Testing DIRAC.Resources.Computing.Pilot.writeScript
# Example:
# python test_wrapperScript.py | tee script.py && chmod +x script.py && ./script.py
#
__RCSID__ = "$Id: DIRACPilotDirector.py 28536 2010-09-23 06:08:40Z rgracian $"
from DIRAC.Core.Base import Script
from DIRAC.FrameworkSystem.Client.ProxyGeneration import CLIParams, generateProxy
from DIRAC.Core.Security.Locations import getProxyLocation
from DIRAC.Core.Security.X509Chain import X509Chain
Script.disableCS()
Script.parseCommandLine()
proxyFile = getProxyLocation()
if not proxyFile:
retVal = generateProxy(CLIParams())
if not retVal['OK']:
proxy = None
else:
proxy = X509Chain()
proxy.loadChainFromFile(retVal['Value'])
else:
proxy = X509Chain()
proxy.loadChainFromFile(proxyFile)
from DIRAC.Resources.Computing import Pilot
import os
pilotFile = Pilot.__file__
#
# Testing DIRAC.Resources.Computing.Pilot.writeScript
# Example:
# python test_wrapperScript.py | tee script.py && chmod +x script.py && ./script.py
#
__RCSID__ = "$Id: DIRACPilotDirector.py 28536 2010-09-23 06:08:40Z rgracian $"
from DIRAC.Core.Base import Script
from DIRAC.FrameworkSystem.Client.ProxyGeneration import CLIParams, generateProxy
from DIRAC.Core.Security.Locations import getProxyLocation
from DIRAC.Core.Security.X509Chain import X509Chain
Script.disableCS()
Script.parseCommandLine()
proxyFile = getProxyLocation()
if not proxyFile:
retVal = generateProxy(CLIParams())
if not retVal['OK']:
proxy = None
else:
proxy = X509Chain()
proxy.loadChainFromFile(retVal['Value'])
else:
proxy = X509Chain()
proxy.loadChainFromFile(proxyFile)
from DIRAC.Resources.Computing import Pilot
import os
pilotFile = Pilot.__file__
