def renew(self): """ Renews credential if time_left()<update_frequency Only works if type is grid_proxy """ remaining = self.time_left() if ( (remaining != -1) and (self.update_frequency != -1) and (remaining < self.update_frequency) and (self.creation_script is not None) ): logSupport.log.debug("Updating proxy %s with creation_script %s" % (self.filename, self.creation_script)) condorExe.iexe_cmd(self.creation_script)
def test_iexe_cmd(self): """ Test the iexe_cmd function for errors. There are two sets of worker functions that will be executed. The first set writes 20k lines to stdout and exits normally (exit code: 0). The second also writes 20k lines to stdout, but these exit abnormally (exit code: 1). Both sets of scripts consist of one written in python and one written in shell script (bash). The original code for iexe_cmd would block if the buffer was filled and EOF wasn't in the buffer. The code was re-written to handle that use case, but still blocked because the write side could still fill the buffer without appending EOF. There are two solutions. One, give the buffer read command a ridiculously small buffer size (but even that isn't a guarantee since the read side doesn't know hat the buffer size should be), or two, make the read buffers non-blocking. Option two was selected. This unittest tests both the blocking condition and error handling in the function. """ # Execution should proceed normally and exit with no exceptions. try: for script in self.normal_exit_scripts: cmd = os.path.join(condorExe.condor_bin_path, script) output = iexe_cmd(cmd) except Exception as e: self.fail("Exception Occurred: %s" % str(e)) # Execution should exit with an exception. If no exception, then fail for script in self.abnormal_exit_scripts: cmd = os.path.join(condorExe.condor_bin_path, script) self.failUnlessRaises(ExeError, iexe_cmd, cmd)
def create(self): """ Generate the credential """ if self.creation_script: self.logger.debug( f"Creating credential using {self.creation_script}") try: condorExe.iexe_cmd(self.creation_script) except Exception: self.logger.exception( f"Creating credential using {self.creation_script} failed") self.advertize = False # Recreating the credential can result in ID change self._id = self.file_id(self.get_id_filename())
def file_id(self, filename, ignoredn=False): if ("grid_proxy" in self.type) and not ignoredn: dn_list = condorExe.iexe_cmd("openssl x509 -subject -in %s -noout" % (filename)) dn = dn_list[0] hash_str = filename + dn else: hash_str = filename # logSupport.log.debug("Using hash_str=%s (%d)"%(hash_str,abs(hash(hash_str))%1000000)) return str(abs(hash(hash_str)) % 1000000)
def time_left(self): """ Returns the time left if a grid proxy If missing, returns 0 If not a grid proxy or other unidentified error, return -1 """ if not os.path.exists(self.filename): return 0 if ("grid_proxy" in self.type) or ("cert_pair" in self.type): time_list = condorExe.iexe_cmd("openssl x509 -in %s -noout -enddate" % self.filename) if "notAfter=" in time_list[0]: time_str = time_list[0].split("=")[1].strip() timeleft = calendar.timegm(time.strptime(time_str, "%b %d %H:%M:%S %Y %Z")) - int(time.time()) return timeleft else: return -1
def time_left(self): """ Returns the time left if a grid proxy If missing, returns 0 If not a grid proxy or other unidentified error, return -1 """ if not os.path.exists(self.filename): return 0 if ("grid_proxy" in self.type) or ("cert_pair" in self.type): time_list = condorExe.iexe_cmd( f"openssl x509 -in {self.filename} -noout -enddate") if "notAfter=" in time_list[0]: time_str = time_list[0].split("=")[1].strip() timeleft = calendar.timegm( time.strptime(time_str, "%b %d %H:%M:%S %Y %Z")) - int( time.time()) return timeleft else: return -1
def do_global_advertize(self): """ Advertize globals with credentials """ global advertizeGCGounter for factory_pool in self.global_pool: tmpname = classadSupport.generate_classad_filename(prefix="gfi_ad_gcg") glidein_params_to_encrypt = {} fd = file(tmpname, "w") x509_proxies_data = [] if self.descript_obj.x509_proxies_plugin is not None: x509_proxies_data = self.descript_obj.x509_proxies_plugin.get_credentials() nr_credentials = len(x509_proxies_data) glidein_params_to_encrypt["NumberOfCredentials"] = "%s" % nr_credentials else: nr_credentials = 0 request_name = "Global" if factory_pool in self.global_params: request_name, security_name = self.global_params[factory_pool] glidein_params_to_encrypt["SecurityName"] = security_name classad_name = "%s@%s" % (request_name, self.descript_obj.my_name) fd.write('MyType = "%s"\n' % frontendConfig.client_global) fd.write('GlideinMyType = "%s"\n' % frontendConfig.client_global) fd.write('GlideinWMSVersion = "%s"\n' % frontendConfig.glideinwms_version) fd.write('Name = "%s"\n' % classad_name) fd.write('FrontendName = "%s"\n' % self.descript_obj.frontend_name) fd.write('GroupName = "%s"\n' % self.descript_obj.group_name) fd.write('ClientName = "%s"\n' % self.descript_obj.my_name) for i in range(nr_credentials): cred_el = x509_proxies_data[i] cred_el.renew() cred_el.advertize = True if hasattr(cred_el, "filename"): try: if (not os.path.exists(cred_el.filename)) and (cred_el.creation_script is not None): logSupport.log.debug( "Proxy %s didn not exist, calling creation_script %s" % (cred_el.filename, cred_el.creation_script) ) condorExe.iexe_cmd(cred_el.creation_script) data_fd = open(cred_el.filename) cred_data = data_fd.read() data_fd.close() except: cred_el.advertize = False logSupport.log.exception("Advertising global credential %s failed" % cred_el.filename) continue glidein_params_to_encrypt[cred_el.file_id(cred_el.filename)] = cred_data if hasattr(cred_el, "security_class"): # Convert the sec class to a string so the Factory can interpret the value correctly glidein_params_to_encrypt["SecurityClass" + cred_el.file_id(cred_el.filename)] = str( cred_el.security_class ) if hasattr(cred_el, "key_fname"): try: data_fd = open(cred_el.key_fname) cred_data = data_fd.read() data_fd.close() except: cred_el.advertize = False logSupport.log.exception("Advertising global credential %s failed: " % cred_el.filename) continue glidein_params_to_encrypt[cred_el.file_id(cred_el.key_fname)] = cred_data if hasattr(cred_el, "security_class"): # Convert the sec class to a string so the Factory can interpret the value correctly glidein_params_to_encrypt["SecurityClass" + cred_el.file_id(cred_el.key_fname)] = str( cred_el.security_class ) if hasattr(cred_el, "pilot_fname"): try: data_fd = open(cred_el.pilot_fname) cred_data = data_fd.read() data_fd.close() except: cred_el.advertize = False logSupport.log.exception("Advertising global credential %s failed: " % cred_el.filename) continue glidein_params_to_encrypt[cred_el.file_id(cred_el.pilot_fname)] = cred_data if hasattr(cred_el, "security_class"): # Convert the sec class to a string so the Factory can interpret the value correctly glidein_params_to_encrypt["SecurityClass" + cred_el.file_id(cred_el.pilot_fname)] = str( cred_el.security_class ) if factory_pool in self.global_key: key_obj = self.global_key[factory_pool] if key_obj is not None: fd.write(string.join(key_obj.get_key_attrs(), "\n") + "\n") for attr in glidein_params_to_encrypt.keys(): # logSupport.log.debug("Encrypting (%s,%s)"%(attr,glidein_params_to_encrypt[attr])) el = key_obj.encrypt_hex(glidein_params_to_encrypt[attr]) escaped_el = string.replace(string.replace(str(el), '"', '\\"'), "\n", "\\n") fd.write('%s%s = "%s"\n' % (frontendConfig.encrypted_param_prefix, attr, escaped_el)) # Update Sequence number information if advertizeGCGounter.has_key(classad_name): advertizeGCGounter[classad_name] += 1 else: advertizeGCGounter[classad_name] = 0 fd.write("UpdateSequenceNumber = %s\n" % advertizeGCGounter[classad_name]) fd.close() try: advertizeWorkFromFile(factory_pool, tmpname, remove_file=True) except condorExe.ExeError: logSupport.log.exception("Advertising globals failed for factory pool %s: " % factory_pool)