def wrapped_fcn( *args, **kwargs ):
userName = kwargs.pop( 'proxyUserName', '' )
userDN = kwargs.pop( 'proxyUserDN', '' )
userGroup = kwargs.pop( 'proxyUserGroup', '' )
vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
proxyFilePath = kwargs.pop( 'proxyFilePath', False )
if ( userName or userDN ) and userGroup:
# Setup user proxy
originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
if not userDN:
result = getDNForUsername( userName )
if not result[ 'OK' ]:
return result
userDN = result[ 'Value' ][0]
vomsAttr = ''
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup( userGroup )
if vomsAttr:
result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup,
requiredVOMSAttribute = vomsAttr,
filePath = proxyFilePath,
requiredTimeLeft = 3600,
cacheTime = 3600 )
else:
result = gProxyManager.downloadProxyToFile( userDN, userGroup,
filePath = proxyFilePath,
requiredTimeLeft = 3600,
cacheTime = 3600 )
if not result['OK']:
gLogger.warn( "Can't download proxy to file", result['Message'] )
return result
proxyFile = result['Value']
os.environ['X509_USER_PROXY'] = proxyFile
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
try:
resultFcn = fcn( *args, **kwargs )
except Exception, x:
resultFcn = S_ERROR( "Exception: %s" % str( x ) )
# Restore the default host certificate usage if necessary
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
if originalUserProxy:
os.environ['X509_USER_PROXY'] = originalUserProxy
else:
os.environ.pop( 'X509_USER_PROXY' )
return resultFcn
def wrapped_fcn(*args, **kwargs):
userName = kwargs.pop("proxyUserName", "")
userGroup = kwargs.pop("proxyUserGroup", "")
vomsFlag = kwargs.pop("proxyWithVOMS", True)
proxyFilePath = kwargs.pop("proxyFilePath", False)
if userName and userGroup:
# Setup user proxy
originalUserProxy = os.environ.get("X509_USER_PROXY")
result = getDNForUsername(userName)
if not result["OK"]:
return result
userDN = result["Value"][0]
vomsAttr = ""
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup(userGroup)
if vomsAttr:
result = gProxyManager.downloadVOMSProxyToFile(
userDN,
userGroup,
requiredVOMSAttribute=vomsAttr,
filePath=proxyFilePath,
requiredTimeLeft=3600,
cacheTime=3600,
)
else:
result = gProxyManager.downloadProxyToFile(
userDN, userGroup, filePath=proxyFilePath, requiredTimeLeft=3600, cacheTime=3600
)
if not result["OK"]:
return result
proxyFile = result["Value"]
os.environ["X509_USER_PROXY"] = proxyFile
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG("/DIRAC/Security/UseServerCertificate", "false")
try:
resultFcn = fcn(*args, **kwargs)
except Exception, x:
resultFcn = S_ERROR("Exception: %s" % str(x))
# Restore the default host certificate usage if necessary
if useServerCertificate:
gConfigurationData.setOptionInCFG("/DIRAC/Security/UseServerCertificate", "true")
if originalUserProxy:
os.environ["X509_USER_PROXY"] = originalUserProxy
else:
os.environ.pop("X509_USER_PROXY")
return resultFcn
def wrapped_fcn(*args, **kwargs):
userName = kwargs.pop('proxyUserName', '')
userDN = kwargs.pop('proxyUserDN', '')
userGroup = kwargs.pop('proxyUserGroup', '')
vomsFlag = kwargs.pop('proxyWithVOMS', True)
proxyFilePath = kwargs.pop('proxyFilePath', False)
if (userName or userDN) and userGroup:
# Setup user proxy
originalUserProxy = os.environ.get('X509_USER_PROXY')
if userDN:
userDNs = [userDN]
else:
result = getDNForUsername(userName)
if not result['OK']:
return result
userDNs = result[
'Value'] # a same user may have more than one DN
vomsAttr = ''
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup(userGroup)
result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)
if not result['OK']:
return result
proxyFile = result['Value']
os.environ['X509_USER_PROXY'] = proxyFile
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG(
'/DIRAC/Security/UseServerCertificate', 'false')
try:
return fcn(*args, **kwargs)
except Exception as lException: #pylint: disable=broad-except
value = ','.join([str(arg) for arg in lException.args])
exceptType = lException.__class__.__name__
return S_ERROR("Exception - %s: %s" % (exceptType, value))
finally:
# Restore the default host certificate usage if necessary
if useServerCertificate:
gConfigurationData.setOptionInCFG(
'/DIRAC/Security/UseServerCertificate', 'true')
if originalUserProxy:
os.environ['X509_USER_PROXY'] = originalUserProxy
else:
os.environ.pop('X509_USER_PROXY')
else:
# No proxy substitution requested
return fcn(*args, **kwargs)
def wrapped_fcn( *args, **kwargs ):
userName = kwargs.pop( 'proxyUserName', '' )
userGroup = kwargs.pop( 'proxyUserGroup', '' )
vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
proxyFilePath = kwargs.pop( 'proxyFilePath', False )
if userName and userGroup:
# Setup user proxy
originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
result = getDNForUsername( userName )
if not result[ 'OK' ]:
return result
userDN = result[ 'Value' ][0]
vomsAttr = ''
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup( userGroup )
if vomsAttr:
result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup,
requiredVOMSAttribute = vomsAttr,
filePath = proxyFilePath,
requiredTimeLeft = 3600,
cacheTime = 3600 )
else:
result = gProxyManager.downloadProxyToFile( userDN, userGroup,
filePath = proxyFilePath,
requiredTimeLeft = 3600,
cacheTime = 3600 )
if not result['OK']:
return result
proxyFile = result['Value']
os.environ['X509_USER_PROXY'] = proxyFile
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
try:
resultFcn = fcn( *args, **kwargs )
except Exception, x:
resultFcn = S_ERROR( "Exception: %s" % str( x ) )
# Restore the default host certificate usage if necessary
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
if originalUserProxy:
os.environ['X509_USER_PROXY'] = originalUserProxy
else:
os.environ.pop( 'X509_USER_PROXY' )
return resultFcn
def wrapped_fcn( *args, **kwargs ):
userName = kwargs.pop( 'proxyUserName', '' )
userDN = kwargs.pop( 'proxyUserDN', '' )
userGroup = kwargs.pop( 'proxyUserGroup', '' )
vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
proxyFilePath = kwargs.pop( 'proxyFilePath', False )
if ( userName or userDN ) and userGroup:
# Setup user proxy
originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
if userDN:
userDNs = [userDN]
else:
result = getDNForUsername( userName )
if not result[ 'OK' ]:
return result
userDNs = result['Value'] # a same user may have more than one DN
vomsAttr = ''
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup( userGroup )
result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)
if not result['OK']:
return result
proxyFile = result['Value']
os.environ['X509_USER_PROXY'] = proxyFile
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
try:
return fcn( *args, **kwargs )
except Exception as lException:
value = ','.join( [str( arg ) for arg in lException.args] )
exceptType = lException.__class__.__name__
return S_ERROR( "Exception - %s: %s" % ( exceptType, value ) )
finally:
# Restore the default host certificate usage if necessary
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
if originalUserProxy:
os.environ['X509_USER_PROXY'] = originalUserProxy
else:
os.environ.pop( 'X509_USER_PROXY' )
else:
# No proxy substitution requested
return fcn( *args, **kwargs )
def getDirectoryMetadata( self, lfns, timeout = 120 ):
''' Get standard directory metadata
'''
rpcClient = self._getRPC( timeout = timeout )
result = rpcClient.getDirectoryMetadata( lfns )
if not result['OK']:
return result
# Add some useful fields
for path in result['Value']['Successful']:
owner = result['Value']['Successful'][path]['Owner']
group = result['Value']['Successful'][path]['OwnerGroup']
res = getDNForUsername( owner )
if res['OK']:
result['Value']['Successful'][path]['OwnerDN'] = res['Value'][0]
else:
result['Value']['Successful'][path]['OwnerDN'] = ''
result['Value']['Successful'][path]['OwnerRole'] = getVOMSAttributeForGroup( group )
return result
def getDirectoryMetadata(self, lfns, timeout=120):
''' Get standard directory metadata
'''
rpcClient = self._getRPC(timeout=timeout)
result = rpcClient.getDirectoryMetadata(lfns)
if not result['OK']:
return result
# Add some useful fields
for path in result['Value']['Successful']:
owner = result['Value']['Successful'][path]['Owner']
group = result['Value']['Successful'][path]['OwnerGroup']
res = getDNForUsername(owner)
if res['OK']:
result['Value']['Successful'][path]['OwnerDN'] = res['Value'][0]
else:
result['Value']['Successful'][path]['OwnerDN'] = ''
result['Value']['Successful'][path]['OwnerRole'] = getVOMSAttributeForGroup(group)
return result
def _putProxy(userDN=None,
userName=None,
userGroup=None,
vomsFlag=None,
proxyFilePath=None,
executionLockFlag=False):
"""Download proxy, place in a file and populate X509_USER_PROXY environment variable.
Parameters like `userProxy` or `executeWithUserProxy`.
:returns: Tuple of originalUserProxy, useServerCertificate, executionLock
"""
# Setup user proxy
if userDN:
userDNs = [userDN]
else:
result = getDNForUsername(userName)
if not result["OK"]:
return result
userDNs = result["Value"] # a same user may have more than one DN
vomsAttr = ""
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup(userGroup)
result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)
if not result["OK"]:
return result
executionLock = LockRing().getLock(
"_UseUserProxy_", recursive=True) if executionLockFlag else None
if executionLockFlag:
executionLock.acquire()
os.environ["X509_USER_PROXY"], originalUserProxy = result[
"Value"], os.environ.get("X509_USER_PROXY")
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG(
"/DIRAC/Security/UseServerCertificate", "false")
return S_OK((originalUserProxy, useServerCertificate, executionLock))
def getDirectoryMetadata(self, lfns, timeout=120):
"""Get standard directory metadata"""
rpcClient = self._getRPC(timeout=timeout)
result = rpcClient.getDirectoryMetadata(lfns)
if not result["OK"]:
return result
# Add some useful fields
for path in result["Value"]["Successful"]:
owner = result["Value"]["Successful"][path]["Owner"]
group = result["Value"]["Successful"][path]["OwnerGroup"]
res = getDNForUsername(owner)
if res["OK"]:
result["Value"]["Successful"][path]["OwnerDN"] = res["Value"][
0]
else:
result["Value"]["Successful"][path]["OwnerDN"] = ""
result["Value"]["Successful"][path][
"OwnerRole"] = getVOMSAttributeForGroup(group)
return result
def _putProxy(userDN=None, userName=None, userGroup=None, vomsFlag=None, proxyFilePath=None, executionLockFlag=False):
"""Download proxy, place in a file and populate X509_USER_PROXY environment variable.
Parameters like `userProxy` or `executeWithUserProxy`.
:returns: Tuple of originalUserProxy, useServerCertificate, executionLock
"""
# Setup user proxy
if userDN:
userDNs = [userDN]
else:
result = getDNForUsername(userName)
if not result['OK']:
return result
userDNs = result['Value'] # a same user may have more than one DN
vomsAttr = ''
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup(userGroup)
result = getProxy(userDNs, userGroup, vomsAttr, proxyFilePath)
if not result['OK']:
return result
executionLock = LockRing().getLock('_UseUserProxy_', recursive=True) if executionLockFlag else None
if executionLockFlag:
executionLock.acquire()
os.environ['X509_USER_PROXY'], originalUserProxy = result['Value'], os.environ.get('X509_USER_PROXY')
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG('/DIRAC/Security/UseServerCertificate', 'false')
return S_OK((originalUserProxy, useServerCertificate, executionLock))
credentials = result["Value"]
# Remember a clean proxy to then upload it in step 2
proxy = copy.copy(chain)
# Create local proxy with group
self.outputFile = self.outputFile or getDefaultProxyLocation()
parameters = (self.outputFile, int(self.lifetime or 12) * 3600, self.group)
# Add a VOMS extension if the group requires it
if (result := chain.generateProxyToFile(*parameters))["OK"] and (result := self.__enableCS())["OK"]:
if not self.group and (result := findDefaultGroupForDN(credentials["DN"]))["OK"]:
self.group = result["Value"] # Use default group if user don't set it
# based on the configuration we decide whether to add VOMS extensions
if getGroupOption(self.group, "AutoAddVOMS", False):
if not (vomsAttr := getVOMSAttributeForGroup(self.group)):
print(HTML(f"<yellow>No VOMS attribute foud for {self.group}</yellow>"))
else:
vo = getVOMSVOForGroup(self.group)
if not (result := VOMS().setVOMSAttributes(self.outputFile, attribute=vomsAttr, vo=vo))["OK"]:
return S_ERROR(f"Failed adding VOMS attribute: {result['Message']}")
chain = result["Value"]
result = chain.generateProxyToFile(*parameters)
if not result["OK"]:
return S_ERROR(f"Couldn't generate proxy: {result['Message']}")
if self.enableCS:
# After creating the proxy, we can try to connect to the server
if not (result := self.__enableCS())["OK"]:
return result
def wrapped_fcn( *args, **kwargs ):
userName = kwargs.pop( 'proxyUserName', '' )
userDN = kwargs.pop( 'proxyUserDN', '' )
userGroup = kwargs.pop( 'proxyUserGroup', '' )
vomsFlag = kwargs.pop( 'proxyWithVOMS', True )
proxyFilePath = kwargs.pop( 'proxyFilePath', False )
if ( userName or userDN ) and userGroup:
# Setup user proxy
originalUserProxy = os.environ.get( 'X509_USER_PROXY' )
if not userDN:
result = getDNForUsername( userName )
if not result[ 'OK' ]:
return result
userDN = result[ 'Value' ][0]
vomsAttr = ''
if vomsFlag:
vomsAttr = getVOMSAttributeForGroup( userGroup )
if vomsAttr:
result = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup,
requiredVOMSAttribute = vomsAttr,
filePath = proxyFilePath,
requiredTimeLeft = 3600,
cacheTime = 3600 )
else:
result = gProxyManager.downloadProxyToFile( userDN, userGroup,
filePath = proxyFilePath,
requiredTimeLeft = 3600,
cacheTime = 3600 )
if not result['OK']:
gLogger.warn( "Can't download proxy to file", result['Message'] )
return result
proxyFile = result['Value']
os.environ['X509_USER_PROXY'] = proxyFile
# Check if the caller is executing with the host certificate
useServerCertificate = gConfig.useServerCertificate()
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
try:
return fcn( *args, **kwargs )
except Exception as lException:
value = ','.join( [str( arg ) for arg in lException.args] )
exceptType = lException.__class__.__name__
return S_ERROR( "Exception - %s: %s" % ( exceptType, value ) )
finally:
# Restore the default host certificate usage if necessary
if useServerCertificate:
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
if originalUserProxy:
os.environ['X509_USER_PROXY'] = originalUserProxy
else:
os.environ.pop( 'X509_USER_PROXY' )
else:
# No proxy substitution requested
return fcn( *args, **kwargs )
