def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN, serverCert=serverCert, serverKey=serverKey,
myproxySrv='myproxy.cern.ch', proxyDir='/tmp/', logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN,
serverCert=serverCert,
serverKey=serverKey,
myproxySrv='myproxy.cern.ch',
proxyDir='/tmp/',
logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
class Proxy(object):
'''
CMS uses proxies constantly. This class is a wrapper function around WMCore
proxy handling, to allow the user to update/check/delete their proxy in
myproxy and update/check the local proxy
'''
def __init__(self):
'''
Constructor
'''
self.helper = WMCoreProxy({'logger' : logging})
def getProxyFilename(self):
return self.helper.getProxyFilename()
def initProxy(self):
self.helper.create()
def deleteProxy(self):
self.helper.destroy()
def uploadToMyproxy(self, allowedDN):
self.helper.serverDN = allowedDN
self.helper.delegate( None, True )
def createNewMyProxy(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
"""
myproxy = Proxy ( self.defaultDelegation )
myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation)
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey)
self.logger.debug("Myproxy is valid: %i" % myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers!=self.defaultDelegation['serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). CANNOT SUBMIT%s"\
% (colors.RED, colors.NORMAL)
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
self.logger.info("%sYour user certificate is going to expire in %s days. Please renew it! %s"\
% (colors.RED, usercertDaysLeft, colors.NORMAL) )
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(usercertDaysLeft*60*60*24 - myproxytimeleft) < 60*60*24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\
% (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) )
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft*24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours" % self.defaultDelegation['myproxyValidity'] )
try:
myproxy.delegate(serverRenewer = True, nokey=nokey)
self.logger.debug("My-proxy delegated.")
except Exception, ex:
raise ProxyCreationException("Problems delegating My-proxy. %s"%ex._message)
def createNewMyProxy(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation
"""
myproxy = Proxy ( self.defaultDelegation )
myproxy.userDN = myproxy.getSubject()
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"])
# does it return an integer that indicates?
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey)
self.logger.debug("Myproxy is valid: %i" % myproxytimeleft)
if myproxytimeleft < timeleftthreshold or self.proxyChanged:
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours" % self.defaultDelegation['myproxyValidity'] )
try:
myproxy.delegate(serverRenewer = True, nokey=nokey)
self.logger.debug("My-proxy delegated.")
except Exception, ex:
raise ProxyCreationException("Problems delegating My-proxy. Problem %s"%ex)
class ProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger,
'server_key' : '/home/crab/.globus/hostkey.pem', 'server_cert' : '/home/crab/.globus/hostcert.pem',
'vo': 'cms', 'group': 'integration', 'role': 'NULL', 'myProxySvr': 'myproxy.cern.ch',
'proxyValidity' : '192:00', 'min_time_left' : 36000, 'uisource' : '/afs/cern.ch/cms/LCG/LCG-2/UI/cms_ui_env.sh'}
#, 'serverDN' : '/C=IT/O=INFN/OU=Host/L=Perugia/CN=crab.pg.infn.it'}
self.proxyPath = None
self.proxy = Proxy( self.dict )
self.serverKey = self.dict['server_key']
self.serverDN = None
if self.dict.has_key('serverDN'): self.serverDN = self.dict['serverDN']
def tearDown(self):
"""
_tearDown_
Tear down the proxy.
"""
self.proxy.destroy()
return
def getUserIdentity(self):
"""
_getUserIdentity_
Retrieve the user's subject from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-identity"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
def getUserAttributes(self):
"""
_getUserAttributes_
Retrieve the user's attributes from the voms-proxy-info call.
"""
vomsProxyInfoCall = subprocess.Popen(["voms-proxy-info", "-fqan"],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE)
if vomsProxyInfoCall.wait() != 0:
return None
(stdout, stderr) = vomsProxyInfoCall.communicate()
return stdout[0:-1]
@attr("integration")
def testDestroyBeforeCreation(self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
assert not os.path.exists(self.proxyPath)
@attr("integration")
def testCreateProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
time.sleep( 5 )
proxyPath = self.proxy.getProxyFilename()
assert os.path.exists(proxyPath)
@attr("integration")
def testCheckProxyTimeLeft( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
timeLeft = self.proxy.getTimeLeft()
print timeLeft
assert ( int(timeLeft) / 3600 ) == 192
@attr("integration")
def testRenewProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
time.sleep( 70 )
self.proxy.renew()
time.sleep( 10 )
timeLeft = self.proxy.getTimeLeft()
assert ( int(timeLeft) / 3600 ) == 191
@attr("integration")
def testDestroyProxy(self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.destroy( )
self.proxyPath = self.proxy.getProxyFilename()
assert not os.path.exists(self.proxyPath)
@attr("integration")
def testGetSubject(self):
"""
_testGetSubject_
Verify that the getSubject() method works correctly.
"""
if os.path.exists(self.serverKey):
return
self.testCreateProxy()
subject = self.proxy.getSubject( )
self.assertEqual(subject, self.getUserIdentity(),
"Error: Wrong subject.")
return
@attr("integration")
def testGetUserName( self ):
"""
_testGetUserName_
Verify that the getUserName() method correctly determines the user's
name.
"""
if os.path.exists( self.serverKey ):
return
self.testCreateProxy()
user = self.proxy.getUserName( )
identity = self.getUserIdentity().split("/")[ len(self.getUserIdentity().split("/")) - 1 ][3:]
self.assertEqual(user, identity,
"Error: User name is wrong: |%s|\n|%s|" % (user, identity))
return
@attr("integration")
def checkAttribute( self ):
"""
"""
if not os.path.exists( self.serverKey ):
valid = self.proxy.checkAttribute( )
assert valid == True
@attr("integration")
def testCheckTimeLeft( self ):
"""
"""
if not os.path.exists( self.serverKey ):
valid = self.proxy.check( self.proxyPath )
assert valid == True
@attr("integration")
def testDelegateMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
self.proxy.delegate( credential = self.proxyPath )
valid = self.proxy.checkMyProxy( )
assert valid == True
@attr("integration")
def testDelegateServerAndMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
self.proxy.delegate( credential = self.proxyPath, serverRenewer = True )
valid = self.proxy.checkMyProxy( checkRenewer = True )
assert valid == True
@attr("integration")
def testCheckMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ) and self.serverDN:
self.proxy.create()
self.proxy.delegate( )
valid = self.proxy.checkMyProxy( )
assert valid == True
@attr("integration")
def testCheckMyProxyServer( self ):
"""
"""
if not os.path.exists( self.serverKey ) and self.serverDN:
self.proxy.create()
self.proxy.delegate( serverRenewer = True )
valid = self.proxy.checkMyProxy( checkRenewer = True )
assert valid == True
@attr("integration")
def testLogonRenewMyProxy( self ):
"""
"""
if os.path.exists( self.serverKey ):
proxyFile = self.proxy.logonRenewMyProxy( )
assert os.path.exists( proxyFile )
@attr("integration")
def testRenewMyProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
time.sleep( 70 )
self.proxy.renewMyProxy( proxy = self.proxyPath )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath )
assert ( int(timeLeft) / 3600 ) == 167
@attr("integration")
def testRenewMyProxyForServer( self ):
"""
"""
if not os.path.exists( self.serverKey ) and self.serverDN:
self.proxy.create()
time.sleep( 70 )
self.proxy.renewMyProxy( proxy = self.proxyPath, serverRenewer = True )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath, serverRenewer = True )
assert ( int(timeLeft) / 3600 ) == 167
@attr("integration")
def testRenewMyProxyByServer( self ):
"""
"""
if os.path.exists( self.serverKey ):
proxyPath = self.proxy.getProxyFilename( serverRenewer = True )
self.proxy.logonRenewMyProxy( proxyPath )
timeLeft = self.proxy.getTimeLeft( proxyPath )
assert ( int(timeLeft) / 3600 ) > 120
@attr("integration")
def testVomsRenewal( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
proxyPath = self.proxy.getProxyFilename( )
time.sleep( 70 )
attribute = self.proxy.prepareAttForVomsRenewal( self.proxy.getAttributeFromProxy( proxyPath ) )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
vomsTimeLeft = self.proxy.getVomsLife( proxyPath )
assert ( int(vomsTimeLeft) / 3600 ) == 191
@attr("integration")
def testElevateAttribute( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
proxyPath = self.proxy.getProxyFilename( )
# getProxyDetails allows to buid the proxy attribute from the parameters given
attribute = self.proxy.prepareAttForVomsRenewal( '/cms/Role=NULL/Capability=NULL' )
self.proxy.vomsExtensionRenewal( proxyPath, attribute )
assert self.proxy.getAttributeFromProxy( proxyPath ) == '/cms/Role=NULL/Capability=NULL'
@attr("integration")
def testUserGroupInProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
assert self.proxy.group == self.getUserAttributes().split('\n')[0].split('/')[2]
@attr("integration")
def testUserRoleInProxy( self ):
"""
"""
if not os.path.exists( self.serverKey ):
self.proxy.create()
assert self.proxy.role == self.getUserAttributes().split('\n')[0].split('/')[3].split('=')[1]
@attr("integration")
def testGetAttributes( self ):
"""
"""
if not os.path.exists( self.serverKey ):
if not self.dict['role']:
role = 'NULL'
self.proxy.create()
assert self.proxy.getAttributeFromProxy().split('/')[2] == self.dict['group']
assert self.proxy.getAttributeFromProxy().split('/')[3].split('=')[1] == role
@attr("integration")
def testGetAttributes( self ):
"""
"""
if not os.path.exists( self.serverKey ):
if not self.dict['role']:
role = 'NULL'
self.proxy.create()
proxyPath = self.proxy.getProxyFilename( )
if self.dict['group'] and self.dict['role']:
assert self.proxy.getUserGroupAndRoleFromProxy( proxyPath )[0] == self.dict['group']
assert self.proxy.getUserGroupAndRoleFromProxy( proxyPath )[1] == self.dict['role']
def createNewMyProxy(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
"""
myproxy = Proxy(self.defaultDelegation)
myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation)
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" %
self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True,
nokey=nokey)
self.logger.debug("Myproxy is valid: %i" % myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers != self.defaultDelegation[
'serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). YOU CANNOT USE THE CRAB3 CLIENT. PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/ AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s"\
% (colors.RED, colors.NORMAL)
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
self.logger.info("%sYour user certificate is going to expire in %s days. https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s"\
% (colors.RED, usercertDaysLeft, colors.NORMAL) )
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(
usercertDaysLeft * 60 * 60 * 24 - myproxytimeleft
) < 60 * 60 * 24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\
% (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) )
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft * 24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours" %
myproxy.myproxyValidity)
try:
myproxy.delegate(serverRenewer=True, nokey=nokey)
myproxytimeleft = myproxy.getMyProxyTimeLeft(
serverRenewer=True, nokey=nokey)
if myproxytimeleft <= 0:
raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\
"(it might simply you typed a wrong password)")
else:
self.logger.debug("My-proxy delegated.")
except Exception as ex:
msg = ex._message if hasattr(ex, '_message') else str(ex)
raise ProxyCreationException(
"Problems delegating My-proxy. %s" % msg)
def createNewMyProxy(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
"""
myproxy = Proxy ( self.defaultDelegation )
myproxy.userDN = myproxy.getSubjectFromCert(self.certLocation)
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" % self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
# Also catch the exception in case WMCore encounters a problem with the proxy itself (one such case was #4532)
try:
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey)
except Exception as ex:
logging.exception("Problems calculating proxy lifetime, logging stack trace and raising ProxyCreationException")
# WMException may contain the _message attribute. Otherwise, take the exception as a string.
msg = ex._message if hasattr(ex, "_message") else str(ex)
raise ProxyCreationException("Problems calculating the time left until the expiration of the proxy."
" Please reset your environment or contact [email protected] if the problem persists.\n%s" % msg)
self.logger.debug("Myproxy is valid: %i" % myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers!=self.defaultDelegation['serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY). YOU CANNOT USE THE CRAB3 CLIENT. PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/ AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s"\
% (colors.RED, colors.NORMAL)
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
self.logger.info("%sYour user certificate is going to expire in %s days. https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s"\
% (colors.RED, usercertDaysLeft, colors.NORMAL) )
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(usercertDaysLeft*60*60*24 - myproxytimeleft) < 60*60*24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info("%sDelegating your proxy for %s days instead of %s %s"\
% (colors.RED, usercertDaysLeft, self.myproxyDesiredValidity, colors.NORMAL) )
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft*24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours" % myproxy.myproxyValidity )
try:
myproxy.delegate(serverRenewer = True, nokey=nokey)
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True, nokey=nokey)
if myproxytimeleft <= 0:
raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\
"(it might simply you typed a wrong password)")
else:
self.logger.debug("My-proxy delegated.")
except Exception as ex:
msg = ex._message if hasattr(ex, '_message') else str(ex)
raise ProxyCreationException("Problems delegating My-proxy. %s" % msg)
class MyProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {'logger': self.logger, 'vo': 'cms', 'group': group, 'role': role,
'myProxySvr': myProxySvr, 'proxyValidity' : '192:00', 'min_time_left' : 36000,
'uisource' : uiPath, 'serverDN' : serverDN}
self.proxyPath = None
self.proxy = Proxy( self.dict )
self.serverDN = self.dict['serverDN']
def tearDown(self):
"""
_tearDown_
"""
return
@attr("integration")
def testAAACreateMyProxy( self ):
"""
Test if delegate method create correctly the MyProxy.
"""
self.proxy.create()
self.proxy.delegate( credential = self.proxyPath )
valid = self.proxy.checkMyProxy( )
self.assertTrue(valid, 'Could not create MyProxy')
@attr("integration")
def testDelegateServer( self ):
"""
Test if delegate method create MyProxy and delegate
the retrieval to the server correctly.
"""
self.proxy.delegate( credential = self.proxyPath, serverRenewer = True )
valid = self.proxy.checkMyProxy( checkRenewer = True )
self.assertTrue(valid)
@attr("integration")
def testCheckMyProxy( self ):
"""
Test if checkMyProxy checks correctly the MyProxy validity.
"""
valid = self.proxy.checkMyProxy( )
self.assertTrue(valid)
@attr("integration")
def testRenewMyProxy( self ):
"""
Test if renewMyProxy method renews correctly the MyProxy.
"""
self.proxy.renewMyProxy( proxy = self.proxyPath )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath )
self.assertEqual(int(timeLeft) / 3600, 167)
@attr("integration")
def testRenewMyProxyForServer( self ):
"""
Renew MyProxy which the retrieval is delegated to a server.
"""
time.sleep( 70 )
self.proxy.renewMyProxy( proxy = self.proxyPath, serverRenewer = True )
time.sleep( 5 )
timeLeft = self.proxy.getMyProxyTimeLeft( proxy = self.proxyPath, serverRenewer = True )
self.assertEqual(int(timeLeft) / 3600, 167)
@attr("integration")
def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN, serverCert=serverCert, serverKey=serverKey,
myproxySrv='myproxy.cern.ch', proxyDir='/tmp/', logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
def createNewMyProxy2(self, timeleftthreshold=0, nokey=False):
"""
Handles the MyProxy creation. In this version the credential name will be simply
<username>_CRAB like e.g. belforte_CRAB where username is the CERN username
Let the following variables be
timeleftthreshold: the proxy in myproxy should be delegated for at least this time (14 days)
myproxytimeleft: current validity of your proxy in myproxy
usercertDaysLeft: the number of days left before your user certificate expire
myproxyDesiredValidity: delegate the proxy in myproxy for that time (30 days)
If we need to renew the proxy in myproxy because its atributes has changed or because it is valid for
less time than timeleftthreshold then we do it.
Before doing that, we check when the user certificate is expiring. If it's within the timeleftthreshold (myproxytimeleft < timeleftthreshold)
we delegate the proxy just for the time we need (checking first if we did not already do it since at some point
usercertDaysLeft ~= myproxytimeleft and we don't need to delegate it at every command even though myproxytimeleft < timeleftthreshold).
Note that a warning message is printed at every command it usercertDaysLeft < timeleftthreshold
:returns a tupla with info in the credential in myprosxy: (credentialName, myproxytimeleft)
credentialName : username to use in myproxy -l username
myproxytimeleft: validity of the credential in seconds
"""
defaultDelegation = self.defaultDelegation
defaultDelegation['myproxyAccount'] = None
from CRABClient.UserUtilities import getUsername
username = getUsername(proxyFile=self.proxyInfo['filename'],
logger=self.logger)
credentialName = username + '_CRAB'
defaultDelegation['userName'] = credentialName
myproxy = Proxy(defaultDelegation)
#userDNFromCert = myproxy.getSubjectFromCert(self.certLocation)
#if userDNFromCert:
# myproxy.userDN = userDNFromCert
myproxytimeleft = 0
self.logger.debug("Getting myproxy life time left for %s" %
self.defaultDelegation["myProxySvr"])
# return an integer that indicates the number of seconds to the expiration of the proxy in myproxy
# Also catch the exception in case WMCore encounters a problem with the proxy itself (one such case was #4532)
try:
myproxytimeleft = myproxy.getMyProxyTimeLeft(serverRenewer=True,
nokey=nokey)
except CredentialException as ex:
msg = "WMCore could not computer valid time for credential %s .\n Error detail: " % credentialName
msg += "%s" % str(ex._message)
msg += "\nTry to remove old myproxy credentials as per https://twiki.cern.ch/twiki/bin/view/CMSPublic/CRAB3FAQ#crab_command_fails_with_Impossib"
self.logger.error(msg)
raise ProxyCreationException("no valid credential for %s" %
credentialName)
except Exception as ex:
logging.exception(
"Problems calculating proxy lifetime, logging stack trace and raising ProxyCreationException"
)
# WMException may contain the _message attribute. Otherwise, take the exception as a string.
msg = ex._message if hasattr(ex, "_message") else str(ex) # pylint: disable=protected-access, no-member
raise ProxyCreationException(
"Problems calculating the time left until the expiration of the proxy."
+
" Please reset your environment or contact [email protected] if the problem persists.\n%s"
% msg)
self.logger.debug("Myproxy is valid: %i", myproxytimeleft)
trustRetrListChanged = myproxy.trustedRetrievers != self.defaultDelegation[
'serverDN'] #list on the REST and on myproxy are different
if myproxytimeleft < timeleftthreshold or self.proxyChanged or trustRetrListChanged:
# checking the enddate of the user certificate
usercertDaysLeft = myproxy.getUserCertEnddate()
if usercertDaysLeft == 0:
msg = "%sYOUR USER CERTIFICATE IS EXPIRED (OR WILL EXPIRE TODAY)." % colors.RED
msg += " YOU CANNOT USE THE CRAB3 CLIENT."
msg += " PLEASE REQUEST A NEW CERTIFICATE HERE https://gridca.cern.ch/gridca/"
msg += " AND SEE https://ca.cern.ch/ca/Help/?kbid=024010%s" % colors.NORMAL
raise ProxyCreationException(msg)
#if the certificate is going to expire print a warning. This is going to bre printed at every command if
#the myproxytimeleft is inferior to the timeleftthreshold
if usercertDaysLeft < self.myproxyDesiredValidity:
msg = "%sYour user certificate is going to expire in %s days." % (
colors.RED, usercertDaysLeft)
msg += " See: https://twiki.cern.ch/twiki/bin/view/CMSPublic/WorkBookStartingGrid#ObtainingCert %s" % colors.NORMAL
self.logger.info(msg)
#check if usercertDaysLeft ~= myproxytimeleft which means we already delegated the proxy for as long as we could
if abs(
usercertDaysLeft * 60 * 60 * 24 - myproxytimeleft
) < 60 * 60 * 24 and not trustRetrListChanged: #less than one day between usercertDaysLeft and myproxytimeleft
return (credentialName, myproxytimeleft)
#adjust the myproxy delegation time accordingly to the user cert validity
self.logger.info(
"%sDelegating your proxy for %s days instead of %s %s",
colors.RED, usercertDaysLeft, self.myproxyDesiredValidity,
colors.NORMAL)
myproxy.myproxyValidity = "%i:00" % (usercertDaysLeft * 24)
# creating the proxy
self.logger.debug("Delegating a myproxy for %s hours",
myproxy.myproxyValidity)
try:
myproxy.delegate(serverRenewer=True, nokey=nokey)
myproxytimeleft = myproxy.getMyProxyTimeLeft(
serverRenewer=True, nokey=nokey)
if myproxytimeleft <= 0:
raise ProxyCreationException("It seems your proxy has not been delegated to myproxy. Please check the logfile for the exact error "+\
"(it might simply you typed a wrong password)")
else:
self.logger.debug("My-proxy delegated.")
except Exception as ex:
msg = ex._message if hasattr(ex, '_message') else str(ex) # pylint: disable=protected-access, no-member
raise ProxyCreationException(
"Problems delegating My-proxy. %s" % msg)
return (credentialName, myproxytimeleft)
class MyProxyTest(unittest.TestCase):
def setUp(self):
"""
Setup for unit tests
"""
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
datefmt='%m-%d %H:%M',
filename='proxy_unittests.log',
filemode='w')
logger_name = 'ProxyTest'
self.logger = logging.getLogger(logger_name)
self.dict = {
'logger': self.logger,
'vo': 'cms',
'group': group,
'role': role,
'myProxySvr': myProxySvr,
'proxyValidity': '192:00',
'min_time_left': 36000,
'uisource': uiPath,
'serverDN': serverDN
}
self.proxyPath = None
self.proxy = Proxy(self.dict)
self.serverDN = self.dict['serverDN']
def tearDown(self):
"""
_tearDown_
"""
return
@attr("integration")
def testAAACreateMyProxy(self):
"""
Test if delegate method create correctly the MyProxy.
"""
self.proxy.create()
self.proxy.delegate(credential=self.proxyPath)
valid = self.proxy.checkMyProxy()
self.assertTrue(valid, 'Could not create MyProxy')
@attr("integration")
def testDelegateServer(self):
"""
Test if delegate method create MyProxy and delegate
the retrieval to the server correctly.
"""
self.proxy.delegate(credential=self.proxyPath, serverRenewer=True)
valid = self.proxy.checkMyProxy(checkRenewer=True)
self.assertTrue(valid)
@attr("integration")
def testCheckMyProxy(self):
"""
Test if checkMyProxy checks correctly the MyProxy validity.
"""
valid = self.proxy.checkMyProxy()
self.assertTrue(valid)
@attr("integration")
def testRenewMyProxy(self):
"""
Test if renewMyProxy method renews correctly the MyProxy.
"""
self.proxy.renewMyProxy(proxy=self.proxyPath)
time.sleep(5)
timeLeft = self.proxy.getMyProxyTimeLeft(proxy=self.proxyPath)
self.assertEqual(int(int(timeLeft) // 3600), 167)
@attr("integration")
def testRenewMyProxyForServer(self):
"""
Renew MyProxy which the retrieval is delegated to a server.
"""
time.sleep(70)
self.proxy.renewMyProxy(proxy=self.proxyPath, serverRenewer=True)
time.sleep(5)
timeLeft = self.proxy.getMyProxyTimeLeft(proxy=self.proxyPath,
serverRenewer=True)
self.assertEqual(int(int(timeLeft) // 3600), 167)
@attr("integration")
def testMyProxyEnvironment(self):
"""
Test the myProxyEnvironment context manager
In this test a new Proxy and MyProxy are initialized
"""
myProxy = Proxy(self.dict)
# Create the proxy
myProxy.create()
proxyPath = myProxy.getProxyFilename()
userDN = myProxy.getSubject()
self.assertTrue(os.path.exists(proxyPath))
# Delegate and check the proxy
myProxy.delegate(credential=proxyPath, serverRenewer=True)
valid = myProxy.checkMyProxy()
self.assertTrue(valid)
# Make sure X509_USER_PROXY exists only in the context manager and corresponds to a file
if 'X509_USER_PROXY' in os.environ:
del os.environ['X509_USER_PROXY']
self.assertFalse('X509_USER_PROXY' in os.environ)
with myProxyEnvironment(userDN=userDN,
serverCert=serverCert,
serverKey=serverKey,
myproxySrv='myproxy.cern.ch',
proxyDir='/tmp/',
logger=self.logger):
self.assertTrue('X509_USER_PROXY' in os.environ)
self.assertTrue(os.path.exists(os.environ['X509_USER_PROXY']))
self.assertFalse('X509_USER_PROXY' in os.environ)
return
