def export_getUsersTokensInfo(self, users: list): """Get the info about the user tokens in the database :param users: user names :return: S_OK(list) -- return list of tokens dictionaries """ tokensInfo = [] for user in users: # Find the user ID among his DNs result = Registry.getDNForUsername(user) if not result["OK"]: return result for dn in result["Value"]: uid = Registry.getIDFromDN(dn).get("Value") if uid: result = self.__tokenDB.getTokensByUserID(uid) if not result["OK"]: self.log.error(result["Message"]) else: for tokenDict in result["Value"]: if tokenDict not in tokensInfo: # The database does not contain a username, # as it is a unique user ID exclusively for DIRAC # and is not associated with a token. tokenDict["username"] = user tokensInfo.append(tokenDict) return S_OK(tokensInfo)
def findGenericCloudCredentials(vo=False, group=False): """Get the cloud credentials to use for a specific VO and/or group.""" if not group and not vo: return S_ERROR( "Need a group or a VO to determine the Generic cloud credentials") if not vo: vo = Registry.getVOForGroup(group) if not vo: return S_ERROR("Group %s does not have a VO associated" % group) opsHelper = Operations.Operations(vo=vo) cloudGroup = opsHelper.getValue("Cloud/GenericCloudGroup", "") cloudDN = opsHelper.getValue("Cloud/GenericCloudDN", "") if not cloudDN: cloudUser = opsHelper.getValue("Cloud/GenericCloudUser", "") if cloudUser: result = Registry.getDNForUsername(cloudUser) if result["OK"]: cloudDN = result["Value"][0] else: return S_ERROR("Failed to find suitable CloudDN") if cloudDN and cloudGroup: gLogger.verbose("Cloud credentials from CS: %s@%s" % (cloudDN, cloudGroup)) result = gProxyManager.userHasProxy(cloudDN, cloudGroup, 86400) if not result["OK"]: return result return S_OK((cloudDN, cloudGroup)) return S_ERROR("Cloud credentials not found")
def getProxyFileForCloud(ce): """Get a file with the proxy to be used to connect to the given cloud endpoint :param ce: cloud endpoint object :return: S_OK/S_ERROR, value is the path to the proxy file """ vo = ce.parameters.get("VO") cloudDN = None cloudGroup = None if vo: result = findGenericCloudCredentials(vo=vo) if not result["OK"]: return result cloudDN, cloudGroup = result["Value"] cloudUser = ce.parameters.get("GenericCloudUser") if cloudUser: result = Registry.getDNForUsername(cloudUser) if not result["OK"]: return result cloudDN = result["Value"][0] cloudGroup = ce.parameters.get("GenericCloudGroup", cloudGroup) if cloudDN and cloudGroup: result = gProxyManager.getPilotProxyFromDIRACGroup( cloudDN, cloudGroup, 3600) if not result["OK"]: return result proxy = result["Value"] result = gProxyManager.dumpProxyToFile(proxy) return result else: return S_ERROR("Could not find generic cloud credentials")
def findGenericPilotCredentials(vo=False, group=False, pilotDN='', pilotGroup=''): """ Looks into the Operations/<>/Pilot section of CS to find the pilot credentials. Then check if the user has a registered proxy in ProxyManager. if pilotDN or pilotGroup are specified, use them """ if not group and not vo: return S_ERROR("Need a group or a VO to determine the Generic pilot credentials") if not vo: vo = Registry.getVOForGroup(group) if not vo: return S_ERROR("Group %s does not have a VO associated" % group) opsHelper = Operations.Operations(vo=vo) if not pilotGroup: pilotGroup = opsHelper.getValue("Pilot/GenericPilotGroup", "") if not pilotDN: pilotDN = opsHelper.getValue("Pilot/GenericPilotDN", "") if not pilotDN: pilotUser = opsHelper.getValue("Pilot/GenericPilotUser", "") if pilotUser: result = Registry.getDNForUsername(pilotUser) if result['OK']: pilotDN = result['Value'][0] if pilotDN and pilotGroup: gLogger.verbose("Pilot credentials: %s@%s" % (pilotDN, pilotGroup)) result = gProxyManager.userHasProxy(pilotDN, pilotGroup, 86400) if not result['OK']: return S_ERROR("%s@%s has no proxy in ProxyManager") return S_OK((pilotDN, pilotGroup)) if pilotDN: return S_ERROR("DN %s does not have group %s" % (pilotDN, pilotGroup)) return S_ERROR("No generic proxy in the Proxy Manager with groups %s" % pilotGroup)
def findGenericCloudCredentials(vo=False, group=False): if not group and not vo: return S_ERROR( "Need a group or a VO to determine the Generic cloud credentials") if not vo: vo = Registry.getVOForGroup(group) if not vo: return S_ERROR("Group %s does not have a VO associated" % group) opsHelper = Operations.Operations(vo=vo) cloudGroup = opsHelper.getValue("Cloud/GenericCloudGroup", "") cloudDN = opsHelper.getValue("Cloud/GenericCloudDN", "") if not cloudDN: cloudUser = opsHelper.getValue("Cloud/GenericCloudUser", "") if cloudUser: result = Registry.getDNForUsername(cloudUser) if result['OK']: cloudDN = result['Value'][0] if cloudDN and cloudGroup: gLogger.verbose("Cloud credentials from CS: %s@%s" % (cloudDN, cloudGroup)) result = gProxyManager.userHasProxy(cloudDN, cloudGroup, 86400) if not result['OK']: return S_ERROR("%s@%s has no proxy in ProxyManager") return S_OK((cloudDN, cloudGroup)) return S_ERROR("Cloud credentials not found")
def __generateUserProxiesInfo(self): """ Generate information dict about user proxies :return: dict """ proxiesInfo = {} credDict = self.getRemoteCredentials() result = Registry.getDNForUsername(credDict['username']) if not result['OK']: return result selDict = {'UserDN': result['Value']} result = self.__proxyDB.getProxiesContent(selDict, {}) if not result['OK']: return result contents = result['Value'] userDNIndex = contents['ParameterNames'].index("UserDN") userGroupIndex = contents['ParameterNames'].index("UserGroup") expirationIndex = contents['ParameterNames'].index("ExpirationTime") for record in contents['Records']: userDN = record[userDNIndex] if userDN not in proxiesInfo: proxiesInfo[userDN] = {} userGroup = record[userGroupIndex] proxiesInfo[userDN][userGroup] = record[expirationIndex] return proxiesInfo
def __setupManagerProxies(self): """setup grid proxy for all defined managers""" oHelper = Operations() shifters = oHelper.getSections("Shifter") if not shifters["OK"]: return shifters shifters = shifters["Value"] for shifter in shifters: shifterDict = oHelper.getOptionsDict("Shifter/%s" % shifter) if not shifterDict["OK"]: self.log.error("Cannot get options dict for shifter", "%s: %s" % (shifter, shifterDict["Message"])) continue userName = shifterDict["Value"].get("User", "") userGroup = shifterDict["Value"].get("Group", "") userDN = Registry.getDNForUsername(userName) if not userDN["OK"]: self.log.error("Cannot get DN For Username", "%s: %s" % (userName, userDN["Message"])) continue userDN = userDN["Value"][0] vomsAttr = Registry.getVOMSAttributeForGroup(userGroup) if vomsAttr: self.log.debug( "getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) getProxy = gProxyManager.downloadVOMSProxyToFile( userDN, userGroup, requiredTimeLeft=1200, cacheTime=4 * 43200) else: self.log.debug("getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) getProxy = gProxyManager.downloadProxyToFile( userDN, userGroup, requiredTimeLeft=1200, cacheTime=4 * 43200) if not getProxy["OK"]: return S_ERROR("unable to setup shifter proxy for %s: %s" % (shifter, getProxy["Message"])) chain = getProxy["chain"] fileName = getProxy["Value"] self.log.debug("got %s: %s %s" % (shifter, userName, userGroup)) self.__managersDict[shifter] = { "ShifterDN": userDN, "ShifterName": userName, "ShifterGroup": userGroup, "Chain": chain, "ProxyFile": fileName, } return S_OK()
def getShifterProxy(shifterType, fileName=False): """ This method returns a shifter's proxy :param str shifterType: ProductionManager / DataManager... :param str fileName: file name :return: S_OK(dict)/S_ERROR() """ if fileName: mkDir(os.path.dirname(fileName)) opsHelper = Operations() userName = opsHelper.getValue(cfgPath('Shifter', shifterType, 'User'), '') if not userName: return S_ERROR("No shifter User defined for %s" % shifterType) result = Registry.getDNForUsername(userName) if not result['OK']: return result userDN = result['Value'][0] result = Registry.findDefaultGroupForDN(userDN) if not result['OK']: return result defaultGroup = result['Value'] userGroup = opsHelper.getValue(cfgPath('Shifter', shifterType, 'Group'), defaultGroup) vomsAttr = Registry.getVOMSAttributeForGroup(userGroup) if vomsAttr: gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" % (vomsAttr, userName, userGroup, userDN)) result = gProxyManager.downloadVOMSProxyToFile(userDN, userGroup, filePath=fileName, requiredTimeLeft=86400, cacheTime=86400) else: gLogger.info("Getting proxy for shifter %s@%s (%s)" % (userName, userGroup, userDN)) result = gProxyManager.downloadProxyToFile(userDN, userGroup, filePath=fileName, requiredTimeLeft=86400, cacheTime=86400) if not result['OK']: return result chain = result['chain'] fileName = result['Value'] return S_OK({ 'DN': userDN, 'username': userName, 'group': userGroup, 'chain': chain, 'proxyFile': fileName })
def findGenericPilotCredentials(vo=False, group=False, pilotDN="", pilotGroup=""): """Looks into the Operations/<>/Pilot section of CS to find the pilot credentials. Then check if the user has a registered proxy in ProxyManager. if pilotDN or pilotGroup are specified, use them :param str vo: VO name :param str group: group name :param str pilotDN: pilot DN :param str pilotGroup: pilot group :return: S_OK(tuple)/S_ERROR() """ if not group and not vo: return S_ERROR( "Need a group or a VO to determine the Generic pilot credentials") if not vo: vo = Registry.getVOForGroup(group) if not vo: return S_ERROR("Group %s does not have a VO associated" % group) opsHelper = Operations.Operations(vo=vo) if not pilotGroup: pilotGroup = opsHelper.getValue("Pilot/GenericPilotGroup", "") if not pilotDN: pilotDN = opsHelper.getValue("Pilot/GenericPilotDN", "") if not pilotDN: pilotUser = opsHelper.getValue("Pilot/GenericPilotUser", "") if pilotUser: result = Registry.getDNForUsername(pilotUser) if result["OK"]: pilotDN = result["Value"][0] if pilotDN and pilotGroup: gLogger.verbose("Pilot credentials: %s@%s" % (pilotDN, pilotGroup)) result = gProxyManager.userHasProxy(pilotDN, pilotGroup, 86400) if not result["OK"]: return S_ERROR("%s@%s has no proxy in ProxyManager") return S_OK((pilotDN, pilotGroup)) if pilotDN: return S_ERROR("DN %s does not have group %s" % (pilotDN, pilotGroup)) return S_ERROR("No generic proxy in the Proxy Manager with groups %s" % pilotGroup)
def export_getUserTokensInfo(self): """Generate information dict about user tokens :return: dict """ tokensInfo = [] credDict = self.getRemoteCredentials() result = Registry.getDNForUsername(credDict["username"]) if not result["OK"]: return result for dn in result["Value"]: result = Registry.getIDFromDN(dn) if result["OK"]: result = self.__tokenDB.getTokensByUserID(result["Value"]) if not result["OK"]: return result tokensInfo += result["Value"] return S_OK(tokensInfo)
def getProxyByVO( user, vo ): group = vo.lower() + '_user' userDN = Registry.getDNForUsername( user ) if not userDN[ 'OK' ]: return S_ERROR( 'Cannot discover DN for user %s: %s' % ( user, userDN[ 'Message' ] ) ) userDN = userDN[ 'Value' ][ 0 ] chain = gProxyManager.downloadVOMSProxy( userDN, group ) if not chain[ 'OK' ]: return S_ERROR( 'Proxy file cannot be retrieved: %s' % chain[ 'Message' ] ) chain = chain[ 'Value' ] proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), user, group ) result = chain.dumpAllToFile( proxyPath ) if not result[ 'OK' ]: return S_ERROR( 'Proxy file cannot be written to %s: %s' % ( proxyPath, result[ 'Message' ] ) ) return S_OK( proxyPath )
def getProxyByVO( user, vo ): group = vo.lower() + '_user' userDN = Registry.getDNForUsername( user ) if not userDN[ 'OK' ]: return S_ERROR( 'Cannot discover DN for user %s: %s' % ( user, userDN[ 'Message' ] ) ) userDN = userDN[ 'Value' ][ 0 ] chain = gProxyManager.downloadVOMSProxy( userDN, group ) if not chain[ 'OK' ]: return S_ERROR( 'Proxy file cannot be retrieved: %s' % chain[ 'Message' ] ) chain = chain[ 'Value' ] proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), user, group ) result = chain.dumpAllToFile( proxyPath ) if not result[ 'OK' ]: return S_ERROR( 'Proxy file cannot be written to %s: %s' % ( proxyPath, result[ 'Message' ] ) ) return S_OK( proxyPath )
def __generateUserProxiesInfo( self ): proxiesInfo = {} credDict = self.getRemoteCredentials() result = Registry.getDNForUsername( credDict[ 'username' ] ) if not result[ 'OK' ]: return result selDict = { 'UserDN' : result[ 'Value' ] } result = self.__proxyDB.getProxiesContent( selDict, {}, 0, 0 ) if not result[ 'OK']: return result contents = result[ 'Value' ] userDNIndex = contents[ 'ParameterNames' ].index( "UserDN" ) userGroupIndex = contents[ 'ParameterNames' ].index( "UserGroup" ) expirationIndex = contents[ 'ParameterNames' ].index( "ExpirationTime" ) for record in contents[ 'Records' ]: userDN = record[ userDNIndex ] if userDN not in proxiesInfo: proxiesInfo[ userDN ] = {} userGroup = record[ userGroupIndex ] proxiesInfo[ userDN ][ userGroup ] = record[ expirationIndex ] return proxiesInfo
def __getOwnerProxy(self, dirPath): ''' get owner creds for :dirPath: ''' self.log.verbose("Retrieving dir metadata...") # get owner form the cached information, if not, try getDirectoryMetadata ownerName, ownerGroup = self.__directoryOwners.pop( dirPath, (None, None)) if not ownerName or not ownerGroup: result = returnSingleResult( self.catalog.getDirectoryMetadata(dirPath)) if not result['OK'] or 'OwnerRole' not in result['Value']: self.log.error("Could not get metadata info", result['Message']) return result ownerRole = result['Value']['OwnerRole'] ownerDN = result['Value']['OwnerDN'] if ownerRole[0] != "/": ownerRole = "/%s" % ownerRole cacheKey = (ownerDN, ownerRole) ownerName = 'unknown' byGroup = False else: ownerDN = Registry.getDNForUsername(ownerName) if not ownerDN['OK']: self.log.error("Could not get DN from user name", ownerDN['Message']) return ownerDN ownerDN = ownerDN['Value'][0] # This bloody method returns directly a string!!!! ownerRole = Registry.getVOMSAttributeForGroup(ownerGroup) byGroup = True # Get all groups for that VOMS Role, and add lhcb_user as in DFC this is a safe value ownerGroups = Registry.getGroupsWithVOMSAttribute(ownerRole) + [ 'lhcb_user' ] downErrors = [] for ownerGroup in ownerGroups: if byGroup: ownerRole = None cacheKey = (ownerDN, ownerGroup) if cacheKey in self.__noProxy: return S_ERROR("Proxy not available") # Getting the proxy... upFile = self.proxyCache.get(cacheKey, 3600) if upFile and os.path.exists(upFile): self.log.verbose( 'Returning cached proxy for %s %s@%s [%s] in %s' % (ownerName, ownerDN, ownerGroup, ownerRole, upFile)) return S_OK(upFile) if ownerRole: result = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited=False, requiredVOMSAttribute=ownerRole) else: result = gProxyManager.downloadProxy(ownerDN, ownerGroup, limited=False) if not result['OK']: downErrors.append("%s : %s" % (cacheKey, result['Message'])) continue userProxy = result['Value'] secsLeft = max(0, userProxy.getRemainingSecs()['Value']) upFile = userProxy.dumpAllToFile() if upFile['OK']: upFile = upFile['Value'] else: return upFile self.proxyCache.add(cacheKey, secsLeft, upFile) self.log.info("Got proxy for %s %s@%s [%s]" % (ownerName, ownerDN, ownerGroup, ownerRole)) return S_OK(upFile) self.__noProxy.add(cacheKey) return S_ERROR("Could not download proxy for user (%s, %s):\n%s " % (ownerDN, ownerRole, "\n ".join(downErrors)))
def main(): params = Params() params.registerCLISwitches() # Registering arguments will automatically add their description to the help menu Script.registerArgument(( "DN: DN of the user", "user: DIRAC user name (will fail if there is more than 1 DN registered)" )) Script.registerArgument(" group: DIRAC group name") Script.parseCommandLine(ignoreErrors=True) # parseCommandLine show help when mandatory arguments are not specified or incorrect argument userDN, userGroup = Script.getPositionalArgs(group=True) userName = False if userDN.find("/") != 0: userName = userDN retVal = Registry.getDNForUsername(userName) if not retVal["OK"]: gLogger.notice("Cannot discover DN for username %s\n\t%s" % (userName, retVal["Message"])) DIRAC.exit(2) DNList = retVal["Value"] if len(DNList) > 1: gLogger.notice("Username %s has more than one DN registered" % userName) ind = 0 for dn in DNList: gLogger.notice("%d %s" % (ind, dn)) ind += 1 inp = input("Which DN do you want to download? [default 0] ") if not inp: inp = 0 else: inp = int(inp) userDN = DNList[inp] else: userDN = DNList[0] if not params.proxyPath: if not userName: result = Registry.getUsernameForDN(userDN) if not result["OK"]: gLogger.notice("DN '%s' is not registered in DIRAC" % userDN) DIRAC.exit(2) userName = result["Value"] params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName, userGroup) if params.enableVOMS: result = gProxyManager.downloadVOMSProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime, requiredVOMSAttribute=params.vomsAttr, ) else: result = gProxyManager.downloadProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime) if not result["OK"]: gLogger.notice("Proxy file cannot be retrieved: %s" % result["Message"]) DIRAC.exit(2) chain = result["Value"] result = chain.dumpAllToFile(params.proxyPath) if not result["OK"]: gLogger.notice("Proxy file cannot be written to %s: %s" % (params.proxyPath, result["Message"])) DIRAC.exit(2) gLogger.notice("Proxy downloaded to %s" % params.proxyPath) DIRAC.exit(0)
def main(): params = Params() params.registerCLISwitches() Script.parseCommandLine(ignoreErrors=True) args = Script.getPositionalArgs() if len(args) != 2: Script.showHelp() userGroup = str(args[1]) userDN = str(args[0]) userName = False if userDN.find("/") != 0: userName = userDN retVal = Registry.getDNForUsername(userName) if not retVal['OK']: gLogger.notice("Cannot discover DN for username %s\n\t%s" % (userName, retVal['Message'])) DIRAC.exit(2) DNList = retVal['Value'] if len(DNList) > 1: gLogger.notice("Username %s has more than one DN registered" % userName) ind = 0 for dn in DNList: gLogger.notice("%d %s" % (ind, dn)) ind += 1 inp = six.moves.input( "Which DN do you want to download? [default 0] ") if not inp: inp = 0 else: inp = int(inp) userDN = DNList[inp] else: userDN = DNList[0] if not params.proxyPath: if not userName: result = Registry.getUsernameForDN(userDN) if not result['OK']: gLogger.notice("DN '%s' is not registered in DIRAC" % userDN) DIRAC.exit(2) userName = result['Value'] params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName, userGroup) if params.enableVOMS: result = gProxyManager.downloadVOMSProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime, requiredVOMSAttribute=params.vomsAttr) else: result = gProxyManager.downloadProxy( userDN, userGroup, limited=params.limited, requiredTimeLeft=params.proxyLifeTime) if not result['OK']: gLogger.notice('Proxy file cannot be retrieved: %s' % result['Message']) DIRAC.exit(2) chain = result['Value'] result = chain.dumpAllToFile(params.proxyPath) if not result['OK']: gLogger.notice('Proxy file cannot be written to %s: %s' % (params.proxyPath, result['Message'])) DIRAC.exit(2) gLogger.notice("Proxy downloaded to %s" % params.proxyPath) DIRAC.exit(0)
def main(): global userName Script.registerSwitch("u:", "user="******"User to query (by default oneself)", setUser) Script.parseCommandLine() result = getProxyInfo() if not result["OK"]: gLogger.notice("Do you have a valid proxy?") gLogger.notice(result["Message"]) sys.exit(1) proxyProps = result["Value"] userName = userName or proxyProps.get("username") if not userName: gLogger.notice("Your proxy don`t have username extension") sys.exit(1) if userName in Registry.getAllUsers(): if Properties.PROXY_MANAGEMENT not in proxyProps["groupProperties"]: if userName != proxyProps["username"] and userName != proxyProps["issuer"]: gLogger.notice("You can only query info about yourself!") sys.exit(1) result = Registry.getDNForUsername(userName) if not result["OK"]: gLogger.notice("Oops %s" % result["Message"]) dnList = result["Value"] if not dnList: gLogger.notice("User %s has no DN defined!" % userName) sys.exit(1) userDNs = dnList else: userDNs = [userName] gLogger.notice("Checking for DNs %s" % " | ".join(userDNs)) pmc = ProxyManagerClient() result = pmc.getDBContents({"UserDN": userDNs}) if not result["OK"]: gLogger.notice("Could not retrieve the proxy list: %s" % result["Value"]) sys.exit(1) data = result["Value"] colLengths = [] for pN in data["ParameterNames"]: colLengths.append(len(pN)) for row in data["Records"]: for i in range(len(row)): colLengths[i] = max(colLengths[i], len(str(row[i]))) lines = [""] for i in range(len(data["ParameterNames"])): pN = data["ParameterNames"][i] lines[0] += "| %s " % pN.ljust(colLengths[i]) lines[0] += "|" tL = len(lines[0]) lines.insert(0, "-" * tL) lines.append("-" * tL) for row in data["Records"]: nL = "" for i in range(len(row)): nL += "| %s " % str(row[i]).ljust(colLengths[i]) nL += "|" lines.append(nL) lines.append("-" * tL) gLogger.notice("\n".join(lines))
def findGenericPilotCredentials( vo = False, group = False ): if not group and not vo: return S_ERROR( "Need a group or a VO to determine the Generic pilot credentials" ) if not vo: vo = Registry.getVOForGroup( group ) if not vo: return S_ERROR( "Group %s does not have a VO associated" % group ) opsHelper = Operations.Operations( vo = vo ) pilotGroup = opsHelper.getValue( "Pilot/GenericPilotGroup", "" ) pilotDN = opsHelper.getValue( "Pilot/GenericPilotDN", "" ) if not pilotDN: pilotUser = opsHelper.getValue( "Pilot/GenericPilotUser", "" ) if pilotUser: result = Registry.getDNForUsername( pilotUser ) if result['OK']: pilotDN = result['Value'] if pilotDN and pilotGroup: gLogger.verbose( "Pilot credentials from CS: %s@%s" % ( pilotDN, pilotGroup ) ) result = gProxyManager.userHasProxy( pilotDN, pilotGroup, 86400 ) if not result[ 'OK' ]: return S_ERROR( "%s@%s has no proxy in ProxyManager" ) return S_OK( ( pilotDN, pilotGroup ) ) #Auto discover gLogger.verbose( "Pilot credentials are not defined. Autodiscovering..." ) if pilotGroup: pilotGroups = [ pilotGroup ] else: result = Registry.getGroupsWithProperty( Properties.GENERIC_PILOT ) if not result[ 'OK' ]: return result pilotGroups = [] groups = result[ 'Value' ] if not groups: return S_ERROR( "No group with %s property defined" % Properties.GENERIC_PILOT ) result = Registry.getGroupsForVO( vo ) if not result[ 'OK' ]: return result for voGroup in result[ 'Value' ]: if voGroup in groups: pilotGroups.append( voGroup ) if not pilotGroups: return S_ERROR( "No generic pilot group for VO %s" % vo ) for pilotGroup in pilotGroups: DNs = Registry.getDNsInGroup( pilotGroup ) if not DNs: continue if pilotDN: if pilotDN not in DNs: continue result = gProxyManager.userHasProxy( pilotDN, pilotGroup, 86400 ) if result[ 'OK' ] and result[ 'Value' ]: gLogger.verbose( "Discovered pilot credentials: %s@%s" % ( pilotDN, pilotGroup ) ) return S_OK( ( pilotDN, pilotGroup ) ) else: for DN in DNs: result = gProxyManager.userHasProxy( DN, pilotGroup, 86400 ) if result[ 'OK' ] and result[ 'Value' ]: gLogger.verbose( "Discovered pilot credentials: %s@%s" % ( DN, pilotGroup ) ) return S_OK( ( DN, pilotGroup ) ) if pilotDN: return S_ERROR( "DN %s does not have group %s" % ( pilotDN, pilotGroups ) ) return S_ERROR( "No generic proxy in the Proxy Manager with groups %s" % pilotGroups )
' user: DIRAC user name (will fail if there is more than 1 DN registered)', ' group: DIRAC group name' ])) Script.parseCommandLine(ignoreErrors=True) args = Script.getPositionalArgs() if len(args) != 2: Script.showHelp() userGroup = str(args[1]) userDN = str(args[0]) userName = False if userDN.find("/") != 0: userName = userDN retVal = Registry.getDNForUsername(userName) if not retVal['OK']: gLogger.notice("Cannot discover DN for username %s\n\t%s" % (userName, retVal['Message'])) DIRAC.exit(2) DNList = retVal['Value'] if len(DNList) > 1: gLogger.notice("Username %s has more than one DN registered" % userName) ind = 0 for dn in DNList: gLogger.notice("%d %s" % (ind, dn)) ind += 1 inp = raw_input("Which DN do you want to download? [default 0] ") if not inp: inp = 0
def findGenericPilotCredentials(vo=False, group=False): if not group and not vo: return S_ERROR( "Need a group or a VO to determine the Generic pilot credentials") if not vo: vo = Registry.getVOForGroup(group) if not vo: return S_ERROR("Group %s does not have a VO associated" % group) opsHelper = Operations.Operations(vo=vo) pilotGroup = opsHelper.getValue("Pilot/GenericPilotGroup", "") pilotDN = opsHelper.getValue("Pilot/GenericPilotDN", "") if not pilotDN: pilotUser = opsHelper.getValue("Pilot/GenericPilotUser", "") if pilotUser: result = Registry.getDNForUsername(pilotUser) if result['OK']: pilotDN = result['Value'] if pilotDN and pilotGroup: gLogger.verbose("Pilot credentials from CS: %s@%s" % (pilotDN, pilotGroup)) result = gProxyManager.userHasProxy(pilotDN, pilotGroup, 86400) if not result['OK']: return S_ERROR("%s@%s has no proxy in ProxyManager") return S_OK((pilotDN, pilotGroup)) #Auto discover gLogger.verbose("Pilot credentials are not defined. Autodiscovering...") if pilotGroup: pilotGroups = [pilotGroup] else: result = Registry.getGroupsWithProperty(Properties.GENERIC_PILOT) if not result['OK']: return result pilotGroups = [] groups = result['Value'] if not groups: return S_ERROR("No group with %s property defined" % Properties.GENERIC_PILOT) result = Registry.getGroupsForVO(vo) if not result['OK']: return result for voGroup in result['Value']: if voGroup in groups: pilotGroups.append(voGroup) if not pilotGroups: return S_ERROR("No generic pilot group for VO %s" % vo) for pilotGroup in pilotGroups: DNs = Registry.getDNsInGroup(pilotGroup) if not DNs: continue if pilotDN: if pilotDN not in DNs: continue result = gProxyManager.userHasProxy(pilotDN, pilotGroup, 86400) if result['OK'] and result['Value']: gLogger.verbose("Discovered pilot credentials: %s@%s" % (pilotDN, pilotGroup)) return S_OK((pilotDN, pilotGroup)) else: for DN in DNs: result = gProxyManager.userHasProxy(DN, pilotGroup, 86400) if result['OK'] and result['Value']: gLogger.verbose("Discovered pilot credentials: %s@%s" % (DN, pilotGroup)) return S_OK((DN, pilotGroup)) if pilotDN: return S_ERROR("DN %s does not have group %s" % (pilotDN, pilotGroups)) return S_ERROR("No generic proxy in the Proxy Manager with groups %s" % pilotGroups)
gLogger.notice("Do you have a valid proxy?") gLogger.notice(result['Message']) sys.exit(1) proxyProps = result['Value'] userName = userName or proxyProps.get('username') if not userName: gLogger.notice("Your proxy don`t have username extension") sys.exit(1) if userName in Registry.getAllUsers(): if Properties.PROXY_MANAGEMENT not in proxyProps['groupProperties']: if userName != proxyProps['username'] and userName != proxyProps['issuer']: gLogger.notice("You can only query info about yourself!") sys.exit(1) result = Registry.getDNForUsername(userName) if not result['OK']: gLogger.notice("Oops %s" % result['Message']) dnList = result['Value'] if not dnList: gLogger.notice("User %s has no DN defined!" % userName) sys.exit(1) userDNs = dnList else: userDNs = [userName] gLogger.notice("Checking for DNs %s" % " | ".join(userDNs)) pmc = ProxyManagerClient() result = pmc.getDBContents({'UserDN': userDNs}) if not result['OK']:
' DN: DN of the user', ' user: DIRAC user name (will fail if there is more than 1 DN registered)', ' group: DIRAC group name' ] ) ) Script.parseCommandLine( ignoreErrors = True ) args = Script.getPositionalArgs() if len( args ) != 2: Script.showHelp() userGroup = str( args[1] ) userDN = str( args[0] ) userName = False if userDN.find( "/" ) != 0: userName = userDN retVal = Registry.getDNForUsername( userName ) if not retVal[ 'OK' ]: print "Cannot discover DN for username %s\n\t%s" % ( userName, retVal[ 'Message' ] ) DIRAC.exit( 2 ) DNList = retVal[ 'Value' ] if len( DNList ) > 1: print "Username %s has more than one DN registered" % userName for dn in DNList: print " %s" % dn print "Which dn do you want to download?" DIRAC.exit( 2 ) userDN = DNList[0] if not params.proxyPath: if not userName: result = Registry.getUsernameForDN( userDN )