def __prepareSecurityDetails(self):
""" Obtains the connection details for the client
"""
try:
credDict = self.getRemoteCredentials()
clientDN = credDict['DN']
clientUsername = credDict['username']
clientGroup = credDict['group']
gLogger.debug( "Getting proxy for %s@%s (%s)" % ( clientUsername, clientGroup, clientDN ) )
res = gProxyManager.downloadVOMSProxy( clientDN, clientGroup )
if not res['OK']:
return res
chain = res['Value']
proxyBase = "%s/proxies" % BASE_PATH
if not os.path.exists(proxyBase):
os.makedirs(proxyBase)
proxyLocation = "%s/proxies/%s-%s" % ( BASE_PATH, clientUsername, clientGroup )
gLogger.debug("Obtained proxy chain, dumping to %s." % proxyLocation)
res = gProxyManager.dumpProxyToFile( chain, proxyLocation )
if not res['OK']:
return res
gLogger.debug("Updating environment.")
os.environ['X509_USER_PROXY'] = res['Value']
return res
except Exception, error:
exStr = "__getConnectionDetails: Failed to get client connection details."
gLogger.exception( exStr, '', error )
return S_ERROR(exStr)
def __prepareSecurityDetails(self):
""" This function get the proxy details to submit the job
"""
print "S42"
self.defaultProxyLength = gConfig.getValue('/Security/DefaultProxyLifeTime', 86400*5)
ownerDN = self._clientTransport.peerCredentials['DN']
clientUsername = self._clientTransport.peerCredentials['username']
ownerGroup = self._clientTransport.peerCredentials['group']
retVal = gProxyManager.downloadVOMSProxy(ownerDN, ownerGroup, limited = False, requiredTimeLeft = self.defaultProxyLength)
if not retVal[ 'OK' ]:
print "AQUI RETVAL"
os.system('dirac-proxy-info')
sys.stdout.flush()
chain = retVal[ 'Value' ]
proxyChain = chain
proxy = proxyChain.dumpAllToString()
payloadProxy=proxy['Value']
result = File.writeToProxyFile(payloadProxy)
if not result['OK']:
return result
proxyLocation = result['Value']
#os.environ[ 'X509_USER_PROXY' ] = proxyLocation
return S_OK(chain)
def setupProxy( self ):
""" download and dump request owner proxy to file and env
:return: S_OK with name of newly created owner proxy file and shifter name if any
"""
self.__managersDict = {}
shifterProxies = self.__setupManagerProxies()
if not shifterProxies["OK"]:
self.log.error( shifterProxies["Message"] )
ownerDN = self.request.OwnerDN
ownerGroup = self.request.OwnerGroup
isShifter = []
for shifter, creds in self.__managersDict.items():
if creds["ShifterDN"] == ownerDN and creds["ShifterGroup"] == ownerGroup:
isShifter.append( shifter )
if isShifter:
proxyFile = self.__managersDict[isShifter[0]]["ProxyFile"]
os.environ["X509_USER_PROXY"] = proxyFile
return S_OK( { "Shifter": isShifter, "ProxyFile": proxyFile } )
# # if we're here owner is not a shifter at all
ownerProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup )
if not ownerProxy["OK"] or not ownerProxy["Value"]:
reason = ownerProxy["Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager."
return S_ERROR( "Change proxy error for '%s'@'%s': %s" % ( ownerDN, ownerGroup, reason ) )
ownerProxyFile = ownerProxy["Value"].dumpAllToFile()
if not ownerProxyFile["OK"]:
return S_ERROR( ownerProxyFile["Message"] )
ownerProxyFile = ownerProxyFile["Value"]
os.environ["X509_USER_PROXY"] = ownerProxyFile
return S_OK( { "Shifter": isShifter, "ProxyFile": ownerProxyFile } )
def __prepareSecurityDetails(self):
"""Obtains the connection details for the client"""
try:
credDict = self.getRemoteCredentials()
clientDN = credDict["DN"]
clientUsername = credDict["username"]
clientGroup = credDict["group"]
gLogger.debug("Getting proxy for %s@%s (%s)" %
(clientUsername, clientGroup, clientDN))
res = gProxyManager.downloadVOMSProxy(clientDN, clientGroup)
if not res["OK"]:
return res
chain = res["Value"]
proxyBase = "%s/proxies" % BASE_PATH
mkDir(proxyBase)
proxyLocation = "%s/proxies/%s-%s" % (BASE_PATH, clientUsername,
clientGroup)
gLogger.debug("Obtained proxy chain, dumping to %s." %
proxyLocation)
res = gProxyManager.dumpProxyToFile(chain, proxyLocation)
if not res["OK"]:
return res
gLogger.debug("Updating environment.")
os.environ["X509_USER_PROXY"] = res["Value"]
return res
except Exception as error:
exStr = "__getConnectionDetails: Failed to get client connection details."
gLogger.exception(exStr, "", error)
return S_ERROR(exStr)
def _getPilotProxyFromDIRACGroup(self, ownerDN, ownerGroup,
requiredTimeLeft):
"""
Download a limited pilot proxy with VOMS extensions depending on the group
"""
#Assign VOMS attribute
vomsAttr = CS.getVOMSAttributeForGroup(ownerGroup)
if not vomsAttr:
self.log.info(
"Downloading a proxy without VOMS extensions for %s@%s" %
(ownerDN, ownerGroup))
return gProxyManager.downloadProxy(
ownerDN,
ownerGroup,
limited=True,
requiredTimeLeft=requiredTimeLeft)
else:
self.log.info(
"Downloading a proxy with '%s' VOMS extension for %s@%s" %
(vomsAttr, ownerDN, ownerGroup))
return gProxyManager.downloadVOMSProxy(
ownerDN,
ownerGroup,
limited=True,
requiredTimeLeft=requiredTimeLeft,
requiredVOMSAttribute=vomsAttr)
def setupProxy(self):
""" download and dump request owner proxy to file and env
:return: S_OK with name of newly created owner proxy file and shifter name if any
"""
self.__managersDict = {}
shifterProxies = self.__setupManagerProxies()
if not shifterProxies["OK"]:
self.log.error(shifterProxies["Message"])
ownerDN = self.request.OwnerDN
ownerGroup = self.request.OwnerGroup
isShifter = []
for shifter, creds in self.__managersDict.items():
if creds["ShifterDN"] == ownerDN and creds[
"ShifterGroup"] == ownerGroup:
isShifter.append(shifter)
if isShifter:
proxyFile = self.__managersDict[isShifter[0]]["ProxyFile"]
os.environ["X509_USER_PROXY"] = proxyFile
return S_OK({"Shifter": isShifter, "ProxyFile": proxyFile})
# # if we're here owner is not a shifter at all
ownerProxy = gProxyManager.downloadVOMSProxy(ownerDN, ownerGroup)
if not ownerProxy["OK"] or not ownerProxy["Value"]:
reason = ownerProxy[
"Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager."
return S_ERROR("Change proxy error for '%s'@'%s': %s" %
(ownerDN, ownerGroup, reason))
ownerProxyFile = ownerProxy["Value"].dumpAllToFile()
if not ownerProxyFile["OK"]:
return S_ERROR(ownerProxyFile["Message"])
ownerProxyFile = ownerProxyFile["Value"]
os.environ["X509_USER_PROXY"] = ownerProxyFile
return S_OK({"Shifter": isShifter, "ProxyFile": ownerProxyFile})
def __prepareSecurityDetails(self):
""" Obtains the connection details for the client
"""
try:
credDict = self.getRemoteCredentials()
clientDN = credDict['DN']
clientUsername = credDict['username']
clientGroup = credDict['group']
gLogger.debug("Getting proxy for %s@%s (%s)" %
(clientUsername, clientGroup, clientDN))
res = gProxyManager.downloadVOMSProxy(clientDN, clientGroup)
if not res['OK']:
return res
chain = res['Value']
proxyBase = "%s/proxies" % BASE_PATH
if not os.path.exists(proxyBase):
os.makedirs(proxyBase)
proxyLocation = "%s/proxies/%s-%s" % (BASE_PATH, clientUsername,
clientGroup)
gLogger.debug("Obtained proxy chain, dumping to %s." %
proxyLocation)
res = gProxyManager.dumpProxyToFile(chain, proxyLocation)
if not res['OK']:
return res
gLogger.debug("Updating environment.")
os.environ['X509_USER_PROXY'] = res['Value']
return res
except Exception, error:
exStr = "__getConnectionDetails: Failed to get client connection details."
gLogger.exception(exStr, '', error)
return S_ERROR(exStr)
def __prepareSecurityDetails(self):
""" Obtains the connection details for the client
"""
try:
clientDN, clientGroup, clientUserName = self.__getOwnerGroupDN(
'ProductionManager')
gLogger.debug("Getting proxy for %s %s" % (clientGroup, clientDN))
res = gProxyManager.downloadVOMSProxy(clientDN, clientGroup)
if not res['OK']:
return res
chain = res['Value']
base = ""
base = gConfig.getValue(
"Systems/DataManagement/boincInstance/Services/StorageElementProxy/BasePath"
)
proxyBase = "%s/proxies" % base
mkDir(proxyBase)
proxyLocation = "%s/proxies/%s-%s" % (base, clientUserName,
clientGroup)
gLogger.debug("Obtained proxy chain, dumping to %s." %
proxyLocation)
res = gProxyManager.dumpProxyToFile(chain, proxyLocation)
if not res['OK']:
return res
gLogger.debug("Updating environment.")
os.environ['X509_USER_PROXY'] = res['Value']
return res
except Exception as error:
exStr = "__getConnectionDetails: Failed to get client connection details."
gLogger.exception(exStr, '', error)
return S_ERROR(exStr)
def __getProxyAndRemoveReplica(self, diracSE, lfn):
"""
get a proxy from the owner of the file and try to remove it
returns True if it succeeds, False otherwise
"""
result = self.replicaManager.getCatalogDirectoryMetadata(
lfn, singleFile=True)
if not result['OK']:
gLogger.error("Could not get metadata info", result['Message'])
return False
ownerRole = result['Value']['OwnerRole']
ownerDN = result['Value']['OwnerDN']
if ownerRole[0] != "/":
ownerRole = "/%s" % ownerRole
userProxy = ''
for ownerGroup in Registry.getGroupsWithVOMSAttribute(ownerRole):
result = gProxyManager.downloadVOMSProxy(
ownerDN,
ownerGroup,
limited=True,
requiredVOMSAttribute=ownerRole)
if not result['OK']:
gLogger.verbose(
'Failed to retrieve voms proxy for %s : %s:' %
(ownerDN, ownerRole), result['Message'])
continue
userProxy = result['Value']
gLogger.verbose("Got proxy for %s@%s [%s]" %
(ownerDN, ownerGroup, ownerRole))
break
if not userProxy:
return False
result = userProxy.dumpAllToFile()
if not result['OK']:
gLogger.verbose(result['Message'])
return False
upFile = result['Value']
prevProxyEnv = os.environ['X509_USER_PROXY']
os.environ['X509_USER_PROXY'] = upFile
try:
res = self.replicaManager.removeReplica(diracSE, lfn)
if res['OK'] and lfn in res['Value']['Successful']:
gLogger.verbose('Removed %s from %s' % (lfn, diracSE))
return True
finally:
os.environ['X509_USER_PROXY'] = prevProxyEnv
os.unlink(upFile)
return False
def getShifterProxy(shifterType, fileName=False):
"""
This method returns a shifter's proxy
- shifterType : ProductionManager / DataManager...
"""
if fileName:
try:
os.makedirs(os.path.dirname(fileName))
except OSError:
pass
opsHelper = Operations()
userName = opsHelper.getValue(cfgPath('Shifter', shifterType, 'User'), '')
if not userName:
return S_ERROR("No shifter User defined for %s" % shifterType)
result = CS.getDNForUsername(userName)
if not result['OK']:
return result
userDN = result['Value'][0]
result = CS.findDefaultGroupForDN(userDN)
if not result['OK']:
return result
defaultGroup = result['Value']
userGroup = opsHelper.getValue(cfgPath('Shifter', shifterType, 'Group'),
defaultGroup)
vomsAttr = CS.getVOMSAttributeForGroup(userGroup)
if vomsAttr:
gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" %
(vomsAttr, userName, userGroup, userDN))
result = gProxyManager.downloadVOMSProxy(userDN,
userGroup,
requiredTimeLeft=4 * 43200)
else:
gLogger.info("Getting proxy for shifter %s@%s (%s)" %
(userName, userGroup, userDN))
result = gProxyManager.downloadProxy(userDN,
userGroup,
requiredTimeLeft=4 * 43200)
if not result['OK']:
return result
chain = result['Value']
result = gProxyManager.dumpProxyToFile(chain, destinationFile=fileName)
if not result['OK']:
return result
fileName = result['Value']
return S_OK({
'DN': userDN,
'username': userName,
'group': userGroup,
'chain': chain,
'proxyFile': fileName
})
def getProxyForLFN(self, lfn):
""" get proxy for LFN
:param self: self reference
:param str lfn: LFN
"""
dirMeta = self.replicaManager().getCatalogDirectoryMetadata(
lfn, singleFile=True)
if not dirMeta["OK"]:
return dirMeta
dirMeta = dirMeta["Value"]
ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta[
"OwnerRole"].startswith("/") else dirMeta["OwnerRole"]
ownerDN = dirMeta["OwnerDN"]
ownerProxy = None
# Execute with server certificate
gConfigurationData.setOptionInCFG(
'/DIRAC/Security/UseServerCertificate', 'true')
for ownerGroup in getGroupsWithVOMSAttribute(ownerRole):
vomsProxy = gProxyManager.downloadVOMSProxy(
ownerDN,
ownerGroup,
limited=True,
requiredVOMSAttribute=ownerRole)
if not vomsProxy["OK"]:
self.debug(
"getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s"
% (ownerDN, ownerRole, vomsProxy["Message"]))
continue
ownerProxy = vomsProxy["Value"]
self.debug("getProxyForLFN: got proxy for %s@%s [%s]" %
(ownerDN, ownerGroup, ownerRole))
break
gConfigurationData.setOptionInCFG(
'/DIRAC/Security/UseServerCertificate', 'false')
if not ownerProxy:
return S_ERROR("Unable to get owner proxy")
dumpToFile = ownerProxy.dumpAllToFile()
if not dumpToFile["OK"]:
self.error("getProxyForLFN: error dumping proxy to file: %s" %
dumpToFile["Message"])
return dumpToFile
dumpToFile = dumpToFile["Value"]
os.environ["X509_USER_PROXY"] = dumpToFile
return S_OK()
def getVOMSProxy( self, userDN, userGroup, vomsAttr = False, validity = 43200, limited = False ):
"""Retrieves a proxy with default 12hr validity and VOMS extensions and stores
this in a file in the local directory by default.
Example usage:
>>> print diracAdmin.getVOMSProxy()
{'OK': True, 'Value': }
@return: S_OK,S_ERROR
"""
return gProxyManager.downloadVOMSProxy( userDN, userGroup, limited = limited,
requiredVOMSAttribute = vomsAttr,
requiredTimeLeft = validity )
def getVOMSProxy( self, userDN, userGroup, vomsAttr = False, validity = 43200, limited = False ):
"""Retrieves a proxy with default 12hr validity and VOMS extensions and stores
this in a file in the local directory by default.
Example usage:
>>> print diracAdmin.getVOMSProxy()
{'OK': True, 'Value': }
@return: S_OK,S_ERROR
"""
return gProxyManager.downloadVOMSProxy( userDN, userGroup, limited = limited,
requiredVOMSAttribute = vomsAttr,
requiredTimeLeft = validity )
def __getProxyAndRemoveReplica( self, diracSE, lfn ):
"""
get a proxy from the owner of the file and try to remove it
returns True if it succeeds, False otherwise
"""
result = self.replicaManager.getCatalogDirectoryMetadata( lfn, singleFile = True )
if not result[ 'OK' ]:
gLogger.error( "Could not get metadata info", result[ 'Message' ] )
return False
ownerRole = result[ 'Value' ][ 'OwnerRole' ]
ownerDN = result[ 'Value' ][ 'OwnerDN' ]
if ownerRole[0] != "/":
ownerRole = "/%s" % ownerRole
userProxy = ''
for ownerGroup in Registry.getGroupsWithVOMSAttribute( ownerRole ):
result = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True,
requiredVOMSAttribute = ownerRole )
if not result[ 'OK' ]:
gLogger.verbose ( 'Failed to retrieve voms proxy for %s : %s:' % ( ownerDN, ownerRole ),
result[ 'Message' ] )
continue
userProxy = result[ 'Value' ]
gLogger.verbose( "Got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) )
break
if not userProxy:
return False
result = userProxy.dumpAllToFile()
if not result[ 'OK' ]:
gLogger.verbose( result[ 'Message' ] )
return False
upFile = result[ 'Value' ]
prevProxyEnv = os.environ[ 'X509_USER_PROXY' ]
os.environ[ 'X509_USER_PROXY' ] = upFile
try:
res = self.replicaManager.removeReplica( diracSE, lfn )
if res['OK'] and lfn in res[ 'Value' ]['Successful']:
gLogger.verbose( 'Removed %s from %s' % ( lfn, diracSE ) )
return True
finally:
os.environ[ 'X509_USER_PROXY' ] = prevProxyEnv
os.unlink( upFile )
return False
def getShifterProxy(shifterType, fileName=False):
"""
This method returns a shifter's proxy
- shifterType : ProductionManager / DataManager...
"""
if fileName:
try:
os.makedirs(os.path.dirname(fileName))
except:
pass
shifterSection = "/Operations/Shifter/%s" % shifterType
userName = gConfig.getValue('%s/User' % shifterSection, '')
if not userName:
return S_ERROR("No shifter defined in %s/User" % shifterSection)
result = CS.getDNForUsername(userName)
if not result['OK']:
return result
userDN = result['Value'][0]
userGroup = gConfig.getValue('%s/Group' % shifterSection,
CS.getDefaultUserGroup())
vomsAttr = CS.getVOMSAttributeForGroup(userGroup)
if vomsAttr:
gLogger.info("Getting VOMS [%s] proxy for shifter %s@%s (%s)" %
(vomsAttr, userName, userGroup, userDN))
result = gProxyManager.downloadVOMSProxy(userDN,
userGroup,
requiredTimeLeft=4 * 43200)
else:
gLogger.info("Getting proxy for shifter %s@%s (%s)" %
(userName, userGroup, userDN))
result = gProxyManager.downloadProxy(userDN,
userGroup,
requiredTimeLeft=4 * 43200)
if not result['OK']:
return result
chain = result['Value']
result = gProxyManager.dumpProxyToFile(chain, destinationFile=fileName)
if not result['OK']:
return result
fileName = result['Value']
return S_OK({
'DN': userDN,
'username': userName,
'group': userGroup,
'chain': chain,
'proxyFile': fileName
})
def _getPilotProxyFromDIRACGroup( self, ownerDN, ownerGroup, requiredTimeLeft ):
"""
Download a limited pilot proxy with VOMS extensions depending on the group
"""
#Assign VOMS attribute
vomsAttr = CS.getVOMSAttributeForGroup( ownerGroup )
if not vomsAttr:
self.log.info( "Downloading a proxy without VOMS extensions for %s@%s" % ( ownerDN, ownerGroup ) )
return gProxyManager.downloadProxy( ownerDN, ownerGroup, limited = True,
requiredTimeLeft = requiredTimeLeft )
else:
self.log.info( "Downloading a proxy with '%s' VOMS extension for %s@%s" % ( vomsAttr, ownerDN, ownerGroup ) )
return gProxyManager.downloadVOMSProxy( ownerDN,
ownerGroup,
limited = True,
requiredTimeLeft = requiredTimeLeft,
requiredVOMSAttribute = vomsAttr )
def changeProxy( self, ownerDN, ownerGroup ):
""" get proxy from gProxyManager, save it to file
:param self: self reference
:param str ownerDN: request owner DN
:param str ownerGroup: request owner group
:return: S_OK with name of newly created owner proxy file
"""
ownerProxy = gProxyManager.downloadVOMSProxy( str(ownerDN), str(ownerGroup) )
if not ownerProxy["OK"] or not ownerProxy["Value"]:
reason = ownerProxy["Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager."
return S_ERROR( "Change proxy error for '%s'@'%s': %s" % ( ownerDN, ownerGroup, reason ) )
ownerProxyFile = ownerProxy["Value"].dumpAllToFile()
if not ownerProxyFile["OK"]:
return S_ERROR( ownerProxyFile["Message"] )
ownerProxyFile = ownerProxyFile["Value"]
os.environ["X509_USER_PROXY"] = ownerProxyFile
return S_OK( ownerProxyFile )
def changeProxy( self, ownerDN, ownerGroup ):
""" get proxy from gProxyManager, save it to file
:param self: self reference
:param str ownerDN: request owner DN
:param str ownerGroup: request owner group
:return: S_OK with name of newly created owner proxy file
"""
ownerProxy = gProxyManager.downloadVOMSProxy( str(ownerDN), str(ownerGroup) )
if not ownerProxy["OK"] or not ownerProxy["Value"]:
reason = ownerProxy["Message"] if "Message" in ownerProxy else "No valid proxy found in ProxyManager."
return S_ERROR( "Change proxy error for '%s'@'%s': %s" % ( ownerDN, ownerGroup, reason ) )
ownerProxyFile = ownerProxy["Value"].dumpAllToFile()
if not ownerProxyFile["OK"]:
return S_ERROR( ownerProxyFile["Message"] )
ownerProxyFile = ownerProxyFile["Value"]
os.environ["X509_USER_PROXY"] = ownerProxyFile
return S_OK( ownerProxyFile )
def getProxyForLFN(self, lfn):
""" get proxy for lfn
:param str lfn: LFN
:return: S_ERROR or S_OK( "/path/to/proxy/file" )
"""
dirMeta = self.replicaManager().getCatalogDirectoryMetadata(
lfn, singleFile=True)
if not dirMeta["OK"]:
return dirMeta
dirMeta = dirMeta["Value"]
ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta[
"OwnerRole"].startswith("/") else dirMeta["OwnerRole"]
ownerDN = dirMeta["OwnerDN"]
ownerProxy = None
for ownerGroup in getGroupsWithVOMSAttribute(ownerRole):
vomsProxy = gProxyManager.downloadVOMSProxy(
ownerDN,
ownerGroup,
limited=True,
requiredVOMSAttribute=ownerRole)
if not vomsProxy["OK"]:
self.log.debug(
"getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s"
% (ownerDN, ownerRole, vomsProxy["Message"]))
continue
ownerProxy = vomsProxy["Value"]
self.log.debug("getProxyForLFN: got proxy for %s@%s [%s]" %
(ownerDN, ownerGroup, ownerRole))
break
if not ownerProxy:
return S_ERROR("Unable to get owner proxy")
dumpToFile = ownerProxy.dumpAllToFile()
if not dumpToFile["OK"]:
self.log.error("getProxyForLFN: error dumping proxy to file: %s" %
dumpToFile["Message"])
return dumpToFile
dumpToFile = dumpToFile["Value"]
os.environ["X509_USER_PROXY"] = dumpToFile
return dumpToFile
def getShifterProxy( shifterType, fileName = False ):
"""
This method returns a shifter's proxy
- shifterType : ProductionManager / DataManager...
"""
if fileName:
try:
os.makedirs( os.path.dirname( fileName ) )
except OSError:
pass
opsHelper = Operations()
userName = opsHelper.getValue( cfgPath( 'Shifter', shifterType, 'User' ), '' )
if not userName:
return S_ERROR( "No shifter User defined for %s" % shifterType )
result = CS.getDNForUsername( userName )
if not result[ 'OK' ]:
return result
userDN = result[ 'Value' ][0]
result = CS.findDefaultGroupForDN( userDN )
if not result['OK']:
return result
defaultGroup = result['Value']
userGroup = opsHelper.getValue( cfgPath( 'Shifter', shifterType, 'Group' ), defaultGroup )
vomsAttr = CS.getVOMSAttributeForGroup( userGroup )
if vomsAttr:
gLogger.info( "Getting VOMS [%s] proxy for shifter %s@%s (%s)" % ( vomsAttr, userName,
userGroup, userDN ) )
result = gProxyManager.downloadVOMSProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 )
else:
gLogger.info( "Getting proxy for shifter %s@%s (%s)" % ( userName, userGroup, userDN ) )
result = gProxyManager.downloadProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 )
if not result[ 'OK' ]:
return result
chain = result[ 'Value' ]
result = gProxyManager.dumpProxyToFile( chain, destinationFile = fileName )
if not result[ 'OK' ]:
return result
fileName = result[ 'Value' ]
return S_OK( { 'DN' : userDN,
'username' : userName,
'group' : userGroup,
'chain' : chain,
'proxyFile' : fileName } )
def getProxyByVO( user, vo ):
group = vo.lower() + '_user'
userDN = Registry.getDNForUsername( user )
if not userDN[ 'OK' ]:
return S_ERROR( 'Cannot discover DN for user %s: %s' % ( user, userDN[ 'Message' ] ) )
userDN = userDN[ 'Value' ][ 0 ]
chain = gProxyManager.downloadVOMSProxy( userDN, group )
if not chain[ 'OK' ]:
return S_ERROR( 'Proxy file cannot be retrieved: %s' % chain[ 'Message' ] )
chain = chain[ 'Value' ]
proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), user, group )
result = chain.dumpAllToFile( proxyPath )
if not result[ 'OK' ]:
return S_ERROR( 'Proxy file cannot be written to %s: %s' % ( proxyPath, result[ 'Message' ] ) )
return S_OK( proxyPath )
def getProxyByVO( user, vo ):
group = vo.lower() + '_user'
userDN = Registry.getDNForUsername( user )
if not userDN[ 'OK' ]:
return S_ERROR( 'Cannot discover DN for user %s: %s' % ( user, userDN[ 'Message' ] ) )
userDN = userDN[ 'Value' ][ 0 ]
chain = gProxyManager.downloadVOMSProxy( userDN, group )
if not chain[ 'OK' ]:
return S_ERROR( 'Proxy file cannot be retrieved: %s' % chain[ 'Message' ] )
chain = chain[ 'Value' ]
proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), user, group )
result = chain.dumpAllToFile( proxyPath )
if not result[ 'OK' ]:
return S_ERROR( 'Proxy file cannot be written to %s: %s' % ( proxyPath, result[ 'Message' ] ) )
return S_OK( proxyPath )
def getProxyForLFN( self, lfn ):
""" get proxy for LFN
:param self: self reference
:param str lfn: LFN
"""
dirMeta = Utils.executeSingleFileOrDirWrapper( self.fc.getDirectoryMetadata( lfn ) )
if not dirMeta["OK"]:
return dirMeta
dirMeta = dirMeta["Value"]
ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith( "/" ) else dirMeta["OwnerRole"]
ownerDN = dirMeta["OwnerDN"]
ownerProxy = None
# Execute with server certificate
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'true' )
for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ):
vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True,
requiredVOMSAttribute = ownerRole )
if not vomsProxy["OK"]:
self.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN,
ownerRole,
vomsProxy["Message"] ) )
continue
ownerProxy = vomsProxy["Value"]
self.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) )
break
gConfigurationData.setOptionInCFG( '/DIRAC/Security/UseServerCertificate', 'false' )
if not ownerProxy:
return S_ERROR( "Unable to get owner proxy" )
dumpToFile = ownerProxy.dumpAllToFile()
if not dumpToFile["OK"]:
self.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] )
return dumpToFile
dumpToFile = dumpToFile["Value"]
os.environ["X509_USER_PROXY"] = dumpToFile
return S_OK()
def getShifterProxy( shifterType, fileName = False ):
"""
This method returns a shifter's proxy
- shifterType : ProductionManager / DataManager...
"""
if fileName:
try:
os.makedirs( os.path.dirname( fileName ) )
except:
pass
shifterSection = "/Operations/Shifter/%s" % shifterType
userName = gConfig.getValue( '%s/User' % shifterSection, '' )
if not userName:
return S_ERROR( "No shifter defined in %s/User" % shifterSection )
result = CS.getDNForUsername( userName )
if not result[ 'OK' ]:
return result
userDN = result[ 'Value' ][0]
userGroup = gConfig.getValue( '%s/Group' % shifterSection, CS.getDefaultUserGroup() )
vomsAttr = CS.getVOMSAttributeForGroup( userGroup )
if vomsAttr:
gLogger.info( "Getting VOMS [%s] proxy for shifter %s@%s (%s)" % ( vomsAttr, userName,
userGroup, userDN ) )
result = gProxyManager.downloadVOMSProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 )
else:
gLogger.info( "Getting proxy for shifter %s@%s (%s)" % ( userName, userGroup, userDN ) )
result = gProxyManager.downloadProxy( userDN, userGroup, requiredTimeLeft = 4 * 43200 )
if not result[ 'OK' ]:
return result
chain = result[ 'Value' ]
result = gProxyManager.dumpProxyToFile( chain, destinationFile = fileName )
if not result[ 'OK' ]:
return result
fileName = result[ 'Value' ]
return S_OK( { 'DN' : userDN,
'username' : userName,
'group' : userGroup,
'chain' : chain,
'proxyFile' : fileName } )
def getProxyForLFN( self, lfn ):
""" get proxy for LFN
:param self: self reference
:param str lfn: LFN
"""
dirMeta = self.replicaManager().getCatalogDirectoryMetadata( lfn, singleFile = True )
if not dirMeta["OK"]:
return dirMeta
dirMeta = dirMeta["Value"]
ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith("/") else dirMeta["OwnerRole"]
ownerDN = dirMeta["OwnerDN"]
ownerProxy = None
for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ):
vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True,
requiredVOMSAttribute = ownerRole )
if not vomsProxy["OK"]:
self.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN,
ownerRole,
vomsProxy["Message"] ) )
continue
ownerProxy = vomsProxy["Value"]
self.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) )
break
if not ownerProxy:
return S_ERROR("Unable to get owner proxy")
dumpToFile = ownerProxy.dumpAllToFile()
if not dumpToFile["OK"]:
self.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] )
return dumpToFile
dumpToFile = dumpToFile["Value"]
os.environ["X509_USER_PROXY"] = dumpToFile
return S_OK()
def getProxyForLFN( self, lfn ):
""" get proxy for lfn
:param str lfn: LFN
:return: S_ERROR or S_OK( "/path/to/proxy/file" )
"""
dirMeta = returnSingleResult( self.fc.getDirectoryMetadata( os.path.dirname( lfn ) ) )
if not dirMeta["OK"]:
return dirMeta
dirMeta = dirMeta["Value"]
ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith( "/" ) else dirMeta["OwnerRole"]
ownerDN = dirMeta["OwnerDN"]
ownerProxy = None
for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ):
vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True,
requiredVOMSAttribute = ownerRole )
if not vomsProxy["OK"]:
self.log.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN,
ownerRole,
vomsProxy["Message"] ) )
continue
ownerProxy = vomsProxy["Value"]
self.log.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) )
break
if not ownerProxy:
return S_ERROR( "Unable to get owner proxy" )
dumpToFile = ownerProxy.dumpAllToFile()
if not dumpToFile["OK"]:
self.log.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] )
else:
os.environ["X509_USER_PROXY"] = dumpToFile["Value"]
return dumpToFile
def __getOwnerProxy(self, dirPath):
''' get owner creds for :dirPath: '''
self.log.verbose("Retrieving dir metadata...")
# get owner form the cached information, if not, try getDirectoryMetadata
ownerName, ownerGroup = self.__directoryOwners.pop(
dirPath, (None, None))
if not ownerName or not ownerGroup:
result = returnSingleResult(
self.catalog.getDirectoryMetadata(dirPath))
if not result['OK'] or 'OwnerRole' not in result['Value']:
self.log.error("Could not get metadata info",
result['Message'])
return result
ownerRole = result['Value']['OwnerRole']
ownerDN = result['Value']['OwnerDN']
if ownerRole[0] != "/":
ownerRole = "/%s" % ownerRole
cacheKey = (ownerDN, ownerRole)
ownerName = 'unknown'
byGroup = False
else:
ownerDN = Registry.getDNForUsername(ownerName)
if not ownerDN['OK']:
self.log.error("Could not get DN from user name",
ownerDN['Message'])
return ownerDN
ownerDN = ownerDN['Value'][0]
# This bloody method returns directly a string!!!!
ownerRole = Registry.getVOMSAttributeForGroup(ownerGroup)
byGroup = True
# Get all groups for that VOMS Role, and add lhcb_user as in DFC this is a safe value
ownerGroups = Registry.getGroupsWithVOMSAttribute(ownerRole) + [
'lhcb_user'
]
downErrors = []
for ownerGroup in ownerGroups:
if byGroup:
ownerRole = None
cacheKey = (ownerDN, ownerGroup)
if cacheKey in self.__noProxy:
return S_ERROR("Proxy not available")
# Getting the proxy...
upFile = self.proxyCache.get(cacheKey, 3600)
if upFile and os.path.exists(upFile):
self.log.verbose(
'Returning cached proxy for %s %s@%s [%s] in %s' %
(ownerName, ownerDN, ownerGroup, ownerRole, upFile))
return S_OK(upFile)
if ownerRole:
result = gProxyManager.downloadVOMSProxy(
ownerDN,
ownerGroup,
limited=False,
requiredVOMSAttribute=ownerRole)
else:
result = gProxyManager.downloadProxy(ownerDN,
ownerGroup,
limited=False)
if not result['OK']:
downErrors.append("%s : %s" % (cacheKey, result['Message']))
continue
userProxy = result['Value']
secsLeft = max(0, userProxy.getRemainingSecs()['Value'])
upFile = userProxy.dumpAllToFile()
if upFile['OK']:
upFile = upFile['Value']
else:
return upFile
self.proxyCache.add(cacheKey, secsLeft, upFile)
self.log.info("Got proxy for %s %s@%s [%s]" %
(ownerName, ownerDN, ownerGroup, ownerRole))
return S_OK(upFile)
self.__noProxy.add(cacheKey)
return S_ERROR("Could not download proxy for user (%s, %s):\n%s " %
(ownerDN, ownerRole, "\n ".join(downErrors)))
def main():
params = Params()
params.registerCLISwitches()
Script.parseCommandLine(ignoreErrors=True)
args = Script.getPositionalArgs()
if len(args) != 2:
Script.showHelp()
userGroup = str(args[1])
userDN = str(args[0])
userName = False
if userDN.find("/") != 0:
userName = userDN
retVal = Registry.getDNForUsername(userName)
if not retVal['OK']:
gLogger.notice("Cannot discover DN for username %s\n\t%s" %
(userName, retVal['Message']))
DIRAC.exit(2)
DNList = retVal['Value']
if len(DNList) > 1:
gLogger.notice("Username %s has more than one DN registered" %
userName)
ind = 0
for dn in DNList:
gLogger.notice("%d %s" % (ind, dn))
ind += 1
inp = six.moves.input(
"Which DN do you want to download? [default 0] ")
if not inp:
inp = 0
else:
inp = int(inp)
userDN = DNList[inp]
else:
userDN = DNList[0]
if not params.proxyPath:
if not userName:
result = Registry.getUsernameForDN(userDN)
if not result['OK']:
gLogger.notice("DN '%s' is not registered in DIRAC" % userDN)
DIRAC.exit(2)
userName = result['Value']
params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName,
userGroup)
if params.enableVOMS:
result = gProxyManager.downloadVOMSProxy(
userDN,
userGroup,
limited=params.limited,
requiredTimeLeft=params.proxyLifeTime,
requiredVOMSAttribute=params.vomsAttr)
else:
result = gProxyManager.downloadProxy(
userDN,
userGroup,
limited=params.limited,
requiredTimeLeft=params.proxyLifeTime)
if not result['OK']:
gLogger.notice('Proxy file cannot be retrieved: %s' %
result['Message'])
DIRAC.exit(2)
chain = result['Value']
result = chain.dumpAllToFile(params.proxyPath)
if not result['OK']:
gLogger.notice('Proxy file cannot be written to %s: %s' %
(params.proxyPath, result['Message']))
DIRAC.exit(2)
gLogger.notice("Proxy downloaded to %s" % params.proxyPath)
DIRAC.exit(0)
DIRAC.exit(2)
userDN = DNList[0]
if not params.proxyPath:
if not userName:
result = CS.getUsernameForDN(userDN)
if not result['OK']:
print "DN '%s' is not registered in DIRAC" % userDN
DIRAC.exit(2)
userName = result['Value']
params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName, userGroup)
if params.enableVOMS:
result = gProxyManager.downloadVOMSProxy(
userDN,
userGroup,
limited=params.limited,
requiredTimeLeft=params.proxyLifeTime,
requiredVOMSAttribute=params.vomsAttr)
else:
result = gProxyManager.downloadProxy(userDN,
userGroup,
limited=params.limited,
requiredTimeLeft=params.proxyLifeTime)
if not result['OK']:
print 'Proxy file cannot be retrieved: %s' % result['Message']
DIRAC.exit(2)
chain = result['Value']
result = chain.dumpAllToFile(params.proxyPath)
if not result['OK']:
print 'Proxy file cannot be written to %s: %s' % (params.proxyPath,
result['Message'])
def main():
params = Params()
params.registerCLISwitches()
# Registering arguments will automatically add their description to the help menu
Script.registerArgument((
"DN: DN of the user",
"user: DIRAC user name (will fail if there is more than 1 DN registered)"
))
Script.registerArgument(" group: DIRAC group name")
Script.parseCommandLine(ignoreErrors=True)
# parseCommandLine show help when mandatory arguments are not specified or incorrect argument
userDN, userGroup = Script.getPositionalArgs(group=True)
userName = False
if userDN.find("/") != 0:
userName = userDN
retVal = Registry.getDNForUsername(userName)
if not retVal["OK"]:
gLogger.notice("Cannot discover DN for username %s\n\t%s" %
(userName, retVal["Message"]))
DIRAC.exit(2)
DNList = retVal["Value"]
if len(DNList) > 1:
gLogger.notice("Username %s has more than one DN registered" %
userName)
ind = 0
for dn in DNList:
gLogger.notice("%d %s" % (ind, dn))
ind += 1
inp = input("Which DN do you want to download? [default 0] ")
if not inp:
inp = 0
else:
inp = int(inp)
userDN = DNList[inp]
else:
userDN = DNList[0]
if not params.proxyPath:
if not userName:
result = Registry.getUsernameForDN(userDN)
if not result["OK"]:
gLogger.notice("DN '%s' is not registered in DIRAC" % userDN)
DIRAC.exit(2)
userName = result["Value"]
params.proxyPath = "%s/proxy.%s.%s" % (os.getcwd(), userName,
userGroup)
if params.enableVOMS:
result = gProxyManager.downloadVOMSProxy(
userDN,
userGroup,
limited=params.limited,
requiredTimeLeft=params.proxyLifeTime,
requiredVOMSAttribute=params.vomsAttr,
)
else:
result = gProxyManager.downloadProxy(
userDN,
userGroup,
limited=params.limited,
requiredTimeLeft=params.proxyLifeTime)
if not result["OK"]:
gLogger.notice("Proxy file cannot be retrieved: %s" %
result["Message"])
DIRAC.exit(2)
chain = result["Value"]
result = chain.dumpAllToFile(params.proxyPath)
if not result["OK"]:
gLogger.notice("Proxy file cannot be written to %s: %s" %
(params.proxyPath, result["Message"]))
DIRAC.exit(2)
gLogger.notice("Proxy downloaded to %s" % params.proxyPath)
DIRAC.exit(0)
print "Which dn do you want to download?"
DIRAC.exit( 2 )
userDN = DNList[0]
if not params.proxyPath:
if not userName:
result = Registry.getUsernameForDN( userDN )
if not result[ 'OK' ]:
print "DN '%s' is not registered in DIRAC" % userDN
DIRAC.exit( 2 )
userName = result[ 'Value' ]
params.proxyPath = "%s/proxy.%s.%s" % ( os.getcwd(), userName, userGroup )
if params.enableVOMS:
result = gProxyManager.downloadVOMSProxy( userDN, userGroup, limited = params.limited,
requiredTimeLeft = params.proxyLifeTime,
requiredVOMSAttribute = params.vomsAttr )
else:
result = gProxyManager.downloadProxy( userDN, userGroup, limited = params.limited,
requiredTimeLeft = params.proxyLifeTime )
if not result['OK']:
print 'Proxy file cannot be retrieved: %s' % result['Message']
DIRAC.exit( 2 )
chain = result[ 'Value' ]
result = chain.dumpAllToFile( params.proxyPath )
if not result['OK']:
print 'Proxy file cannot be written to %s: %s' % ( params.proxyPath, result['Message'] )
DIRAC.exit( 2 )
print "Proxy downloaded to %s" % params.proxyPath
DIRAC.exit( 0 )
