def activate_endpoint(api, ep=None):
if ep is None:
ep = dst_endpoint
code, reason, reqs = api.endpoint_activation_requirements(ep, type='delegate_proxy')
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
proxy = x509_proxy.create_proxy_from_file(certificate_file, public_key, lifetime_hours=72)
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
try:
code, reason, result = api.endpoint_activate(ep, reqs)
except api_client.APIError as e:
sdlog.error("SDDMGLOB-028","Error: Cannot activate the source endpoint: (%s)"% str(e))
raise FatalException()
def activate_endpoint(self, ep):
status_code, status_message, data = self.endpoint_activation_requirements(
ep)
assert (status_code == 200)
if data['oauth_server']:
sys.stderr.write(
'WARNING: this is an oauth server, we are assuming the myproxy is at the same address\n'
)
myproxy = data['oauth_server']
else:
myproxy = data['hostname']
user = keyring.get_password(myproxy, "user")
password = keyring.get_password(myproxy, "password")
dn = keyring.get_password(myproxy, "dn")
# cert = keyring.get_password(myproxy, "certificate")
cert = None
if not (user and password and dn):
sys.stderr.write(
'Cannot get myproxy certificate. Call "myproxy_logon.py {} to setup user and passwords"\n'
.format(myproxy))
if cert == None:
sys.stderr.write(
'Credentials not found for {}.\nInvoking myproxy_logon...\n'.
format(myproxy))
(cert, dn) = myproxy_logon(myproxy, user, password, dn)
if cert == None:
sys.stderr.write(
'Cannot get myproxy certificate. Try "myproxy_logon.py {}"\n'
.format(myproxy))
return
with TmpFile() as t:
(f, cert_path) = t
f.write(cert)
f.close()
public_key = data.get_requirement_value("delegate_proxy",
"public_key")
proxy = x509_proxy.create_proxy_from_file(cert_path, public_key)
data.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
status_code, status_message, data = self.endpoint_activate(ep, data)
#print status_code, status_message, data
assert (status_code == 200)
sys.stderr.write(
'Endpoint {} is activated and will expire at {}\n'.format(
ep, data["expire_time"]))
def preferred_activation(username, endpoint_name, myproxy_username):
user_credential_path=os.getcwd()+"/credential-"+username+".pem"
print "==Activating %s ==" % endpoint_name
api = TransferAPIClient(username, cert_file=user_credential_path)
api.set_debug_print(False, False)
try:
code, message, data = api.endpoint(endpoint_name)
if not data["activated"]:
try:
print "==Try autoactivation=="
code, message, data = api.endpoint_autoactivate(endpoint_name)
except:
print "Cannot autoactivate"
except:
pass
try:
code, message, data = api.endpoint(endpoint_name)
except:
data={'activated': "Unavailable"}
if not data["activated"]: # and data["activated"] == "Unavailable":
try:
if myproxy_username != "none":
print "==Try myproxy for %s ==" % myproxy_username
status, message, data = api.endpoint_autoactivate(endpoint_name)
data.set_requirement_value("myproxy", "username", myproxy_username)
from getpass import getpass
passphrase = getpass()
data.set_requirement_value("myproxy", "passphrase", passphrase)
api.endpoint_activate(endpoint_name, data)
#activer=[username,"-c",os.getcwd()+"/credential.pem"]
#api, _ = create_client_from_args(activer)
#conditional_activation(endpoint_name,myproxy_username)
code, message, data = api.endpoint(endpoint_name)
else:
raise
except:
print "==Local proxy activation=="
_, _, reqs = api.endpoint_activation_requirements(endpoint_name, type="delegate_proxy")
#print "endpoint_name",endpoint_name
#print reqs
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
#print public_key
proxy = x509_proxy.create_proxy_from_file(user_credential_path, public_key)
#print "proxy"
#print proxy
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
#print reqs
result = api.endpoint_activate(endpoint_name, reqs)
def endpoint_activate(self, endpoint):
""" Activate the endpoint
Parameters
----------
endpoint : str
The endpoint to activate
"""
_, _, reqs = self.goclient.endpoint_activation_requirements(
endpoint, type="delegate_proxy")
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
proxy = x509_proxy.create_proxy_from_file(self.credfile, public_key,
self.proxy_valid_hrs)
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
result = self.goclient.endpoint_activate(endpoint, reqs)
return result
def activate_endpoint(api, ep=None):
if ep is None:
ep = dst_endpoint
code, reason, reqs = api.endpoint_activation_requirements(
ep, type='delegate_proxy')
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
proxy = x509_proxy.create_proxy_from_file(sdconfig.esgf_x509_proxy,
public_key,
lifetime_hours=72)
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
try:
code, reason, result = api.endpoint_activate(ep, reqs)
except api_client.APIError as e:
sdlog.error(
"SDDMGLOB-028",
"Error: Cannot activate the source endpoint: (%s)" % str(e))
raise FatalException()
def activateEndpoint(api_client, endpoint, myproxy_server=None, username=None, password=None, cert=None, key=None):
if (not myproxy_server or not password) and (not myproxy_server or not cert):
# Try to autoactivate the endpoint
code, reason, result = api_client.endpoint_autoactivate(endpoint, if_expires_in=2880)
print "Endpoint Activation: %s. %s: %s" % (endpoint, result["code"], result["message"])
if result["code"] == "AutoActivationFailed":
return (False, "")
return (True, "")
code, reason, reqs = api_client.endpoint_activation_requirements(endpoint)
# Activate the endpoint using an X.509 user credential stored by esgf-idp in /tmp/x509up_<idp_hostname>_<username>
if cert and key:
cred_file = "/tmp/x509up_%s_%s" % (myproxy_server, username)
with open(cred_file, 'w') as cred:
cred.write(cert)
cred.write(key)
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
try:
proxy = x509_proxy.create_proxy_from_file(cred_file, public_key, lifetime_hours=72)
except Exception as e:
print "Could not activate the endpoint: %s. Error: %s" % (endpoint, str(e))
return False
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
else:
# Activate the endpoint using MyProxy server method
reqs.set_requirement_value("myproxy", "hostname", myproxy_server)
reqs.set_requirement_value("myproxy", "username", username)
reqs.set_requirement_value("myproxy", "passphrase", password)
reqs.set_requirement_value("myproxy", "lifetime_in_hours", "168")
try:
code, reason, result = api_client.endpoint_activate(endpoint, reqs)
except Exception as e:
print "Could not activate the endpoint: %s. Error: %s" % (endpoint, str(e))
return (False, str(e))
if code != 200:
print "Could not aactivate the endpoint: %s. Error: %s - %s" % (endpoint, result["code"], result["message"])
return (False, result["message"])
print "Endpoint Activation: %s. %s: %s" % (endpoint, result["code"], result["message"])
return (True, "")
def activateEndpoint(api_client, endpoint, openid=None):
# Try to autoactivate the endpoint
code, reason, result = api_client.endpoint_autoactivate(endpoint, if_expires_in=2880)
if result["code"] == "AutoActivationFailed" and openid:
# Activate the endpoint using an X.509 user credential stored by esgf-idp in /tmp/x509up_<idp_hostname>_<username>
openid_parsed = urlparse.urlparse(openid)
hostname = openid_parsed.hostname
username = os.path.basename(openid_parsed.path)
cred_file = "/tmp/x509up_%s_%s" % (hostname, username)
reqs = result
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
try:
proxy = x509_proxy.create_proxy_from_file(cred_file, public_key, lifetime_hours=72)
except Exception as e:
print "Could not activate the endpoint: %s. Error: %s" % (endpoint, str(e))
return
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
code, reason, result = api_client.endpoint_activate(endpoint, reqs)
if code != 200:
print "Could not aactivate the endpoint: %s. Error: %s - %s" % (endpoint, result["code"], result["message"])
print "Endpoint Activation: %s. %s: %s" % (endpoint, result["code"], result["message"])
def endpoint_activation(self, endpoint_name, myproxy_username=''):
"""
Activate a GridFTP endpoint
:param endpoint_name: name of the endpoint to activate
:param myproxy_username: myproxy user name
"""
#code, reason, data = self.api.endpoint(endpoint_name)
#self._print_endpoint(data)
#self.display_endpoint_list();
LOGGER.debug("Checking if endpoint {0} is already activated".format(
endpoint_name))
_, _, data = self.api.endpoint(endpoint_name)
if data["activated"]:
LOGGER.info("Endpoint {0} is already active!".format(endpoint_name))
return True
# Trying with autoactivation
LOGGER.debug("Trying autoactivation")
code, message, data = self.api.endpoint_autoactivate(
endpoint_name)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!".format(endpoint_name))
LOGGER.debug("result: {0} ({1})".format(data["code"],
data["message"]))
return True
LOGGER.debug("Trying activating with myproxy")
data.set_requirement_value("myproxy", "username", myproxy_username)
# Remove interactive messages: add arguments to manage this part
from getpass import getpass
passphrase = getpass()
data.set_requirement_value("myproxy", "passphrase", passphrase)
try:
status, message, data = self.api.endpoint_activate(endpoint_name,
data,
if_expires_in=600)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!\n".format(endpoint_name))
LOGGER.debug("result: {0} ({1})\n".format(data["code"],
data["message"]))
return True
except Exception as e:
print "Error: {0}".format(e)
# Trying activating a delegate proxy
self.check_proxy()
user_credential_path = os.path.join(os.getcwd(), self.proxy_name)
LOGGER.debug("Trying delegate proxy activation")
_, _, reqs = self.api.endpoint_activation_requirements(
endpoint_name, type="delegate_proxy")
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
#print public_key
proxy = x509_proxy.create_proxy_from_file(user_credential_path,
public_key, lifetime_hours=3)
#print proxy
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
try:
code, message, data = self.api.endpoint_activate(endpoint_name,
reqs)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!\n".format(endpoint_name))
LOGGER.debug("result: {0} ({1})\n".format(data["code"],
data["message"]))
return True
except Exception as e:
print "Error: {0}".format(e)
print "Can not active the endpoint {0}\n".format(endpoint_name)
if "proxy is not valid until" in str(e):
print "This error may be related to clock time skew. " \
"Please, check if your client clock is server " \
"synchronized and not ahead (you could check with " \
"\"www.time.is\")"
return False
mypath = options.path
if (not options.cert_file) and options.key_file:
cert = options.key_file
if (not options.key_file) and options.cert_file:
key = options.cert_file
#Getting a Transfer API instance and authenticating
api = api_client.TransferAPIClient(username=user, cert_file=cert, key_file=key)
#Deactivating the endpoint to make sure that the following code actually is
#activating the endpoint.
api.endpoint_deactivate(endpt)
#Authenticating and activating the endpoint manually.
reqs = api.endpoint_activation_requirements(endpt, type="delegate_proxy")[2]
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
proxy = x509_proxy.create_proxy_from_file(cred_file, public_key)
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
result = api.endpoint_activate(endpt, reqs)
#Perform a dir listing and print the list of files.
#The 'DATA' subfield of the data dict will contain a dictionary containing
#properties for each file.
code, reason, data = api.endpoint_ls(endpt, mypath)
#TODO: What exactly do we want to print out here? Comments welcome.
for entry in data['DATA']:
print "%s\t%s\t%s" % (entry['name'],entry['permissions'],entry['size'])
#Cleanup by deactivating the endpoint.
api.endpoint_deactivate(endpt)
The endpoint name may contain a # which is a shell comment, so be sure to
quote the endpoint name.
"""
import sys
from globusonline.transfer.api_client import create_client_from_args
from globusonline.transfer.api_client import x509_proxy
if __name__ == '__main__':
api, args = create_client_from_args()
if len(args) < 2:
sys.stderr.write(
"username, endpoint, cred_file arguments are required")
sys.exit(1)
ep = args[0]
cred_file = args[1]
print "Using x509_proxy implementation '%s'" % x509_proxy.implementation
_, _, reqs = api.endpoint_activation_requirements(ep,
type="delegate_proxy")
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
proxy = x509_proxy.create_proxy_from_file(cred_file, public_key)
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
result = api.endpoint_activate(ep, reqs)
print result
def endpoint_activation(self,
endpoint_name,
myproxy_username='',
myproxy_password=''):
"""
Activate a GridFTP endpoint.
Different attempts will be made: autocativation, using myproxy and using
a delegate proxy (in the latter case \'grid-proxy-init\' is needed to
generate a X.509 proxy).
Myproxy username and password will be used to try the authentication
with myproxy: they will be prompted if not passed as parameter or not
found in the resource json file.
The passphrase of the user certificate (needed for generating an X.509
proxy certificate) will be prompted if not found in the resource json
file.
:param endpoint_name: name of the endpoint to activate
:param myproxy_username: myproxy user name (optional, if empty end needed
it will be prompted)
:param myproxy_password: myproxy user password (optional, if empty end
needed it will be prompted)
"""
if self.api is None:
print "You need to be authenticated with Globus Online to perform " \
"this operation. "
return False
LOGGER.debug("Checking if endpoint {0} is already activated..".format(
endpoint_name))
_, _, data = self.api.endpoint(endpoint_name)
if data["activated"]:
LOGGER.info(
"Endpoint {0} is already active!".format(endpoint_name))
return True
# Trying with autoactivation
LOGGER.debug("Trying autoactivation..")
code, message, data = self.api.endpoint_autoactivate(endpoint_name)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!".format(endpoint_name))
LOGGER.debug("result: {0} ({1})".format(data["code"],
data["message"]))
return True
LOGGER.debug("Trying activating with myproxy..")
if not myproxy_username and self.globus_init:
myproxy_username = self.globus_init['myproxy_username']
if not myproxy_username and self.globus_init:
myproxy_username = raw_input(
"Please insert your \'myproxy\' username:"******"myproxy", "username", myproxy_username)
data.set_requirement_value("myproxy", "passphrase", myproxy_password)
try:
status, message, data = self.api.endpoint_activate(
endpoint_name, data, if_expires_in=600)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!\n".format(endpoint_name))
LOGGER.debug("result: {0} ({1})\n".format(
data["code"], data["message"]))
return True
except Exception as e:
print "Error: {0}".format(e)
# Trying activating a delegate proxy
# Verify if there is a workaround not to use grid-proxy-init
# (https://github.com/globusonline/transfer-api-client-python/tree/master/mkproxy)
self.check_proxy()
user_credential_path = os.path.join(os.getcwd(), self.proxy_name)
LOGGER.debug("Trying delegate proxy activation..")
_, _, reqs = self.api.endpoint_activation_requirements(
endpoint_name, type="delegate_proxy")
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
# print public_key
proxy = x509_proxy.create_proxy_from_file(user_credential_path,
public_key,
lifetime_hours=3)
# print proxy
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
try:
code, message, data = self.api.endpoint_activate(
endpoint_name, reqs)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!\n".format(endpoint_name))
LOGGER.debug("result: {0} ({1})\n".format(
data["code"], data["message"]))
return True
except Exception as e:
print "Error: {0}".format(e)
print "Can not active the endpoint {0}\n".format(endpoint_name)
if "proxy is not valid until" in str(e):
print "This error may be related to clock time skew. " \
"Please, check if your client clock is server " \
"synchronized and not ahead (you could check with " \
"\"www.time.is\")"
return False
cert = options.key_file
if (not options.key_file) and options.cert_file:
key = options.cert_file
#Getting a transfer API instance by authenticating using X509 credentials
api = api_client.TransferAPIClient(username=user, cert_file=cert, key_file=key)
#Deactivating our source and destination endpoints, just to make sure we're
#actually activating them below.
api.endpoint_deactivate(src)
api.endpoint_deactivate(dst)
#Manual activation of the source endpoint.
src_reqs = api.endpoint_activation_requirements(src, type="delegate_proxy")[2]
src_pubkey = src_reqs.get_requirement_value("delegate_proxy", "public_key")
src_proxy = x509_proxy.create_proxy_from_file(cred_file, src_pubkey)
src_reqs.set_requirement_value("delegate_proxy", "proxy_chain", src_proxy)
src_result = api.endpoint_activate(src, src_reqs)
#The manual activation process, repeated for the destination endpoint.
#We found that both endpoints need to be activated manually due to differences
#in configurations across the different endpoints.
dst_reqs = api.endpoint_activation_requirements(dst, type="delegate_proxy")[2]
dst_pubkey = dst_reqs.get_requirement_value("delegate_proxy", "public_key")
dst_proxy = x509_proxy.create_proxy_from_file(cred_file, dst_pubkey)
dst_reqs.set_requirement_value("delegate_proxy", "proxy_chain", dst_proxy)
dst_result = api.endpoint_activate(dst, dst_reqs)
#Transfer setup and execution.
sub_code, sub_reason, sub_data = api.submission_id()
mytransfer = Transfer(sub_data['value'], src, dst)
def endpoint_activation(self, endpoint_name, myproxy_username='',
myproxy_password=''):
"""
Activate a GridFTP endpoint.
Different attempts will be made: autocativation, using myproxy and using
a delegate proxy (in the latter case \'grid-proxy-init\' is needed to
generate a X.509 proxy).
Myproxy username and password will be used to try the authentication
with myproxy: they will be prompted if not passed as parameter or not
found in the resource json file.
The passphrase of the user certificate (needed for generating an X.509
proxy certificate) will be prompted if not found in the resource json
file.
:param endpoint_name: name of the endpoint to activate
:param myproxy_username: myproxy user name (optional, if empty end needed
it will be prompted)
:param myproxy_password: myproxy user password (optional, if empty end
needed it will be prompted)
"""
if self.api is None:
print "You need to be authenticated with Globus Online to perform " \
"this operation. "
return False
LOGGER.debug("Checking if endpoint {0} is already activated..".format(
endpoint_name))
_, _, data = self.api.endpoint(endpoint_name)
if data["activated"]:
LOGGER.info(
"Endpoint {0} is already active!".format(endpoint_name))
return True
# Trying with autoactivation
LOGGER.debug("Trying autoactivation..")
code, message, data = self.api.endpoint_autoactivate(
endpoint_name)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!".format(endpoint_name))
LOGGER.debug("result: {0} ({1})".format(data["code"],
data["message"]))
return True
LOGGER.debug("Trying activating with myproxy..")
if not myproxy_username and self.globus_init:
myproxy_username = self.globus_init['myproxy_username']
if not myproxy_username and self.globus_init:
myproxy_username = raw_input(
"Please insert your \'myproxy\' username:"******"myproxy", "username", myproxy_username)
data.set_requirement_value("myproxy", "passphrase", myproxy_password)
try:
status, message, data = self.api.endpoint_activate(endpoint_name,
data,
if_expires_in=600)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!\n".format(endpoint_name))
LOGGER.debug("result: {0} ({1})\n".format(data["code"],
data["message"]))
return True
except Exception as e:
print "Error: {0}".format(e)
# Trying activating a delegate proxy
# Verify if there is a workaround not to use grid-proxy-init
# (https://github.com/globusonline/transfer-api-client-python/tree/master/mkproxy)
self.check_proxy()
user_credential_path = os.path.join(os.getcwd(), self.proxy_name)
LOGGER.debug("Trying delegate proxy activation..")
_, _, reqs = self.api.endpoint_activation_requirements(
endpoint_name, type="delegate_proxy")
public_key = reqs.get_requirement_value("delegate_proxy", "public_key")
# print public_key
proxy = x509_proxy.create_proxy_from_file(user_credential_path,
public_key, lifetime_hours=3)
# print proxy
reqs.set_requirement_value("delegate_proxy", "proxy_chain", proxy)
try:
code, message, data = self.api.endpoint_activate(endpoint_name,
reqs)
if not data["code"].startswith("AutoActivationFailed"):
LOGGER.info("Endpoint {0} activated!\n".format(endpoint_name))
LOGGER.debug("result: {0} ({1})\n".format(data["code"],
data["message"]))
return True
except Exception as e:
print "Error: {0}".format(e)
print "Can not active the endpoint {0}\n".format(endpoint_name)
if "proxy is not valid until" in str(e):
print "This error may be related to clock time skew. " \
"Please, check if your client clock is server " \
"synchronized and not ahead (you could check with " \
"\"www.time.is\")"
return False
