def _getCurrentUser( self ): res = getProxyInfo( False, False ) if not res['OK']: return self._errorReport( 'No proxy found in local environment', res['Message'] ) proxyInfo = res['Value'] gLogger.debug( formatProxyInfoAsString( proxyInfo ) ) if 'group' not in proxyInfo: return self._errorReport( 'Proxy information does not contain the group', res['Message'] ) res = getDNForUsername( proxyInfo['username'] ) if not res['OK']: return self._errorReport( 'Failed to get proxies for user', res['Message'] ) return S_OK( proxyInfo['username'] )
def _getCurrentUser( self ): res = getProxyInfo( False, False ) if not res['OK']: return self._errorReport( 'No proxy found in local environment', res['Message'] ) proxyInfo = res['Value'] gLogger.debug( formatProxyInfoAsString( proxyInfo ) ) if 'group 'not in proxyInfo: return self._errorReport( 'Proxy information does not contain the group', res['Message'] ) res = getDNForUsername( proxyInfo['username'] ) if not res['OK']: return self._errorReport( 'Failed to get proxies for user', res['Message'] ) return S_OK( proxyInfo['username'] )
def execute(self): self.log.info("Start Execution") result = getProxyInfo() if not result['OK']: return result infoDict = result['Value'] self.log.info(formatProxyInfoAsString(infoDict)) self.__lookForCE() self.__infoFromCE() self.log.info("End Execution") return S_OK()
def execute(self): self.log.info("Start Execution") result = getProxyInfo() if not result["OK"]: return result infoDict = result["Value"] self.log.info(formatProxyInfoAsString(infoDict)) self.__lookForCE() self.__infoFromCE() self.log.info("End Execution") return S_OK()
def _getCurrentUser(self): """Get current user :return: S_OK(dict)/S_ERROR() """ res = getProxyInfo(False, False) if not res["OK"]: return self._errorReport("No proxy found in local environment", res["Message"]) proxyInfo = res["Value"] gLogger.debug(formatProxyInfoAsString(proxyInfo)) if "group" not in proxyInfo: return self._errorReport("Proxy information does not contain the group", res["Message"]) res = getDNForUsername(proxyInfo["username"]) if not res["OK"]: return self._errorReport("Failed to get proxies for user", res["Message"]) return S_OK(proxyInfo["username"])
def execute( self ): self.log.info( "Start Execution" ) result = getProxyInfo() if not result[ 'OK' ]: return result infoDict = result[ 'Value' ] self.log.info( formatProxyInfoAsString( infoDict ) ) #Get a "fresh" copy of the CS data result = self.csAPI.downloadCSData() if not result[ 'OK' ]: self.log.warn( "Could not download a fresh copy of the CS data", result[ 'Message' ] ) self.__lookForCE() self.__infoFromCE() self.log.info( "End Execution" ) return S_OK()
def _monitorProxy(self, pilotProxy, payloadProxy): """Base class for the monitor and update of the payload proxy, to be used in derived classes for the basic renewal of the proxy, if further actions are necessary they should be implemented there """ retVal = getProxyInfo(payloadProxy) if not retVal['OK']: self.log.error('Could not get payload proxy info', retVal) return retVal self.log.verbose('Payload Proxy information:\n%s' % formatProxyInfoAsString(retVal['Value'])) payloadProxyDict = retVal['Value'] payloadSecs = payloadProxyDict['chain'].getRemainingSecs()['Value'] if payloadSecs > self.minProxyTime: self.log.verbose('No need to renew payload Proxy') return S_OK() # if there is no pilot proxy, assume there is a certificate and try a renewal if not pilotProxy: self.log.info( 'Using default credentials to get a new payload Proxy') return gProxyManager.renewProxy( proxyToBeRenewed=payloadProxy, minLifeTime=self.minProxyTime, newProxyLifeTime=self.defaultProxyTime, proxyToConnect=pilotProxy) # if there is pilot proxy retVal = getProxyInfo(pilotProxy) if not retVal['OK']: return retVal pilotProxyDict = retVal['Value'] if not 'groupProperties' in pilotProxyDict: self.log.error('Invalid Pilot Proxy', 'Group has no properties defined') return S_ERROR('Proxy has no group properties defined') pilotProps = pilotProxyDict['groupProperties'] # if running with a pilot proxy, use it to renew the proxy of the payload if Properties.PILOT in pilotProps or Properties.GENERIC_PILOT in pilotProps: self.log.info('Using Pilot credentials to get a new payload Proxy') return gProxyManager.renewProxy( proxyToBeRenewed=payloadProxy, minLifeTime=self.minProxyTime, newProxyLifeTime=self.defaultProxyTime, proxyToConnect=pilotProxy) # if we are running with other type of proxy check if they are for the same user and group # and copy the pilot proxy if necessary self.log.info('Trying to copy pilot Proxy to get a new payload Proxy') pilotProxySecs = pilotProxyDict['chain'].getRemainingSecs()['Value'] if pilotProxySecs <= payloadSecs: errorStr = 'Pilot Proxy is not longer than payload Proxy' self.log.error(errorStr) return S_ERROR('Can not renew by copy: %s' % errorStr) # check if both proxies belong to the same user and group pilotDN = pilotProxyDict['chain'].getIssuerCert( )['Value'].getSubjectDN()['Value'] retVal = pilotProxyDict['chain'].getDIRACGroup() if not retVal['OK']: return retVal pilotGroup = retVal['Value'] payloadDN = payloadProxyDict['chain'].getIssuerCert( )['Value'].getSubjectDN()['Value'] retVal = payloadProxyDict['chain'].getDIRACGroup() if not retVal['OK']: return retVal payloadGroup = retVal['Value'] if pilotDN != payloadDN or pilotGroup != payloadGroup: errorStr = 'Pilot Proxy and payload Proxy do not have same DN and Group' self.log.error(errorStr) return S_ERROR('Can not renew by copy: %s' % errorStr) if pilotProxyDict.get('hasVOMS', False): return pilotProxyDict['chain'].dumpAllToFile(payloadProxy) attribute = CS.getVOMSAttributeForGroup(payloadGroup) vo = CS.getVOMSVOForGroup(payloadGroup) retVal = VOMS().setVOMSAttributes(pilotProxyDict['chain'], attribute=attribute, vo=vo) if not retVal['OK']: return retVal chain = retVal['Value'] return chain.dumpAllToFile(payloadProxy)
def _monitorProxy(self, pilotProxy, payloadProxy): """Base class for the monitor and update of the payload proxy, to be used in derived classes for the basic renewal of the proxy, if further actions are necessary they should be implemented there """ retVal = getProxyInfo(payloadProxy) if not retVal["OK"]: self.log.error("Could not get payload proxy info", retVal) return retVal self.log.verbose("Payload Proxy information:\n%s" % formatProxyInfoAsString(retVal["Value"])) payloadProxyDict = retVal["Value"] payloadSecs = payloadProxyDict["chain"].getRemainingSecs()["Value"] if payloadSecs > self.minProxyTime: self.log.verbose("No need to renew payload Proxy") return S_OK() # if there is no pilot proxy, assume there is a certificate and try a renewal if not pilotProxy: self.log.info("Using default credentials to get a new payload Proxy") return gProxyManager.renewProxy( proxyToBeRenewed=payloadProxy, minLifeTime=self.minProxyTime, newProxyLifeTime=self.defaultProxyTime, proxyToConnect=pilotProxy, ) # if there is pilot proxy retVal = getProxyInfo(pilotProxy) if not retVal["OK"]: return retVal pilotProxyDict = retVal["Value"] if not "groupProperties" in pilotProxyDict: self.log.error("Invalid Pilot Proxy", "Group has no properties defined") return S_ERROR("Proxy has no group properties defined") pilotProps = pilotProxyDict["groupProperties"] # if running with a pilot proxy, use it to renew the proxy of the payload if Properties.PILOT in pilotProps or Properties.GENERIC_PILOT in pilotProps: self.log.info("Using Pilot credentials to get a new payload Proxy") return gProxyManager.renewProxy( proxyToBeRenewed=payloadProxy, minLifeTime=self.minProxyTime, newProxyLifeTime=self.defaultProxyTime, proxyToConnect=pilotProxy, ) # if we are running with other type of proxy check if they are for the same user and group # and copy the pilot proxy if necessary self.log.info("Trying to copy pilot Proxy to get a new payload Proxy") pilotProxySecs = pilotProxyDict["chain"].getRemainingSecs()["Value"] if pilotProxySecs <= payloadSecs: errorStr = "Pilot Proxy is not longer than payload Proxy" self.log.error(errorStr) return S_ERROR("Can not renew by copy: %s" % errorStr) # check if both proxies belong to the same user and group pilotDN = pilotProxyDict["chain"].getIssuerCert()["Value"].getSubjectDN()["Value"] retVal = pilotProxyDict["chain"].getDIRACGroup() if not retVal["OK"]: return retVal pilotGroup = retVal["Value"] payloadDN = payloadProxyDict["chain"].getIssuerCert()["Value"].getSubjectDN()["Value"] retVal = payloadProxyDict["chain"].getDIRACGroup() if not retVal["OK"]: return retVal payloadGroup = retVal["Value"] if pilotDN != payloadDN or pilotGroup != payloadGroup: errorStr = "Pilot Proxy and payload Proxy do not have same DN and Group" self.log.error(errorStr) return S_ERROR("Can not renew by copy: %s" % errorStr) if pilotProxyDict.get("hasVOMS", False): return pilotProxyDict["chain"].dumpAllToFile(payloadProxy) attribute = CS.getVOMSAttributeForGroup(payloadGroup) vo = CS.getVOMSVOForGroup(payloadGroup) retVal = VOMS().setVOMSAttributes(pilotProxyDict["chain"], attribute=attribute, vo=vo) if not retVal["OK"]: return retVal chain = retVal["Value"] return chain.dumpAllToFile(payloadProxy)
if result[ 'OK' ]: deviation = result[ 'Value' ] if deviation > 600: gLogger.error( "Your host clock seems to be off by more than TEN MINUTES! Thats really bad." ) elif deviation > 180: gLogger.error( "Your host clock seems to be off by more than THREE minutes! Thats bad." ) elif deviation > 60: gLogger.error( "Your host clock seems to be off by more than a minute! Thats not good." ) result = getProxyInfo( params.proxyLoc, not params.vomsEnabled ) if not result[ 'OK' ]: gLogger.error( result[ 'Message' ] ) sys.exit( 1 ) infoDict = result[ 'Value' ] gLogger.notice( formatProxyInfoAsString( infoDict ) ) if not infoDict['isProxy']: gLogger.error( '==============================\n!!! The proxy is not valid !!!' ) if params.steps: gLogger.notice( "== Steps extended info ==" ) chain = infoDict[ 'chain' ] stepInfo = getProxyStepsInfo( chain )[ 'Value' ] gLogger.notice( formatProxyStepsInfoAsString( stepInfo ) ) def invalidProxy( msg ): gLogger.error( "Invalid proxy:", msg ) sys.exit( 1 ) if params.uploadedInfo: result = gProxyManager.getUserProxiesInfo()
def main(): params = Params() Script.registerSwitch("f:", "file=", "File to use as user key", params.setProxyLocation) Script.registerSwitch("i", "version", "Print version", params.showVersion) Script.registerSwitch("n", "novoms", "Disable VOMS", params.disableVOMS) Script.registerSwitch("v", "checkvalid", "Return error if the proxy is invalid", params.validityCheck) Script.registerSwitch("x", "nocs", "Disable CS", params.disableCS) Script.registerSwitch("e", "steps", "Show steps info", params.showSteps) Script.registerSwitch("j", "noclockcheck", "Disable checking if time is ok", params.disableClockCheck) Script.registerSwitch("m", "uploadedinfo", "Show uploaded proxies info", params.setManagerInfo) Script.disableCS() Script.parseCommandLine() from DIRAC.Core.Utilities.NTP import getClockDeviation from DIRAC import gLogger from DIRAC.Core.Security.ProxyInfo import getProxyInfo, getProxyStepsInfo from DIRAC.Core.Security.ProxyInfo import formatProxyInfoAsString, formatProxyStepsInfoAsString from DIRAC.Core.Security import VOMS from DIRAC.FrameworkSystem.Client.ProxyManagerClient import gProxyManager from DIRAC.ConfigurationSystem.Client.Helpers import Registry if params.csEnabled: retVal = Script.enableCS() if not retVal["OK"]: print("Cannot contact CS to get user list") if params.checkClock: result = getClockDeviation() if result["OK"]: deviation = result["Value"] if deviation > 600: gLogger.error("Your host clock seems to be off by more than TEN MINUTES! Thats really bad.") elif deviation > 180: gLogger.error("Your host clock seems to be off by more than THREE minutes! Thats bad.") elif deviation > 60: gLogger.error("Your host clock seems to be off by more than a minute! Thats not good.") result = getProxyInfo(params.proxyLoc, not params.vomsEnabled) if not result["OK"]: gLogger.error(result["Message"]) sys.exit(1) infoDict = result["Value"] gLogger.notice(formatProxyInfoAsString(infoDict)) if not infoDict["isProxy"]: gLogger.error("==============================\n!!! The proxy is not valid !!!") if params.steps: gLogger.notice("== Steps extended info ==") chain = infoDict["chain"] stepInfo = getProxyStepsInfo(chain)["Value"] gLogger.notice(formatProxyStepsInfoAsString(stepInfo)) def invalidProxy(msg): gLogger.error("Invalid proxy:", msg) sys.exit(1) if params.uploadedInfo: result = gProxyManager.getUserProxiesInfo() if not result["OK"]: gLogger.error("Could not retrieve the uploaded proxies info", result["Message"]) else: uploadedInfo = result["Value"] if not uploadedInfo: gLogger.notice("== No proxies uploaded ==") if uploadedInfo: gLogger.notice("== Proxies uploaded ==") maxDNLen = 0 maxGroupLen = 0 for userDN in uploadedInfo: maxDNLen = max(maxDNLen, len(userDN)) for group in uploadedInfo[userDN]: maxGroupLen = max(maxGroupLen, len(group)) gLogger.notice(" %s | %s | Until (GMT)" % ("DN".ljust(maxDNLen), "Group".ljust(maxGroupLen))) for userDN in uploadedInfo: for group in uploadedInfo[userDN]: gLogger.notice( " %s | %s | %s" % ( userDN.ljust(maxDNLen), group.ljust(maxGroupLen), uploadedInfo[userDN][group].strftime("%Y/%m/%d %H:%M"), ) ) if params.checkValid: if infoDict["secondsLeft"] == 0: invalidProxy("Proxy is expired") if params.csEnabled and not infoDict["validGroup"]: invalidProxy("Group %s is not valid" % infoDict["group"]) if "hasVOMS" in infoDict and infoDict["hasVOMS"]: requiredVOMS = Registry.getVOMSAttributeForGroup(infoDict["group"]) if "VOMS" not in infoDict or not infoDict["VOMS"]: invalidProxy("Unable to retrieve VOMS extension") if len(infoDict["VOMS"]) > 1: invalidProxy("More than one voms attribute found") if requiredVOMS not in infoDict["VOMS"]: invalidProxy( "Unexpected VOMS extension %s. Extension expected for DIRAC group is %s" % (infoDict["VOMS"][0], requiredVOMS) ) result = VOMS.VOMS().getVOMSProxyInfo(infoDict["chain"], "actimeleft") if not result["OK"]: invalidProxy("Cannot determine life time of VOMS attributes: %s" % result["Message"]) if int(result["Value"].strip()) == 0: invalidProxy("VOMS attributes are expired") sys.exit(0)
def _monitorProxy(self, payloadProxy=None): """Base class for the monitor and update of the payload proxy, to be used in derived classes for the basic renewal of the proxy, if further actions are necessary they should be implemented there :param str payloadProxy: location of the payload proxy file :returns: S_OK(filename)/S_ERROR """ if not payloadProxy: return S_ERROR("No payload proxy") # This will get the pilot proxy ret = getProxyInfo() if not ret["OK"]: pilotProxy = None else: pilotProxy = ret["Value"]["path"] self.log.notice("Pilot Proxy:", pilotProxy) retVal = getProxyInfo(payloadProxy) if not retVal["OK"]: self.log.error("Could not get payload proxy info", retVal) return retVal self.log.verbose("Payload Proxy information:\n%s" % formatProxyInfoAsString(retVal["Value"])) payloadProxyDict = retVal["Value"] payloadSecs = payloadProxyDict["chain"].getRemainingSecs()["Value"] if payloadSecs > self.minProxyTime: self.log.verbose("No need to renew payload Proxy") return S_OK() # if there is no pilot proxy, assume there is a certificate and try a renewal if not pilotProxy: self.log.info( "Using default credentials to get a new payload Proxy") return gProxyManager.renewProxy( proxyToBeRenewed=payloadProxy, minLifeTime=self.minProxyTime, newProxyLifeTime=self.defaultProxyTime, proxyToConnect=pilotProxy, ) # if there is pilot proxy retVal = getProxyInfo(pilotProxy) if not retVal["OK"]: return retVal pilotProxyDict = retVal["Value"] if "groupProperties" not in pilotProxyDict: self.log.error("Invalid Pilot Proxy", "Group has no properties defined") return S_ERROR("Proxy has no group properties defined") pilotProps = pilotProxyDict["groupProperties"] # if running with a pilot proxy, use it to renew the proxy of the payload if Properties.PILOT in pilotProps or Properties.GENERIC_PILOT in pilotProps: self.log.info("Using Pilot credentials to get a new payload Proxy") return gProxyManager.renewProxy( proxyToBeRenewed=payloadProxy, minLifeTime=self.minProxyTime, newProxyLifeTime=self.defaultProxyTime, proxyToConnect=pilotProxy, ) # if we are running with other type of proxy check if they are for the same user and group # and copy the pilot proxy if necessary self.log.info("Trying to copy pilot Proxy to get a new payload Proxy") pilotProxySecs = pilotProxyDict["chain"].getRemainingSecs()["Value"] if pilotProxySecs <= payloadSecs: errorStr = "Pilot Proxy is not longer than payload Proxy" self.log.error(errorStr) return S_ERROR("Can not renew by copy: %s" % errorStr) # check if both proxies belong to the same user and group pilotDN = pilotProxyDict["chain"].getIssuerCert( )["Value"].getSubjectDN()["Value"] retVal = pilotProxyDict["chain"].getDIRACGroup() if not retVal["OK"]: return retVal pilotGroup = retVal["Value"] payloadDN = payloadProxyDict["chain"].getIssuerCert( )["Value"].getSubjectDN()["Value"] retVal = payloadProxyDict["chain"].getDIRACGroup() if not retVal["OK"]: return retVal payloadGroup = retVal["Value"] if pilotDN != payloadDN or pilotGroup != payloadGroup: errorStr = "Pilot Proxy and payload Proxy do not have same DN and Group" self.log.error(errorStr) return S_ERROR("Can not renew by copy: %s" % errorStr) if pilotProxyDict.get("hasVOMS", False): return pilotProxyDict["chain"].dumpAllToFile(payloadProxy) attribute = Registry.getVOMSAttributeForGroup(payloadGroup) vo = Registry.getVOMSVOForGroup(payloadGroup) retVal = VOMS().setVOMSAttributes(pilotProxyDict["chain"], attribute=attribute, vo=vo) if not retVal["OK"]: return retVal chain = retVal["Value"] return chain.dumpAllToFile(payloadProxy)
# Show infomation message only if the current state of the user environment does not match the authorization result if (useTokens and (self.response == "proxy")) or (not useTokens and (self.response == "token")): gLogger.notice(msg) def getAuthStatus(self): """Try to get user authorization status. :return: S_OK()/S_ERROR() """ if not (result := self.__enableCS())["OK"]: return result if self.response == "proxy": result = getProxyInfo(self.outputFile) if result["OK"]: gLogger.notice(formatProxyInfoAsString(result["Value"])) else: result = readTokenFromFile(self.outputFile) if result["OK"]: gLogger.notice(result["Value"].getInfoAsString()) return result @Script() def main(): userParams = Params() userParams.registerCLISwitches() # Check time deviation = getClockDeviation()
) elif deviation > 180: gLogger.error( "Your host clock seems to be off by more than THREE minutes! Thats bad." ) elif deviation > 60: gLogger.error( "Your host clock seems to be off by more than a minute! Thats not good." ) result = getProxyInfo(params.proxyLoc, not params.vomsEnabled) if not result['OK']: gLogger.error(result['Message']) sys.exit(1) infoDict = result['Value'] gLogger.notice(formatProxyInfoAsString(infoDict)) if not infoDict['isProxy']: gLogger.error( '==============================\n!!! The proxy is not valid !!!') if params.steps: gLogger.notice("== Steps extended info ==") chain = infoDict['chain'] stepInfo = getProxyStepsInfo(chain)['Value'] gLogger.notice(formatProxyStepsInfoAsString(stepInfo)) def invalidProxy(msg): gLogger.error("Invalid proxy:", msg) sys.exit(1)