fix: added possibility to specify a TokenOwner

fstagni · Feb 25, 2025 · ad33a74 · ad33a74
1 parent ed7e67a
commit ad33a74
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 35 deletions.
diff --git a/src/DIRAC/Core/scripts/dirac_install_db.py b/src/DIRAC/Core/scripts/dirac_install_db.py
@@ -33,7 +33,6 @@ def main():
             DIRACExit(1)
 
         if db != "InstalledComponentsDB":
-
             # get the user that installed the DB
             if useServerCertificate():
                 user = "DIRAC"

diff --git a/src/DIRAC/DataManagementSystem/scripts/dirac_admin_allow_se.py b/src/DIRAC/DataManagementSystem/scripts/dirac_admin_allow_se.py
@@ -17,6 +17,7 @@ def main():
     remove = False
     site = ""
     mute = False
+    userName = ""
 
     Script.registerSwitch("r", "AllowRead", "     Allow only reading from the storage element")
     Script.registerSwitch("w", "AllowWrite", "     Allow only writing to the storage element")
@@ -25,6 +26,7 @@ def main():
     Script.registerSwitch("a", "All", "    Allow all access to the storage element")
     Script.registerSwitch("m", "Mute", "     Do not send email")
     Script.registerSwitch("S:", "Site=", "     Allow all SEs associated to site")
+    Script.registerSwitch("t:", "tokenOwner=", "     Optional Name of the token owner")
     # Registering arguments will automatically add their description to the help menu
     Script.registerArgument(["seGroupList: list of SEs or comma-separated SEs"])
 
@@ -48,6 +50,8 @@ def main():
             mute = True
         if switch[0].lower() in ("s", "site"):
             site = switch[1]
+        if switch[0] in ("t", "tokenOwner"):
+            userName = switch[1]
 
     # imports
     from DIRAC import gLogger
@@ -69,15 +73,16 @@ def main():
     ses = resolveSEGroup(ses)
     diracAdmin = DiracAdmin()
 
-    res = getProxyInfo()
-    if not res["OK"]:
-        gLogger.error("Failed to get proxy information", res["Message"])
-        DIRAC.exit(2)
-
-    userName = res["Value"].get("username")
     if not userName:
-        gLogger.error("Failed to get username for proxy")
-        DIRAC.exit(2)
+        res = getProxyInfo()
+        if not res["OK"]:
+            gLogger.error("Failed to get proxy information", res["Message"])
+            DIRAC.exit(2)
+
+        userName = res["Value"].get("username")
+        if not userName:
+            gLogger.error("Failed to get username for proxy")
+            DIRAC.exit(2)
 
     if site:
         res = getSites()

diff --git a/src/DIRAC/DataManagementSystem/scripts/dirac_admin_ban_se.py b/src/DIRAC/DataManagementSystem/scripts/dirac_admin_ban_se.py
@@ -18,6 +18,7 @@ def main():
     remove = True
     sites = []
     mute = False
+    userName = ""
 
     Script.registerSwitch("r", "BanRead", "     Ban only reading from the storage element")
     Script.registerSwitch("w", "BanWrite", "     Ban writing to the storage element")
@@ -28,6 +29,7 @@ def main():
     Script.registerSwitch(
         "S:", "Site=", "     Ban all SEs associate to site (note that if writing is allowed, check is always allowed)"
     )
+    Script.registerSwitch("t:", "tokenOwner=", "     Optional Name of the token owner")
     # Registering arguments will automatically add their description to the help menu
     Script.registerArgument(["seGroupList: list of SEs or comma-separated SEs"])
 
@@ -56,6 +58,8 @@ def main():
             mute = True
         if switch[0].lower() in ("s", "site"):
             sites = switch[1].split(",")
+        if switch[0] in ("t", "tokenOwner"):
+            userName = switch[1]
 
     # from DIRAC.ConfigurationSystem.Client.CSAPI           import CSAPI
     from DIRAC import gLogger
@@ -68,15 +72,16 @@ def main():
     ses = resolveSEGroup(ses)
     diracAdmin = DiracAdmin()
 
-    res = getProxyInfo()
-    if not res["OK"]:
-        gLogger.error("Failed to get proxy information", res["Message"])
-        DIRAC.exit(2)
-
-    userName = res["Value"].get("username")
     if not userName:
-        gLogger.error("Failed to get username for proxy")
-        DIRAC.exit(2)
+        res = getProxyInfo()
+        if not res["OK"]:
+            gLogger.error("Failed to get proxy information", res["Message"])
+            DIRAC.exit(2)
+
+        userName = res["Value"].get("username")
+        if not userName:
+            gLogger.error("Failed to get username for proxy")
+            DIRAC.exit(2)
 
     for site in sites:
         res = DMSHelpers().getSEsForSite(site)

diff --git a/src/DIRAC/ResourceStatusSystem/scripts/dirac_rss_set_status.py b/src/DIRAC/ResourceStatusSystem/scripts/dirac_rss_set_status.py
@@ -6,9 +6,8 @@
 """
 from datetime import datetime, timedelta
 
-from DIRAC import S_OK
+from DIRAC import S_OK, gLogger
 from DIRAC import exit as DIRACExit
-from DIRAC import gLogger
 from DIRAC.ConfigurationSystem.Client.Helpers.Operations import Operations
 from DIRAC.Core.Base.Script import Script
 from DIRAC.Core.Security.ProxyInfo import getProxyInfo
@@ -29,6 +28,7 @@ def registerSwitches():
         ("status=", "Status to be changed"),
         ("reason=", "Reason to set the Status"),
         ("VO=", "VO to change a status for. When omitted, status will be changed for all VOs"),
+        ("tokenOwner=", "Owner of the token"),
     )
 
     for switch in switches:
@@ -136,6 +136,9 @@ def unpack(switchDict):
         switchDictClone["statusType"] = None
         switchDictSet.append(switchDictClone)
 
+    for sd in switchDictSet:
+        sd.update({"tokenOwner": switchDict.get("tokenOwner")})
+
     return switchDictSet
 
 
@@ -215,14 +218,16 @@ def run(switchDict):
     Main function of the script
     """
 
-    tokenOwner = getTokenOwner()
-    if not tokenOwner["OK"]:
-        gLogger.error(tokenOwner["Message"])
-        DIRACExit(1)
-    tokenOwner = tokenOwner["Value"]
+    tokenOwner = switchDict.get("tokenOwner")
+    if tokenOwner is None:
+        tokenOwner = getTokenOwner()
+        if not tokenOwner["OK"]:
+            gLogger.error(tokenOwner["Message"])
+            DIRACExit(1)
+        tokenOwner = tokenOwner["Value"]
 
     gLogger.notice(f"TokenOwner is {tokenOwner}")
-
+    print(switchDict)
     result = setStatus(switchDict, tokenOwner)
     if not result["OK"]:
         gLogger.error(result["Message"])
@@ -236,7 +241,9 @@ def main():
     # Script initialization
     registerSwitches()
     switchDict = parseSwitches()
+    print(switchDict)
     switchDictSets = unpack(switchDict)
+    print(switchDictSets)
 
     # Run script
     for switchDict in switchDictSets:

diff --git a/tests/Jenkins/dirac_ci.sh b/tests/Jenkins/dirac_ci.sh
@@ -383,18 +383,18 @@ fullInstallDIRAC() {
 
   # populate RSS
   echo "==> Populating RSS DB"
-  dirac-rss-sync --element Site --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True 
-  dirac-rss-sync --element Resource --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True 
+  dirac-rss-sync --element Site --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True
+  dirac-rss-sync --element Resource --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True
   # init RSS
   echo "==> Initializing status of sites and resources in RSS"
-  dirac-rss-sync --init --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True 
+  dirac-rss-sync --init --defaultStatus Banned -o LogLevel=VERBOSE -o /DIRAC/Security/UseServerCertificate=True
   # Setting by hand
-  dirac-rss-set-status --element Resource --name ProductionSandboxSE --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True 
-  dirac-rss-set-status --element Resource --name jenkins.cern.ch --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True 
-  dirac-rss-set-status --element Resource --name JENKINS-FTS3 --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True 
-  dirac-rss-set-status --element Resource --name FileCatalog --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True 
-  dirac-rss-set-status --element Site --name DIRAC.Jenkins.ch --status Active --reason "Why not?" -o /DIRAC/Security/UseServerCertificate=True 
-  dirac-admin-allow-se SE-1 SE-2 S3-DIRECT S3-INDIRECT --All -o /DIRAC/Security/UseServerCertificate=True 
+  dirac-rss-set-status --element Resource --name ProductionSandboxSE --status Active --reason "Why not?" --tokenOwner DIRAC -o /DIRAC/Security/UseServerCertificate=True
+  dirac-rss-set-status --element Resource --name jenkins.cern.ch --status Active --reason "Why not?" --tokenOwner DIRAC -o /DIRAC/Security/UseServerCertificate=True
+  dirac-rss-set-status --element Resource --name JENKINS-FTS3 --status Active --reason "Why not?" --tokenOwner DIRAC -o /DIRAC/Security/UseServerCertificate=True
+  dirac-rss-set-status --element Resource --name FileCatalog --status Active --reason "Why not?" --tokenOwner DIRAC -o /DIRAC/Security/UseServerCertificate=True
+  dirac-rss-set-status --element Site --name DIRAC.Jenkins.ch --status Active --reason "Why not?" --tokenOwner DIRAC -o /DIRAC/Security/UseServerCertificate=True
+  dirac-admin-allow-se SE-1 SE-2 S3-DIRECT S3-INDIRECT --All --tokenOwner DIRAC -o /DIRAC/Security/UseServerCertificate=True
 
   #agents
   findAgents

diff --git a/tests/Jenkins/utilities.sh b/tests/Jenkins/utilities.sh
@@ -702,7 +702,7 @@ diracOptimizers(){
   local executors=$(cat executors | grep WorkloadManagementSystem | cut -d ' ' -f 2 | grep -v Base)
   for executor in $executors
   do
-    echo "==> calling dirac-install-component WorkloadManagement/$executor"
+    echo "==> calling dirac-install-component WorkloadManagement/$executor  -o /DIRAC/Security/UseServerCertificate=True"
     if ! dirac-install-component "WorkloadManagement/$executor" -o /DIRAC/Security/UseServerCertificate=True "${DEBUG}"; then
       echo 'ERROR: dirac-install-component failed' >&2
       exit 1