Skip to content

Commit

Permalink
feat: removed Proxies persistency flag
Browse files Browse the repository at this point in the history
  • Loading branch information
fstagni committed Jan 22, 2024
1 parent 4a2bbd5 commit af66bbc
Show file tree
Hide file tree
Showing 11 changed files with 48 additions and 235 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -164,11 +164,11 @@ Getting the proxy information

$ dirac-proxy-get-uploaded-info
Checking for DNs /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar
--------------------------------------------------------------------------------------------------------
| UserDN | UserGroup | ExpirationTime | PersistentFlag |
--------------------------------------------------------------------------------------------------------
| /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar | dirac_user | 2011-06-29 12:04:25 | True |
--------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------
| UserDN | UserGroup | ExpirationTime |
---------------------------------------------------------------------------------------
| /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar | dirac_user | 2011-06-29 12:04:25 |
---------------------------------------------------------------------------------------

- The same can be checked in the Web Portal at the following location::

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,6 @@ Columns

Date until user certificate is valid.

**Persistent**

Show if a proxy is persistent (value=true) or not (value=false).

You can choose to display the proxies by group or grouping by field choosing them in the menu, activated by pressing on a menu button.

Expand Down
51 changes: 0 additions & 51 deletions src/DIRAC/FrameworkSystem/Client/ProxyManagerClient.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,57 +113,6 @@ def userHasProxy(self, userDN, userGroup, validSeconds=0):

return S_OK(False)

@gUsersSync
def getUserPersistence(self, userDN, userGroup, validSeconds=0):
"""Check if a user(DN-group) has a proxy in the proxy management
Updates internal cache if needed to minimize queries to the service
:param str userDN: user DN
:param str userGroup: user group
:param int validSeconds: proxy valid time in a seconds
:return: S_OK()/S_ERROR()
"""
cacheKey = (userDN, userGroup)
userData = self.__usersCache.get(cacheKey, validSeconds)
if userData:
if userData["persistent"]:
return S_OK(True)
# Get list of users from the DB with proxys at least 300 seconds
gLogger.verbose("Updating list of users in proxy management")
retVal = self.__refreshUserCache(validSeconds)
if not retVal["OK"]:
return retVal
userData = self.__usersCache.get(cacheKey, validSeconds)
if userData:
return S_OK(userData["persistent"])
return S_OK(False)

def setPersistency(self, userDN, userGroup, persistent):
"""Set the persistency for user/group
:param str userDN: user DN
:param str userGroup: user group
:param boolean persistent: presistent flag
:return: S_OK()/S_ERROR()
"""
# Hack to ensure bool in the rpc call
persistentFlag = True
if not persistent:
persistentFlag = False
rpcClient = Client(url="Framework/ProxyManager", timeout=120)
retVal = rpcClient.setPersistency(userDN, userGroup, persistentFlag)
if not retVal["OK"]:
return retVal
# Update internal persistency cache
cacheKey = (userDN, userGroup)
record = self.__usersCache.get(cacheKey, 0)
if record:
record["persistent"] = persistentFlag
self.__usersCache.add(cacheKey, self.__getSecondsLeftToExpiration(record["expirationtime"]), record)
return retVal

def uploadProxy(self, proxy=None, restrictLifeTime: int = 0, rfcIfPossible=None):
"""Upload a proxy to the proxy management service using delegation
Expand Down
2 changes: 0 additions & 2 deletions src/DIRAC/FrameworkSystem/ConfigTemplate.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ Services
getVOMSProxyWithToken += LimitedDelegation
getVOMSProxyWithToken += PrivateLimitedDelegation
getLogContents = ProxyManagement
setPersistency = ProxyManagement
}
}
##END
Expand Down Expand Up @@ -94,7 +93,6 @@ Services
getVOMSProxyWithToken += LimitedDelegation
getVOMSProxyWithToken += PrivateLimitedDelegation
getLogContents = ProxyManagement
setPersistency = ProxyManagement
}
}
##END
Expand Down
90 changes: 8 additions & 82 deletions src/DIRAC/FrameworkSystem/DB/ProxyDB.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
* ProxyDB_Requests -- a delegation requests storage table for a given proxy Chain
* ProxyDB_CleanProxies -- table for storing proxies in "clean" form, ie without
the presence of DIRAC and VOMS extensions.
* ProxyDB_Proxies -- obsolete table for storing proxies with already added DIRAC
group extension, it is present only for backward compatibility and is used only
if ProxyDB_CleanProxies does not have the required proxy.
* ProxyDB_VOMSProxies -- proxy storage table with VOMS extension already added.
Expand Down Expand Up @@ -84,19 +83,6 @@ def __initializeDB(self):
},
"PrimaryKey": ["UserDN", "ProxyProvider"],
}
# WARN: Now proxies upload only in ProxyDB_CleanProxies, so this table will not be needed in some future
if "ProxyDB_Proxies" not in tablesInDB:
tablesD["ProxyDB_Proxies"] = {
"Fields": {
"UserName": "VARCHAR(64) NOT NULL",
"UserDN": "VARCHAR(255) NOT NULL",
"UserGroup": "VARCHAR(255) NOT NULL",
"Pem": "BLOB",
"ExpirationTime": "DATETIME",
"PersistentFlag": 'ENUM ("True","False") NOT NULL DEFAULT "True"',
},
"PrimaryKey": ["UserDN", "UserGroup"],
}

if "ProxyDB_VOMSProxies" not in tablesInDB:
tablesD["ProxyDB_VOMSProxies"] = {
Expand Down Expand Up @@ -392,7 +378,7 @@ def purgeExpiredProxies(self, sendNotifications=True):
:return: S_OK(int)/S_ERROR() -- int is number of purged expired proxies
"""
purged = 0
for tableName in ("ProxyDB_CleanProxies", "ProxyDB_Proxies", "ProxyDB_VOMSProxies"):
for tableName in ("ProxyDB_CleanProxies", "ProxyDB_VOMSProxies"):
cmd = f"DELETE FROM `{tableName}` WHERE ExpirationTime < UTC_TIMESTAMP()"
result = self._update(cmd)
if not result["OK"]:
Expand Down Expand Up @@ -431,11 +417,10 @@ def deleteProxy(self, userDN, userGroup=None, proxyProvider=None):
)
if not result["OK"]:
errMsgs.append(result["Message"])
for table in ["ProxyDB_Proxies", "ProxyDB_VOMSProxies"]:
result = self._update(f"{req % table} {userGroup and f'AND UserGroup={userGroup}' or ''}")
if not result["OK"]:
if result["Message"] not in errMsgs:
errMsgs.append(result["Message"])
result = self._update(f"{req} {userGroup and f'AND UserGroup={userGroup}' or ''}")
if not result["OK"]:
if result["Message"] not in errMsgs:
errMsgs.append(result["Message"])
if errMsgs:
return S_ERROR(", ".join(errMsgs))
return result
Expand Down Expand Up @@ -484,8 +469,6 @@ def __getPemAndTimeLeft(self, userDN, userGroup=None, vomsAttr=None, proxyProvid
return S_ERROR("Invalid DN or Group")
if proxyProvider:
sTable = "`ProxyDB_CleanProxies`"
elif not vomsAttr:
sTable = "`ProxyDB_Proxies`"
else:
sTable = "`ProxyDB_VOMSProxies`"
cmd = f"SELECT Pem, TIMESTAMPDIFF( SECOND, UTC_TIMESTAMP(), ExpirationTime ) from {sTable} "
Expand Down Expand Up @@ -682,7 +665,7 @@ def getProxy(self, userDN, userGroup, requiredLifeTime=None):
return S_OK((chain, timeLeft))

# Standard proxy is requested
self.log.verbose("Try to get proxy from ProxyDB_Proxies")
self.log.verbose("Try to get proxy from ProxyDB_CleanProxies")
retVal = self.__getPemAndTimeLeft(userDN, userGroup)
errMsg = "Can't get proxy%s: " % (requiredLifeTime and " for %s seconds" % requiredLifeTime or "")
if not retVal["OK"]:
Expand Down Expand Up @@ -858,7 +841,7 @@ def getUsers(self, validSecondsLeft=0, userMask=None):
:param str userMask: user name that need to add to search filter
:return: S_OK(list)/S_ERROR() -- list contain dicts with user name, DN, group
expiration time, persistent flag
expiration time
"""
data = []
sqlCond = []
Expand All @@ -878,7 +861,6 @@ def getUsers(self, validSecondsLeft=0, userMask=None):

for table, fields in [
("ProxyDB_CleanProxies", ("UserName", "UserDN", "ExpirationTime")),
("ProxyDB_Proxies", ("UserName", "UserDN", "UserGroup", "ExpirationTime", "PersistentFlag")),
]:
cmd = f"SELECT {', '.join(fields)} FROM `{table}`"
if sqlCond:
Expand All @@ -897,65 +879,10 @@ def getUsers(self, validSecondsLeft=0, userMask=None):
"DN": record[1],
"group": record[2],
"expirationtime": record[3],
"persistent": record[4] == "True",
}
)
return S_OK(data)

def setPersistencyFlag(self, userDN, userGroup, persistent=True):
"""Set the proxy PersistentFlag to the flag value
:param str userDN: user DN
:param str userGroup: group name
:param boolean persistent: enable persistent flag
:return: S_OK()/S_ERROR()
"""

try:
sUserDN = self._escapeString(userDN)["Value"]
sUserGroup = self._escapeString(userGroup)["Value"]
except KeyError:
return S_ERROR("Can't escape something")
if persistent:
sqlFlag = "True"
else:
sqlFlag = "False"
retVal = self._query(
f"SELECT PersistentFlag FROM `ProxyDB_Proxies` WHERE UserDN={sUserDN} AND UserGroup={sUserGroup}"
)
sqlInsert = True
if retVal["OK"]:
data = retVal["Value"]
if len(data) > 0:
sqlInsert = False
if data[0][0] == sqlFlag:
return S_OK()
if sqlInsert:
# If it's not in the db and we're removing the persistency then do nothing
if not persistent:
return S_OK()
result = Registry.getUsernameForDN(userDN)
if not result["OK"]:
self.log.error("setPersistencyFlag: Can not retrieve username for DN", userDN)
return result
try:
sUserName = self._escapeString(result["Value"])["Value"]
except KeyError:
return S_ERROR("Can't escape user name")
cmd = "INSERT INTO `ProxyDB_Proxies` ( UserName, UserDN, UserGroup, Pem, ExpirationTime, PersistentFlag ) "
cmd += f" VALUES( {sUserName}, {sUserDN}, {sUserGroup}, '', UTC_TIMESTAMP(), 'True' )"
else:
cmd = "UPDATE `ProxyDB_Proxies` SET PersistentFlag='{}' WHERE UserDN={} AND UserGroup={}".format(
sqlFlag,
sUserDN,
sUserGroup,
)
retVal = self._update(cmd)
if not retVal["OK"]:
return retVal
return S_OK()

def getProxiesContent(self, selDict, sortList, start=0, limit=0):
"""Get the contents of the db, parameters are a filter to the db
Expand All @@ -970,7 +897,6 @@ def getProxiesContent(self, selDict, sortList, start=0, limit=0):
sqlWhere = ["Pem is not NULL"]
for table, fields in [
("ProxyDB_CleanProxies", ("UserName", "UserDN", "ExpirationTime")),
("ProxyDB_Proxies", ("UserName", "UserDN", "UserGroup", "ExpirationTime", "PersistentFlag")),
]:
cmd = f"SELECT {', '.join(fields)} FROM `{table}`"
for field in selDict:
Expand All @@ -993,7 +919,7 @@ def getProxiesContent(self, selDict, sortList, start=0, limit=0):
elif len(sort) > 2:
return S_ERROR(f"Invalid sort {sort}")
if sort[0] not in fields:
if table == "ProxyDB_CleanProxies" and sort[0] in ["UserGroup", "PersistentFlag"]:
if table == "ProxyDB_CleanProxies" and sort[0] == "UserGroup":
continue
return S_ERROR(f"Invalid sorting field {sort[0]}")
if sort[1].upper() not in ("ASC", "DESC"):
Expand Down
28 changes: 4 additions & 24 deletions src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
:dedent: 2
:caption: ProxyManager options
"""
from DIRAC import gLogger, S_OK, S_ERROR
from DIRAC.Core.Utilities.ReturnValues import convertToReturnValue
from DIRAC import S_ERROR, S_OK, gLogger
from DIRAC.ConfigurationSystem.Client.Helpers import Registry
from DIRAC.Core.DISET.RequestHandler import RequestHandler, getServiceOption
from DIRAC.Core.Security import Properties
from DIRAC.Core.Utilities.ObjectLoader import ObjectLoader
from DIRAC.ConfigurationSystem.Client.Helpers import Registry
from DIRAC.Core.Utilities.ReturnValues import convertToReturnValue
from DIRAC.FrameworkSystem.Utilities.diracx import get_token

DEFAULT_MAIL_FROM = "[email protected]"
Expand Down Expand Up @@ -119,7 +119,7 @@ def export_getRegisteredUsers(self, validSecondsRequired=0):
:param int validSecondsRequired: required seconds the proxy is valid for
:return: S_OK(list)/S_ERROR() -- list contain dicts with user name, DN, group
expiration time, persistent flag
expiration time
"""
credDict = self.getRemoteCredentials()
if Properties.PROXY_MANAGEMENT not in credDict["properties"]:
Expand Down Expand Up @@ -241,26 +241,6 @@ def __getVOMSProxy(self, userDN, userGroup, requestPem, requiredLifetime, vomsAt
requiredLifetime = int(min(secsLeft, requiredLifetime * self.__maxExtraLifeFactor))
return chain.generateChainFromRequestString(requestPem, lifetime=requiredLifetime, requireLimited=forceLimited)

types_setPersistency = [str, str, bool]

def export_setPersistency(self, userDN, userGroup, persistentFlag):
"""Set the persistency for a given dn/group
:param str userDN: user DN
:param str userGroup: DIRAC group
:param boolean persistentFlag: if proxy persistent
:return: S_OK()/S_ERROR()
"""
retVal = self.__proxyDB.setPersistencyFlag(userDN, userGroup, persistentFlag)
if not retVal["OK"]:
return retVal
credDict = self.getRemoteCredentials()
self.__proxyDB.logAction(
f"set persistency to {bool(persistentFlag)}", credDict["DN"], credDict["group"], userDN, userGroup
)
return S_OK()

types_deleteProxyBundle = [(list, tuple)]

def export_deleteProxyBundle(self, idList):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,20 @@
DN : /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar
group : dirac_admin
not after : 2011-06-29 12:04:25
persistent : False
-
DN : /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar
group : dirac_pilot
not after : 2011-06-29 12:04:27
persistent : False
-
DN : /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar
group : dirac_user
not after : 2011-06-29 12:04:30
persistent : True
"""
import datetime

import DIRAC
from DIRAC.Core.Utilities import TimeUtilities
from DIRAC.Core.Base.Script import Script
from DIRAC.Core.Utilities import TimeUtilities
from DIRAC.FrameworkSystem.Client.ProxyManagerClient import gProxyManager


Expand Down Expand Up @@ -65,10 +62,10 @@ def main():
dt = expirationDate - now
secsLeft = dt.days * 86400 + dt.seconds
if secsLeft > params.proxyLifeTime:
userName, userDN, userGroup, _, persistent = record
userName, userDN, userGroup, _ = record
if userName not in dataDict:
dataDict[userName] = []
dataDict[userName].append((userDN, userGroup, expirationDate, persistent))
dataDict[userName].append((userDN, userGroup, expirationDate))

for userName in dataDict:
print(f"* {userName}")
Expand All @@ -77,7 +74,6 @@ def main():
print(f" DN : {data[0]}")
print(f" group : {data[1]}")
print(f" not after : {TimeUtilities.toString(data[2])}")
print(f" persistent : {data[3]}")
if iP < len(dataDict[userName]) - 1:
print(" -")

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@
Example:
$ dirac-proxy-get-uploaded-info
Checking for DNs /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar
--------------------------------------------------------------------------------------------------------
| UserDN | UserGroup | ExpirationTime | PersistentFlag |
--------------------------------------------------------------------------------------------------------
| /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar | dirac_user | 2011-06-29 12:04:25 | True |
--------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------
| UserDN | UserGroup | ExpirationTime |
---------------------------------------------------------------------------------------
| /O=GRID-FR/C=FR/O=CNRS/OU=CPPM/CN=Vanessa Hamar | dirac_user | 2011-06-29 12:04:25 |
---------------------------------------------------------------------------------------
"""
import sys

Expand Down
Loading

0 comments on commit af66bbc

Please sign in to comment.