From 22e700408495a5f7180d75c3dbcdb8f7a7ffbb55 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 15:50:14 +0200 Subject: [PATCH 01/17] Blind conversion from python2 to python3 --- .../scripts/configure/voms_configure.py | 1140 +++++++++++------ .../scripts/configure/voms_db_util.py | 115 +- .../scripts/configure/voms_mysql_util.py | 328 ++--- .../scripts/configure/voms_shared.py | 95 +- 4 files changed, 1013 insertions(+), 665 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index 7ae10355..9ce00d1c 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python3 # # Copyright (c) Members of the EGEE Collaboration. 2006-2009. # See http://www.eu-egee.org/partners/ for details on the copyright holders. @@ -18,15 +18,8 @@ # Authors: # Andrea Ceccanti (INFN) -from optparse import OptionParser, OptionGroup -from voms_shared import voms_version, admin_conf_dir, VOMSDefaults,\ - admin_db_properties_path, admin_service_endpoint_path, vomses_path, lsc_path,\ - aup_path, admin_logging_conf_path, X509Helper, core_conf_dir, voms_conf_path, voms_pass_path,\ - voms_log_path, voms_lib_dir, voms_deploy_database_cmd,\ - voms_ro_auth_clients_cmd, voms_add_admin_cmd, mysql_util_cmd,\ - admin_service_properties_path, voms_undeploy_database_cmd, voms_upgrade_database_cmd - -from sys import exit, stdout, stderr +import argparse +import sys import socket import logging import re @@ -38,6 +31,13 @@ import string import random +from voms_shared import voms_version, admin_conf_dir, VOMSDefaults, \ + admin_db_properties_path, admin_service_endpoint_path, vomses_path, lsc_path, \ + aup_path, admin_logging_conf_path, X509Helper, core_conf_dir, voms_conf_path, voms_pass_path, \ + voms_log_path, voms_lib_dir, voms_deploy_database_cmd, \ + voms_ro_auth_clients_cmd, voms_add_admin_cmd, mysql_util_cmd, \ + admin_service_properties_path, voms_undeploy_database_cmd, voms_upgrade_database_cmd + MYSQL = "mysql" ORACLE = "oracle" @@ -51,7 +51,9 @@ """ logger = None -parser = OptionParser(usage, version="%prog v. " + voms_version()) +parser = argparse.ArgumentParser(usage=usage) +parser.add_argument("--version", "-v", action="version", + version="%prog v. " + voms_version()) commands = ["install", "upgrade", "remove"] HOST_CERT = "/etc/grid-security/hostcert.pem" @@ -67,13 +69,13 @@ def execute_cmd(cmd, error_msg=None): if status != 0: if not error_msg: - error_and_exit("Error executing %s" % cmd) + error_and_exit(f"Error executing {cmd}") else: error_and_exit(error_msg) def backup_dir_contents(d): - logger.debug("Backing up contents for directory: %s", d) + logger.debug("Backing up contents for directory: %d", d) backup_filez = glob.glob(os.path.join(d, "*_backup_*")) # Remove backup filez @@ -86,7 +88,7 @@ def backup_dir_contents(d): backup_date = time.strftime("%d-%m-%Y_%H-%M-%S", time.gmtime()) for f in filez: - os.rename(f, f+"_backup_"+backup_date) + os.rename(f, f"{f}_backup_{backup_date}") def check_args_and_options(options, args): @@ -97,339 +99,652 @@ def check_args_and_options(options, args): def setup_cl_options(): # Base options - parser.add_option("--vo", dest="vo", - help="the VO being configured", metavar="VO") - parser.add_option("--config-owner", dest="config_owner", - help="the USER that will own configuration files", metavar="USER", default="voms") - parser.add_option("--verbose", dest="verbose", - action="store_true", help="Be verbose.", default=False) - parser.add_option("--dry-run", dest="dry_run", action="store_true", - help="Dry run execution. No files are touched.", default=False) - - parser.add_option("--hostname", dest="hostname", help="the VOMS services HOSTNAME", - metavar="HOSTNAME", default=socket.gethostname()) - - # Certificate and trust anchors (used for both voms and voms-admin services) - parser.add_option("--cert", dest="cert", help="the certificate CERT used to run the VOMS services", - metavar="CERT", default="/etc/grid-security/hostcert.pem") - parser.add_option("--key", dest="key", help="the private key used to run the VOMS services", - metavar="KEY", default="/etc/grid-security/hostkey.pem") - parser.add_option("--trust-dir", dest="trust_dir", help="The directory where CA certificates are stored", - metavar="DIR", default="/etc/grid-security/certificates") - parser.add_option("--trust-refresh-period", type="int", dest="trust_refresh_period", - help="How ofter CAs are refreshed from the filesystem (in seconds).", metavar="SECS", default=3600) - - parser.add_option("--skip-voms-core", dest="skip_voms_core", - action="store_true", help="Skips VOMS core configuration", default=False) - parser.add_option("--skip-voms-admin", dest="skip_voms_admin", - action="store_true", help="Skips VOMS admin configuration", default=False) - parser.add_option("--skip-database", dest="skip_database", - action="store_true", help="Skips database operations", default=False) - parser.add_option("--deploy-database", dest="deploy_database", action="store_true", - help="Deploys the database for the VO being configured, if not present", default=True) - parser.add_option("--undeploy-database", dest="undeploy_database", action="store_true", - help="Undeploys the database for the VO being removed", default=False) + parser.add_argument( + "--vo", + dest="vo", + help="the VO being configured", + metavar="VO" + ) + parser.add_argument( + "--config-owner", + dest="config_owner", + help="the USER that will own configuration files", + metavar="USER", + default="voms" + ) + parser.add_argument( + "--verbose", + dest="verbose", + action="store_true", + help="Be verbose.", + default=False + ) + parser.add_argument( + "--dry-run", + dest="dry_run", + action="store_true", + help="Dry run execution. No files are touched.", + default=False + ) + parser.add_argument( + "--hostname", dest="hostname", + help="the VOMS services HOSTNAME", + metavar="HOSTNAME", default=socket.gethostname()) + + # Certificate and trust anchors (used for both voms and voms-admin + # services) + parser.add_argument( + "--cert", + dest="cert", + help="the certificate CERT used to run the VOMS services", + metavar="CERT", + default="/etc/grid-security/hostcert.pem" + ) + parser.add_argument( + "--key", + dest="key", + help="the private key used to run the VOMS services", + metavar="KEY", + default="/etc/grid-security/hostkey.pem" + ) + parser.add_argument( + "--trust-dir", + dest="trust_dir", + help="The directory where CA certificates are stored", + metavar="DIR", + default="/etc/grid-security/certificates" + ) + parser.add_argument( + "--trust-refresh-period", + type="int", + dest="trust_refresh_period", + help="How ofter CAs are refreshed from the filesystem (in seconds).", metavar="SECS", + default=3600 + ) + parser.add_argument( + "--skip-voms-core", + dest="skip_voms_core", + action="store_true", + help="Skips VOMS core configuration", default=False + ) + + parser.add_argument( + "--skip-voms-admin", + dest="skip_voms_admin", + action="store_true", + help="Skips VOMS admin configuration", + default=False + ) + parser.add_argument( + "--skip-database", + dest="skip_database", + action="store_true", + help="Skips database operations", + default=False + ) + parser.add_argument( + "--deploy-database", + dest="deploy_database", + action="store_true", + help="Deploys the database for the VO being configured, if not present", + default=True + ) + parser.add_argument( + "--undeploy-database", + dest="undeploy_database", + action="store_true", + help="Undeploys the database for the VO being removed", + default=False + ) # Other base options - parser.add_option("--openssl", dest="openssl", - help="the PATH to the openssl command", metavar="PATH", default="openssl") + parser.add_argument( + "--openssl", + dest="openssl", + help="the PATH to the openssl command", + metavar="PATH", default="openssl" + ) # Admin service options - admin_opt_group = OptionGroup( - parser, "VOMS admin options", "These options drive the basic configuration of the VOMS admin service.") - admin_opt_group.add_option("--admin-port", dest="admin_port", type="int", - help="the PORT on which the admin service will bind", metavar="PORT", default=8443) - admin_opt_group.add_option("--admin-cert", dest="admin_cert", - help="Grants CERT full administrator privileges in the VO", metavar="CERT") - admin_opt_group.add_option("--read-only", dest="read_only", action="store_true", - help="Sets the VOMS admin service as read-only", default=False) - admin_opt_group.add_option("--disable-ro-access-for-authenticated-clients", - dest="read_only_auth_clients", - action="store_false", - help="Sets the configured VO as non-browsable by authenticated clients", - default="True") - - admin_opt_group.add_option("--admin-skip-ca-check", - dest="admin_skip_ca_check", - action="store_true", - help="Skips the check on the certificate issuer when authenticating VOMS Admin clients", - default=False) - - admin_opt_group.add_option("--disable-permission-cache", - dest="permission_cache_disable", - action="store_true", - help="Disables permission cache for the configured VO", - default="False") - - parser.add_option_group(admin_opt_group) + admin_opt_group = parser.add_argument_group( + title="VOMS admin options", + description="These options drive the basic configuration of the VOMS admin service." + ) + admin_opt_group.add_argument( + "--admin-port", + dest="admin_port", + type="int", + help="the PORT on which the admin service will bind", + metavar="PORT", + default=8443 + ) + admin_opt_group.add_argument( + "--admin-cert", + dest="admin_cert", + help="Grants CERT full administrator privileges in the VO", metavar="CERT" + ) + admin_opt_group.add_argument( + "--read-only", + dest="read_only", + action="store_true", + help="Sets the VOMS admin service as read-only", + default=False + ) + admin_opt_group.add_argument( + "--disable-ro-access-for-authenticated-clients", + dest="read_only_auth_clients", + action="store_false", + help="Sets the configured VO as non-browsable by authenticated clients", + default="True" + ) + admin_opt_group.add_argument( + "--admin-skip-ca-check", + dest="admin_skip_ca_check", + action="store_true", + help="Skips the check on the certificate issuer when authenticating VOMS Admin clients", + default=False) + + admin_opt_group.add_argument("--disable-permission-cache", + dest="permission_cache_disable", + action="store_true", + help="Disables permission cache for the configured VO", + default="False") + + parser.add_argument_group(admin_opt_group) # DB options - db_opt_group = OptionGroup( - parser, "Database configuration options", "These options configure VOMS database access") - db_opt_group.add_option("--dbtype", dest="dbtype", - help="The database TYPE (mysql or oracle)", metavar="TYPE", default=MYSQL) - db_opt_group.add_option("--dbname", dest="dbname", - help="Sets the VOMS database name to DBNAME", metavar="DBNAME") - db_opt_group.add_option("--dbusername", dest="dbusername", - help="Sets the VOMS MySQL username to be created as USER", metavar="USER") - db_opt_group.add_option("--dbpassword", dest="dbpassword", - help="Sets the VOMS MySQL password for the user to be created as PWD", metavar="PWD") - parser.add_option_group(db_opt_group) + db_opt_group = parser.add_argument_group( + title="Database configuration options", description="These options configure VOMS database access") + db_opt_group.add_argument( + "--dbtype", + dest="dbtype", + help="The database TYPE (mysql or oracle)", metavar="TYPE", + default=MYSQL + ) + db_opt_group.add_argument( + "--dbname", + dest="dbname", + help="Sets the VOMS database name to DBNAME", metavar="DBNAME" + ) + db_opt_group.add_argument( + "--dbusername", + dest="dbusername", + help="Sets the VOMS MySQL username to be created as USER", + metavar="USER" + ) + db_opt_group.add_argument( + "--dbpassword", + dest="dbpassword", + help="Sets the VOMS MySQL password for the user to be created as PWD", + metavar="PWD" + ) # Connection pool options - conn_pool_opt_group = OptionGroup(parser, "Database connection pool options", - "These options configure the voms admin service database connection pool") - conn_pool_opt_group.add_option("--c3p0-acquire-increment", - type='int', - dest="c3p0_acquire_increment", - help="Sets the number of new connections that are acquired from the database connection pool is exausted.", - metavar="NUM", - default=1) - - conn_pool_opt_group.add_option("--c3p0-idle-test-period", - type='int', - dest="c3p0_idle_test_period", - help="Check idle connections in the pool every SEC seconds.", - metavar="SEC", - default=0) - - conn_pool_opt_group.add_option("--c3p0-min-size", - type='int', - dest="c3p0_min_size", - help="Pool minimum size.", - metavar="NUM", - default=1) - - conn_pool_opt_group.add_option("--c3p0-max-size", - type='int', - dest="c3p0_max_size", - help="Pool maximum size.", - metavar="NUM", - default=100) - - conn_pool_opt_group.add_option("--c3p0-max-statements", - type='int', - dest="c3p0_max_statements", - help="The size of the connection pool prepared statements cache.", - metavar="NUM", - default=50) - - conn_pool_opt_group.add_option("--c3p0-timeout", - type='int', - dest="c3p0_timeout", - help="The time in seconds a connection in the pool can remain pooled but unused before being discarded.", - metavar="SECS", - default=60) - - parser.add_option_group(conn_pool_opt_group) + conn_pool_opt_group = parser.add_argument_group( + title="Database connection pool options", + description="These options configure the voms admin service database connection pool" + ) + conn_pool_opt_group.add_argument( + "--c3p0-acquire-increment", + type='int', + dest="c3p0_acquire_increment", + help="Sets the number of new connections that are acquired from the database connection pool is exausted.", + metavar="NUM", + default=1 + ) + conn_pool_opt_group.add_argument( + "--c3p0-idle-test-period", + type='int', + dest="c3p0_idle_test_period", + help="Check idle connections in the pool every SEC seconds.", + metavar="SEC", + default=0 + ) + + conn_pool_opt_group.add_argument( + "--c3p0-min-size", + type='int', + dest="c3p0_min_size", + help="Pool minimum size.", + metavar="NUM", + default=1 + ) + conn_pool_opt_group.add_argument( + "--c3p0-max-size", + type='int', + dest="c3p0_max_size", + help="Pool maximum size.", + metavar="NUM", + default=100 + ) + conn_pool_opt_group.add_argument( + "--c3p0-max-statements", + type='int', + dest="c3p0_max_statements", + help="The size of the connection pool prepared statements cache.", + metavar="NUM", + default=50 + ) + conn_pool_opt_group.add_argument( + "--c3p0-timeout", + type='int', + dest="c3p0_timeout", + help="The time in seconds a connection in the pool can remain pooled but unused before being discarded.", + metavar="SECS", + default=60 + ) # MySQL specifics - mysql_opt_group = OptionGroup(parser, "MySQL-specific options", - "These options are specific for MySQL database backend configuration") - mysql_opt_group.add_option("--createdb", dest="createdb", action="store_true", - help="Creates the MySQL database schema when installing a VO", default=False) - mysql_opt_group.add_option("--dropdb", dest="dropdb", action="store_true", - help="Drops the MySQL database schema when removing a VO", default=False) - - mysql_opt_group.add_option( - "--dbhost", dest="dbhost", help="Sets the HOST where the MySQL database is running", metavar="HOST", default="localhost") - mysql_opt_group.add_option("--dbport", dest="dbport", type='int', - help="Sets the PORT where the MySQL database is listening", metavar="PORT", default="3306") - mysql_opt_group.add_option("--mysql-command", dest="mysql_command", - help="Sets the MySQL command to CMD", metavar="CMD", default="mysql") - mysql_opt_group.add_option("--dburlparams", dest="dburlparams", - help="Sets the DB URL params string", metavar="PARAMS") - mysql_opt_group.add_option("--dbauser", dest="dbauser", - help="Sets MySQL administrator user to USER", metavar="USER", default="root") - mysql_opt_group.add_option( - "--dbapwd", dest="dbapwd", help="Sets MySQL administrator password to PWD", metavar="PWD") - mysql_opt_group.add_option("--dbapwdfile", dest="dbapwdfile", - help="Reads MySQL administrator password from FILE", metavar="FILE") - parser.add_option_group(mysql_opt_group) + mysql_opt_group = parser.add_argument_group( + title="MySQL-specific options", + description="These options are specific for MySQL database backend configuration" + ) + mysql_opt_group.add_argument( + "--createdb", + dest="createdb", + action="store_true", + help="Creates the MySQL database schema when installing a VO", + default=False + ) + mysql_opt_group.add_argument( + "--dropdb", + dest="dropdb", + action="store_true", + help="Drops the MySQL database schema when removing a VO", + default=False + ) + mysql_opt_group.add_argument( + "--dbhost", + dest="dbhost", + help="Sets the HOST where the MySQL database is running", metavar="HOST", + default="localhost" + ) + mysql_opt_group.add_argument( + "--dbport", + dest="dbport", + type='int', + help="Sets the PORT where the MySQL database is listening", + metavar="PORT", + efault="3306" + ) + mysql_opt_group.add_argument( + "--mysql-command", + dest="mysql_command", + help="Sets the MySQL command to CMD", metavar="CMD", + default="mysql" + ) + mysql_opt_group.add_argument( + "--dburlparams", + dest="dburlparams", + help="Sets the DB URL params string", + metavar="PARAMS" + ) + mysql_opt_group.add_argument( + "--dbauser", + dest="dbauser", + help="Sets MySQL administrator user to USER", + metavar="USER", + default="root" + ) + mysql_opt_group.add_argument( + "--dbapwd", + dest="dbapwd", + help="Sets MySQL administrator password to PWD", + metavar="PWD" + ) + mysql_opt_group.add_argument( + "--dbapwdfile", + dest="dbapwdfile", + help="Reads MySQL administrator password from FILE", + metavar="FILE" + ) # ORACLE specifics - oracle_opt_group = OptionGroup(parser, "Oracle-specific options", - "These options are specific for Oracle database backend configuration") - oracle_opt_group.add_option("--use-thin-driver", dest="use_thin_driver", action="store_true", - help="Configures the Oracle database using the pure-java native driver", default=False) - parser.add_option_group(oracle_opt_group) + oracle_opt_group = parser.add_argument_group( + title="Oracle-specific options", + description="These options are specific for Oracle database backend configuration" + ) + oracle_opt_group.add_argument( + "--use-thin-driver", + dest="use_thin_driver", + action="store_true", + help="Configures the Oracle database using the pure-java native driver", + default=False + ) # VOMS core specifics - voms_core_opt_group = OptionGroup( - parser, "VOMS core options", "These options drive the configuration of the VOMS core service.") - voms_core_opt_group.add_option("--core-port", dest="core_port", type="int", - help="the PORT on which the VOMS core service will bind", metavar="PORT") - voms_core_opt_group.add_option( - "--libdir", dest="libdir", help="the DIR where VOMS core will look for the database plugin modules.", metavar="PORT") - voms_core_opt_group.add_option( - "--logdir", dest="logdir", help="the VOMS core log directory DIR", metavar="DIR") - voms_core_opt_group.add_option( - "--sqlloc", dest="sqlloc", help="the PATH to the VOMS core database access library", metavar="PATH") - voms_core_opt_group.add_option( - "--uri", dest="uri", help="Defines a non-standard the URI of the VOMS server included in the issued attribute certificates", metavar="URI") - voms_core_opt_group.add_option("--timeout", dest="timeout", type="int", - help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400) - voms_core_opt_group.add_option("--socktimeout", dest="socktimeout", type="int", - help="Sets the amount of time in seconds after which the server will drop an inactive connection. The default is 60 seconds", metavar="SECS", default=60) - voms_core_opt_group.add_option("--shortfqans", dest="shortfqans", action="store_true", - help="Configures VOMS to use the short fqans syntax", default=False) - voms_core_opt_group.add_option("--skip-ca-check", dest="skip_ca_check", action="store_true", - help="Configures VOMS to only consider a certificate subject when checking VO user membership", default=False) - voms_core_opt_group.add_option("--max-reqs", type="int", dest="max_reqs", - help="Sets the maximum number of concurrent request that the VOMS service can handle.", default=50) - parser.add_option_group(voms_core_opt_group) + voms_core_opt_group = parser.add_argument_group( + title="VOMS core options", + description="These options drive the configuration of the VOMS core service." + ) + voms_core_opt_group.add_argument( + "--core-port", + dest="core_port", + type="int", + help="the PORT on which the VOMS core service will bind", + metavar="PORT" + ) + voms_core_opt_group.add_argument( + "--libdir", + dest="libdir", + help="the DIR where VOMS core will look for the database plugin modules.", + metavar="PORT" + ) + voms_core_opt_group.add_argument( + "--logdir", + dest="logdir", + help="the VOMS core log directory DIR", metavar="DIR" + ) + voms_core_opt_group.add_argument( + "--sqlloc", + dest="sqlloc", + help="the PATH to the VOMS core database access library", + metavar="PATH" + ) + voms_core_opt_group.add_argument( + "--uri", + dest="uri", + help="Defines a non-standard the URI of the VOMS server included in the issued attribute certificates", + metavar="URI" + ) + voms_core_opt_group.add_argument( + "--timeout", + dest="timeout", + type="int", + help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", metavar="SECS", + default=86400 + ) + voms_core_opt_group.add_argument( + "--socktimeout", + dest="socktimeout", + type="int", + help="Sets the amount of time in seconds after which the server will drop an inactive connection. The default is 60 seconds", + metavar="SECS", + default=60 + ) + voms_core_opt_group.add_argument( + "--shortfqans", + dest="shortfqans", action="store_true", + help="Configures VOMS to use the short fqans syntax", + default=False + ) + voms_core_opt_group.add_argument( + "--skip-ca-check", + dest="skip_ca_check", + action="store_true", + help="Configures VOMS to only consider a certificate subject when checking VO user membership", + default=False + ) + voms_core_opt_group.add_argument( + "--max-reqs", + type="int", + dest="max_reqs", + help="Sets the maximum number of concurrent request that the VOMS service can handle.", + default=50 + ) # Registration service specifics - registration_opt_group = OptionGroup( - parser, "Registration service options", "These options configure the VOMS Admin registration service") - registration_opt_group.add_option("--disable-registration", dest="enable_registration", - action="store_false", help="Disables registration service for the VO", default=True) - registration_opt_group.add_option( - "--aup-url", dest="aup_url", help="Sets a custom URL for the VO AUP.", metavar="URL") - registration_opt_group.add_option("--aup-signature-grace-period", - type="int", - dest="aup_signature_grace_period", - help="The time (in days) given to users to sign the AUP, after being notified, before being suspended.", - metavar="DAYS", - default="15") - - registration_opt_group.add_option("--aup-reminders", - dest="aup_reminders", - help="Comma-separated list of instants (in days) before the end of AUP grace period when reminders must be sent to users that need to sign the AUP.", - metavar="DAYS", - default="7,3,1") - - registration_opt_group.add_option("--enable-attribute-requests", dest="enable_attribute_requests", action="store_true", - help="Enable attribute request at registration time.", default=False) - - registration_opt_group.add_option("--disable-mandatory-group-manager-selection", - dest="require_group_manager_selection", - action="store_false", - help="Disable manadatory group manager selection.", - default=True) - - registration_opt_group.add_option("--group-manager-role", type="string", dest="group_manager_role", - help="Group manager role name. (default value: Group-Manager)", - default="Group-Manager") - - registration_opt_group.add_option("--membership-request-lifetime", type="int", dest="membership_request_lifetime", - help="Time (in seconds) that unconfirmed membership request are maintained in the VOMS database.", - metavar="SECS", default=604800) - - registration_opt_group.add_option("--disable-membership-expired-requests-warnings", - action="store_false", - dest="membership_request_warn_when_expired", - help="Disables email notifications when unconfirmed membership requests are removed from the voms database.", - default=True) - - parser.add_option_group(registration_opt_group) + registration_opt_group = parser.add_argument_group( + title="Registration service options", + description="These options configure the VOMS Admin registration service" + ) + registration_opt_group.add_argument( + "--disable-registration", + dest="enable_registration", + action="store_false", + help="Disables registration service for the VO", default=True + ) + registration_opt_group.add_argument( + "--aup-url", + dest="aup_url", + help="Sets a custom URL for the VO AUP.", + metavar="URL" + ) + registration_opt_group.add_argument( + "--aup-signature-grace-period", + type="int", + dest="aup_signature_grace_period", + help="The time (in days) given to users to sign the AUP, after being notified, before being suspended.", + metavar="DAYS", + default="15" + ) + registration_opt_group.add_argument( + "--aup-reminders", + dest="aup_reminders", + help="Comma-separated list of instants (in days) before the end of AUP grace period when reminders must be sent to users that need to sign the AUP.", + metavar="DAYS", + default="7,3,1" + ) + + registration_opt_group.add_argument( + "--enable-attribute-requests", dest="enable_attribute_requests", + action="store_true", + help="Enable attribute request at registration time.", + default=False + ) + registration_opt_group.add_argument( + "--disable-mandatory-group-manager-selection", + dest="require_group_manager_selection", + action="store_false", + help="Disable manadatory group manager selection.", + default=True + ) + registration_opt_group.add_argument( + "--group-manager-role", + type="string", + dest="group_manager_role", + help="Group manager role name. (default value: Group-Manager)", + default="Group-Manager" + ) + registration_opt_group.add_argument( + "--membership-request-lifetime", type="int", + dest="membership_request_lifetime", + help="Time (in seconds) that unconfirmed membership request are maintained in the VOMS database.", + metavar="SECS", + default=604800 + ) + registration_opt_group.add_argument( + "--disable-membership-expired-requests-warnings", + action="store_false", + dest="membership_request_warn_when_expired", + help="Disables email notifications when unconfirmed membership requests are removed from the voms database.", + default=True + ) # Membership checks configuration - membership_opt_group = OptionGroup( - parser, "Membership checks options", "These options configure the VOMS Admin membership checks") - - membership_opt_group.add_option("--preserve-expired-members", action="store_true", dest="preserve_expired_members", - help="Do not suspend users whose membership has expired.", default=False) - membership_opt_group.add_option("--preserve-aup-failing-members", action="store_true", dest="preserve_aup_failing_members", - help="Do not suspend users that fail to sign the AUP in time.", default=False) - membership_opt_group.add_option("--disable-membership-end-time", action="store_true", - dest="disable_membership_end_time", help="Disable membership end time checks completely.", default=False) - - membership_opt_group.add_option("--disable-membership-expiration-warnings", action="store_true", - dest="disable_membership_expiration_warning", help="Disable membership expiration warnings.", default=False) - - membership_opt_group.add_option("--membership-default-lifetime", type="int", dest="membership_default_lifetime", - help="Default VO membership lifetime duration (in months).", metavar="MONTHS", default=12) - - membership_opt_group.add_option("--membership-check-period", type="int", dest="membership_check_period", - help="The membership check background thread period (in seconds)", metavar="SECS", default=600) - - membership_opt_group.add_option("--membership-expiration-warning-period", type="int", dest="membership_expiration_warning_period", - help="Warning period duration (in days). VOMS Admin will notify of users about to expire in the next number of days expressed by this configuration option.", - metavar="DAYS", default=30) - - membership_opt_group.add_option("--membership-expiration-grace-period", type="int", dest="membership_expiration_grace_period", - help="Membership expiration grace period (in days). In the grace period user will be maintained active even if membership has expired.", - metavar="DAYS", default=7) - - membership_opt_group.add_option("--membership-notification-resend-period", type="int", dest="membership_notification_resend_period", - help="Time (in days) that should pass between consecutive warning expiration messages sent to VO administrators to inform about expired and expiring VO members.", - metavar="DAYS", default=1) - - parser.add_option_group(membership_opt_group) - - saml_opt_group = OptionGroup(parser, "SAML Attribute Authority options", - "These options configure the VOMS SAML attribute authority service") - saml_opt_group.add_option("--enable-saml", dest="enable_saml", action="store_true", - help="Turns on the VOMS SAML service.", default=False) - saml_opt_group.add_option("--saml-lifetime", dest="saml_lifetime", type="int", - help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400) - saml_opt_group.add_option("--disable-compulsory-group-membership", - action="store_false", - dest="compulsory_group_membership", - help="Disables VOMS compulsory group membership for the SAML AA.", default=True) - - parser.add_option_group(saml_opt_group) - - x509aa_opt_group = OptionGroup(parser, "X.509 AC Attribute Authority options", - "These options configure the VOMS X.509 attribute authority service") - x509aa_opt_group.add_option("--enable-x509-aa", dest="enable_x509_aa", action="store_true", - help="Turns on the X.509 Attribute authority", default=False) - x509aa_opt_group.add_option("--x509-aa-port", dest="x509_aa_port", - type="int", - help="An additional port used to serve VOMS legacy request.", - metavar="PORT", default=-1) - - x509aa_opt_group.add_option("--ac-validity", dest="ac_validity", type="int", - help="Defines the maximum validity (in hours) for the attribute certificates issued by this VOMS server. The default is 12 hours", - metavar="HOURS", default=24) - - x509aa_opt_group.add_option("--disable-legacy-fqan-encoding", - dest="legacy_fqan_encoding", - action="store_false", - help="FQANs will be encoded in issued ACs following the old, deprecated format (i.e. the one including Role=NULL/Capability=NULL).", - default=True) - - parser.add_option_group(x509aa_opt_group) - - notification_opt_group = OptionGroup( - parser, "Notification service options", "These options configure the VOMS Admin notification service") - notification_opt_group.add_option( - "--mail-from", dest="mail_from", help="The EMAIL address used for VOMS Admin notification messages.", metavar="EMAIL") - notification_opt_group.add_option( - "--smtp-host", dest="smtp_host", help="The HOST where VOMS Admin will deliver notification messages.", metavar="HOST") - notification_opt_group.add_option("--disable-notification", dest="disable_notification", - action="store_true", help=" Turns off the VOMS admin notification service.", default=False) - notification_opt_group.add_option("--notification-username", dest="notification_username", - help="SMTP authentication USERNAME", metavar="USERNAME", default="") - notification_opt_group.add_option("--notification-password", dest="notification_password", - help="SMTP authentication PASSWORD", metavar="PASSWORD", default="") - notification_opt_group.add_option("--notification-use-tls", action="store_true", - dest="notification_use_tls", help="Use TLS to connect to SMTP server", default=False) - - parser.add_option_group(notification_opt_group) - - other_opt_group = OptionGroup(parser, "Other fancy options", - "Configuration options that do not fall in the other categories") - other_opt_group.add_option("--disable-conf-backup", - dest="enable_conf_backup", - action="store_false", - help="Disables configuration backup creation.", - default=True) - - other_opt_group.add_option("--mkgridmap-translate-email", - dest="mkgridmap_translate_email", - action="store_true", - help="Generate gridmapfiles containing the email part of user certificate subject as emailAddress besides the Email format used by default.", - default=False) - - other_opt_group.add_option("--csrf-log-only", - action="store_true", - dest="csrf_log_only", - help="When this option is set, CSRF requests are not blocked but logged. Don't set this option for maximum security", - default=False) - - parser.add_option_group(other_opt_group) + membership_opt_group = parser.add_argument_group( + title="Membership checks options", + description="These options configure the VOMS Admin membership checks" + ) + membership_opt_group.add_argument( + "--preserve-expired-members", + action="store_true", dest="preserve_expired_members", + help="Do not suspend users whose membership has expired.", + default=False + ) + membership_opt_group.add_argument( + "--preserve-aup-failing-members", + action="store_true", dest="preserve_aup_failing_members", + help="Do not suspend users that fail to sign the AUP in time.", + efault=False + ) + membership_opt_group.add_argument( + "--disable-membership-end-time", + action="store_true", + dest="disable_membership_end_time", help="Disable membership end time checks completely.", + default=False + ) + membership_opt_group.add_argument( + "--disable-membership-expiration-warnings", + action="store_true", + dest="disable_membership_expiration_warning", + help="Disable membership expiration warnings.", + default=False + ) + membership_opt_group.add_argument( + "--membership-default-lifetime", + type="int", dest="membership_default_lifetime", + help="Default VO membership lifetime duration (in months).", metavar="MONTHS", default=12 + ) + + membership_opt_group.add_argument( + "--membership-check-period", + type="int", dest="membership_check_period", + help="The membership check background thread period (in seconds)", metavar="SECS", + default=600 + ) + membership_opt_group.add_argument( + "--membership-expiration-warning-period", + type="int", + dest="membership_expiration_warning_period", + help="Warning period duration (in days). VOMS Admin will notify of users about to expire in the next number of days expressed by this configuration option.", + metavar="DAYS", + default=30 + ) + membership_opt_group.add_argument( + "--membership-expiration-grace-period", + type="int", + dest="membership_expiration_grace_period", + help="Membership expiration grace period (in days). In the grace period user will be maintained active even if membership has expired.", + metavar="DAYS", + default=7 + ) + membership_opt_group.add_argument( + "--membership-notification-resend-period", + type="int", + dest="membership_notification_resend_period", + help="Time (in days) that should pass between consecutive warning expiration messages sent to VO administrators to inform about expired and expiring VO members.", + metavar="DAYS", + default=1 + ) + + saml_opt_group = parser.add_argument_group( + title="SAML Attribute Authority options", + description="These options configure the VOMS SAML attribute authority service" + ) + saml_opt_group.add_argument( + "--enable-saml", + dest="enable_saml", + action="store_true", + help="Turns on the VOMS SAML service.", default=False + ) + saml_opt_group.add_argument( + "--saml-lifetime", + dest="saml_lifetime", + type="int", + help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", metavar="SECS", + default=86400 + ) + saml_opt_group.add_argument( + "--disable-compulsory-group-membership", + action="store_false", + dest="compulsory_group_membership", + help="Disables VOMS compulsory group membership for the SAML AA.", + default=True + ) + + x509aa_opt_group = parser.add_argument_group( + title="X.509 AC Attribute Authority options", + description="These options configure the VOMS X.509 attribute authority service" + ) + x509aa_opt_group.add_argument( + "--enable-x509-aa", + dest="enable_x509_aa", action="store_true", + help="Turns on the X.509 Attribute authority", + default=False + ) + x509aa_opt_group.add_argument( + "--x509-aa-port", + dest="x509_aa_port", + type="int", + help="An additional port used to serve VOMS legacy request.", + metavar="PORT", + default=-1 + ) + x509aa_opt_group.add_argument( + "--ac-validity", + dest="ac_validity", type="int", + help="Defines the maximum validity (in hours) for the attribute certificates issued by this VOMS server. The default is 12 hours", + metavar="HOURS", + default=24 + ) + x509aa_opt_group.add_argument( + "--disable-legacy-fqan-encoding", + dest="legacy_fqan_encoding", + action="store_false", + help="FQANs will be encoded in issued ACs following the old, deprecated format (i.e. the one including Role=NULL/Capability=NULL).", + default=True + ) + + notification_opt_group = parser.add_argument_group( + title="Notification service options", + description="These options configure the VOMS Admin notification service" + ) + notification_opt_group.add_argument( + "--mail-from", + dest="mail_from", + help="The EMAIL address used for VOMS Admin notification messages.", + metavar="EMAIL" + ) + notification_opt_group.add_argument( + "--smtp-host", + dest="smtp_host", + help="The HOST where VOMS Admin will deliver notification messages.", + metavar="HOST" + ) + notification_opt_group.add_argument( + "--disable-notification", + dest="disable_notification", + action="store_true", + help=" Turns off the VOMS admin notification service.", + default=False + ) + notification_opt_group.add_argument( + "--notification-username", + dest="notification_username", + help="SMTP authentication USERNAME", metavar="USERNAME", + default="" + ) + notification_opt_group.add_argument( + "--notification-password", + dest="notification_password", + help="SMTP authentication PASSWORD", metavar="PASSWORD", + default="" + ) + notification_opt_group.add_argument( + "--notification-use-tls", + action="store_true", + dest="notification_use_tls", + help="Use TLS to connect to SMTP server", default=False + ) + + other_opt_group = parser.add_argument_group( + title="Other fancy options", + description="Configuration options that do not fall in the other categories" + ) + other_opt_group.add_argument( + "--disable-conf-backup", + dest="enable_conf_backup", + action="store_false", + help="Disables configuration backup creation.", + default=True + ) + + other_opt_group.add_argument( + "--mkgridmap-translate-email", + dest="mkgridmap_translate_email", + action="store_true", + help="Generate gridmapfiles containing the email part of user certificate subject as emailAddress besides the Email format used by default.", + default=False + ) + + other_opt_group.add_argument( + "--csrf-log-only", + action="store_true", + dest="csrf_log_only", + help="When this option is set, CSRF requests are not blocked but logged. Don't set this option for maximum security", + default=False + ) def configure_logging(options): @@ -439,13 +754,11 @@ def configure_logging(options): """ class InfoAndBelowLoggingFilter(logging.Filter): def filter(self, record): - if record.levelno <= logging.INFO: - return 1 - return 0 + return record.levelno <= logging.INFO global logger - out = logging.StreamHandler(stdout) - err = logging.StreamHandler(stderr) + out = logging.StreamHandler(sys.stdout) + err = logging.StreamHandler(sys.stderr) if options.verbose: log_level = logging.DEBUG @@ -466,7 +779,7 @@ def filter(self, record): def check_required_options(options, required_opts): def option_name_from_var(var_name): - return "--"+re.sub(r'_', '-', var_name) + return "--" + re.sub(r'_', '-', var_name) missing_opts = [] for o in required_opts: @@ -475,7 +788,7 @@ def option_name_from_var(var_name): if len(missing_opts) > 0: error_and_exit( - "Please set the following required options:\n\t%s" % '\n\t'.join(missing_opts)) + "Please set the following required options:\n\t{}".format('\n\t'.join(missing_opts))) def check_install_options(options): @@ -514,14 +827,14 @@ def check_upgrade_options(options): def service_cert_sanity_checks(options): if not os.path.exists(options.cert): - error_and_exit("Service certificate %s not found." % options.cert) + error_and_exit(f"Service certificate {options.cert} not found.") if not os.path.exists(options.key): - error_and_exit("Service private key %s not found." % options.key) + error_and_exit(f"Service private key {options.key} not found.") if not os.path.exists(options.trust_dir): error_and_exit( - "Service trust anchor directory %s not found." % options.trust_dir) + f"Service trust anchor directory {options.trust_dir} not found.") def config_owner_ids(options): @@ -529,17 +842,17 @@ def config_owner_ids(options): pwd_info = pwd.getpwnam(options.config_owner) return (pwd_info[2], pwd_info[3]) except KeyError: - logger.warn("User %s is not configured on this system." % - options.config_owner) + logger.warning("User %sis not configured on this system.", + options.config_owner) if os.geteuid() == 0: error_and_exit( - "User %s is not configured on this system." % options.config_owner) + f"User {options.config_owner} is not configured on this system.") def create_voms_service_certificate(options): if os.geteuid() == 0 and not options.dry_run: - logger.info("Creating VOMS services certificate in %s, %s" % - (VOMS_CERT, VOMS_KEY)) + logger.info( + "Creating VOMS services certificate in %s, %s", VOMS_CERT, VOMS_KEY) shutil.copy(HOST_CERT, VOMS_CERT) shutil.copy(HOST_KEY, VOMS_KEY) @@ -548,8 +861,8 @@ def create_voms_service_certificate(options): os.chown(VOMS_CERT, owner_id, owner_group_id) os.chown(VOMS_KEY, owner_id, owner_group_id) - os.chmod(VOMS_CERT, 0644) - os.chmod(VOMS_KEY, 0400) + os.chmod(VOMS_CERT, 0o644) + os.chmod(VOMS_KEY, 0o400) options.cert = VOMS_CERT options.key = VOMS_KEY @@ -571,7 +884,7 @@ def driver_dialect(options): if options.dbtype == MYSQL: return VOMSDefaults.mysql_dialect else: - return VOMSDefaults.oracle_dialect + VOMSDefaults.oracle_dialect def change_owner_and_set_perms(path, owner_id, group_id, perms): @@ -581,9 +894,8 @@ def change_owner_and_set_perms(path, owner_id, group_id, perms): def write_and_set_permissions(options, path, contents, perms): - f = open(path, "w") - f.write(contents) - f.close() + with open(path, "w", encoding="utf-8") as f: + f.write(contents) os.chmod(path, perms) if os.getuid() == 0: (owner_id, group_id) = config_owner_ids(options) @@ -591,31 +903,25 @@ def write_and_set_permissions(options, path, contents, perms): def append_and_set_permissions(path, contents, owner_id, group_id, perms): - f = open(path, "a") - f.write(contents) - f.close() + with open(path, "a", encoding="utf-8") as f: + f.write(contents) change_owner_and_set_perms(path, owner_id, group_id, perms) def dburl_mysql(options): if options.dburlparams: - return "jdbc:mysql://%s:%d/%s?%s" % (options.dbhost, - options.dbport, - options.dbname, - options.dburlparams) + return "jdbc:mysql://{dbhost}:{dbhost}/{dbport}?{dburlparams}".format( + **options) else: - return "jdbc:mysql://%s:%d/%s" % (options.dbhost, - options.dbport, - options.dbname) + return "jdbc:mysql://{dbhost}:%{dbport}/%{dbname}".format(**options) def dburl_oracle(options): if options.use_thin_driver: - return "jdbc:oracle:thin:@//%s:%s/%s" % (options.dbhost, - options.dbport, - options.dbname) + return "jdbc:oracle:thin:@//{dbhost}:{dbport}/{dbname}".format( + **options) else: - return "jdbc:oracle:oci:@%s" % (options.dbname) + return f"jdbc:oracle:oci:@{options.dbname}" def dburl(options): @@ -626,48 +932,44 @@ def dburl(options): def create_admin_db_properties(options): - - db_options = dict(dbdriver=driver_class(options), - dbdialect=driver_dialect(options), - dburl=dburl(options)) - - template = string.Template( - open(VOMSDefaults.db_props_template, "r").read()) + db_options = { + "dbdriver": driver_class(options), + "dbdialect": driver_dialect(options), + "dburl": dburl(options) + } + with open(VOMSDefaults.db_props_template, encoding="utf-8") as f: + template = string.Template(f.read()) db_properties = template.substitute( - **dict(db_options.items()+options.__dict__.items())) + **dict(db_options.items() + options.__dict__.items())) - logger.debug("Admin service database properties:\n%s" % db_properties) + logger.debug("Admin service database properties:\n%s", db_properties) if not options.dry_run: write_and_set_permissions(options, admin_db_properties_path(options.vo), db_properties, - 0640) + 0o640) def create_admin_service_properties(options): - template = string.Template( - open(VOMSDefaults.service_props_template, "r").read()) + with open(VOMSDefaults.service_props_template, encoding="utf-8") as f: + template = string.Template(f.read()) service_props = template.substitute(**options.__dict__) - logger.debug("Admin service properties:\n%s" % service_props) + logger.debug("Admin service properties:\n%s", service_props) if not options.dry_run: write_and_set_permissions(options, admin_service_properties_path(options.vo), service_props, - 0640) + 0o640) def create_endpoint_info(options): - endpoint_path = admin_service_endpoint_path(options.vo) - url = "%s:%s" % (options.hostname, options.admin_port) - logger.debug("Admin service endpoint: %s" % url) + url = f"{options.hostname}:{options.admin_port}" + logger.debug("Admin service endpoint: %s", url) if not options.dry_run: - write_and_set_permissions(options, - endpoint_path, - url, - 0644) + write_and_set_permissions(options, endpoint_path, url, 0o644) def create_vomses(options): @@ -677,29 +979,29 @@ def create_vomses(options): if vomses_port is None: vomses_port = options.x509_aa_port - vomses = '"%s" "%s" "%s" "%s" "%s"\n' % (options.vo, - options.hostname, - vomses_port, - cert.subject, - options.vo) + vomses = f'"{ + options.vo}" "{ + options.hostname}" "{vomses_port}" "{ + cert.subject}" "{ + options.vo}"\n' logger.debug("VOMSES configuration: %s", vomses) if not options.dry_run: write_and_set_permissions(options, vomses_path(options.vo), vomses, - 0644) + 0o644) def create_lsc(options): cert = X509Helper(options.cert, openssl_cmd=options.openssl) - lsc = "%s\n%s" % (cert.subject, cert.issuer) + lsc = f"{cert.subject}\n{cert.issuer}" logger.debug("LSC configuration: %s", lsc) if not options.dry_run: write_and_set_permissions(options, lsc_path(options.vo), lsc, - 0644) + 0o644) def create_aup(options): @@ -710,7 +1012,7 @@ def create_aup(options): change_owner_and_set_perms(aup_path(options.vo), owner_id, group_id, - 0644) + 0o644) def create_logging_configuration(options): @@ -722,7 +1024,7 @@ def create_logging_configuration(options): change_owner_and_set_perms(admin_logging_conf_path(options.vo), owner_id, group_id, - 0644) + 0o644) def create_admin_configuration(options): @@ -754,11 +1056,14 @@ def create_admin_configuration(options): def create_voms_conf(options): - core_opts = dict(core_logfile=os.path.join(options.logdir, "voms.%s" % options.vo), - core_passfile=voms_pass_path(options.vo), - core_sqlloc=os.path.join(options.libdir, options.sqlloc)) + core_opts = { + "core_logfile": os.path.join(options.logdir, f"voms.{options.vo}"), + "core_passfile": voms_pass_path(options.vo), + "core_sqlloc": os.path.join(options.libdir, options.sqlloc) + } - template = string.Template(open(VOMSDefaults.voms_template, "r").read()) + with open(VOMSDefaults.voms_template, encoding="utf-8") as f: + template = string.Template(f.read()) all_core_opts = dict(core_opts.items() + options.__dict__.items()) voms_props = template.substitute(**all_core_opts) @@ -768,18 +1073,18 @@ def create_voms_conf(options): if options.shortfqans: voms_props += "\n--shortfqans" - logger.debug("VOMS Core configuration:\n%s" % voms_props) + logger.debug("VOMS Core configuration:\n%s", voms_props) if not options.dry_run: # Core configuration write_and_set_permissions(options, voms_conf_path(options.vo), voms_props, - 0644) + 0o644) # Core password file write_and_set_permissions(options, voms_pass_path(options.vo), - options.dbpassword+"\n", - 0640) + f"{options.dbpassword}\n", + 0o640) logger.info("VOMS core service configured succesfully.") @@ -798,12 +1103,12 @@ def create_core_configuration(options): def generate_password(length=8, chars=string.ascii_uppercase + string.digits): - return ''.join(random.choice(chars) for x in range(length)) + return ''.join(random.choices(chars, k=length)) def setup_core_defaults(options): if not options.uri: - options.uri = "%s:%d" % (options.hostname, options.core_port) + options.uri = f"{options.hostname}:{options.core_port}" if not options.logdir: options.logdir = voms_log_path() @@ -820,7 +1125,7 @@ def setup_core_defaults(options): def setup_defaults(options): if not options.dbname and options.dbtype == MYSQL: - options.dbname = "voms_%s" % (re.sub(r"[-.]", "_", options.vo)) + options.dbname = f"voms_{re.sub(r'[-.]', '_', options.vo)}" if not options.dbhost: options.dbhost = "localhost" @@ -842,13 +1147,13 @@ def setup_defaults(options): def setup_admin_defaults(options): if not options.aup_url: - options.aup_url = "file:%s" % aup_path(options.vo) + options.aup_url = f"file:{aup_path(options.vo)}" def create_mysql_db(options): createdb_cmd = mysql_util_cmd("create_db", options) if not options.dbapwd or len(options.dbapwd) == 0: - logger.warn( + logger.warning( "WARNING: No password has been specified for the mysql root account.") execute_cmd(createdb_cmd, "Error creating MySQL database schema.") @@ -896,7 +1201,6 @@ def do_core_install(options): setup_service_certificate(options) setup_core_defaults(options) create_core_configuration(options) - pass def do_install(options): @@ -921,17 +1225,17 @@ def undeploy_database(options): "Undeploying database for VO %s. The database contents will be lost.", options.vo) if options.dbtype == MYSQL and options.dropdb: execute_cmd(mysql_util_cmd("drop_db", options), - "Error dropping MySQL database for VO %s!" % options.vo) + f"Error dropping MySQL database for VO {options.vo}!") else: execute_cmd(voms_undeploy_database_cmd(options.vo), - "Error undeploying VOMS database for VO %s!" % (options.vo)) + f"Error undeploying VOMS database for VO {options.vo}!") def remove_dir_and_contents(directory): logger.info("Removing directory %s and its contents", directory) if os.path.exists(directory): - for i in glob.glob(directory+"/*"): - logger.debug("Removing %s", i) + for i in glob.glob(f"{directory}/*"): + logger.debug("Removing %s", directory) os.remove(i) os.rmdir(directory) @@ -981,7 +1285,7 @@ def do_upgrade(options): def error_and_exit(msg): logger.critical(msg) - exit(1) + sys.exit(1) def main(): @@ -998,10 +1302,10 @@ def main(): do_remove(options) elif command == "upgrade": do_upgrade(options) - except SystemExit, e: - exit(e) - except: - logger.exception("Unexpected error caught!") + except SystemExit as e: + sys.exit(e) + except Exception as e: + logger.exception("Unexpected error caught! %s", e) if __name__ == '__main__': diff --git a/voms-admin-server/resources/scripts/configure/voms_db_util.py b/voms-admin-server/resources/scripts/configure/voms_db_util.py index 712f880a..3843bc99 100644 --- a/voms-admin-server/resources/scripts/configure/voms_db_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_db_util.py @@ -20,50 +20,71 @@ # import sys -import string import os -from sys import stderr, exit -from optparse import OptionParser +import argparse from voms_shared import VOMSDefaults, X509Helper, get_oracle_env usage = """%prog [options] command Commands: check-connectivity: checks database connection - + deploy: deploys the VOMS database for a given VO undeploy: undeploys the VOMS database for a given VO upgrade: upgrades the VOMS database for a given VO - + add-admin: creates an administrator with full privileges for a given VO remove-admin: removes an administrator from a given VO - + grant-read-only-access: creates ACLs so that VO structure is readable for any authenticated user """ -parser = OptionParser(usage) +parser = argparse.ArgumentParser(usage=usage) commands = ["deploy", "undeploy", "upgrade", "check-connectivity", "grant-read-only-access", "add-admin", "remove-admin"] def setup_cl_options(): - parser.add_option( - "--vo", dest="vo", help="the VO for which database operations are performed", metavar="VO") - parser.add_option("--dn", dest="admin_dn", - help="the DN of the administrator certificate", metavar="DN") - parser.add_option("--ca", dest="admin_ca", - help="the DN of the CA that issued the administrator certificate", metavar="DN") - parser.add_option("--email", dest="admin_email", - help="the EMAIL address of the administrator", metavar="EMAIL") - parser.add_option("--cert", dest="admin_cert", - help="the x.509 CERTIFICATE of the administrator being created", metavar="CERTIFICATE") - parser.add_option("--ignore-cert-email", dest="admin_ignore_cert_email", action="store_true", - help="ignores the email address in the certificate passed in with the --cert option") + parser.add_argument( + "--vo", + dest="vo", + help="the VO for which database operations are performed", + metavar="VO" + ) + parser.add_argument( + "--dn", + dest="admin_dn", + help="the DN of the administrator certificate", metavar="DN" + ) + parser.add_argument( + "--ca", + dest="admin_ca", + help="the DN of the CA that issued the administrator certificate", + metavar="DN" + ) + parser.add_argument( + "--email", + dest="admin_email", + help="the EMAIL address of the administrator", metavar="EMAIL" + ) + parser.add_argument( + "--cert", + dest="admin_cert", + help="the x.509 CERTIFICATE of the administrator being created", + metavar="CERTIFICATE" + ) + + parser.add_argument( + "--ignore-cert-email", + dest="admin_ignore_cert_email", + action="store_true", + help="ignores the email address in the certificate passed in with the --cert option" + ) def error_and_exit(msg): - print >>stderr, msg - exit(1) + print(msg, file=sys.stderr) + sys.exit(1) def build_classpath(): @@ -71,26 +92,24 @@ def build_classpath(): jars = VOMSDefaults.voms_admin_libs if len(jars) == 0: - raise ValueError, "voms-admin jar files not found!" + raise ValueError("voms-admin jar files not found!") jars.append(VOMSDefaults.voms_admin_jar) jars.append(VOMSDefaults.voms_admin_classes) - return string.join(jars, ":") + return ":".join(jars) def do_basic_command(options, command): - cmd = "%s java -cp %s %s --command %s --vo %s" % (get_oracle_env(), - build_classpath(), - VOMSDefaults.schema_deployer_class, - command, - options.vo) + cmd = f"{get_oracle_env()} "\ + f"java -cp {build_classpath()} {VOMSDefaults.schema_deployer_class} " \ + f"--command {command} {options.vo}" + status = os.system(cmd) sys.exit(os.WEXITSTATUS(status)) def do_add_admin(options): - email = None if options.admin_cert: @@ -106,23 +125,21 @@ def do_add_admin(options): email = options.admin_email if not email: - print "WARNING: No email was specified for this administrator! The new administrator will not receive VOMS Admin notifications" - - cmd = "%s java -cp %s %s --command add-admin --vo %s --dn '%s' --ca '%s'" % (get_oracle_env(), - build_classpath(), - VOMSDefaults.schema_deployer_class, - options.vo, - dn, - ca) + print("WARNING: No email was specified for this administrator! " + "The new administrator will not receive VOMS Admin notifications") + + cmd = f"{get_oracle_env()} " \ + f"java -cp {build_classpath()} {VOMSDefaults.schema_deployer_class} " \ + f"--command add-admin " \ + f"--vo {options.vo} --dn {dn} --ca {ca}" if email: - cmd += " --email '%s' " % email + cmd = f"{cmd} --email '{email}'" status = os.system(cmd) sys.exit(os.WEXITSTATUS(status)) def do_remove_admin(options): - if options.admin_cert: cert = X509Helper(options.admin_cert) dn = cert.subject @@ -130,13 +147,10 @@ def do_remove_admin(options): else: dn = options.admin_dn ca = options.admin_ca - - cmd = "%s java -cp %s %s --command remove-admin --vo %s --dn '%s' --ca '%s' " % (get_oracle_env(), - build_classpath(), - VOMSDefaults.schema_deployer_class, - options.vo, - dn, - ca) + cmd = f"{get_oracle_env()} " \ + f"java -cp {build_classpath()} {VOMSDefaults.schema_deployer_class} " \ + f"--command remove-admin " \ + f"--vo {options.vo} --dn {dn} --ca {ca}" status = os.system(cmd) sys.exit(os.WEXITSTATUS(status)) @@ -144,7 +158,8 @@ def do_remove_admin(options): def check_args_and_options(options, args): if len(args) != 1 or args[0] not in commands: error_and_exit( - "Please specify a single command among the following:\n\t%s" % "\n\t".join(commands)) + "Please specify a single command among the following:\n\t%s" % + "\n\t".join(commands)) if not options.vo: error_and_exit("Please specify a VO with the --vo option.") @@ -153,7 +168,8 @@ def check_args_and_options(options, args): if (not options.admin_dn or not options.admin_ca) and not options.admin_cert: error_and_exit( - "Please specify an administrator either providing a certificate with the --cert option, or with the --dn and --ca options.") + "Please specify an administrator either providing a certificate" + " with the --cert option, or with the --dn and --ca options.") if options.admin_cert and (options.admin_dn or options.admin_ca): error_and_exit( @@ -161,7 +177,8 @@ def check_args_and_options(options, args): if not options.admin_cert and options.admin_ignore_cert_email: error_and_exit( - "The --ignore-cert-email must be used together with the --cert option.") + "The --ignore-cert-email must be used together with the --cert " + "option.") def main(): diff --git a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py index 62a87609..cfb9a3f9 100644 --- a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python3 # # Copyright (c) Members of the EGEE Collaboration. 2006-2009. # See http://www.eu-egee.org/partners/ for details on the copyright holders. @@ -18,146 +18,173 @@ # Authors: # Andrea Ceccanti (INFN) -from optparse import OptionParser -from sys import stderr, exit +import argparse +import sys import subprocess import re -import string import socket usage = """%prog [options] command Commands: - create_db: creates a MySQL database and read/write grants for the VOMS service + create_db: creates a MySQL database and read/write grants for the VOMS service based on the given options drop_db: drops a MySQL database grant_rw_access: Creates a read/write grant on an existing VOMS database for the user specified in the options - grant_ro_access: Creates a read-only grant on an existing VOMS database for the user - specified in the options + grant_ro_access: Creates a read-only grant on an existing VOMS database for the user + specified in the options """ -parser = OptionParser(usage=usage) +parser = argparse.ArgumentParser(usage=usage) def setup_cl_options(): - parser.add_option("--dbauser", dest="dbauser", - help="Sets MySQL administrator user to USER", metavar="USER", default="root") - parser.add_option("--dbapwd", dest="dbapwd", - help="Sets MySQL administrator password to PWD", metavar="PWD") - parser.add_option("--dbapwdfile", dest="dbapwdfile", - help="Reads MySQL administrator password from FILE", metavar="FILE") - parser.add_option("--dbusername", dest="username", - help="Sets the VOMS MySQL username to be created as USER", metavar="USER") - parser.add_option("--vomshost", dest="voms_host", - help="Sets the HOST where VOMS is running", metavar="HOST") - parser.add_option("--dbpassword", dest="password", - help="Sets the VOMS MySQL password for the user to be created as PWD", metavar="PWD") - parser.add_option("--dbname", dest="dbname", - help="Sets the VOMS database name to DBNAME", metavar="DBNAME") - parser.add_option("--dbhost", dest="host", - help="Sets the HOST where MySQL is running", metavar="HOST", default="localhost") - parser.add_option("--dbport", dest="port", - help="Sets the PORT where MySQL is listening", metavar="PORT", default="3306") - parser.add_option("--mysql-command", dest="command", - help="Sets the MySQL command to CMD", metavar="CMD", default="mysql") + parser.add_argument( + "--dbauser", + dest="dbauser", + help="Sets MySQL administrator user to USER", + metavar="USER", + default="root" + ) + parser.add_argument( + "--dbapwd", + dest="dbapwd", + help="Sets MySQL administrator password to PWD", + metavar="PWD" + ) + parser.add_argument( + "--dbapwdfile", + dest="dbapwdfile", + help="Reads MySQL administrator password from FILE", + metavar="FILE") + parser.add_argument( + "--dbusername", + dest="username", + help="Sets the VOMS MySQL username to be created as USER", + metavar="USER") + parser.add_argument( + "--vomshost", + dest="voms_host", + help="Sets the HOST where VOMS is running", + metavar="HOST" + ) + parser.add_argument( + "--dbpassword", + dest="password", + help="Sets the VOMS MySQL password for the user to be created as PWD", + metavar="PWD" + ) + parser.add_argument( + "--dbname", + dest="dbname", + help="Sets the VOMS database name to DBNAME", metavar="DBNAME" + ) + parser.add_argument( + "--dbhost", + dest="host", + help="Sets the HOST where MySQL is running", metavar="HOST", + default="localhost" + ) + parser.add_argument( + "--dbport", + dest="port", + help="Sets the PORT where MySQL is listening", metavar="PORT", + default="3306" + ) + parser.add_argument( + "--mysql-command", + dest="command", + help="Sets the MySQL command to CMD", + metavar="CMD", default="mysql" + ) def error_and_exit(msg): - print >>stderr, msg - exit(1) + print(msg, file=sys.stderr) + sys.exit(1) def build_mysql_command_preamble(options): if options.dbapwdfile: try: - dbapwd = open(options.dbapwdfile).read() + with open(options.dbapwdfile, encoding="utf-8") as f: + dbapwd = f.read() except IOError as e: error_and_exit(e.strerror) else: dbapwd = options.dbapwd - if not dbapwd: - mysql_cmd = "%s -u%s --host %s --port %s" % (options.command, - options.dbauser, - options.host, - options.port) - else: - mysql_cmd = "%s -u%s -p%s --host %s --port %s" % (options.command, - options.dbauser, - dbapwd, - options.host, - options.port) + mysql_cmd = "{command} -u{dbauser} --host {host} --port {port}" + mysql_cmd = mysql_cmd.format(**options) + if dbapwd: + mysql_cmd = f"{mysql_cmd} -p{dbapwd}" return mysql_cmd def db_exists(options): mysql_cmd = build_mysql_command_preamble(options) + with subprocess.Popen(mysql_cmd, shell=True, stdin=subprocess.PIPE, + stderr=subprocess.PIPE) as mysql_proc: + try: + print(f"use {options.dbname};", file=mysql_proc.stdin) + except IOError as e: + err_msg = mysql_proc.stderr.read() + error_and_exit( + f"Error checking database existence: {e}. {err_msg}") - mysql_proc = subprocess.Popen( - mysql_cmd, shell=True, stdin=subprocess.PIPE, stderr=subprocess.PIPE) - try: - print >>mysql_proc.stdin, "use %s;" % options.dbname - mysql_proc.stdin.close() - except IOError as e: - err_msg = mysql_proc.stderr.read() - error_and_exit( - "Error checking database existence: %s. %s" % (e, err_msg)) + status = mysql_proc.wait() + if status == 0: + return True - status = mysql_proc.wait() - if status == 0: - return True - else: err_msg = mysql_proc.stderr.read() - match = re.match("ERROR 1049", string.strip(err_msg)) - if match: - return False - else: - error_and_exit("Error checking schema existence: %s" % err_msg) + match = re.match("ERROR 1049", err_msg.strip()) + if match: + return False + error_and_exit(f"Error checking schema existence: {err_msg}") def create_db(options): - print "Creating database %s" % options.dbname - + print(f"Creating database {options.dbname}") if db_exists(options): - print "Schema for database %s already exists, will not create it..." % options.dbname + print(f"Schema for database {options.dbname} already exists, " + "will not create it...") else: mysql_cmd = build_mysql_command_preamble(options) # The database is not there, let's create it - mysql_proc = subprocess.Popen( - mysql_cmd, shell=True, stdin=subprocess.PIPE) - print >>mysql_proc.stdin, "create database %s;" % options.dbname - mysql_proc.stdin.close() - status = mysql_proc.wait() + with subprocess.Popen(mysql_cmd, shell=True, + stdin=subprocess.PIPE) as mysql_proc: + print("create database {options.dbname};", file=mysql_proc.stdin) + status = mysql_proc.wait() if status != 0: - error_and_exit("Error creating MySQL database %s: %s" % - (options.dbname, mysql_proc.stdout.read())) + error_and_exit("Error creating MySQL database {options.dbname}: " + "mysql_proc.stdout.read()") grant_rw_access(options) - - print "Done." + print("Done.") def drop_db(options): - print "Dropping database %s" % options.dbname + print(f"Dropping database {options.dbname}") if not db_exists(options): - print "Schema for database %s does not exist, exiting..." % options.dbname - exit(1) + print(f"Schema for database {options.dbname} does not exist, " + "exiting...") + sys.exit(1) else: mysql_cmd = build_mysql_command_preamble(options) - mysql_proc = subprocess.Popen( - mysql_cmd, shell=True, stdin=subprocess.PIPE) - print >>mysql_proc.stdin, "drop database %s;" % options.dbname - mysql_proc.stdin.close() - status = mysql_proc.wait() - if status != 0: - error_and_exit("Error dropping MySQL database %s: %s" % - (options.dbname, mysql_proc.stdout.read())) - print "Done." + with subprocess.Popen( + mysql_cmd, shell=True, stdin=subprocess.PIPE) as mysql_proc: + print(f"drop database {options.dbname};", file=mysql_proc.stdin) + status = mysql_proc.wait() + if status != 0: + output = mysql_proc.stdout.read() + msg = f"Error dropping MySQL database {options.dbname}: {output}" + error_and_exit(msg) + print("Done.") def grant_rw_access(options): - print "Granting user %s read/write access on database %s" % ( - options.username, options.dbname) + print(f"Granting user {options.username} read/write access on " + f"database {options.dbname}") mysql_cmd = build_mysql_command_preamble(options) if len(options.username) > 16: @@ -165,88 +192,92 @@ def grant_rw_access(options): "MySQL database accont names cannot be longer than 16 characters.") if db_exists(options): - mysql_proc = subprocess.Popen( - mysql_cmd, shell=True, stdin=subprocess.PIPE) - hosts = ['localhost', 'localhost.%', - socket.gethostname(), socket.getfqdn()] - - if options.voms_host: - hosts = [options.voms_host, options.voms_host + '.%'] - - for host in hosts: - print >>mysql_proc.stdin, "grant all privileges on %s.* to '%s'@'%s' identified by '%s' with grant option;" % (options.dbname, - options.username, - host, - options.password) - print >>mysql_proc.stdin, "flush privileges;" - mysql_proc.stdin.close() - status = mysql_proc.wait() + with subprocess.Popen(mysql_cmd, shell=True, + stdin=subprocess.PIPE) as mysql_proc: + hosts = ['localhost', 'localhost.%', + socket.gethostname(), socket.getfqdn()] + + if options.voms_host: + hosts = [options.voms_host, options.voms_host + '.%'] + + for host in hosts: + query = f"grant all privileges on {options.dbname}.* to " \ + f"'{options.username}'@'{host}' " \ + f"identified by '{options.password}' " \ + f"with grant option;" + print(query, file=mysql_proc.stdin) + print("flush privileges;", file=mysql_proc.stdin) + status = mysql_proc.wait() if status != 0: - error_and_exit("Error granting read/write access to user %s on database %s: %s" % (options.username, - options.dbname, - mysql_proc.stdout.read())) + error_and_exit( + f"Error granting read/write access to user {options.username} " + f"on database {options.dbname}: {mysql_proc.stdout.read()}") def grant_ro_access(): - print "Granting user %s read-only access on database %s" % ( - options.username, options.dbname) + # FIXME: options is not defined!! + print(f"Granting user {options.username} read-only access on database " + f"{options.dbname}") mysql_cmd = build_mysql_command_preamble(options) if len(options.username) > 16: - error_and_exit( - "MySQL database accont names cannot be longer than 16 characters.") + error_and_exit("MySQL database accont names cannot be longer than " + "16 characters.") if db_exists(options): - mysql_proc = subprocess.Popen( - mysql_cmd, shell=True, stdin=subprocess.PIPE) - hosts = ['localhost', 'localhost.%', - socket.gethostname(), socket.getfqdn()] - - if options.voms_host: - hosts = [options.voms_host, options.voms_host + '.%'] - - for host in hosts: - print >>mysql_proc.stdin, "grant select on %s.* to '%s'@'%s' identified by '%s';" % (options.dbname, - options.username, - host, - options.password) - print >>mysql_proc.stdin, "flush privileges;" - mysql_proc.stdin.close() - status = mysql_proc.wait() + with subprocess.Popen(mysql_cmd, shell=True, + stdin=subprocess.PIPE) as mysql_proc: + hosts = ['localhost', 'localhost.%', + socket.gethostname(), socket.getfqdn()] + + if options.voms_host: + hosts = [options.voms_host, options.voms_host + '.%'] + + for host in hosts: + print( + f"grant select on {options.dbname}.* to " + f"'{options.username}'@'{host}' " + "identified by 'options.password';", + file=mysql_proc.stdin) + print("flush privileges;", mysql_proc.stdin) + # mysql_proc.stdin.close() + status = mysql_proc.wait() if status != 0: - error_and_exit("Error granting read-only access to user %s on database %s: %s" % (options.username, - options.dbname, - mysql_proc.stdout.read())) + error_and_exit( + "Error granting read-only access to user " + f"{options.username} on database {options.dbname}: " + f"{mysql_proc.stdout.read()}") -supported_commands = {'create_db': create_db, - 'drop_db': drop_db, - 'grant_rw_access': grant_rw_access, - 'grant_ro_access': grant_ro_access} +supported_commands = { + 'create_db': create_db, + 'drop_db': drop_db, + 'grant_rw_access': grant_rw_access, + 'grant_ro_access': grant_ro_access +} required_options = ["username", "password", "dbname"] def check_mysql_command(options): - test_cmd = "%s --version" % options.command - proc = subprocess.Popen(test_cmd, shell=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - (out, err) = proc.communicate() - - combined_output = "%s %s" % (out, err) - - status = proc.wait() - - if status != 0: - error_and_exit("Error executing %s: %s. Check your MySQL client installation." % ( - options.command, combined_output.strip())) + test_cmd = f"{options.command} --version" + with subprocess.Popen(test_cmd, shell=True, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) as proc: + (out, err) = proc.communicate() + combined_output = f"{out} {err}" + status = proc.wait() + if status != 0: + error_and_exit( + f"Error executing {options.command}: {combined_output.strip()}." + " Check your MySQL client installation.") def check_args_and_options(options, args): if len(args) != 1 or args[0] not in supported_commands.keys(): - error_and_exit("Please specify a single command among the following:\n\t%s" % - "\n\t".join(supported_commands.keys())) + str_commands = '\n\t'.join(supported_commands.keys()) + error_and_exit("Please specify a single command among the following:" + f"\n\t{str_commands}") missing_options = [] @@ -258,8 +289,9 @@ def check_args_and_options(options, args): missing_options.append("--dbname") if len(missing_options) != 0: - error_and_exit("Please specify the following missing options:\n\t%s" % - "\n\t".join(missing_options)) + str_missing_options = "\n\t".join(missing_options) + error_and_exit("Please specify the following missing options:\n\t" + f"{str_missing_options}") def main(): diff --git a/voms-admin-server/resources/scripts/configure/voms_shared.py b/voms-admin-server/resources/scripts/configure/voms_shared.py index dc353a1c..b588a914 100644 --- a/voms-admin-server/resources/scripts/configure/voms_shared.py +++ b/voms-admin-server/resources/scripts/configure/voms_shared.py @@ -22,39 +22,34 @@ __voms_prefix__ = "${package.prefix}" import re -import commands -import exceptions +import subprocess import os.path import glob import platform def mysql_util_cmd(command, options): - db_cmd = "%s %s --dbauser %s --dbusername %s --dbpassword '%s' --dbname %s --dbhost %s --dbport %s --mysql-command %s" % (VOMSDefaults.voms_mysql_util, - command, - options.dbauser, - options.dbusername, - options.dbpassword, - options.dbname, - options.dbhost, - options.dbport, - options.mysql_command) + db_cmd = f"{VOMSDefaults.voms_mysql_util} {command} " \ + f"--dbauser {options.dbauser} --dbusername {options.dbusername} " \ + f"--dbhost {options.dbhost} --dbport {options.dbport} " \ + f"--mysql-command {options.mysql_command}" if options.dbapwdfile: - dbapwd = open(options.dbapwdfile).read() + with open(options.dbapwdfile, encoding="utf-8") as f: + dbapwd = f.read() options.dbapwd = dbapwd if options.dbapwd: - db_cmd += " --dbapwd=%s" % options.dbapwd + db_cmd = f"db_cmd --dbapwd={options.dbapwd}" return db_cmd def voms_add_admin_cmd(vo, cert, ignore_email=False): + cmd = f"{__voms_db_util_base_cmd(vo, 'add-admin')} --cert {cert}" if ignore_email: - return "%s %s" % (__voms_db_util_base_cmd(vo, "add-admin"), "--cert %s --ignore-cert-email" % cert) - else: - return "%s %s" % (__voms_db_util_base_cmd(vo, "add-admin"), "--cert %s" % cert) + cmd = f"{cmd} --ignore-cert-email" + return cmd def voms_ro_auth_clients_cmd(vo): @@ -74,7 +69,7 @@ def voms_upgrade_database_cmd(vo): def __voms_db_util_base_cmd(vo, command): - return "%s %s --vo %s" % (VOMSDefaults.voms_db_util, command, vo) + return f"{VOMSDefaults.voms_db_util} {command} --vo {vo}" def voms_version(): @@ -91,7 +86,9 @@ def voms_prefix(): def template_prefix(): - return os.path.join(voms_prefix(), "usr", "share", "voms-admin", "templates") + return os.path.join( + voms_prefix(), "usr", "share", "voms-admin", "templates" + ) def admin_conf_dir(vo=None): @@ -208,7 +205,7 @@ def get_oracle_env(): return template.substitute(sysconfig) -class VOMSError(exceptions.RuntimeError): +class VOMSError(RuntimeError): pass @@ -221,14 +218,13 @@ def __init__(self, filename): self._load_properties() def _load_properties(self): - f = open(self._filename, "r") - for l in f: - if re.match(PropertyHelper.empty_or_comment_lines, l) is None: - m = re.search(PropertyHelper.property_matcher, l) - if m: - PropertyHelper.__setitem__( - self, m.groups()[0], m.groups()[1]) - f.close() + with open(self._filename, "r", encoding="utf-8") as f: + for l in f: + if re.match(PropertyHelper.empty_or_comment_lines, l) is None: + m = re.search(PropertyHelper.property_matcher, l) + if m: + PropertyHelper.__setitem__( + self, m.groups()[0], m.groups()[1]) def save_properties(self): def helper(l): @@ -238,12 +234,11 @@ def helper(l): else: return l - f = open(self._filename, "rw+") - lines = map(helper, f.readlines()) - f.seek(0) - f.writelines(lines) - f.truncate() - f.close() + with open(self._filename, "w", encoding="utf-8") as f: + lines = map(helper, f.readlines()) + f.seek(0) + f.writelines(lines) + f.truncate() class X509Helper: @@ -253,34 +248,31 @@ def __init__(self, filename, openssl_cmd=None): self.parse() def parse(self): + openssl = self.openssl_cmd if self.openssl_cmd else 'openssl' + base_cmd = f"{openssl} x509 -in '{self.filename}' -noout" - if self.openssl_cmd: - openssl = self.openssl_cmd - else: - openssl = 'openssl' - - base_cmd = openssl+' x509 -in \'%s\' -noout ' % self.filename - - status, subject = commands.getstatusoutput(base_cmd+'-subject') + status, subject = subprocess.getstatusoutput(f"{base_cmd}-subject") if status: - raise VOMSError, "Error invoking openssl: " + subject + raise VOMSError(f"Error invoking openssl: {subject}") - status, issuer = commands.getstatusoutput(base_cmd+'-issuer') + status, issuer = subprocess.getstatusoutput(f"{base_cmd}-issuer") if status: - raise VOMSError, "Error invoking openssl: " + issuer + raise VOMSError(f"Error invoking openssl: {issuer}") - status, email = commands.getstatusoutput(base_cmd+'-email') + status, email = subprocess.getstatusoutput(f"{base_cmd}-email") if status: - raise VOMSError, "Error invoking openssl: " + email + raise VOMSError(f"Error invoking openssl: {email}") self.subject = re.sub(r'^subject= ', '', subject.strip()) self.issuer = re.sub(r'^issuer= ', '', issuer.strip()) self.subject = re.sub( - r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=', '/Email=', self.subject) + r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=', + '/Email=', self.subject) # Handle emailAddress also in the CA DN (Bug #36490) self.issuer = re.sub( - r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=', '/Email=', self.issuer) + r'/(E|e|((E|e|)(mail|mailAddress|mailaddress|MAIL|MAILADDRESS)))=', + '/Email=', self.issuer) # Handle also UID self.subject = re.sub( @@ -288,11 +280,14 @@ def parse(self): self.email = email.strip() - # Check that only first email address is taken from the certificate, the openssl -email command + # Check that only first email address is taken from the certificate, + # the openssl -email command # returns one address per line emails = email.splitlines(False) if len(emails) > 0: self.email = emails[0] def __repr__(self): - return 'Subject:%s\nIssuer:%s\nEmail:%s' % (self.subject, self.issuer, self.email) + return f"Subject:{self.subject}\n" \ + f"Issuer:{self.issuer}\n" \ + f"Email: {self.email}" From ebccae304c8e852d32b3f029c9ffa5921e809a71 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 13:57:26 +0000 Subject: [PATCH 02/17] Maybe fix grant_ro_access missing options argument --- .../resources/scripts/configure/voms_mysql_util.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py index cfb9a3f9..88b23610 100644 --- a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py @@ -214,8 +214,7 @@ def grant_rw_access(options): f"on database {options.dbname}: {mysql_proc.stdout.read()}") -def grant_ro_access(): - # FIXME: options is not defined!! +def grant_ro_access(options): print(f"Granting user {options.username} read-only access on database " f"{options.dbname}") mysql_cmd = build_mysql_command_preamble(options) From 61781cfade31b613ea341a42d09285db27b2796e Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 15:25:24 +0000 Subject: [PATCH 03/17] Fix missing --vo flag --- voms-admin-server/resources/scripts/configure/voms_db_util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_db_util.py b/voms-admin-server/resources/scripts/configure/voms_db_util.py index 3843bc99..04197502 100644 --- a/voms-admin-server/resources/scripts/configure/voms_db_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_db_util.py @@ -103,7 +103,7 @@ def build_classpath(): def do_basic_command(options, command): cmd = f"{get_oracle_env()} "\ f"java -cp {build_classpath()} {VOMSDefaults.schema_deployer_class} " \ - f"--command {command} {options.vo}" + f"--command {command} --vo {options.vo}" status = os.system(cmd) sys.exit(os.WEXITSTATUS(status)) From fe7c38b22a0baed75d8331da7f47f703942aa83f Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 15:50:47 +0000 Subject: [PATCH 04/17] Fix f-string --- .../resources/scripts/configure/voms_configure.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index 9ce00d1c..b8d696b5 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -979,11 +979,9 @@ def create_vomses(options): if vomses_port is None: vomses_port = options.x509_aa_port - vomses = f'"{ - options.vo}" "{ - options.hostname}" "{vomses_port}" "{ - cert.subject}" "{ - options.vo}"\n' + vomses = f'"{options.vo}" "{options.hostname}" "{vomses_port}" ' \ + f'"{cert.subject}" "{options.vo}"\n' + logger.debug("VOMSES configuration: %s", vomses) if not options.dry_run: From dff631e1aa4bdb19de9de16efadb327dd1c29284 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 15:55:43 +0000 Subject: [PATCH 05/17] Fix argparse ints --- .../scripts/configure/voms_configure.py | 49 ++++++++++--------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index b8d696b5..859541a3 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -156,9 +156,10 @@ def setup_cl_options(): ) parser.add_argument( "--trust-refresh-period", - type="int", + type=int, dest="trust_refresh_period", - help="How ofter CAs are refreshed from the filesystem (in seconds).", metavar="SECS", + help="How ofter CAs are refreshed from the filesystem (in seconds).", + metavar="SECS", default=3600 ) parser.add_argument( @@ -213,7 +214,7 @@ def setup_cl_options(): admin_opt_group.add_argument( "--admin-port", dest="admin_port", - type="int", + type=int, help="the PORT on which the admin service will bind", metavar="PORT", default=8443 @@ -286,7 +287,7 @@ def setup_cl_options(): ) conn_pool_opt_group.add_argument( "--c3p0-acquire-increment", - type='int', + type=int, dest="c3p0_acquire_increment", help="Sets the number of new connections that are acquired from the database connection pool is exausted.", metavar="NUM", @@ -294,7 +295,7 @@ def setup_cl_options(): ) conn_pool_opt_group.add_argument( "--c3p0-idle-test-period", - type='int', + type=int, dest="c3p0_idle_test_period", help="Check idle connections in the pool every SEC seconds.", metavar="SEC", @@ -303,7 +304,7 @@ def setup_cl_options(): conn_pool_opt_group.add_argument( "--c3p0-min-size", - type='int', + type=int, dest="c3p0_min_size", help="Pool minimum size.", metavar="NUM", @@ -311,7 +312,7 @@ def setup_cl_options(): ) conn_pool_opt_group.add_argument( "--c3p0-max-size", - type='int', + type=int, dest="c3p0_max_size", help="Pool maximum size.", metavar="NUM", @@ -319,7 +320,7 @@ def setup_cl_options(): ) conn_pool_opt_group.add_argument( "--c3p0-max-statements", - type='int', + type=int, dest="c3p0_max_statements", help="The size of the connection pool prepared statements cache.", metavar="NUM", @@ -327,7 +328,7 @@ def setup_cl_options(): ) conn_pool_opt_group.add_argument( "--c3p0-timeout", - type='int', + type=int, dest="c3p0_timeout", help="The time in seconds a connection in the pool can remain pooled but unused before being discarded.", metavar="SECS", @@ -362,7 +363,7 @@ def setup_cl_options(): mysql_opt_group.add_argument( "--dbport", dest="dbport", - type='int', + type=int, help="Sets the PORT where the MySQL database is listening", metavar="PORT", efault="3306" @@ -420,7 +421,7 @@ def setup_cl_options(): voms_core_opt_group.add_argument( "--core-port", dest="core_port", - type="int", + type=int, help="the PORT on which the VOMS core service will bind", metavar="PORT" ) @@ -450,14 +451,14 @@ def setup_cl_options(): voms_core_opt_group.add_argument( "--timeout", dest="timeout", - type="int", + type=int, help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400 ) voms_core_opt_group.add_argument( "--socktimeout", dest="socktimeout", - type="int", + type=int, help="Sets the amount of time in seconds after which the server will drop an inactive connection. The default is 60 seconds", metavar="SECS", default=60 @@ -477,7 +478,7 @@ def setup_cl_options(): ) voms_core_opt_group.add_argument( "--max-reqs", - type="int", + type=int, dest="max_reqs", help="Sets the maximum number of concurrent request that the VOMS service can handle.", default=50 @@ -502,7 +503,7 @@ def setup_cl_options(): ) registration_opt_group.add_argument( "--aup-signature-grace-period", - type="int", + type=int, dest="aup_signature_grace_period", help="The time (in days) given to users to sign the AUP, after being notified, before being suspended.", metavar="DAYS", @@ -537,7 +538,7 @@ def setup_cl_options(): default="Group-Manager" ) registration_opt_group.add_argument( - "--membership-request-lifetime", type="int", + "--membership-request-lifetime", type=int, dest="membership_request_lifetime", help="Time (in seconds) that unconfirmed membership request are maintained in the VOMS database.", metavar="SECS", @@ -583,19 +584,19 @@ def setup_cl_options(): ) membership_opt_group.add_argument( "--membership-default-lifetime", - type="int", dest="membership_default_lifetime", + type=int, dest="membership_default_lifetime", help="Default VO membership lifetime duration (in months).", metavar="MONTHS", default=12 ) membership_opt_group.add_argument( "--membership-check-period", - type="int", dest="membership_check_period", + type=int, dest="membership_check_period", help="The membership check background thread period (in seconds)", metavar="SECS", default=600 ) membership_opt_group.add_argument( "--membership-expiration-warning-period", - type="int", + type=int, dest="membership_expiration_warning_period", help="Warning period duration (in days). VOMS Admin will notify of users about to expire in the next number of days expressed by this configuration option.", metavar="DAYS", @@ -603,7 +604,7 @@ def setup_cl_options(): ) membership_opt_group.add_argument( "--membership-expiration-grace-period", - type="int", + type=int, dest="membership_expiration_grace_period", help="Membership expiration grace period (in days). In the grace period user will be maintained active even if membership has expired.", metavar="DAYS", @@ -611,7 +612,7 @@ def setup_cl_options(): ) membership_opt_group.add_argument( "--membership-notification-resend-period", - type="int", + type=int, dest="membership_notification_resend_period", help="Time (in days) that should pass between consecutive warning expiration messages sent to VO administrators to inform about expired and expiring VO members.", metavar="DAYS", @@ -631,7 +632,7 @@ def setup_cl_options(): saml_opt_group.add_argument( "--saml-lifetime", dest="saml_lifetime", - type="int", + type=int, help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400 ) @@ -656,14 +657,14 @@ def setup_cl_options(): x509aa_opt_group.add_argument( "--x509-aa-port", dest="x509_aa_port", - type="int", + type=int, help="An additional port used to serve VOMS legacy request.", metavar="PORT", default=-1 ) x509aa_opt_group.add_argument( "--ac-validity", - dest="ac_validity", type="int", + dest="ac_validity", type=int, help="Defines the maximum validity (in hours) for the attribute certificates issued by this VOMS server. The default is 12 hours", metavar="HOURS", default=24 From 4c04544e4b58d092c8337b216b8735e5640ddda3 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 15:56:04 +0000 Subject: [PATCH 06/17] Fix arg typo --- voms-admin-server/resources/scripts/configure/voms_configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index 859541a3..2411d415 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -366,7 +366,7 @@ def setup_cl_options(): type=int, help="Sets the PORT where the MySQL database is listening", metavar="PORT", - efault="3306" + default="3306" ) mysql_opt_group.add_argument( "--mysql-command", From 97569453c5f49443ce640260d95c478815c73406 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 15:59:17 +0000 Subject: [PATCH 07/17] Fix argparse str type --- voms-admin-server/resources/scripts/configure/voms_configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index 2411d415..cd889f0d 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -532,7 +532,7 @@ def setup_cl_options(): ) registration_opt_group.add_argument( "--group-manager-role", - type="string", + type=str, dest="group_manager_role", help="Group manager role name. (default value: Group-Manager)", default="Group-Manager" From dd143b614810ee78355fb981b9cb4e9746b77254 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 15:59:35 +0000 Subject: [PATCH 08/17] Fix typo --- voms-admin-server/resources/scripts/configure/voms_configure.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index cd889f0d..29a0dcb4 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -567,7 +567,7 @@ def setup_cl_options(): "--preserve-aup-failing-members", action="store_true", dest="preserve_aup_failing_members", help="Do not suspend users that fail to sign the AUP in time.", - efault=False + default=False ) membership_opt_group.add_argument( "--disable-membership-end-time", From bc3f314a6a6fb9c87b20ad66e6b40d71c2473b20 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 16:33:57 +0000 Subject: [PATCH 09/17] Fix parse pom version --- voms-admin-server/resources/scripts/configure/voms_shared.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_shared.py b/voms-admin-server/resources/scripts/configure/voms_shared.py index b588a914..8a528a0e 100644 --- a/voms-admin-server/resources/scripts/configure/voms_shared.py +++ b/voms-admin-server/resources/scripts/configure/voms_shared.py @@ -73,7 +73,7 @@ def __voms_db_util_base_cmd(vo, command): def voms_version(): - if __voms_version__ == "${pom.version": + if __voms_version__ == "${pom.version}": return "unset" return __voms_version__ From e966125aa32305d854a352d00a45bb1b0f9d4899 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 16:34:32 +0000 Subject: [PATCH 10/17] Update usage prog string --- .../resources/scripts/configure/voms_configure.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index 29a0dcb4..f392f50e 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -42,18 +42,19 @@ MYSQL = "mysql" ORACLE = "oracle" -usage = """%prog command [options] +usage = """%(prog)s command [options] Commands: install: installs or reconfigures a VO upgrade: upgrades a VO remove: removes a VO """ + logger = None parser = argparse.ArgumentParser(usage=usage) parser.add_argument("--version", "-v", action="version", - version="%prog v. " + voms_version()) + version="%(prog)s v. " + voms_version()) commands = ["install", "upgrade", "remove"] HOST_CERT = "/etc/grid-security/hostcert.pem" From 4510603970bcfecc726ae0250c749116e2d3e2fc Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Tue, 8 Oct 2024 16:35:31 +0000 Subject: [PATCH 11/17] Fix command/option parsing --- .../scripts/configure/voms_configure.py | 208 +++++++++--------- 1 file changed, 99 insertions(+), 109 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index f392f50e..de00ed88 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -56,6 +56,7 @@ parser.add_argument("--version", "-v", action="version", version="%(prog)s v. " + voms_version()) commands = ["install", "upgrade", "remove"] +parser.add_argument("command", choices=commands, help=usage) HOST_CERT = "/etc/grid-security/hostcert.pem" HOST_KEY = "/etc/grid-security/hostkey.pem" @@ -92,12 +93,6 @@ def backup_dir_contents(d): os.rename(f, f"{f}_backup_{backup_date}") -def check_args_and_options(options, args): - if len(args) != 1 or args[0] not in commands: - error_and_exit( - "Please specify a single command among the following:\n\t%s" % "\n\t".join(commands)) - - def setup_cl_options(): # Base options parser.add_argument( @@ -130,8 +125,8 @@ def setup_cl_options(): parser.add_argument( "--hostname", dest="hostname", help="the VOMS services HOSTNAME", - metavar="HOSTNAME", default=socket.gethostname()) - + metavar="HOSTNAME", default=socket.gethostname() + ) # Certificate and trust anchors (used for both voms and voms-admin # services) parser.add_argument( @@ -159,7 +154,7 @@ def setup_cl_options(): "--trust-refresh-period", type=int, dest="trust_refresh_period", - help="How ofter CAs are refreshed from the filesystem (in seconds).", + help="How ofter CAs are refreshed from the filesystem (in seconds).", metavar="SECS", default=3600 ) @@ -169,7 +164,6 @@ def setup_cl_options(): action="store_true", help="Skips VOMS core configuration", default=False ) - parser.add_argument( "--skip-voms-admin", dest="skip_voms_admin", @@ -223,7 +217,8 @@ def setup_cl_options(): admin_opt_group.add_argument( "--admin-cert", dest="admin_cert", - help="Grants CERT full administrator privileges in the VO", metavar="CERT" + help="Grants CERT full administrator privileges in the VO", + metavar="CERT" ) admin_opt_group.add_argument( "--read-only", @@ -244,19 +239,22 @@ def setup_cl_options(): dest="admin_skip_ca_check", action="store_true", help="Skips the check on the certificate issuer when authenticating VOMS Admin clients", - default=False) - - admin_opt_group.add_argument("--disable-permission-cache", - dest="permission_cache_disable", - action="store_true", - help="Disables permission cache for the configured VO", - default="False") + default=False + ) + admin_opt_group.add_argument( + "--disable-permission-cache", + dest="permission_cache_disable", + action="store_true", + help="Disables permission cache for the configured VO", + default="False" + ) parser.add_argument_group(admin_opt_group) # DB options db_opt_group = parser.add_argument_group( - title="Database configuration options", description="These options configure VOMS database access") + title="Database configuration options", + description="These options configure VOMS database access") db_opt_group.add_argument( "--dbtype", dest="dbtype", @@ -292,8 +290,7 @@ def setup_cl_options(): dest="c3p0_acquire_increment", help="Sets the number of new connections that are acquired from the database connection pool is exausted.", metavar="NUM", - default=1 - ) + default=1) conn_pool_opt_group.add_argument( "--c3p0-idle-test-period", type=int, @@ -302,7 +299,6 @@ def setup_cl_options(): metavar="SEC", default=0 ) - conn_pool_opt_group.add_argument( "--c3p0-min-size", type=int, @@ -333,14 +329,12 @@ def setup_cl_options(): dest="c3p0_timeout", help="The time in seconds a connection in the pool can remain pooled but unused before being discarded.", metavar="SECS", - default=60 - ) + default=60) # MySQL specifics mysql_opt_group = parser.add_argument_group( title="MySQL-specific options", - description="These options are specific for MySQL database backend configuration" - ) + description="These options are specific for MySQL database backend configuration") mysql_opt_group.add_argument( "--createdb", dest="createdb", @@ -358,7 +352,8 @@ def setup_cl_options(): mysql_opt_group.add_argument( "--dbhost", dest="dbhost", - help="Sets the HOST where the MySQL database is running", metavar="HOST", + help="Sets the HOST where the MySQL database is running", + metavar="HOST", default="localhost" ) mysql_opt_group.add_argument( @@ -404,21 +399,18 @@ def setup_cl_options(): # ORACLE specifics oracle_opt_group = parser.add_argument_group( title="Oracle-specific options", - description="These options are specific for Oracle database backend configuration" - ) + description="These options are specific for Oracle database backend configuration") oracle_opt_group.add_argument( "--use-thin-driver", dest="use_thin_driver", action="store_true", help="Configures the Oracle database using the pure-java native driver", - default=False - ) + default=False) # VOMS core specifics voms_core_opt_group = parser.add_argument_group( title="VOMS core options", - description="These options drive the configuration of the VOMS core service." - ) + description="These options drive the configuration of the VOMS core service.") voms_core_opt_group.add_argument( "--core-port", dest="core_port", @@ -430,8 +422,7 @@ def setup_cl_options(): "--libdir", dest="libdir", help="the DIR where VOMS core will look for the database plugin modules.", - metavar="PORT" - ) + metavar="PORT") voms_core_opt_group.add_argument( "--logdir", dest="logdir", @@ -447,23 +438,21 @@ def setup_cl_options(): "--uri", dest="uri", help="Defines a non-standard the URI of the VOMS server included in the issued attribute certificates", - metavar="URI" - ) + metavar="URI") voms_core_opt_group.add_argument( "--timeout", dest="timeout", type=int, - help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", metavar="SECS", - default=86400 - ) + help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", + metavar="SECS", + default=86400) voms_core_opt_group.add_argument( "--socktimeout", dest="socktimeout", type=int, help="Sets the amount of time in seconds after which the server will drop an inactive connection. The default is 60 seconds", metavar="SECS", - default=60 - ) + default=60) voms_core_opt_group.add_argument( "--shortfqans", dest="shortfqans", action="store_true", @@ -475,21 +464,18 @@ def setup_cl_options(): dest="skip_ca_check", action="store_true", help="Configures VOMS to only consider a certificate subject when checking VO user membership", - default=False - ) + default=False) voms_core_opt_group.add_argument( "--max-reqs", type=int, dest="max_reqs", help="Sets the maximum number of concurrent request that the VOMS service can handle.", - default=50 - ) + default=50) # Registration service specifics registration_opt_group = parser.add_argument_group( title="Registration service options", - description="These options configure the VOMS Admin registration service" - ) + description="These options configure the VOMS Admin registration service") registration_opt_group.add_argument( "--disable-registration", dest="enable_registration", @@ -508,8 +494,7 @@ def setup_cl_options(): dest="aup_signature_grace_period", help="The time (in days) given to users to sign the AUP, after being notified, before being suspended.", metavar="DAYS", - default="15" - ) + default="15") registration_opt_group.add_argument( "--aup-reminders", dest="aup_reminders", @@ -539,19 +524,18 @@ def setup_cl_options(): default="Group-Manager" ) registration_opt_group.add_argument( - "--membership-request-lifetime", type=int, + "--membership-request-lifetime", + type=int, dest="membership_request_lifetime", help="Time (in seconds) that unconfirmed membership request are maintained in the VOMS database.", metavar="SECS", - default=604800 - ) + default=604800) registration_opt_group.add_argument( "--disable-membership-expired-requests-warnings", action="store_false", dest="membership_request_warn_when_expired", help="Disables email notifications when unconfirmed membership requests are removed from the voms database.", - default=True - ) + default=True) # Membership checks configuration membership_opt_group = parser.add_argument_group( @@ -573,9 +557,9 @@ def setup_cl_options(): membership_opt_group.add_argument( "--disable-membership-end-time", action="store_true", - dest="disable_membership_end_time", help="Disable membership end time checks completely.", - default=False - ) + dest="disable_membership_end_time", + help="Disable membership end time checks completely.", + default=False) membership_opt_group.add_argument( "--disable-membership-expiration-warnings", action="store_true", @@ -585,45 +569,44 @@ def setup_cl_options(): ) membership_opt_group.add_argument( "--membership-default-lifetime", - type=int, dest="membership_default_lifetime", - help="Default VO membership lifetime duration (in months).", metavar="MONTHS", default=12 - ) + type=int, + dest="membership_default_lifetime", + help="Default VO membership lifetime duration (in months).", + metavar="MONTHS", + default=12) membership_opt_group.add_argument( "--membership-check-period", - type=int, dest="membership_check_period", - help="The membership check background thread period (in seconds)", metavar="SECS", - default=600 - ) + type=int, + dest="membership_check_period", + help="The membership check background thread period (in seconds)", + metavar="SECS", + default=600) membership_opt_group.add_argument( "--membership-expiration-warning-period", type=int, dest="membership_expiration_warning_period", help="Warning period duration (in days). VOMS Admin will notify of users about to expire in the next number of days expressed by this configuration option.", metavar="DAYS", - default=30 - ) + default=30) membership_opt_group.add_argument( "--membership-expiration-grace-period", type=int, dest="membership_expiration_grace_period", help="Membership expiration grace period (in days). In the grace period user will be maintained active even if membership has expired.", metavar="DAYS", - default=7 - ) + default=7) membership_opt_group.add_argument( "--membership-notification-resend-period", type=int, dest="membership_notification_resend_period", help="Time (in days) that should pass between consecutive warning expiration messages sent to VO administrators to inform about expired and expiring VO members.", metavar="DAYS", - default=1 - ) + default=1) saml_opt_group = parser.add_argument_group( title="SAML Attribute Authority options", - description="These options configure the VOMS SAML attribute authority service" - ) + description="These options configure the VOMS SAML attribute authority service") saml_opt_group.add_argument( "--enable-saml", dest="enable_saml", @@ -634,9 +617,9 @@ def setup_cl_options(): "--saml-lifetime", dest="saml_lifetime", type=int, - help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", metavar="SECS", - default=86400 - ) + help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", + metavar="SECS", + default=86400) saml_opt_group.add_argument( "--disable-compulsory-group-membership", action="store_false", @@ -647,8 +630,7 @@ def setup_cl_options(): x509aa_opt_group = parser.add_argument_group( title="X.509 AC Attribute Authority options", - description="These options configure the VOMS X.509 attribute authority service" - ) + description="These options configure the VOMS X.509 attribute authority service") x509aa_opt_group.add_argument( "--enable-x509-aa", dest="enable_x509_aa", action="store_true", @@ -665,23 +647,21 @@ def setup_cl_options(): ) x509aa_opt_group.add_argument( "--ac-validity", - dest="ac_validity", type=int, + dest="ac_validity", + type=int, help="Defines the maximum validity (in hours) for the attribute certificates issued by this VOMS server. The default is 12 hours", metavar="HOURS", - default=24 - ) + default=24) x509aa_opt_group.add_argument( "--disable-legacy-fqan-encoding", dest="legacy_fqan_encoding", action="store_false", help="FQANs will be encoded in issued ACs following the old, deprecated format (i.e. the one including Role=NULL/Capability=NULL).", - default=True - ) + default=True) notification_opt_group = parser.add_argument_group( title="Notification service options", - description="These options configure the VOMS Admin notification service" - ) + description="These options configure the VOMS Admin notification service") notification_opt_group.add_argument( "--mail-from", dest="mail_from", @@ -722,8 +702,7 @@ def setup_cl_options(): other_opt_group = parser.add_argument_group( title="Other fancy options", - description="Configuration options that do not fall in the other categories" - ) + description="Configuration options that do not fall in the other categories") other_opt_group.add_argument( "--disable-conf-backup", dest="enable_conf_backup", @@ -737,16 +716,14 @@ def setup_cl_options(): dest="mkgridmap_translate_email", action="store_true", help="Generate gridmapfiles containing the email part of user certificate subject as emailAddress besides the Email format used by default.", - default=False - ) + default=False) other_opt_group.add_argument( "--csrf-log-only", action="store_true", dest="csrf_log_only", help="When this option is set, CSRF requests are not blocked but logged. Don't set this option for maximum security", - default=False - ) + default=False) def configure_logging(options): @@ -790,7 +767,8 @@ def option_name_from_var(var_name): if len(missing_opts) > 0: error_and_exit( - "Please set the following required options:\n\t{}".format('\n\t'.join(missing_opts))) + "Please set the following required options:\n\t{}".format( + '\n\t'.join(missing_opts))) def check_install_options(options): @@ -854,7 +832,9 @@ def config_owner_ids(options): def create_voms_service_certificate(options): if os.geteuid() == 0 and not options.dry_run: logger.info( - "Creating VOMS services certificate in %s, %s", VOMS_CERT, VOMS_KEY) + "Creating VOMS services certificate in %s, %s", + VOMS_CERT, + VOMS_KEY) shutil.copy(HOST_CERT, VOMS_CERT) shutil.copy(HOST_KEY, VOMS_KEY) @@ -984,7 +964,6 @@ def create_vomses(options): vomses = f'"{options.vo}" "{options.hostname}" "{vomses_port}" ' \ f'"{cert.subject}" "{options.vo}"\n' - logger.debug("VOMSES configuration: %s", vomses) if not options.dry_run: write_and_set_permissions(options, @@ -1092,7 +1071,8 @@ def create_voms_conf(options): def create_core_configuration(options): if os.path.exists(core_conf_dir(options.vo)): logger.info( - "VOMS core service configuration for VO %s already exists.", options.vo) + "VOMS core service configuration for VO %s already exists.", + options.vo) if not options.dry_run and options.enable_conf_backup: backup_dir_contents(core_conf_dir(options.vo)) else: @@ -1168,8 +1148,12 @@ def deploy_database(options): "Error deploying VOMS database!") logger.info( "Adding VO administrator reading information from %s", options.cert) - execute_cmd(voms_add_admin_cmd(options.vo, options.cert, - ignore_email=True), "Error adding VO administrator!") + execute_cmd( + voms_add_admin_cmd( + options.vo, + options.cert, + ignore_email=True), + "Error adding VO administrator!") if options.read_only_auth_clients: logger.info( @@ -1179,7 +1163,8 @@ def deploy_database(options): if options.admin_cert: logger.info( - "Adding VO administrator reading information from %s", options.admin_cert) + "Adding VO administrator reading information from %s", + options.admin_cert) execute_cmd(voms_add_admin_cmd(options.vo, options.admin_cert), "Error adding VO administrator!") @@ -1222,7 +1207,8 @@ def upgrade_database(options): def undeploy_database(options): logger.warning( - "Undeploying database for VO %s. The database contents will be lost.", options.vo) + "Undeploying database for VO %s. The database contents will be lost.", + options.vo) if options.dbtype == MYSQL and options.dropdb: execute_cmd(mysql_util_cmd("drop_db", options), f"Error dropping MySQL database for VO {options.vo}!") @@ -1248,7 +1234,8 @@ def do_remove(options): if not options.skip_voms_admin: if not os.path.exists(admin_conf_dir(options.vo)): logger.error( - "The VOMS Admin service for VO %s is not configured on this host.", options.vo) + "The VOMS Admin service for VO %s is not configured on this host.", + options.vo) else: if options.undeploy_database: if not options.skip_database: @@ -1263,7 +1250,8 @@ def do_remove(options): if not options.skip_voms_core: if not os.path.exists(core_conf_dir(options.vo)): logger.error( - "The VOMS core service for VO %s is not configured on this host.", options.vo) + "The VOMS core service for VO %s is not configured on this host.", + options.vo) else: logger.info("Removing VOMS core service configuration") remove_dir_and_contents(core_conf_dir(options.vo)) @@ -1275,7 +1263,8 @@ def do_upgrade(options): if not os.path.exists(admin_conf_dir(options.vo)): logger.error( - "The VOMS Admin service for VO %s is not configured on this host.", options.vo) + "The VOMS Admin service for VO %s is not configured on this host.", + options.vo) else: logger.info("Upgrading database for VO %s to the latest version.", options.vo) @@ -1290,18 +1279,19 @@ def error_and_exit(msg): def main(): setup_cl_options() - (options, args) = parser.parse_args() - configure_logging(options) - check_args_and_options(options, args) - command = args[0] + args = parser.parse_args() + + configure_logging(args) + + command = args.command try: if command == "install": - do_install(options) + do_install(args) elif command == "remove": - do_remove(options) + do_remove(args) elif command == "upgrade": - do_upgrade(options) + do_upgrade(args) except SystemExit as e: sys.exit(e) except Exception as e: From 879b36e9b163d18e13af989b2084ab1d90e6b955 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Wed, 9 Oct 2024 08:46:36 +0000 Subject: [PATCH 12/17] Fix missing space in openssl command --- voms-admin-server/resources/scripts/configure/voms_shared.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_shared.py b/voms-admin-server/resources/scripts/configure/voms_shared.py index 8a528a0e..d93cc24e 100644 --- a/voms-admin-server/resources/scripts/configure/voms_shared.py +++ b/voms-admin-server/resources/scripts/configure/voms_shared.py @@ -249,7 +249,7 @@ def __init__(self, filename, openssl_cmd=None): def parse(self): openssl = self.openssl_cmd if self.openssl_cmd else 'openssl' - base_cmd = f"{openssl} x509 -in '{self.filename}' -noout" + base_cmd = f"{openssl} x509 -in '{self.filename}' -noout " status, subject = subprocess.getstatusoutput(f"{base_cmd}-subject") if status: From 850c6272a22e306a416436d48ef63f6f3fb55f0b Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Wed, 9 Oct 2024 08:47:06 +0000 Subject: [PATCH 13/17] Fix argparse usage --- .../scripts/configure/voms_db_util.py | 26 ++++++++----------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_db_util.py b/voms-admin-server/resources/scripts/configure/voms_db_util.py index 04197502..f720ce6c 100644 --- a/voms-admin-server/resources/scripts/configure/voms_db_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_db_util.py @@ -24,7 +24,7 @@ import argparse from voms_shared import VOMSDefaults, X509Helper, get_oracle_env -usage = """%prog [options] command +usage = """%(prog)s [options] command Commands: check-connectivity: checks database connection @@ -43,6 +43,8 @@ commands = ["deploy", "undeploy", "upgrade", "check-connectivity", "grant-read-only-access", "add-admin", "remove-admin"] +parser.add_argument("command", choices=commands) + def setup_cl_options(): parser.add_argument( @@ -155,17 +157,11 @@ def do_remove_admin(options): sys.exit(os.WEXITSTATUS(status)) -def check_args_and_options(options, args): - if len(args) != 1 or args[0] not in commands: - error_and_exit( - "Please specify a single command among the following:\n\t%s" % - "\n\t".join(commands)) - +def check_args(options): if not options.vo: error_and_exit("Please specify a VO with the --vo option.") - if args[0] in ("add-admin", "remove-admin"): - + if options.command in ("add-admin", "remove-admin"): if (not options.admin_dn or not options.admin_ca) and not options.admin_cert: error_and_exit( "Please specify an administrator either providing a certificate" @@ -183,17 +179,17 @@ def check_args_and_options(options, args): def main(): setup_cl_options() - (options, args) = parser.parse_args() - check_args_and_options(options, args) + args = parser.parse_args() + check_args(args) - command = args[0] + command = args.command if command == "add-admin": - do_add_admin(options) + do_add_admin(args) elif command == "remove-admin": - do_remove_admin(options) + do_remove_admin(args) else: - do_basic_command(options, command) + do_basic_command(args, command) if __name__ == '__main__': From 2d5a87592145b2723e42b6030fc5b8346f650c11 Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Wed, 9 Oct 2024 08:52:36 +0000 Subject: [PATCH 14/17] Fix argparse usage --- .../scripts/configure/voms_mysql_util.py | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py index 88b23610..6ddba72a 100644 --- a/voms-admin-server/resources/scripts/configure/voms_mysql_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_mysql_util.py @@ -24,7 +24,7 @@ import re import socket -usage = """%prog [options] command +usage = """%(prog)s [options] command Commands: create_db: creates a MySQL database and read/write grants for the VOMS service @@ -272,14 +272,8 @@ def check_mysql_command(options): " Check your MySQL client installation.") -def check_args_and_options(options, args): - if len(args) != 1 or args[0] not in supported_commands.keys(): - str_commands = '\n\t'.join(supported_commands.keys()) - error_and_exit("Please specify a single command among the following:" - f"\n\t{str_commands}") - +def check_args(options): missing_options = [] - if not options.username: missing_options.append("--dbusername") if not options.password: @@ -295,11 +289,12 @@ def check_args_and_options(options, args): def main(): setup_cl_options() - (options, args) = parser.parse_args() - check_args_and_options(options, args) - check_mysql_command(options) - - supported_commands[args[0]](options) + parser.add_argument("command", choices=supported_commands.keys(), help=usage) + args = parser.parse_args() + check_args(args) + check_mysql_command(args) + command = args.command + supported_commands[command](args) if __name__ == '__main__': From 324e5e8e038757c8dd7afa41af431bd70e71e80c Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Wed, 9 Oct 2024 09:04:23 +0000 Subject: [PATCH 15/17] Remove old argument group association --- voms-admin-server/resources/scripts/configure/voms_configure.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index de00ed88..370858a8 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -249,8 +249,6 @@ def setup_cl_options(): default="False" ) - parser.add_argument_group(admin_opt_group) - # DB options db_opt_group = parser.add_argument_group( title="Database configuration options", From 97e245e22f70e53881f21b706929681cba4f3e2a Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Wed, 9 Oct 2024 09:06:09 +0000 Subject: [PATCH 16/17] Code reformat --- .../scripts/configure/voms_configure.py | 168 ++++++++++++------ .../scripts/configure/voms_db_util.py | 2 - 2 files changed, 109 insertions(+), 61 deletions(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_configure.py b/voms-admin-server/resources/scripts/configure/voms_configure.py index 370858a8..db3943fa 100644 --- a/voms-admin-server/resources/scripts/configure/voms_configure.py +++ b/voms-admin-server/resources/scripts/configure/voms_configure.py @@ -66,7 +66,6 @@ def execute_cmd(cmd, error_msg=None): - status = os.system(cmd) if status != 0: @@ -204,7 +203,8 @@ def setup_cl_options(): # Admin service options admin_opt_group = parser.add_argument_group( title="VOMS admin options", - description="These options drive the basic configuration of the VOMS admin service." + description="These options drive the basic configuration of the VOMS " + "admin service." ) admin_opt_group.add_argument( "--admin-port", @@ -238,7 +238,8 @@ def setup_cl_options(): "--admin-skip-ca-check", dest="admin_skip_ca_check", action="store_true", - help="Skips the check on the certificate issuer when authenticating VOMS Admin clients", + help="Skips the check on the certificate issuer when authenticating " + "VOMS Admin clients", default=False ) admin_opt_group.add_argument( @@ -280,15 +281,18 @@ def setup_cl_options(): # Connection pool options conn_pool_opt_group = parser.add_argument_group( title="Database connection pool options", - description="These options configure the voms admin service database connection pool" + description="These options configure the voms admin service database " + "connection pool" ) conn_pool_opt_group.add_argument( "--c3p0-acquire-increment", type=int, dest="c3p0_acquire_increment", - help="Sets the number of new connections that are acquired from the database connection pool is exausted.", + help="Sets the number of new connections that are acquired from the " + "database connection pool is exausted.", metavar="NUM", - default=1) + default=1 + ) conn_pool_opt_group.add_argument( "--c3p0-idle-test-period", type=int, @@ -325,14 +329,18 @@ def setup_cl_options(): "--c3p0-timeout", type=int, dest="c3p0_timeout", - help="The time in seconds a connection in the pool can remain pooled but unused before being discarded.", + help="The time in seconds a connection in the pool can remain pooled " + "but unused before being discarded.", metavar="SECS", - default=60) + default=60 + ) # MySQL specifics mysql_opt_group = parser.add_argument_group( title="MySQL-specific options", - description="These options are specific for MySQL database backend configuration") + description="These options are specific for MySQL database backend " + "configuration" + ) mysql_opt_group.add_argument( "--createdb", dest="createdb", @@ -397,18 +405,23 @@ def setup_cl_options(): # ORACLE specifics oracle_opt_group = parser.add_argument_group( title="Oracle-specific options", - description="These options are specific for Oracle database backend configuration") + description="These options are specific for Oracle database backend " + "configuration" + ) oracle_opt_group.add_argument( "--use-thin-driver", dest="use_thin_driver", action="store_true", help="Configures the Oracle database using the pure-java native driver", - default=False) + default=False + ) # VOMS core specifics voms_core_opt_group = parser.add_argument_group( title="VOMS core options", - description="These options drive the configuration of the VOMS core service.") + description="These options drive the configuration of the VOMS core " + "service." + ) voms_core_opt_group.add_argument( "--core-port", dest="core_port", @@ -420,7 +433,8 @@ def setup_cl_options(): "--libdir", dest="libdir", help="the DIR where VOMS core will look for the database plugin modules.", - metavar="PORT") + metavar="PORT" + ) voms_core_opt_group.add_argument( "--logdir", dest="logdir", @@ -435,20 +449,25 @@ def setup_cl_options(): voms_core_opt_group.add_argument( "--uri", dest="uri", - help="Defines a non-standard the URI of the VOMS server included in the issued attribute certificates", - metavar="URI") + help="Defines a non-standard the URI of the VOMS server included in " + "the issued attribute certificates", + metavar="URI" + ) voms_core_opt_group.add_argument( "--timeout", dest="timeout", type=int, - help="Defines the validity of the AC issued by the VOMS server in seconds. The default is 24 hours (86400)", + help="Defines the validity of the AC issued by the VOMS server in " + "seconds. The default is 24 hours (86400)", metavar="SECS", - default=86400) + default=86400 + ) voms_core_opt_group.add_argument( "--socktimeout", dest="socktimeout", type=int, - help="Sets the amount of time in seconds after which the server will drop an inactive connection. The default is 60 seconds", + help="Sets the amount of time in seconds after which the server will " + "drop an inactive connection. The default is 60 seconds", metavar="SECS", default=60) voms_core_opt_group.add_argument( @@ -461,19 +480,25 @@ def setup_cl_options(): "--skip-ca-check", dest="skip_ca_check", action="store_true", - help="Configures VOMS to only consider a certificate subject when checking VO user membership", - default=False) + help="Configures VOMS to only consider a certificate subject when " + "checking VO user membership", + default=False + ) voms_core_opt_group.add_argument( "--max-reqs", type=int, dest="max_reqs", - help="Sets the maximum number of concurrent request that the VOMS service can handle.", - default=50) + help="Sets the maximum number of concurrent request that the VOMS " + "service can handle.", + default=50 + ) # Registration service specifics registration_opt_group = parser.add_argument_group( title="Registration service options", - description="These options configure the VOMS Admin registration service") + description="These options configure the VOMS Admin registration " + "service" + ) registration_opt_group.add_argument( "--disable-registration", dest="enable_registration", @@ -490,17 +515,19 @@ def setup_cl_options(): "--aup-signature-grace-period", type=int, dest="aup_signature_grace_period", - help="The time (in days) given to users to sign the AUP, after being notified, before being suspended.", + help="The time (in days) given to users to sign the AUP, after being " + "notified, before being suspended.", metavar="DAYS", default="15") registration_opt_group.add_argument( "--aup-reminders", dest="aup_reminders", - help="Comma-separated list of instants (in days) before the end of AUP grace period when reminders must be sent to users that need to sign the AUP.", + help="Comma-separated list of instants (in days) before the end of AUP " + "grace period when reminders must be sent to users that need to sign " + "the AUP.", metavar="DAYS", default="7,3,1" ) - registration_opt_group.add_argument( "--enable-attribute-requests", dest="enable_attribute_requests", action="store_true", @@ -525,15 +552,19 @@ def setup_cl_options(): "--membership-request-lifetime", type=int, dest="membership_request_lifetime", - help="Time (in seconds) that unconfirmed membership request are maintained in the VOMS database.", + help="Time (in seconds) that unconfirmed membership request are " + "maintained in the VOMS database.", metavar="SECS", - default=604800) + default=604800 + ) registration_opt_group.add_argument( "--disable-membership-expired-requests-warnings", action="store_false", dest="membership_request_warn_when_expired", - help="Disables email notifications when unconfirmed membership requests are removed from the voms database.", - default=True) + help="Disables email notifications when unconfirmed membership requests" + " are removed from the voms database.", + default=True + ) # Membership checks configuration membership_opt_group = parser.add_argument_group( @@ -571,37 +602,43 @@ def setup_cl_options(): dest="membership_default_lifetime", help="Default VO membership lifetime duration (in months).", metavar="MONTHS", - default=12) - + default=12 + ) membership_opt_group.add_argument( "--membership-check-period", type=int, dest="membership_check_period", help="The membership check background thread period (in seconds)", metavar="SECS", - default=600) + default=600 + ) membership_opt_group.add_argument( "--membership-expiration-warning-period", type=int, dest="membership_expiration_warning_period", - help="Warning period duration (in days). VOMS Admin will notify of users about to expire in the next number of days expressed by this configuration option.", + help="Warning period duration (in days). VOMS Admin will notify of " + "users about to expire in the next number of days expressed by this " + "configuration option.", metavar="DAYS", default=30) membership_opt_group.add_argument( "--membership-expiration-grace-period", type=int, dest="membership_expiration_grace_period", - help="Membership expiration grace period (in days). In the grace period user will be maintained active even if membership has expired.", + help="Membership expiration grace period (in days). In the grace period" + " user will be maintained active even if membership has expired.", metavar="DAYS", default=7) membership_opt_group.add_argument( "--membership-notification-resend-period", type=int, dest="membership_notification_resend_period", - help="Time (in days) that should pass between consecutive warning expiration messages sent to VO administrators to inform about expired and expiring VO members.", + help="Time (in days) that should pass between consecutive warning " + "expiration messages sent to VO administrators to inform about expired " + "and expiring VO members.", metavar="DAYS", - default=1) - + default=1 + ) saml_opt_group = parser.add_argument_group( title="SAML Attribute Authority options", description="These options configure the VOMS SAML attribute authority service") @@ -615,7 +652,8 @@ def setup_cl_options(): "--saml-lifetime", dest="saml_lifetime", type=int, - help="Defines the maximum validity of the SAML assertions issued by the VOMS SAML server in seconds. The default is 24 hours (86400)", + help="Defines the maximum validity of the SAML assertions issued by " + "the VOMS SAML server in seconds. The default is 24 hours (86400)", metavar="SECS", default=86400) saml_opt_group.add_argument( @@ -628,7 +666,9 @@ def setup_cl_options(): x509aa_opt_group = parser.add_argument_group( title="X.509 AC Attribute Authority options", - description="These options configure the VOMS X.509 attribute authority service") + description="These options configure the VOMS X.509 attribute " + "authority service" + ) x509aa_opt_group.add_argument( "--enable-x509-aa", dest="enable_x509_aa", action="store_true", @@ -647,19 +687,23 @@ def setup_cl_options(): "--ac-validity", dest="ac_validity", type=int, - help="Defines the maximum validity (in hours) for the attribute certificates issued by this VOMS server. The default is 12 hours", + help="Defines the maximum validity (in hours) for the attribute " + "certificates issued by this VOMS server. The default is 12 hours", metavar="HOURS", default=24) x509aa_opt_group.add_argument( "--disable-legacy-fqan-encoding", dest="legacy_fqan_encoding", action="store_false", - help="FQANs will be encoded in issued ACs following the old, deprecated format (i.e. the one including Role=NULL/Capability=NULL).", + help="FQANs will be encoded in issued ACs following the old, " + "deprecated format (i.e. the one including Role=NULL/Capability=NULL).", default=True) notification_opt_group = parser.add_argument_group( title="Notification service options", - description="These options configure the VOMS Admin notification service") + description="These options configure the VOMS Admin notification " + "service" + ) notification_opt_group.add_argument( "--mail-from", dest="mail_from", @@ -700,7 +744,9 @@ def setup_cl_options(): other_opt_group = parser.add_argument_group( title="Other fancy options", - description="Configuration options that do not fall in the other categories") + description="Configuration options that do not fall in the other " + "categories" + ) other_opt_group.add_argument( "--disable-conf-backup", dest="enable_conf_backup", @@ -713,20 +759,24 @@ def setup_cl_options(): "--mkgridmap-translate-email", dest="mkgridmap_translate_email", action="store_true", - help="Generate gridmapfiles containing the email part of user certificate subject as emailAddress besides the Email format used by default.", + help="Generate gridmapfiles containing the email part of user " + "certificate subject as emailAddress besides the Email format used " + "by default.", default=False) other_opt_group.add_argument( "--csrf-log-only", action="store_true", dest="csrf_log_only", - help="When this option is set, CSRF requests are not blocked but logged. Don't set this option for maximum security", + help="When this option is set, CSRF requests are not blocked but " + "logged. Don't set this option for maximum security", default=False) def configure_logging(options): """ - Configures logging so that debug and info messages are routed to stdout and higher level messages are to stderr. + Configures logging so that debug and info messages are routed to stdout and + higher level messages are to stderr. Debug messages are shown only if verbose option is set """ class InfoAndBelowLoggingFilter(logging.Filter): @@ -776,7 +826,8 @@ def check_install_options(options): if options.skip_voms_core and options.skip_voms_admin: error_and_exit( - "There's not much to do if --skip-voms-core and --skip-voms-admin are both set!") + "There's not much to do if --skip-voms-core and --skip-voms-admin " + "are both set!") required_opts = ["vo", "dbusername", "dbpassword"] @@ -823,8 +874,8 @@ def config_owner_ids(options): logger.warning("User %sis not configured on this system.", options.config_owner) if os.geteuid() == 0: - error_and_exit( - f"User {options.config_owner} is not configured on this system.") + error_and_exit(f"User {options.config_owner} is not configured on " + "this system.") def create_voms_service_certificate(options): @@ -1118,8 +1169,8 @@ def setup_defaults(options): if options.createdb or options.dropdb: if not options.dbapwd: - error_and_exit( - "Please set at least the --dbapwd option when attempting MySQL schema creation/removal.") + error_and_exit("Please set at least the --dbapwd option when " + "attempting MySQL schema creation / removal.") def setup_admin_defaults(options): @@ -1131,8 +1182,8 @@ def setup_admin_defaults(options): def create_mysql_db(options): createdb_cmd = mysql_util_cmd("create_db", options) if not options.dbapwd or len(options.dbapwd) == 0: - logger.warning( - "WARNING: No password has been specified for the mysql root account.") + logger.warning("WARNING: No password has been specified for the mysql " + "root account.") execute_cmd(createdb_cmd, "Error creating MySQL database schema.") @@ -1239,17 +1290,16 @@ def do_remove(options): if not options.skip_database: undeploy_database(options) else: - logger.warning( - "Database will not be dropped since --skip-database option is set.") + logger.warning("Database will not be dropped since " + "--skip-database option is set.") logger.info("Removing VOMS Admin service configuration") remove_dir_and_contents(admin_conf_dir(options.vo)) if not options.skip_voms_core: if not os.path.exists(core_conf_dir(options.vo)): - logger.error( - "The VOMS core service for VO %s is not configured on this host.", - options.vo) + logger.error("The VOMS core service for VO %s is not configured on " + "this host.", options.vo) else: logger.info("Removing VOMS core service configuration") remove_dir_and_contents(core_conf_dir(options.vo)) diff --git a/voms-admin-server/resources/scripts/configure/voms_db_util.py b/voms-admin-server/resources/scripts/configure/voms_db_util.py index f720ce6c..d7df68d1 100644 --- a/voms-admin-server/resources/scripts/configure/voms_db_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_db_util.py @@ -75,7 +75,6 @@ def setup_cl_options(): help="the x.509 CERTIFICATE of the administrator being created", metavar="CERTIFICATE" ) - parser.add_argument( "--ignore-cert-email", dest="admin_ignore_cert_email", @@ -90,7 +89,6 @@ def error_and_exit(msg): def build_classpath(): - jars = VOMSDefaults.voms_admin_libs if len(jars) == 0: From c14b7bed9af6f322524b8fb8cde7a8a0bd4fa65f Mon Sep 17 00:00:00 2001 From: Jacopo Gasparetto Date: Mon, 11 Nov 2024 16:44:00 +0100 Subject: [PATCH 17/17] Fix python3 shebang --- voms-admin-server/resources/scripts/configure/voms_db_util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/voms-admin-server/resources/scripts/configure/voms_db_util.py b/voms-admin-server/resources/scripts/configure/voms_db_util.py index d7df68d1..81fde6fd 100644 --- a/voms-admin-server/resources/scripts/configure/voms_db_util.py +++ b/voms-admin-server/resources/scripts/configure/voms_db_util.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python3 # # Copyright (c) Members of the EGEE Collaboration. 2006-2009. # See http://www.eu-egee.org/partners/ for details on the copyright holders.