Merge pull request #7409 from chrisburr/diracx-proxies

[9.0] Include DiracX token in more places
DIRACGrid · Jan 22, 2024 · 4a2bbd5 · 4a2bbd5
2 parents 10d5241 + 166d177
commit 4a2bbd5
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/src/DIRAC/Core/Security/DiracX.py b/src/DIRAC/Core/Security/DiracX.py
@@ -19,7 +19,7 @@
 from diracx.core.preferences import DiracxPreferences
 from diracx.core.utils import serialize_credentials
 
-from DIRAC import gConfig, S_ERROR
+from DIRAC import gConfig, gLogger
 from DIRAC.ConfigurationSystem.Client.Helpers import Registry
 from DIRAC.Core.Security.Locations import getDefaultProxyLocation
 from DIRAC.Core.Utilities.ReturnValues import convertToReturnValue, returnValueOrRaise
@@ -35,6 +35,8 @@ def addTokenToPEM(pemPath, group):
     from DIRAC.Core.Base.Client import Client
 
     vo = Registry.getVOMSVOForGroup(group)
+    if not vo:
+        gLogger.error(f"ERROR: Could not find VO for group {group}, DiracX will not work!")
     disabledVOs = gConfig.getValue("/DiracX/DisabledVOs", [])
     if vo and vo not in disabledVOs:
         token_content = returnValueOrRaise(

diff --git a/src/DIRAC/Core/Security/ProxyFile.py b/src/DIRAC/Core/Security/ProxyFile.py
@@ -6,6 +6,7 @@
 
 from DIRAC import S_OK, S_ERROR
 from DIRAC.Core.Utilities import DErrno
+from DIRAC.Core.Security.DiracX import addTokenToPEM
 from DIRAC.Core.Security.X509Chain import X509Chain  # pylint: disable=import-error
 from DIRAC.Core.Security.Locations import getProxyLocation
 
@@ -17,6 +18,7 @@ def writeToProxyFile(proxyContents, fileName=False):
       - proxyContents : string object to dump to file
       - fileName : filename to dump to
     """
+    # Write the X509 proxy to a file
     if not fileName:
         try:
             fd, proxyLocation = tempfile.mkstemp()
@@ -29,10 +31,25 @@ def writeToProxyFile(proxyContents, fileName=False):
             fd.write(proxyContents)
     except Exception as e:
         return S_ERROR(DErrno.EWF, f" {fileName}: {repr(e).replace(',)', ')')}")
+
+    # Set file permissions
     try:
         os.chmod(fileName, stat.S_IRUSR | stat.S_IWUSR)
     except Exception as e:
         return S_ERROR(DErrno.ESPF, f"{fileName}: {repr(e).replace(',)', ')')}")
+
+    # Add DiracX token to the file
+    proxy = X509Chain()
+    retVal = proxy.loadProxyFromFile(fileName)
+    if not retVal["OK"]:
+        return S_ERROR(DErrno.EPROXYREAD, f"ProxyLocation: {fileName}")
+    retVal = proxy.getDIRACGroup(ignoreDefault=True)
+    if not retVal["OK"]:
+        return S_ERROR(DErrno.EPROXYREAD, f"No DIRAC group found in proxy: {fileName}")
+    retVal = addTokenToPEM(fileName, retVal["Value"])  # pylint: disable=unsubscriptable-object
+    if not retVal["OK"]:  # pylint: disable=unsubscriptable-object
+        return retVal
+
     return S_OK(fileName)
 
 

diff --git a/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py b/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py
@@ -418,6 +418,7 @@ def export_exchangeProxyForToken(self):
             credDict["username"],
             credDict["group"],
             set(credDict.get("groupProperties", []) + credDict.get("properties", [])),
+            expires_minutes=credDict["secondsLeft"] // 60 + 1,
         )