Skip to content

Commit

Permalink
sweep: #7913 Add option to include proxy on AREX token submission
Browse files Browse the repository at this point in the history
  • Loading branch information
sfayer committed Nov 29, 2024
1 parent f48deae commit 604608c
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions src/DIRAC/Resources/Computing/AREXComputingElement.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@
The XRSLExtraString note about times also applies to this configuration option.
AlwaysIncludeProxy:
A boolean, set to true to include the proxy in job submission even
in cases where tokens are the primary authentication method.
(Recommended for ARC6 tokens, deprecated for ARC7)
**Code Documentation**
"""

Expand Down Expand Up @@ -115,6 +120,8 @@ def __init__(self, ceUniqueID):
}
# URL used to communicate with the REST interface
self.base_url = ""
# A flag to always include a proxy, even if a token is the primary auth method
self.alwaysIncludeProxy = False

#############################################################################

Expand Down Expand Up @@ -149,6 +156,10 @@ def _reset(self):
service_url = os.path.join("https://", f"{self.ceName}:{self.port}")
self.base_url = os.path.join(service_url, "arex", "rest", self.restVersion)

self.alwaysIncludeProxy = False
if self.ceParameters.get("AlwaysIncludeProxy", "false").lower() in ("true", "yes"):
self.alwaysIncludeProxy = True

# Set up the request framework
self.session = requests.Session()
self.session.verify = Locations.getCAsLocation()
Expand Down Expand Up @@ -247,13 +258,16 @@ def _checkSession(self):
if not (self.token or self.proxy):
self.log.error("Proxy or token not set")
return S_ERROR("Proxy or token not set")
if not self.proxy and self.alwaysIncludeProxy:
self.log.error("Proxy required but not set")
return S_ERROR("Proxy required but not set")

# If a token is set, we use it
if self.token:
# Attach the token to the headers if present
self.headers["Authorization"] = f"Bearer {self.token['access_token']}"
self.log.verbose("A token is attached to the header of the request(s)")
else:
if not self.token or self.alwaysIncludeProxy:
# Prepare the proxy in X509_USER_PROXY
if not (result := self._prepareProxy())["OK"]:
self.log.error("Failed to set up proxy", result["Message"])
Expand Down Expand Up @@ -573,7 +587,7 @@ def submitJob(self, executableFile, proxy, numberOfJobs=1, inputs=None, outputs=

# Delegation cannot be used with a token
delegation = ""
if not self.token:
if not self.token or self.alwaysIncludeProxy:
# Get existing delegations
result = self._getDelegationIDs()
if not result["OK"]:
Expand Down Expand Up @@ -918,7 +932,7 @@ def getJobStatus(self, jobIDList):
self.log.debug(f"Killing held job {jobReference}")

# Renew delegations to renew the proxies of the jobs
if not self.token:
if not self.token or self.alwaysIncludeProxy:
result = self._getDelegationIDs()
if not result["OK"]:
return result
Expand Down

0 comments on commit 604608c

Please sign in to comment.