From f930eabbd8442faf9ca3590d5237221e00dca2ff Mon Sep 17 00:00:00 2001 From: aldbr Date: Tue, 19 Sep 2023 09:53:34 +0200 Subject: [PATCH] feat: submitting pilots with tokens in a multiVO setup --- .../WorkloadManagementSystem/Agent/SiteDirector.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py b/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py index cf8acb9b1f2..0c8d55fe660 100644 --- a/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py +++ b/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py @@ -31,6 +31,7 @@ from DIRAC.MonitoringSystem.Client.MonitoringReporter import MonitoringReporter from DIRAC.ResourceStatusSystem.Client.ResourceStatus import ResourceStatus from DIRAC.ResourceStatusSystem.Client.SiteStatus import SiteStatus +from DIRAC.Resources.Computing.ComputingElement import ComputingElement from DIRAC.WorkloadManagementSystem.Client import PilotStatus from DIRAC.WorkloadManagementSystem.Client.PilotScopes import PILOT_SCOPES @@ -446,7 +447,7 @@ def submitPilots(self): ce.setProxy(proxy, lifetime_secs) # Get valid token if needed - if "Token" in ce.ceParameters.get("Tag", []): + if self.__supportToken(ce): result = self.__getPilotToken(audience=ce.audienceName) if not result["OK"]: return result @@ -467,6 +468,14 @@ def submitPilots(self): return S_OK() + def __supportToken(self, ce: ComputingElement) -> bool: + """Check whether the SiteDirector is able to submit pilots with tokens. + + * the CE is able to receive tokens. Validation: Tag = Token should be included in the CE parameters. + * the VO is able to produce tokens. Validation: IdProvider option is set in /Registry/VO//. + """ + return "Token" in ce.ceParameters.get("Tag", []) and Registry.getIdPForGroup(self.pilotGroup) + def __getPilotToken(self, audience: str, scope: list[str] = None): """Get the token corresponding to the pilot user identity @@ -1242,7 +1251,7 @@ def _updatePilotStatusPerQueue(self, queue, proxy): ce.setProxy(proxy, 23300) # Get valid token if needed - if "Token" in ce.ceParameters.get("Tag", []): + if self.__supportToken(ce): result = self.__getPilotToken(audience=ce.audienceName) if not result["OK"]: self.log.error("Failed to get token", f"{ceName}: {result['Message']}")