From a8aca8091f0284bd5bb86e336b3c827e1d43c1bd Mon Sep 17 00:00:00 2001 From: aldbr Date: Fri, 20 Oct 2023 04:37:26 +0200 Subject: [PATCH] sweep: #7208 feat: pilot submission with tokens in a multi-VO setup --- .../WorkloadManagementSystem/Agent/SiteDirector.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py b/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py index 4f7fbbafc99..5a070c4eb5d 100644 --- a/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py +++ b/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py @@ -31,6 +31,7 @@ from DIRAC.MonitoringSystem.Client.MonitoringReporter import MonitoringReporter from DIRAC.ResourceStatusSystem.Client.ResourceStatus import ResourceStatus from DIRAC.ResourceStatusSystem.Client.SiteStatus import SiteStatus +from DIRAC.Resources.Computing.ComputingElement import ComputingElement from DIRAC.WorkloadManagementSystem.Client import PilotStatus from DIRAC.WorkloadManagementSystem.Client.PilotScopes import PILOT_SCOPES @@ -446,7 +447,7 @@ def submitPilots(self): ce.setProxy(proxy, lifetime_secs) # Get valid token if needed - if "Token" in ce.ceParameters.get("Tag", []): + if self.__supportToken(ce): result = self.__getPilotToken(audience=ce.audienceName) if not result["OK"]: return result @@ -467,6 +468,14 @@ def submitPilots(self): return S_OK() + def __supportToken(self, ce: ComputingElement) -> bool: + """Check whether the SiteDirector is able to submit pilots with tokens. + + * the CE is able to receive any token. Validation: Tag = Token should be included in the CE parameters. + * the CE is able to receive VO-specifc tokens. Validation: Tag = Token: should be included in the CE parameters. + """ + return "Token" in ce.ceParameters.get("Tag", []) or f"Token:{self.vo}" in ce.ceParameters.get("Tag", []) + def __getPilotToken(self, audience: str, scope: list[str] = None): """Get the token corresponding to the pilot user identity @@ -1234,7 +1243,7 @@ def _updatePilotStatusPerQueue(self, queue, proxy): ce.setProxy(proxy, 23300) # Get valid token if needed - if "Token" in ce.ceParameters.get("Tag", []): + if self.__supportToken(ce): result = self.__getPilotToken(audience=ce.audienceName) if not result["OK"]: self.log.error("Failed to get token", f"{ceName}: {result['Message']}")