feat: submitting pilots with tokens in a multiVO setup

DIRACGrid · Sep 22, 2023 · 077979e · 077979e
1 parent 0141194
commit 077979e
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py b/src/DIRAC/WorkloadManagementSystem/Agent/SiteDirector.py
@@ -31,6 +31,7 @@
 from DIRAC.MonitoringSystem.Client.MonitoringReporter import MonitoringReporter
 from DIRAC.ResourceStatusSystem.Client.ResourceStatus import ResourceStatus
 from DIRAC.ResourceStatusSystem.Client.SiteStatus import SiteStatus
+from DIRAC.Resources.Computing.ComputingElement import ComputingElement
 from DIRAC.WorkloadManagementSystem.Client import PilotStatus
 from DIRAC.WorkloadManagementSystem.Client.PilotScopes import PILOT_SCOPES
 
@@ -446,7 +447,7 @@ def submitPilots(self):
             ce.setProxy(proxy, lifetime_secs)
 
             # Get valid token if needed
-            if "Token" in ce.ceParameters.get("Tag", []):
+            if self.__supportToken(ce):
                 result = self.__getPilotToken(audience=ce.audienceName)
                 if not result["OK"]:
                     return result
@@ -467,6 +468,14 @@ def submitPilots(self):
 
         return S_OK()
 
+    def __supportToken(self, ce: ComputingElement) -> bool:
+        """Check whether the SiteDirector is able to submit pilots with tokens.
+
+        * the CE is able to receive tokens. Validation: Tag = Token should be included in the CE parameters.
+        * the VO is able to produce tokens. Validation: IdProvider option is set in /Registry/VO/<VO name>/.
+        """
+        return "Token" in ce.ceParameters.get("Tag", []) and Registry.getIdPForGroup(self.pilotGroup)
+
     def __getPilotToken(self, audience: str, scope: list[str] = None):
         """Get the token corresponding to the pilot user identity
 
@@ -1242,7 +1251,7 @@ def _updatePilotStatusPerQueue(self, queue, proxy):
             ce.setProxy(proxy, 23300)
 
         # Get valid token if needed
-        if "Token" in ce.ceParameters.get("Tag", []):
+        if self.__supportToken(ce):
             result = self.__getPilotToken(audience=ce.audienceName)
             if not result["OK"]:
                 self.log.error("Failed to get token", f"{ceName}: {result['Message']}")