Skip to content

Commit

Permalink
fix: Getting tokens from DiracX
Browse files Browse the repository at this point in the history
  • Loading branch information
chrisburr committed Sep 28, 2023
1 parent 503fefc commit ab1e41d
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 5 deletions.
4 changes: 2 additions & 2 deletions src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py
Original file line number Diff line number Diff line change
Expand Up @@ -426,13 +426,13 @@ def export_exchangeProxyForToken(self):
vo = Registry.getVOForGroup(credDict["group"])
dirac_properties = list(set(credDict.get("groupProperties", [])) | set(credDict.get("properties", [])))
group = credDict["group"]
scopes = [f"vo:{vo}", f"group:{group}", [f"property:{prop}" for prop in dirac_properties]]
scopes = [f"vo:{vo}", f"group:{group}"] + [f"property:{prop}" for prop in dirac_properties]

r = requests.get(
f"{diracxUrl}/auth/legacy-exchange",
params={
"preferred_username": credDict["username"],
"scopes": " ".join(scopes),
"scope": " ".join(scopes),
},
headers={"Authorization": f"Bearer {apiKey}"},
)
Expand Down
8 changes: 6 additions & 2 deletions tests/CI/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -136,20 +136,24 @@ services:
environment:
- DIRACX_CONFIG_BACKEND_URL=git+file:///cs_store/initialRepo
- DIRACX_SERVICE_AUTH_TOKEN_KEY=file:///signing-key/rs256.key
- DIRACX_DB_URL_AUTHDB=mysql+aiomysql://Dirac:Dirac@mysql/AuthDB
volumes:
- diracx-cs-store:/cs_store/
- diracx-key-store:/signing-key/
entrypoint: |
/dockerMicroMambaEntrypoint.sh dirac internal generate-cs /cs_store/initialRepo --vo=diracAdmin --user-group=admin --idp-url=http://dsdsd.csds/a/b
/dockerMicroMambaEntrypoint.sh bash -xc 'dirac internal generate-cs /cs_store/initialRepo --vo=vo --user-group=dirac_user --idp-url=http://dsdsd.csds/a/b && dirac internal add-user /cs_store/initialRepo --vo vo --user-group dirac_user --sub vo:35632895-df94-45de-acaa-43185c822a16 --dn "/C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser" --preferred-username ciuser && dirac internal add-user /cs_store/initialRepo --vo vo --user-group dirac_user --sub vo:e3784483-c854-4258-9bd4-200959db1208 --dn "/C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser" --preferred-username adminusername && python -m diracx.db init-sql'
pull_policy: always

diracx:
image: ghcr.io/diracgrid/diracx/server
container_name: diracx
environment:
- DIRACX_CONFIG_BACKEND_URL=git+file:///cs_store/initialRepo
- "DIRACX_DB_URL_AUTHDB=sqlite+aiosqlite:///:memory:"
- DIRACX_DB_URL_AUTHDB=mysql+aiomysql://Dirac:Dirac@mysql/AuthDB
- DIRACX_DB_URL_JOBDB=mysql+aiomysql://Dirac:Dirac@mysql/JobDB
- DIRACX_DB_URL_JOBLOGGINGDB=mysql+aiomysql://Dirac:Dirac@mysql/JobLoggingDB
- DIRACX_DB_URL_SANDBOXMETADATADB=mysql+aiomysql://Dirac:Dirac@mysql/SandboxMetadataDB
- DIRACX_SERVICE_AUTH_TOKEN_KEY=file:///signing-key/rs256.key
- DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS=["http://diracx:8000/docs/oauth2-redirect"]
# Obtained with echo 'InsecureChangeMe' | base64 -d | openssl sha512
Expand Down
2 changes: 1 addition & 1 deletion tests/Jenkins/dirac_ci.sh
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ installSite() {

echo "==> Done installing, now configuring"
source "${SERVERINSTALLDIR}/bashrc"
if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" --LegacyExchangeApiKey='InsecureChangeMe' "${DEBUG}"; then
if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" --LegacyExchangeApiKey='diracx:legacy:InsecureChangeMe' "${DEBUG}"; then
echo "ERROR: dirac-configure failed" >&2
exit 1
fi
Expand Down

0 comments on commit ab1e41d

Please sign in to comment.