From f41f1cc20a0d85e2f769c6f93c0d0208b57b2d46 Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Sun, 8 Oct 2023 14:14:28 +0200 Subject: [PATCH 1/5] test: Set /DiracX/URL when running integration tests --- src/DIRAC/Core/scripts/dirac_configure.py | 7 +++++++ tests/Jenkins/dirac_ci.sh | 7 ++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/DIRAC/Core/scripts/dirac_configure.py b/src/DIRAC/Core/scripts/dirac_configure.py index a7a52172872..2d51abd6ca5 100755 --- a/src/DIRAC/Core/scripts/dirac_configure.py +++ b/src/DIRAC/Core/scripts/dirac_configure.py @@ -181,6 +181,12 @@ def setLegacyExchangeApiKey(self, optionValue): DIRAC.gConfig.setOptionValue(cfgInstallPath("LegacyExchangeApiKey"), self.legacyExchangeApiKey) return DIRAC.S_OK() + def setDiracxUrl(self, optionValue): + self.diracxUrl = optionValue + Script.localCfg.addDefaultEntry("/DiracX/URL", self.diracxUrl) + DIRAC.gConfig.setOptionValue(cfgInstallPath("URL"), self.diracxUrl) + return DIRAC.S_OK() + def _runConfigurationWizard(setups, defaultSetup): """The implementation of the configuration wizard""" @@ -371,6 +377,7 @@ def runDiracConfigure(params): Script.registerSwitch( "K:", "LegacyExchangeApiKey=", "Set the Api Key to talk to DiracX", params.setLegacyExchangeApiKey ) + Script.registerSwitch("", "DiracxUrl=", "Set the URL to talk to DiracX", params.setDiracxUrl) Script.registerSwitch("W:", "gateway=", "Configure as DIRAC Gateway for the site", params.setGateway) diff --git a/tests/Jenkins/dirac_ci.sh b/tests/Jenkins/dirac_ci.sh index 8d827f83f0e..2e8f5957738 100644 --- a/tests/Jenkins/dirac_ci.sh +++ b/tests/Jenkins/dirac_ci.sh @@ -135,7 +135,12 @@ installSite() { echo "==> Done installing, now configuring" source "${SERVERINSTALLDIR}/bashrc" - if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" --LegacyExchangeApiKey='diracx:legacy:InsecureChangeMe' "${DEBUG}"; then + configureArgs=() + if [[ -n "${TEST_DIRACX:-}" ]]; then + configureArgs+=("--LegacyExchangeApiKey=diracx:legacy:InsecureChangeMe") + configureArgs+=("--DiracxUrl=${DIRACX_URL}") + fi + if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" "${configureArgs[@]}" "${DEBUG}"; then echo "ERROR: dirac-configure failed" >&2 exit 1 fi From 05b1592bbc51c0f52a1fcd9f1e7f5f453edb44fc Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Sun, 8 Oct 2023 14:58:34 +0200 Subject: [PATCH 2/5] test: Disable DiracX jobs router for now --- tests/CI/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/CI/docker-compose.yml b/tests/CI/docker-compose.yml index 92289233b21..c1a9fe4baea 100644 --- a/tests/CI/docker-compose.yml +++ b/tests/CI/docker-compose.yml @@ -164,6 +164,7 @@ services: - DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS=["http://diracx:8000/docs/oauth2-redirect"] # Obtained with echo 'InsecureChangeMe' | base64 -d | openssl sha256 - DIRACX_LEGACY_EXCHANGE_HASHED_API_KEY=07cddf6948d316ac9d186544dc3120c4c6697d8f994619665985c0a5bf76265a + - DIRACX_SERVICE_JOBS_ENABLED=false ports: - 8000:8000 depends_on: From d72da7c1c085824fdd830a6652a10839a0890424 Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Sun, 8 Oct 2023 20:06:45 +0200 Subject: [PATCH 3/5] test: Set VO for groups used for integration tests --- tests/Jenkins/utilities.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/Jenkins/utilities.sh b/tests/Jenkins/utilities.sh index bddbe8a9195..e38b548ec4d 100644 --- a/tests/Jenkins/utilities.sh +++ b/tests/Jenkins/utilities.sh @@ -562,17 +562,17 @@ diracUserAndGroup() { exit 1 fi - if ! dirac-admin-add-group -G prod -U adminusername,ciuser,trialUser -P Operator,FullDelegation,ProxyManagement,ServiceAdministrator,JobAdministrator,CSAdministrator,AlarmsManagement,FileCatalogManagement,SiteManager,NormalUser,ProductionManagement "${DEBUG}"; then + if ! dirac-admin-add-group -G prod -U adminusername,ciuser,trialUser -P Operator,FullDelegation,ProxyManagement,ServiceAdministrator,JobAdministrator,CSAdministrator,AlarmsManagement,FileCatalogManagement,SiteManager,NormalUser,ProductionManagement VO=vo "${DEBUG}"; then echo 'ERROR: dirac-admin-add-group failed' >&2 exit 1 fi - if ! dirac-admin-add-group -G jenkins_fcadmin -U adminusername,ciuser,trialUser -P FileCatalogManagement,NormalUser "${DEBUG}"; then + if ! dirac-admin-add-group -G jenkins_fcadmin -U adminusername,ciuser,trialUser -P FileCatalogManagement,NormalUser VO=vo "${DEBUG}"; then echo 'ERROR: dirac-admin-add-group failed' >&2 exit 1 fi - if ! dirac-admin-add-group -G jenkins_user -U adminusername,ciuser,trialUser -P NormalUser "${DEBUG}"; then + if ! dirac-admin-add-group -G jenkins_user -U adminusername,ciuser,trialUser -P NormalUser VO=vo "${DEBUG}"; then echo 'ERROR: dirac-admin-add-group failed' >&2 exit 1 fi From a2730db13b981db2b29b030e4bc745ca393cca20 Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Mon, 9 Oct 2023 06:22:07 +0200 Subject: [PATCH 4/5] feat: Follow upstream DiracX API changes for legacy-exchange --- src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py | 2 +- src/DIRAC/FrameworkSystem/Utilities/diracx.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py b/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py index c25f6616b1c..c499c6f4f0e 100644 --- a/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py +++ b/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py @@ -430,7 +430,7 @@ def export_exchangeProxyForToken(self): try: r = requests.get( - f"{diracxUrl}/auth/legacy-exchange", + f"{diracxUrl}/api/auth/legacy-exchange", params={ "preferred_username": credDict["username"], "scope": " ".join(scopes), diff --git a/src/DIRAC/FrameworkSystem/Utilities/diracx.py b/src/DIRAC/FrameworkSystem/Utilities/diracx.py index 3c37d74402f..3c4841aa41c 100644 --- a/src/DIRAC/FrameworkSystem/Utilities/diracx.py +++ b/src/DIRAC/FrameworkSystem/Utilities/diracx.py @@ -42,7 +42,7 @@ def _get_token(credDict, diracxUrl, /) -> Path: scopes = [f"vo:{vo}", f"group:{group}"] + [f"property:{prop}" for prop in dirac_properties] r = requests.get( - f"{diracxUrl}/auth/legacy-exchange", + f"{diracxUrl}/api/auth/legacy-exchange", params={ "preferred_username": credDict["username"], "scope": " ".join(scopes), @@ -71,6 +71,8 @@ def TheImpersonator(credDict: dict[str, Any]) -> DiracClient: """ diracxUrl = gConfig.getValue("/DiracX/URL") + if not diracxUrl: + raise ValueError("Missing mandatory /DiracX/URL configuration") token_location = _get_token(credDict, diracxUrl) pref = DiracxPreferences(url=diracxUrl, credentials_path=token_location) From bf90cdc21e3ce08619927e362c1474af66459992 Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Mon, 9 Oct 2023 06:22:28 +0200 Subject: [PATCH 5/5] test: Use "dirac internal legacy cs-sync" for exporting the CS --- tests/CI/exportCSLoop.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/CI/exportCSLoop.sh b/tests/CI/exportCSLoop.sh index 4e88325c7a4..093794bdbd6 100755 --- a/tests/CI/exportCSLoop.sh +++ b/tests/CI/exportCSLoop.sh @@ -14,7 +14,10 @@ git config --global user.name "DIRAC Server CI" git config --global user.email "dirac-server-ci@invalid" while true; do - curl -L https://gitlab.cern.ch/chaen/chris-hackaton-cs/-/raw/integration-tests/convert-from-legacy.py |DIRAC_COMPAT_ENABLE_CS_CONVERSION=True /home/dirac/ServerInstallDIR/diracos/bin/python - /home/dirac/ServerInstallDIR/etc/Production.cfg /cs_store/initialRepo/ + DIRAC_COMPAT_ENABLE_CS_CONVERSION=x dirac internal legacy cs-sync \ + "$DIRACOS/etc/Production.cfg" \ + /home/dirac/TestCode/diracx/tests/cli/legacy/cs_sync/convert_integration_test.yaml \ + /cs_store/initialRepo/default.yml git --git-dir=.git -C /cs_store/initialRepo/ commit -am "export $(date)" if [[ "${1}" == "--once" ]]; then break