diff --git a/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py b/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py index 0294d4bba21..3ef55a96535 100644 --- a/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py +++ b/src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py @@ -426,13 +426,13 @@ def export_exchangeProxyForToken(self): vo = Registry.getVOForGroup(credDict["group"]) dirac_properties = list(set(credDict.get("groupProperties", [])) | set(credDict.get("properties", []))) group = credDict["group"] - scopes = [f"vo:{vo}", f"group:{group}", [f"property:{prop}" for prop in dirac_properties]] + scopes = [f"vo:{vo}", f"group:{group}"] + [f"property:{prop}" for prop in dirac_properties] r = requests.get( f"{diracxUrl}/auth/legacy-exchange", params={ "preferred_username": credDict["username"], - "scopes": " ".join(scopes), + "scope": " ".join(scopes), }, headers={"Authorization": f"Bearer {apiKey}"}, ) diff --git a/tests/CI/docker-compose.yml b/tests/CI/docker-compose.yml index 35a5a7d31f3..85f8ca4e1d9 100644 --- a/tests/CI/docker-compose.yml +++ b/tests/CI/docker-compose.yml @@ -133,14 +133,19 @@ services: diracx-init-cs: image: ghcr.io/diracgrid/diracx/server container_name: diracx-init-cs + depends_on: + mysql: + condition: service_healthy environment: - DIRACX_CONFIG_BACKEND_URL=git+file:///cs_store/initialRepo - DIRACX_SERVICE_AUTH_TOKEN_KEY=file:///signing-key/rs256.key + - DIRACX_DB_URL_AUTHDB=mysql+aiomysql://Dirac:Dirac@mysql/AuthDB volumes: - diracx-cs-store:/cs_store/ - diracx-key-store:/signing-key/ entrypoint: | - /dockerMicroMambaEntrypoint.sh dirac internal generate-cs /cs_store/initialRepo --vo=diracAdmin --user-group=admin --idp-url=http://dsdsd.csds/a/b + /dockerMicroMambaEntrypoint.sh bash -xc 'dirac internal generate-cs /cs_store/initialRepo --vo=vo --user-group=dirac_user --idp-url=http://dsdsd.csds/a/b && dirac internal add-user /cs_store/initialRepo --vo vo --user-group dirac_user --sub vo:35632895-df94-45de-acaa-43185c822a16 --dn "/C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser" --preferred-username ciuser && dirac internal add-user /cs_store/initialRepo --vo vo --user-group dirac_user --sub vo:e3784483-c854-4258-9bd4-200959db1208 --dn "/C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser" --preferred-username adminusername && python -m diracx.db init-sql' + pull_policy: always diracx: @@ -148,8 +153,10 @@ services: container_name: diracx environment: - DIRACX_CONFIG_BACKEND_URL=git+file:///cs_store/initialRepo - - "DIRACX_DB_URL_AUTHDB=sqlite+aiosqlite:///:memory:" + - DIRACX_DB_URL_AUTHDB=mysql+aiomysql://Dirac:Dirac@mysql/AuthDB - DIRACX_DB_URL_JOBDB=mysql+aiomysql://Dirac:Dirac@mysql/JobDB + - DIRACX_DB_URL_JOBLOGGINGDB=mysql+aiomysql://Dirac:Dirac@mysql/JobLoggingDB + - DIRACX_DB_URL_SANDBOXMETADATADB=mysql+aiomysql://Dirac:Dirac@mysql/SandboxMetadataDB - DIRACX_SERVICE_AUTH_TOKEN_KEY=file:///signing-key/rs256.key - DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS=["http://diracx:8000/docs/oauth2-redirect"] # Obtained with echo 'InsecureChangeMe' | base64 -d | openssl sha512 diff --git a/tests/Jenkins/dirac_ci.sh b/tests/Jenkins/dirac_ci.sh index d4518e4aeee..8d827f83f0e 100644 --- a/tests/Jenkins/dirac_ci.sh +++ b/tests/Jenkins/dirac_ci.sh @@ -135,7 +135,7 @@ installSite() { echo "==> Done installing, now configuring" source "${SERVERINSTALLDIR}/bashrc" - if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" --LegacyExchangeApiKey='InsecureChangeMe' "${DEBUG}"; then + if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" --LegacyExchangeApiKey='diracx:legacy:InsecureChangeMe' "${DEBUG}"; then echo "ERROR: dirac-configure failed" >&2 exit 1 fi