diff --git a/docs/source/AdministratorGuide/Configuration/ConfReference/Tips/Authorization/index.rst b/docs/source/AdministratorGuide/Configuration/ConfReference/Tips/Authorization/index.rst index 79063bea938..d704fec51d8 100644 --- a/docs/source/AdministratorGuide/Configuration/ConfReference/Tips/Authorization/index.rst +++ b/docs/source/AdministratorGuide/Configuration/ConfReference/Tips/Authorization/index.rst @@ -31,8 +31,6 @@ are showed in the next table: +----------------------------+------------------------------------------------------------------+-------------+ | *Operator* | Operator | | +----------------------------+------------------------------------------------------------------+-------------+ -| *Pilot* | Private pilot | | -+----------------------------+------------------------------------------------------------------+-------------+ | *PrivateLimitedDelegation* | Allow getting only limited proxies for one self | | +----------------------------+------------------------------------------------------------------+-------------+ | *ProductionManagement* | Allow managing all productions | | diff --git a/src/DIRAC/Core/Security/Properties.py b/src/DIRAC/Core/Security/Properties.py index 483cc782f80..7ee65d202cf 100644 --- a/src/DIRAC/Core/Security/Properties.py +++ b/src/DIRAC/Core/Security/Properties.py @@ -26,8 +26,6 @@ class SecurityProperty(str, Enum): JOB_MONITOR = "JobMonitor" #: Accounting Monitor - can see accounting data for all groups ACCOUNTING_MONITOR = "AccountingMonitor" - #: Private pilot - PILOT = "Pilot" #: Generic pilot GENERIC_PILOT = "GenericPilot" #: Site Manager @@ -143,7 +141,6 @@ def __call__(self, properties: list[SecurityProperty]) -> bool: JOB_ADMINISTRATOR = SecurityProperty.JOB_ADMINISTRATOR.value JOB_MONITOR = SecurityProperty.JOB_MONITOR.value ACCOUNTING_MONITOR = SecurityProperty.ACCOUNTING_MONITOR.value -PILOT = SecurityProperty.PILOT.value GENERIC_PILOT = SecurityProperty.GENERIC_PILOT.value SITE_MANAGER = SecurityProperty.SITE_MANAGER.value USER_MANAGER = SecurityProperty.USER_MANAGER.value diff --git a/src/DIRAC/Resources/Computing/ComputingElement.py b/src/DIRAC/Resources/Computing/ComputingElement.py index 6145c8a1b22..de1d0a39156 100755 --- a/src/DIRAC/Resources/Computing/ComputingElement.py +++ b/src/DIRAC/Resources/Computing/ComputingElement.py @@ -354,7 +354,7 @@ def _monitorProxy(self, payloadProxy=None): pilotProps = pilotProxyDict["groupProperties"] # if running with a pilot proxy, use it to renew the proxy of the payload - if Properties.PILOT in pilotProps or Properties.GENERIC_PILOT in pilotProps: + if Properties.GENERIC_PILOT in pilotProps: self.log.info("Using Pilot credentials to get a new payload Proxy") return gProxyManager.renewProxy( proxyToBeRenewed=payloadProxy, diff --git a/src/DIRAC/WorkloadManagementSystem/Agent/JobAgent.py b/src/DIRAC/WorkloadManagementSystem/Agent/JobAgent.py index b8518700a63..7b4b28b1297 100755 --- a/src/DIRAC/WorkloadManagementSystem/Agent/JobAgent.py +++ b/src/DIRAC/WorkloadManagementSystem/Agent/JobAgent.py @@ -492,7 +492,7 @@ def _setupProxy(self, ownerDN, ownerGroup): return S_ERROR("Proxy has no group properties defined") groupProps = ret["Value"]["groupProperties"] - if Properties.GENERIC_PILOT in groupProps or Properties.PILOT in groupProps: + if Properties.GENERIC_PILOT in groupProps: proxyResult = self._requestProxyFromProxyManager(ownerDN, ownerGroup) if not proxyResult["OK"]: self.log.error("Invalid Proxy", proxyResult["Message"]) diff --git a/src/DIRAC/WorkloadManagementSystem/Client/Matcher.py b/src/DIRAC/WorkloadManagementSystem/Client/Matcher.py index 359658f068c..16297431165 100644 --- a/src/DIRAC/WorkloadManagementSystem/Client/Matcher.py +++ b/src/DIRAC/WorkloadManagementSystem/Client/Matcher.py @@ -335,13 +335,9 @@ def _checkCredentials(self, resourceDict, credDict): else: raise RuntimeError(result["Message"]) else: - # If it's a private pilot, the DN has to be the same - if Properties.PILOT in credDict["properties"]: - self.log.notice("Setting the resource DN to the credentials DN") - resourceDict["OwnerDN"] = credDict["DN"] # If it's a job sharing. The group has to be the same and just check that the DN (if any) # belongs to the same group - elif Properties.JOB_SHARING in credDict["properties"]: + if Properties.JOB_SHARING in credDict["properties"]: resourceDict["OwnerGroup"] = credDict["group"] self.log.notice("Setting the resource group to the credentials group") if "OwnerDN" in resourceDict and resourceDict["OwnerDN"] != credDict["DN"]: diff --git a/src/DIRAC/WorkloadManagementSystem/private/ConfigHelper.py b/src/DIRAC/WorkloadManagementSystem/private/ConfigHelper.py index a2f23945f83..e28f373746a 100644 --- a/src/DIRAC/WorkloadManagementSystem/private/ConfigHelper.py +++ b/src/DIRAC/WorkloadManagementSystem/private/ConfigHelper.py @@ -5,28 +5,21 @@ from DIRAC.FrameworkSystem.Client.ProxyManagerClient import gProxyManager -def findGenericPilotCredentials(vo=False, group=False, pilotDN="", pilotGroup=""): +def findGenericPilotCredentials(vo=False, pilotDN=""): """Looks into the Operations/<>/Pilot section of CS to find the pilot credentials. Then check if the user has a registered proxy in ProxyManager. - if pilotDN or pilotGroup are specified, use them + if pilotDN are specified, use them :param str vo: VO name - :param str group: group name :param str pilotDN: pilot DN - :param str pilotGroup: pilot group :return: S_OK(tuple)/S_ERROR() """ - if not group and not vo: - return S_ERROR("Need a group or a VO to determine the Generic pilot credentials") if not vo: - vo = Registry.getVOForGroup(group) - if not vo: - return S_ERROR(f"Group {group} does not have a VO associated") + return S_ERROR("Need a VO to determine the Generic pilot credentials") opsHelper = Operations.Operations(vo=vo) - if not pilotGroup: - pilotGroup = opsHelper.getValue("Pilot/GenericPilotGroup", "") + pilotGroup = opsHelper.getValue("Pilot/GenericPilotGroup", "") if not pilotDN: pilotDN = opsHelper.getValue("Pilot/GenericPilotDN", "") if not pilotDN: