Add idtokens to manual_glidein_submit

glideinWMS · Aug 17, 2023 · 1479970 · 1479970
1 parent f6dab66
commit 1479970
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -183,6 +183,7 @@ Changes since the last release
 ### Security Related Fixes
 
 ### Bug Fixes
+-   manual_glidein_submit now correctly sets idtokens in the EncryptedInputFiles (PR #280)
 
 ### Testing / Development
 

diff --git a/factory/tools/manual_glidein_submit.py b/factory/tools/manual_glidein_submit.py
@@ -209,6 +209,16 @@ def main():
                 % (scitoken_file, str(credentials.identity_credentials))
             )
 
+        condortoken = "credential_{}_{}.idtoken".format(ad_gc["ClientName"], entry_name)
+        condortoken_file = os.path.join(credentials.cred_dir, condortoken)
+        if not os.path.exists(condortoken_file):
+            logging.warning("Cannot find idtoken file %s" % condortoken_file)
+        elif not credentials.add_identity_credential("frontend_condortoken", condortoken_file):
+            entry.log.warning(
+                "failed to add frontend_condortoken %s to the identity credentials %s"
+                % (condortoken_file, str(credentials.identity_credentials))
+            )
+
         # Set the arguments
         # I was using escapeParam for GLIDECLIENT_ReqNode and GLIDECLIENT_Collector but turned out it's not necessary
         params["CONDOR_VERSION"] = "default"