From e540fd3dbbb9c97e200df3b912e8bae048ff585e Mon Sep 17 00:00:00 2001 From: Marco Mambelli Date: Fri, 19 Aug 2022 18:01:33 -0500 Subject: [PATCH] Fixed rfc as string in Proxy class, improved VOMScert verification and added fix to CHANGELOG --- CHANGELOG.md | 1 + frontend/gwms_renew_proxies.py | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6a4da368..1e78d18b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ Changes since the last release - Fixed `glidien_config` corrupted by concurrent custom scripts run via HTCSS startd cron (#163) - Fixed unnecessary proxy/hostcert.pem workaround in frontend config (issue #66) - Fixed analyze_entries and python3 readiness (issue #194) +- Fixed gwms-renew-proxies service should check if local VOMS cert is expired (issue #21) ### Testing / Development diff --git a/frontend/gwms_renew_proxies.py b/frontend/gwms_renew_proxies.py index 039c8fee9..e3b5e47d5 100755 --- a/frontend/gwms_renew_proxies.py +++ b/frontend/gwms_renew_proxies.py @@ -42,7 +42,7 @@ class ConfigError(BaseException): class Proxy: """Class for holding information related to the proxy""" - def __init__(self, cert, key, output, lifetime, uid=0, gid=0, rfc=True, pathlength="20", bits="2048"): + def __init__(self, cert, key, output, lifetime, uid=0, gid=0, rfc="true", pathlength="20", bits="2048"): self.cert = cert self.key = key self.tmp_output_fd = tempfile.NamedTemporaryFile(dir=os.path.dirname(output), delete=False) @@ -50,7 +50,10 @@ def __init__(self, cert, key, output, lifetime, uid=0, gid=0, rfc=True, pathleng self.lifetime = lifetime self.uid = uid self.gid = gid - self.rfc = rfc + if str(rfc).lower() == "true": + self.rfc = True + else: + self.rfc = False self.pathlength = pathlength self.bits = bits @@ -79,12 +82,19 @@ def cleanup(self): """Cleanup temporary proxy files""" os.remove(self.tmp_output_fd.name) - @classmethod + @staticmethod def voms_proxy_info(filename, *opts): - """Run voms-proxy-info on a arbritary file. Returns stdout, stderr, and return code of voms-proxy-info for any arbitrary file""" + """Run voms-proxy-info on a arbritary file. Returns stdout, stderr, and return code of voms-proxy-info + for any arbitrary file""" cmd = ["voms-proxy-info", "-file", filename] + list(opts) return _run_command(cmd) + @classmethod + def timeleft_from_file(cls, filename): + """Safely return the remaining lifetime of the proxy in the arbitrary file, in seconds + (returns 0 if unexpected stdout)""" + return _safe_int(cls.voms_proxy_info(filename, "-timeleft")[0]) + class VO: """Class for holding information related to VOMS attributes""" @@ -292,7 +302,7 @@ def has_time_left(time_remaining): else: vo_attr.cert = proxy_config["vo_cert"] vo_attr.key = proxy_config["vo_key"] - if _safe_int(Proxy.voms_proxy_info(vo_attr.cert, "-timeleft")[0]) <= 0: + if Proxy.timeleft_from_file(vo_attr.cert) <= 0: retcode = 1 print( f"ERROR: Failed to renew proxy {proxy.output}: "