Merge pull request #92 from HSF/dev

Dev
HSF · Jul 16, 2022 · 59fe059 · 59fe059
2 parents 1507aeb + ede89a9
commit 59fe059
Show file tree

Hide file tree

Showing 26 changed files with 343 additions and 153 deletions.
diff --git a/atlas/lib/idds/atlas/workflow/atlaspandawork.py b/atlas/lib/idds/atlas/workflow/atlaspandawork.py
@@ -78,7 +78,7 @@ def my_condition(self):
         return False
 
     def load_panda_config(self):
-        panda_config = ConfigParser.SafeConfigParser()
+        panda_config = ConfigParser.ConfigParser()
         if os.environ.get('IDDS_PANDA_CONFIG', None):
             configfile = os.environ['IDDS_PANDA_CONFIG']
             if panda_config.read(configfile) == [configfile]:

diff --git a/atlas/lib/idds/atlas/workflowv2/atlasdagwork.py b/atlas/lib/idds/atlas/workflowv2/atlasdagwork.py
@@ -90,7 +90,7 @@ def jobs_to_idd_ds_status(self, jobstatus):
             return ContentStatus.Processing
 
     def load_panda_config(self):
-        panda_config = ConfigParser.SafeConfigParser()
+        panda_config = ConfigParser.ConfigParser()
         if os.environ.get('IDDS_PANDA_CONFIG', None):
             configfile = os.environ['IDDS_PANDA_CONFIG']
             if panda_config.read(configfile) == [configfile]:

diff --git a/atlas/lib/idds/atlas/workflowv2/atlaspandawork.py b/atlas/lib/idds/atlas/workflowv2/atlaspandawork.py
@@ -66,6 +66,11 @@ def __init__(self, task_parameters=None,
         self.panda_url = None
         self.panda_url_ssl = None
         self.panda_monitor = None
+        self.panda_auth = None
+        self.panda_auth_vo = None
+        self.panda_config_root = None
+        self.pandacache_url = None
+        self.panda_verify_host = None
 
         self.task_type = 'test'
         self.task_parameters = None
@@ -83,7 +88,7 @@ def my_condition(self):
         return False
 
     def load_panda_config(self):
-        panda_config = ConfigParser.SafeConfigParser()
+        panda_config = ConfigParser.ConfigParser()
         if os.environ.get('IDDS_PANDA_CONFIG', None):
             configfile = os.environ['IDDS_PANDA_CONFIG']
             if panda_config.read(configfile) == [configfile]:
@@ -110,58 +115,36 @@ def load_panda_urls(self):
         self.panda_config_root = None
 
         if panda_config.has_section('panda'):
-            if panda_config.has_option('panda', 'panda_monitor_url'):
+            if 'PANDA_MONITOR_URL' not in os.environ and panda_config.has_option('panda', 'panda_monitor_url'):
                 self.panda_monitor = panda_config.get('panda', 'panda_monitor_url')
                 os.environ['PANDA_MONITOR_URL'] = self.panda_monitor
                 # self.logger.debug("Panda monitor url: %s" % str(self.panda_monitor))
-            if panda_config.has_option('panda', 'panda_url'):
+            if 'PANDA_URL' not in os.environ and panda_config.has_option('panda', 'panda_url'):
                 self.panda_url = panda_config.get('panda', 'panda_url')
                 os.environ['PANDA_URL'] = self.panda_url
                 # self.logger.debug("Panda url: %s" % str(self.panda_url))
-            if panda_config.has_option('panda', 'panda_url_ssl'):
-                self.panda_url_ssl = panda_config.get('panda', 'panda_url_ssl')
-                os.environ['PANDA_URL_SSL'] = self.panda_url_ssl
-                # self.logger.debug("Panda url ssl: %s" % str(self.panda_url_ssl))
-            if panda_config.has_option('panda', 'pandacache_url'):
+            if 'PANDACACHE_URL' not in os.environ and panda_config.has_option('panda', 'pandacache_url'):
                 self.pandacache_url = panda_config.get('panda', 'pandacache_url')
                 os.environ['PANDACACHE_URL'] = self.pandacache_url
                 # self.logger.debug("Pandacache url: %s" % str(self.pandacache_url))
-            if panda_config.has_option('panda', 'panda_verify_host'):
+            if 'PANDA_VERIFY_HOST' not in os.environ and panda_config.has_option('panda', 'panda_verify_host'):
                 self.panda_verify_host = panda_config.get('panda', 'panda_verify_host')
                 os.environ['PANDA_VERIFY_HOST'] = self.panda_verify_host
                 # self.logger.debug("Panda verify host: %s" % str(self.panda_verify_host))
-            if panda_config.has_option('panda', 'panda_auth'):
+            if 'PANDA_URL_SSL' not in os.environ and panda_config.has_option('panda', 'panda_url_ssl'):
+                self.panda_url_ssl = panda_config.get('panda', 'panda_url_ssl')
+                os.environ['PANDA_URL_SSL'] = self.panda_url_ssl
+                # self.logger.debug("Panda url ssl: %s" % str(self.panda_url_ssl))
+            if 'PANDA_AUTH' not in os.environ and panda_config.has_option('panda', 'panda_auth'):
                 self.panda_auth = panda_config.get('panda', 'panda_auth')
                 os.environ['PANDA_AUTH'] = self.panda_auth
-            if panda_config.has_option('panda', 'panda_auth_vo'):
+            if 'PANDA_AUTH_VO' not in os.environ and panda_config.has_option('panda', 'panda_auth_vo'):
                 self.panda_auth_vo = panda_config.get('panda', 'panda_auth_vo')
                 os.environ['PANDA_AUTH_VO'] = self.panda_auth_vo
-            if panda_config.has_option('panda', 'panda_config_root'):
+            if 'PANDA_CONFIG_ROOT' not in os.environ and panda_config.has_option('panda', 'panda_config_root'):
                 self.panda_config_root = panda_config.get('panda', 'panda_config_root')
                 os.environ['PANDA_CONFIG_ROOT'] = self.panda_config_root
 
-        if not self.panda_monitor and 'PANDA_MONITOR_URL' in os.environ and os.environ['PANDA_MONITOR_URL']:
-            self.panda_monitor = os.environ['PANDA_MONITOR_URL']
-            # self.logger.debug("Panda monitor url: %s" % str(self.panda_monitor))
-        if not self.panda_url and 'PANDA_URL' in os.environ and os.environ['PANDA_URL']:
-            self.panda_url = os.environ['PANDA_URL']
-            # self.logger.debug("Panda url: %s" % str(self.panda_url))
-        if not self.panda_url_ssl and 'PANDA_URL_SSL' in os.environ and os.environ['PANDA_URL_SSL']:
-            self.panda_url_ssl = os.environ['PANDA_URL_SSL']
-            # self.logger.debug("Panda url ssl: %s" % str(self.panda_url_ssl))
-        if not self.pandacache_url and 'PANDACACHE_URL' in os.environ and os.environ['PANDACACHE_URL']:
-            self.pandacache_url = os.environ['PANDACACHE_URL']
-            # self.logger.debug("Pandacache url: %s" % str(self.pandacache_url))
-        if not self.panda_verify_host and 'PANDA_VERIFY_HOST' in os.environ and os.environ['PANDA_VERIFY_HOST']:
-            self.panda_verify_host = os.environ['PANDA_VERIFY_HOST']
-            # self.logger.debug("Panda verify host: %s" % str(self.panda_verify_host))
-        if not self.panda_auth and 'PANDA_AUTH' in os.environ and os.environ['PANDA_AUTH']:
-            self.panda_auth = os.environ['PANDA_AUTH']
-        if not self.panda_auth_vo and 'PANDA_AUTH_VO' in os.environ and os.environ['PANDA_AUTH_VO']:
-            self.panda_auth_vo = os.environ['PANDA_AUTH_VO']
-        if not self.panda_config_root and 'PANDA_CONFIG_ROOT' in os.environ and os.environ['PANDA_CONFIG_ROOT']:
-            self.panda_config_root = os.environ['PANDA_CONFIG_ROOT']
-
     def set_agent_attributes(self, attrs, req_attributes=None):
         if self.class_name not in attrs or 'life_time' not in attrs[self.class_name] or int(attrs[self.class_name]['life_time']) <= 0:
             attrs['life_time'] = None

diff --git a/client/bin/idds b/client/bin/idds
@@ -32,7 +32,6 @@ def setup(args):
     cm.setup_local_configuration(local_config_root=args.local_config_root,
                                  config=args.config, host=args.host,
                                  auth_type=args.auth_type,
-                                 auth_type_host=args.auth_type_host,
                                  x509_proxy=args.x509_proxy,
                                  vo=args.vo,
                                  oidc_token=args.oidc_token)
@@ -154,7 +153,7 @@ def get_parser():
     # setup
     setup_parser = subparsers.add_parser('setup', help='Setup local configuration')
     setup_parser.set_defaults(function=setup)
-    setup_parser.add_argument('--host', dest="auth_type_host", metavar="ADDRESS", help="The iDDS Rest host for the current auth type. For example: https://hostname:443/idds")
+    setup_parser.add_argument('--host', dest="host", metavar="ADDRESS", help="The iDDS Rest host. For example: https://hostname:443/idds")
     setup_parser.add_argument('--auth_type', dest='auth_type', action='store', choices=['x509_proxy', 'oidc'], default=None, help='The auth_type in [x509_proxy, oidc]. Default is x509_proxy.')
     setup_parser.add_argument('--x509_proxy', dest='x509_proxy', action='store', default=None, help='The x509 proxy path. Default is /tmp/x509up_u%d.' % os.geteuid())
     setup_parser.add_argument('--vo', dest='vo', action='store', default=None, help='The virtual organization for authentication.')

diff --git a/client/lib/idds/client/clientmanager.py b/client/lib/idds/client/clientmanager.py
@@ -6,7 +6,7 @@
 # http://www.apache.org/licenses/LICENSE-2.0OA
 #
 # Authors:
-# - Wen Guan, <[email protected]>, 2020 - 2021
+# - Wen Guan, <[email protected]>, 2020 - 2022
 
 
 """
@@ -37,7 +37,8 @@
 from idds.client.version import release_version
 from idds.client.client import Client
 from idds.common import exceptions
-from idds.common.config import get_local_cfg_file, get_local_config_root, get_local_config_value
+from idds.common.config import (get_local_cfg_file, get_local_config_root,
+                                get_local_config_value, get_main_config_file)
 from idds.common.constants import RequestType, RequestStatus, ProcessingStatus
 # from idds.common.utils import get_rest_host, exception_handler
 from idds.common.utils import exception_handler
@@ -61,35 +62,26 @@ def __init__(self, host=None, timeout=600, setup_client=False):
         self.local_config_root = None
         self.config = None
         self.auth_type = None
-        self.auth_type_host = None
         self.x509_proxy = None
         self.oidc_token = None
         self.vo = None
 
-        self.configuration = ConfigParser.SafeConfigParser()
+        self.configuration = ConfigParser.ConfigParser()
 
         self.client = None
         # if setup_client:
         #     self.setup_client()
 
     def setup_client(self, auth_setup=False):
-        self.setup_local_configuration(host=self.host)
+        self.get_local_configuration()
         if self.host is None:
             local_cfg = self.get_local_cfg_file()
-            if self.auth_type is None:
-                self.auth_type = 'x509_proxy'
-            self.host = self.get_config_value(local_cfg, self.auth_type, 'host', current=self.host, default=None)
-            if self.host is None:
-                self.host = self.get_config_value(local_cfg, 'rest', 'host', current=self.host, default=None)
+            self.host = self.get_config_value(local_cfg, 'rest', 'host', current=self.host, default=None)
 
         if self.client is None:
-            if self.auth_type_host is not None:
-                client_host = self.auth_type_host
-            else:
-                client_host = self.host
             if self.auth_type is None:
                 self.auth_type = 'x509_proxy'
-            self.client = Client(host=client_host,
+            self.client = Client(host=self.host,
                                  auth={'auth_type': self.auth_type,
                                        'client_proxy': self.x509_proxy,
                                        'oidc_token': self.oidc_token,
@@ -106,61 +98,113 @@ def get_local_cfg_file(self):
         return local_cfg
 
     def get_config_value(self, configuration, section, name, current, default):
+        name_envs = {'host': 'IDDS_HOST',
+                     'local_config_root': 'IDDS_LOCAL_CONFIG_ROOT',
+                     'config': 'IDDS_CONFIG',
+                     'auth_type': 'IDDS_AUTH_TYPE',
+                     'oidc_token': 'IDDS_OIDC_TOKEN',
+                     'vo': 'IDDS_VO',
+                     'auth_no_verify': 'IDDS_AUTH_NO_VERIFY'}
+
+        if not section:
+            section = self.get_section(name)
+
+        if name in name_envs:
+            env_value = os.environ.get(name_envs[name], None)
+            if env_value and len(env_value.strip()) > 0:
+                return env_value
+
         if configuration and type(configuration) in [str]:
-            config = ConfigParser.SafeConfigParser()
+            config = ConfigParser.ConfigParser()
             config.read(configuration)
             configuration = config
+
         value = get_local_config_value(configuration, section, name, current, default)
         return value
 
+    def get_section(self, name):
+        name_sections = {'config': 'common',
+                         'auth_type': 'common',
+                         'host': 'rest',
+                         'x509_proxy': 'x509_proxy',
+                         'oidc_token': 'oidc',
+                         'vo': 'oidc'}
+        if name in name_sections:
+            return name_sections[name]
+        return 'common'
+
     def get_local_configuration(self):
         local_cfg = self.get_local_cfg_file()
-        config = ConfigParser.SafeConfigParser()
-        if not local_cfg:
-            logging.debug("local configuration file does not exist, will only load idds default value.")
-        if local_cfg and os.path.exists(local_cfg):
-            config.read(local_cfg)
+        main_cfg = get_main_config_file()
+        config = ConfigParser.ConfigParser()
+        if local_cfg and os.path.exists(local_cfg) and main_cfg:
+            config.read((main_cfg, local_cfg))
+        else:
+            if main_cfg:
+                config.read(main_cfg)
+            elif local_cfg and os.path.exists(local_cfg):
+                config.read(local_cfg)
+            else:
+                logging.debug("No local configuration nor IDDS_CONFIG, will only load idds default value.")
 
         if self.get_local_config_root():
-            self.config = self.get_config_value(config, section='common', name='config', current=self.config,
+            self.config = self.get_config_value(config, section=None, name='config', current=self.config,
                                                 default=os.path.join(self.get_local_config_root(), 'idds.cfg'))
         else:
-            self.config = self.get_config_value(config, section='common', name='config', current=self.config,
+            self.config = self.get_config_value(config, section=None, name='config', current=self.config,
                                                 default=None)
 
-        self.auth_type = self.get_config_value(config, 'common', 'auth_type', current=self.auth_type, default='x509_proxy')
+        self.auth_type = self.get_config_value(config, None, 'auth_type', current=self.auth_type, default='x509_proxy')
 
-        self.host = self.get_config_value(config, 'rest', 'host', current=self.host, default=None)
-        self.auth_type_host = self.get_config_value(config, self.auth_type, 'host', current=self.auth_type_host, default=None)
+        self.host = self.get_config_value(config, None, 'host', current=self.host, default=None)
 
-        self.x509_proxy = self.get_config_value(config, 'x509_proxy', 'x509_proxy', current=self.x509_proxy,
+        self.x509_proxy = self.get_config_value(config, None, 'x509_proxy', current=self.x509_proxy,
                                                 default='/tmp/x509up_u%d' % os.geteuid())
         if not self.x509_proxy or not os.path.exists(self.x509_proxy):
             proxy = get_proxy_path()
             if proxy:
                 self.x509_proxy = proxy
 
         if self.get_local_config_root():
-            self.oidc_token = self.get_config_value(config, 'oidc', 'oidc_token', current=self.oidc_token,
-                                                    default=os.path.join(self.get_local_config_root(), '.oidc_token'))
+            self.oidc_token = self.get_config_value(config, None, 'oidc_token', current=self.oidc_token,
+                                                    default=os.path.join(self.get_local_config_root(), '.token'))
         else:
-            self.oidc_token = self.get_config_value(config, 'oidc', 'oidc_token', current=self.oidc_token,
+            self.oidc_token = self.get_config_value(config, None, 'oidc_token', current=self.oidc_token,
                                                     default=None)
 
-        self.vo = self.get_config_value(config, self.auth_type, 'vo', current=self.vo, default=None)
+        self.vo = self.get_config_value(config, None, 'vo', current=self.vo, default=None)
 
         self.configuration = config
 
+    def set_local_configuration(self, name, value):
+        if value:
+            section = self.get_section(name)
+            if self.configuration and not self.configuration.has_section(section):
+                self.configuration.add_section(section)
+            if name in ['oidc_refresh_lifetime']:
+                value = str(value)
+            elif name in ['oidc_auto', 'oidc_polling']:
+                value = str(value).lower()
+            if self.configuration:
+                self.configuration.set(section, name, value)
+
     def save_local_configuration(self):
         local_cfg = self.get_local_cfg_file()
         if not local_cfg:
             logging.debug("local configuration file does not exist, will not store current setup.")
         else:
+            self.set_local_configuration(name='config', value=self.config)
+            self.set_local_configuration(name='auth_type', value=self.auth_type)
+            self.set_local_configuration(name='host', value=self.host)
+            self.set_local_configuration(name='x509_proxy', value=self.x509_proxy)
+            self.set_local_configuration(name='oidc_token', value=self.oidc_token)
+            self.set_local_configuration(name='vo', value=self.vo)
+
             with open(local_cfg, 'w') as configfile:
                 self.configuration.write(configfile)
 
     def setup_local_configuration(self, local_config_root=None, config=None, host=None,
-                                  auth_type=None, auth_type_host=None, x509_proxy=None,
+                                  auth_type=None, x509_proxy=None,
                                   oidc_token=None, vo=None):
 
         if 'IDDS_CONFIG' in os.environ and os.environ['IDDS_CONFIG']:
@@ -174,7 +218,6 @@ def setup_local_configuration(self, local_config_root=None, config=None, host=No
         self.config = config
         self.host = host
         self.auth_type = auth_type
-        self.auth_type_host = auth_type_host
         self.x509_proxy = x509_proxy
         self.oidc_token = oidc_token
         self.vo = vo

diff --git a/common/lib/idds/common/authentication.py b/common/lib/idds/common/authentication.py
@@ -61,7 +61,7 @@ def __init__(self, timeout=None):
                 self.max_expires_in = self.config.getint('common', 'max_expires_in')
 
     def load_auth_server_config(self):
-        config = ConfigParser.SafeConfigParser()
+        config = ConfigParser.ConfigParser()
         if os.environ.get('IDDS_AUTH_CONFIG', None):
             configfile = os.environ['IDDS_AUTH_CONFIG']
             if config.read(configfile) == [configfile]:
@@ -239,7 +239,7 @@ def get_public_key(self, token, jwks_uri):
             if j.get('kid') == kid:
                 jwk = j
         if jwk is None:
-            raise jwt.exceptions.InvalidTokenError('JWK not found for kid={0}'.format(kid, str(jwks)))
+            raise jwt.exceptions.InvalidTokenError('JWK not found for kid={0}: {1}'.format(kid, str(jwks)))
 
         public_num = RSAPublicNumbers(n=decode_value(jwk['n']), e=decode_value(jwk['e']))
         public_key = public_num.public_key(default_backend())