Merge pull request #377 from tmaeno/master

added get_access_token

pandaserver/jobdispatcher/JobDispatcher.py

@@ -819,7 +819,7 @@ def getResourceTypes(self, timeout, accept_json):
         return response.encode(accept_json)
 
     # get proxy
-    def get_proxy(self, real_distinguished_name, role, target_distinguished_name, tokenized, token_key) -> str | dict:
+    def get_proxy(self, real_distinguished_name: str, role: str | None, target_distinguished_name: str | None, tokenized: bool, token_key: str | None) -> dict:
         """
         Get proxy for a user with a role
 
@@ -830,7 +830,7 @@ def get_proxy(self, real_distinguished_name, role, target_distinguished_name, to
         :param tokenized: whether the response should contain a token instead of a proxy
         :param token_key: key to get the token from the token cache
 
-        :return: response in URL encoded string or dictionary
+        :return: response in dictionary
         """
         if target_distinguished_name is None:
             target_distinguished_name = real_distinguished_name
@@ -869,7 +869,7 @@ def get_proxy(self, real_distinguished_name, role, target_distinguished_name, to
                 # invalid token key
                 tmp_msg += f"failed since token key is invalid for {target_distinguished_name}"
                 tmp_log.debug(tmp_msg)
-                response = Protocol.Response(Protocol.SC_Perms, tmp_msg)
+                response = Protocol.Response(Protocol.SC_Invalid, tmp_msg)
             else:
                 # get proxy
                 response = Protocol.Response(Protocol.SC_Success, "")
@@ -1666,18 +1666,19 @@ def getKeyPair(req, publicKeyName, privateKeyName):
 
 
 # get proxy
-def getProxy(req, role=None, dn=None, tokenized=None, token_key=None):
+def getProxy(req, role=None, dn=None):
     # get DN
     realDN = _getDN(req)
     if role == "":
         role = None
-    if isinstance(tokenized, bool):
-        pass
-    elif tokenized == "True":
-        tokenized = True
-    else:
-        tokenized = False
-    return jobDispatcher.get_proxy(realDN, role, dn, tokenized, token_key)
+    return jobDispatcher.get_proxy(realDN, role, dn, False, None)
+
+
+# get access token
+def get_access_token(req, client_name, token_key=None):
+    # get DN
+    real_dn = _getDN(req)
+    return jobDispatcher.get_proxy(real_dn, None, client_name, True, token_key)
 
 
 # get a token key

pandaserver/server/panda.py

@@ -31,6 +31,7 @@
     checkEventsAvailability,
     checkJobStatus,
     genPilotToken,
+    get_access_token,
     get_events_status,
     get_max_worker_id,
     get_token_key,

pandaserver/srvcore/allowed_methods.py

@@ -32,6 +32,7 @@
     "updateEventRanges",
     "getDNsForS3",
     "getProxy",
+    "get_access_token",
     "get_token_key",
     "getCommands",
     "ackCommands",

pandaserver/srvcore/panda_request.py

@@ -62,7 +62,12 @@ def __init__(self, env, tmp_log):
                     else:
                         # robot
                         if vo_role in panda_config.auth_vo_dict and "robot_ids" in panda_config.auth_vo_dict[vo_role]:
-                            robot_ids = [i for i in panda_config.auth_vo_dict[vo_role].get("robot_ids").split(",") if i]
+                            robot_ids = panda_config.auth_vo_dict[vo_role].get("robot_ids")
+                            if isinstance(robot_ids, str):
+                                robot_ids = robot_ids.split(",")
+                            if not robot_ids:
+                                robot_ids = []
+                            robot_ids = [i for i in robot_ids if i]
                             if token["sub"] in robot_ids:
                                 if "groups" not in token:
                                     if role: