sad

integration_tests.py

@@ -358,7 +358,7 @@ def install_server():
  # This runs a continuous loop that exports the config in yaml
  # for the diracx container to use
  typer.secho("Starting configuration export loop for diracx", fg=c.GREEN)
- base_cmd = _build_docker_cmd("server", tty=False, daemon=True)
+ base_cmd = _build_docker_cmd("server", tty=False, daemon=True, use_root=True)
  subprocess.run(
  base_cmd + ["bash", "/home/dirac/LocalRepo/ALTERNATIVE_MODULES/DIRAC/tests/CI/exportCSLoop.sh"],
  check=True,

src/DIRAC/FrameworkSystem/Service/ProxyManagerHandler.py

@@ -426,18 +426,23 @@ def export_exchangeProxyForToken(self):
  vo = Registry.getVOForGroup(credDict["group"])
  dirac_properties = list(set(credDict.get("groupProperties", [])) | set(credDict.get("properties", [])))
  group = credDict["group"]
- scopes = [f"vo:{vo}", f"group:{group}", [f"property:{prop}" for prop in dirac_properties]]
-
- r = requests.get(
- f"{diracxUrl}/auth/legacy-exchange",
- params={
- "preferred_username": credDict["username"],
- "scopes": " ".join(scopes),
- },
- headers={"Authorization": f"Bearer {apiKey}"},
- )
+ scopes = [f"vo:{vo}", f"group:{group}"] + [f"property:{prop}" for prop in dirac_properties]
+
+ try:
+ r = requests.get(
+ f"{diracxUrl}/auth/legacy-exchange",
+ params={
+ "preferred_username": credDict["username"],
+ "scope": " ".join(scopes),
+ },
+ headers={"Authorization": f"Bearer {apiKey}"},
+ )
+ except requests.exceptions.RequestException as exc:
+ return S_ERROR(f"Failed to contact DiracX: {exc}")
+ else:
+ if not r.ok:
+ return S_ERROR(f"Failed to contact DiracX: {r.status_code} {r.text}")
 
- r.raise_for_status()
  return S_OK(r.json())
 
 

tests/CI/docker-compose.yml

@@ -65,7 +65,6 @@ services:
  pull_policy: always
 
  diracx-wait-for-db:
-
  image: ${MYSQL_VER}
  container_name: diracx-wait-for-db
  depends_on:
@@ -74,7 +73,6 @@ services:
  command: /home/dirac/LocalRepo/ALTERNATIVE_MODULES/DIRAC/tests/CI/check_db_initialized.sh
  pull_policy: always
 
-
  dirac-server:
  image: ${CI_REGISTRY_IMAGE}/${HOST_OS}-dirac
  container_name: server
@@ -91,7 +89,7 @@ services:
  iam-login-service:
  condition: service_started
  diracx-init-key:
- condition: service_completed_successfully # Let the init container create the cs
+ condition: service_completed_successfully # Let the init container create the singing key
  diracx-init-cs:
  condition: service_completed_successfully # Let the init container create the cs
  ulimits:
@@ -115,8 +113,6 @@ services:
  nofile: 8192
  pull_policy: always
 
-
-
  diracx-init-key:
  image: ghcr.io/diracgrid/diracx/server
  container_name: diracx-init-key
@@ -143,20 +139,36 @@ services:
  /dockerMicroMambaEntrypoint.sh dirac internal generate-cs /cs_store/initialRepo --vo=diracAdmin --user-group=admin --idp-url=http://dsdsd.csds/a/b
  pull_policy: always
 
+ diracx-init-db:
+ image: ghcr.io/diracgrid/diracx/server
+ container_name: diracx-init-db
+ depends_on:
+ mysql:
+ condition: service_healthy
+ environment:
+ - DIRACX_DB_URL_AUTHDB=mysql+aiomysql://Dirac:Dirac@mysql/AuthDB
+ entrypoint: |
+ /dockerMicroMambaEntrypoint.sh bash -xc 'micromamba install -c conda-forge mysql-client && mysql -h mysql -u root --password=password -e "CREATE DATABASE `DiracXAuthDB`" && mysql -h mysql -u root --password=password -e "GRANT SELECT,INSERT,LOCK TABLES,UPDATE,DELETE,CREATE,DROP,ALTER,REFERENCES,CREATE VIEW,SHOW VIEW,INDEX,TRIGGER,ALTER ROUTINE,CREATE ROUTINE ON `DiracXAuthDB`.* TO '"'"'Dirac'"'"'@'"'"'%'"'"'" && python -m diracx.db init-sql'
+ pull_policy: always
+
  diracx:
  image: ghcr.io/diracgrid/diracx/server
  container_name: diracx
  environment:
  - DIRACX_CONFIG_BACKEND_URL=git+file:///cs_store/initialRepo
- - "DIRACX_DB_URL_AUTHDB=sqlite+aiosqlite:///:memory:"
+ - DIRACX_DB_URL_AUTHDB=mysql+aiomysql://Dirac:Dirac@mysql/AuthDB
  - DIRACX_DB_URL_JOBDB=mysql+aiomysql://Dirac:Dirac@mysql/JobDB
+ - DIRACX_DB_URL_JOBLOGGINGDB=mysql+aiomysql://Dirac:Dirac@mysql/JobLoggingDB
+ - DIRACX_DB_URL_SANDBOXMETADATADB=mysql+aiomysql://Dirac:Dirac@mysql/SandboxMetadataDB
  - DIRACX_SERVICE_AUTH_TOKEN_KEY=file:///signing-key/rs256.key
  - DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS=["http://diracx:8000/docs/oauth2-redirect"]
  # Obtained with echo 'InsecureChangeMe' | base64 -d | openssl sha512
  - DIRACX_LEGACY_EXCHANGE_HASHED_API_KEY=07cddf6948d316ac9d186544dc3120c4c6697d8f994619665985c0a5bf76265a
  ports:
  - 8000:8000
  depends_on:
+ diracx-init-db:
+ condition: service_completed_successfully
  diracx-wait-for-db:
  condition: service_completed_successfully
  volumes:

tests/CI/exportCSLoop.sh

@@ -9,6 +9,6 @@ git config --global user.email "dirac-server-ci@invalid"
 while true;
 do
  curl -L https://gitlab.cern.ch/chaen/chris-hackaton-cs/-/raw/master/convert-from-legacy.py |DIRAC_COMPAT_ENABLE_CS_CONVERSION=True ~/ServerInstallDIR/diracos/bin/python - ~/ServerInstallDIR/etc/Production.cfg /cs_store/initialRepo/
- git -C /cs_store/initialRepo/ commit -am "export $(date)"
+ git --git-dir=.git -C /cs_store/initialRepo/ commit -am "export $(date)"
  sleep 5;
 done

tests/Jenkins/dirac_ci.sh

@@ -135,7 +135,7 @@ installSite() {
 
  echo "==> Done installing, now configuring"
  source "${SERVERINSTALLDIR}/bashrc"
- if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" --LegacyExchangeApiKey='InsecureChangeMe' "${DEBUG}"; then
+ if ! dirac-configure --cfg "${SERVERINSTALLDIR}/install.cfg" --LegacyExchangeApiKey='diracx:legacy:InsecureChangeMe' "${DEBUG}"; then
  echo "ERROR: dirac-configure failed" >&2
  exit 1
  fi