Merge pull request #209 from chrisburr/proxy-cs-options

Include proxy related options in the DiracX CS
DIRACGrid · Jan 28, 2024 · d44389a · d44389a
2 parents f4b1ab0 + cd995f0
commit d44389a
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 5 deletions.
diff --git a/diracx-cli/src/diracx/cli/internal/legacy.py b/diracx-cli/src/diracx/cli/internal/legacy.py
@@ -133,6 +133,10 @@ def _apply_fixes(raw):
             raw["Registry"][vo]["DefaultProxyLifeTime"] = original_registry[
                 "DefaultProxyLifeTime"
             ]
+        # Copy over the necessary parts of the VO section
+        for key in {"VOMSName"}:
+            if key in original_registry.get("VO", {}).get(vo, {}):
+                raw["Registry"][vo][key] = original_registry["VO"][vo][key]
         # Find the groups that belong to this VO
         vo_users = set()
         for name, info in original_registry["Groups"].items():
@@ -159,8 +163,14 @@ def _apply_fixes(raw):
                     raw["Registry"][vo]["Users"][subject] = info | {
                         "PreferedUsername": name
                     }
-                    # We ignore the DN and CA
-                    raw["Registry"][vo]["Users"][subject].pop("DN", None)
+                    # Strip any DNs which are from the failed OAuth2 attempt
+                    raw_dn = raw["Registry"][vo]["Users"][subject].pop("DN", None)
+                    raw["Registry"][vo]["Users"][subject]["DNs"] = [
+                        dn.strip()
+                        for dn in raw_dn.split(",")
+                        if not dn.strip().startswith("/O=DIRAC/")
+                    ]
+                    # We ignore the CA
                     raw["Registry"][vo]["Users"][subject].pop("CA", None)
 
 

diff --git a/diracx-cli/tests/legacy/cs_sync/integration_test.yaml b/diracx-cli/tests/legacy/cs_sync/integration_test.yaml
@@ -70,19 +70,26 @@ Registry:
       ClientID: 995ed3b9-d5bd-49d3-a7f4-7fc7dbd5a0cd
       URL: https://jenkins.invalid/
     Support:
-      Email: "[email protected]"
-      Message: "Contact the help desk"
-      Webpage: "https://helpdesk.vo.invalid"
+      Email: [email protected]
+      Message: Contact the help desk
+      Webpage: https://helpdesk.vo.invalid
     Users:
       26dbe36e-cf5c-4c52-a834-29a1c904ef74:
+        DNs:
+        - /C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser
         Email: [email protected]
         PreferedUsername: ciuser
       a95ab678-3fa4-41b9-b863-fe62ce8064ce:
+        DNs:
+        - /C=ch/O=DIRAC/OU=DIRAC CI/CN=trialUser
         Email: [email protected]
         PreferedUsername: trialUser
       e2cb28ec-1a1e-40ee-a56d-d899b79879ce:
+        DNs:
+        - /C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser
         Email: [email protected]
         PreferedUsername: adminusername
+    VOMSName: myVOMS
   vo:
     DefaultGroup: dirac_user
     Groups:
@@ -110,12 +117,18 @@ Registry:
     Support: {}
     Users:
       26b14fc9-6d40-4ca5-b014-6234eaf0fb6e:
+        DNs:
+        - /C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser
         Email: [email protected]
         PreferedUsername: adminusername
       d3adc733-6588-4d6f-8581-5986b02d0c87:
+        DNs:
+        - /C=ch/O=DIRAC/OU=DIRAC CI/CN=ciuser
         Email: [email protected]
         PreferedUsername: ciuser
       ff2152ff-34f4-4739-b106-3def37e291e3:
+        DNs:
+        - /C=ch/O=DIRAC/OU=DIRAC CI/CN=trialUser
         Email: [email protected]
         PreferedUsername: trialUser
 Resources:

diff --git a/diracx-core/src/diracx/core/config/schema.py b/diracx-core/src/diracx/core/config/schema.py
@@ -37,6 +37,7 @@ def legacy_adaptor(cls, v):
 
 class UserConfig(BaseModel):
     PreferedUsername: str
+    DNs: list[str] = []
     Email: EmailStr | None
     Suspended: list[str] = []
     Quota: int | None = None
@@ -79,6 +80,7 @@ class RegistryConfig(BaseModel):
     DefaultGroup: str
     DefaultStorageQuota: float = 0
     DefaultProxyLifeTime: int = 12 * 60 * 60
+    VOMSName: str | None = None
 
     Users: dict[str, UserConfig]
     Groups: dict[str, GroupConfig]