Merge pull request #7124 from fstagni/81_TS_RemoveDN

[8.1] TS: username instead of DN

Author: fstagni

src/DIRAC/TransformationSystem/Agent/RequestTaskAgent.py

@@ -65,14 +65,14 @@ def initialize(self):
 
         return S_OK()
 
-    def _getClients(self, ownerDN=None, ownerGroup=None):
+    def _getClients(self, owner=None, ownerGroup=None):
         """Set the clients for task submission.
 
         Here the taskManager becomes a RequestTasks object.
 
         See :func:`DIRAC.TransformationSystem.TaskManagerAgentBase._getClients`.
         """
-        res = super()._getClients(ownerDN=ownerDN, ownerGroup=ownerGroup)
-        threadTaskManager = self.requestTasksCls(ownerDN=ownerDN, ownerGroup=ownerGroup)
+        res = super()._getClients(owner=owner, ownerGroup=ownerGroup)
+        threadTaskManager = self.requestTasksCls(owner=owner, ownerGroup=ownerGroup)
         res.update({"TaskManager": threadTaskManager})
         return res

src/DIRAC/TransformationSystem/Agent/TaskManagerAgentBase.py

@@ -18,7 +18,6 @@
 from DIRAC.Core.Utilities.List import breakListIntoChunks
 from DIRAC.Core.Utilities.Dictionaries import breakDictionaryIntoChunks
 from DIRAC.ConfigurationSystem.Client.Helpers.Operations import Operations
-from DIRAC.ConfigurationSystem.Client.Helpers.Registry import getDNForUsername, getUsernameForDN
 from DIRAC.TransformationSystem.Client.FileReport import FileReport
 from DIRAC.TransformationSystem.Client.WorkflowTasks import WorkflowTasks
 from DIRAC.TransformationSystem.Client.TransformationClient import TransformationClient
@@ -50,7 +49,7 @@ def __init__(self, *args, **kwargs):
         # credentials
         self.shifterProxy = None
         self.credentials = None
-        self.credTuple = (None, None, None)
+        self.credTuple = (None, None)
 
         self.pluginLocation = ""
         self.bulkSubmissionFlag = False
@@ -101,17 +100,16 @@ def execute(self):
         """The execution method is transformations that need to be processed"""
 
         # 1. determining which credentials will be used for the submission
-        owner, ownerGroup, ownerDN = None, None, None
+        owner, ownerGroup = None, None
         # getting the credentials for submission
         resProxy = getProxyInfo(proxy=False, disableVOMS=False)
         if resProxy["OK"]:  # there is a shifterProxy
             proxyInfo = resProxy["Value"]
             owner = proxyInfo["username"]
             ownerGroup = proxyInfo["group"]
-            ownerDN = proxyInfo["identity"]
             self.log.info(f"ShifterProxy: Tasks will be submitted with the credentials {owner}:{ownerGroup}")
         elif self.credentials:
-            owner, ownerGroup, ownerDN = self.credTuple
+            owner, ownerGroup = self.credTuple
         else:
             self.log.info("Using per Transformation Credentials!")
 
@@ -137,7 +135,6 @@ def execute(self):
                     transformations,
                     owner=owner,
                     ownerGroup=ownerGroup,
-                    ownerDN=ownerDN,
                 )
 
         # 2.2. Determine whether the task files status is to be monitored and updated
@@ -159,7 +156,6 @@ def execute(self):
                     transformations,
                     owner=owner,
                     ownerGroup=ownerGroup,
-                    ownerDN=ownerDN,
                 )
 
         # Determine whether the checking of reserved tasks is to be performed
@@ -181,7 +177,6 @@ def execute(self):
                     transformations,
                     owner=owner,
                     ownerGroup=ownerGroup,
-                    ownerDN=ownerDN,
                 )
 
         # Determine whether the submission of tasks is to be performed
@@ -210,7 +205,6 @@ def execute(self):
                     transformations,
                     owner=owner,
                     ownerGroup=ownerGroup,
-                    ownerDN=ownerDN,
                 )
 
         # now call _execute...
@@ -254,21 +248,21 @@ def _selectTransformations(self, transType=None, status=None, agentType=None):
 
     #############################################################################
 
-    def _getClients(self, ownerDN=None, ownerGroup=None):
+    def _getClients(self, owner=None, ownerGroup=None):
         """Returns the clients used in the threads
 
         This is another function that should be extended.
 
         The clients provided here are defaults, and should be adapted
 
-        If ownerDN and ownerGroup are not None the clients will delegate to these credentials
+        If owner and ownerGroup are not None the clients will delegate to these credentials
 
-        :param str ownerDN: DN of the owner of the submitted jobs
+        :param str owner: owner of the submitted jobs
         :param str ownerGroup: group of the owner of the submitted jobs
         :returns: dict of Clients
         """
         threadTransformationClient = TransformationClient()
-        threadTaskManager = WorkflowTasks(ownerDN=ownerDN, ownerGroup=ownerGroup)
+        threadTaskManager = WorkflowTasks(owner=owner, ownerGroup=ownerGroup)
         threadTaskManager.pluginLocation = self.pluginLocation
 
         return {"TransformationClient": threadTransformationClient, "TaskManager": threadTaskManager}
@@ -279,7 +273,7 @@ def _execute(self, transDict):
         clients = (
             self._getClients()
             if self.shifterProxy
-            else self._getClients(ownerGroup=self.credTuple[1], ownerDN=self.credTuple[2])
+            else self._getClients(owner=self.credTuple[0], ownerGroup=self.credTuple[1])
             if self.credentials
             else None
         )
@@ -293,8 +287,8 @@ def _execute(self, transDict):
             transID = transDict["TransformationID"]
             operations = transDict["Operations"]
             if not (self.credentials or self.shifterProxy):
-                ownerDN, group = transDict["OwnerDN"], transDict["OwnerGroup"]
-                clients = self._getClients(ownerDN=ownerDN, ownerGroup=group)
+                owner, group = transDict["Owner"], transDict["OwnerGroup"]
+                clients = self._getClients(owner=owner, ownerGroup=group)
             self._logInfo("Start processing transformation", method=method, transID=transID)
             for operation in operations:
                 self._logInfo(f"Executing {operation}", method=method, transID=transID)
@@ -656,30 +650,28 @@ def _addOperationForTransformations(
         transformations,
         owner=None,
         ownerGroup=None,
-        ownerDN=None,
     ):
         """Fill the operationsOnTransformationDict"""
 
         transformationIDsAndBodies = (
             (
                 transformation["TransformationID"],
                 transformation["Body"],
-                transformation["AuthorDN"],
+                transformation["Author"],
                 transformation["AuthorGroup"],
             )
             for transformation in transformations["Value"]
         )
-        for transID, body, t_ownerDN, t_ownerGroup in transformationIDsAndBodies:
+        for transID, body, t_owner, t_ownerGroup in transformationIDsAndBodies:
             if transID in operationsOnTransformationDict:
                 operationsOnTransformationDict[transID]["Operations"].append(operation)
             else:
                 operationsOnTransformationDict[transID] = {
                     "TransformationID": transID,
                     "Body": body,
                     "Operations": [operation],
-                    "Owner": owner if owner else getUsernameForDN(t_ownerDN)["Value"],
+                    "Owner": owner if owner else t_owner,
                     "OwnerGroup": ownerGroup if owner else t_ownerGroup,
-                    "OwnerDN": ownerDN if owner else t_ownerDN,
                 }
 
     def __getCredentials(self):
@@ -696,7 +688,6 @@ def __getCredentials(self):
         owner = resCred["Value"]["User"]
         ownerGroup = resCred["Value"]["Group"]
         # returns  a list
-        ownerDN = getDNForUsername(owner)["Value"][0]
-        self.credTuple = (owner, ownerGroup, ownerDN)
+        self.credTuple = (owner, ownerGroup)
         self.log.info(f"Cred: Tasks will be submitted with the credentials {owner}:{ownerGroup}")
         return S_OK()

src/DIRAC/TransformationSystem/Agent/TransformationCleaningAgent.py

@@ -148,10 +148,10 @@ def execute(self):
                     self._executeClean(transDict)
                 else:
                     self.log.info(
-                        f"Cleaning transformation {transDict['TransformationID']} with {transDict['AuthorDN']}, {transDict['AuthorGroup']}"
+                        f"Cleaning transformation {transDict['TransformationID']} with {transDict['Author']}, {transDict['AuthorGroup']}"
                     )
                     executeWithUserProxy(self._executeClean)(
-                        transDict, proxyUserDN=transDict["AuthorDN"], proxyUserGroup=transDict["AuthorGroup"]
+                        transDict, proxyUserName=transDict["Author"], proxyUserGroup=transDict["AuthorGroup"]
                     )
         else:
             self.log.error("Failed to get transformations", res["Message"])
@@ -164,11 +164,11 @@ def execute(self):
                     self._executeRemoval(transDict)
                 else:
                     self.log.info(
-                        "Removing files for transformation %(TransformationID)s with %(AuthorDN)s, %(AuthorGroup)s"
+                        "Removing files for transformation %(TransformationID)s with %(Author)s, %(AuthorGroup)s"
                         % transDict
                     )
                     executeWithUserProxy(self._executeRemoval)(
-                        transDict, proxyUserDN=transDict["AuthorDN"], proxyUserGroup=transDict["AuthorGroup"]
+                        transDict, proxyUserName=transDict["Author"], proxyUserGroup=transDict["AuthorGroup"]
                     )
         else:
             self.log.error("Could not get the transformations", res["Message"])
@@ -186,11 +186,11 @@ def execute(self):
                     self._executeArchive(transDict)
                 else:
                     self.log.info(
-                        "Archiving files for transformation %(TransformationID)s with %(AuthorDN)s, %(AuthorGroup)s"
+                        "Archiving files for transformation %(TransformationID)s with %(Author)s, %(AuthorGroup)s"
                         % transDict
                     )
                     executeWithUserProxy(self._executeArchive)(
-                        transDict, proxyUserDN=transDict["AuthorDN"], proxyUserGroup=transDict["AuthorGroup"]
+                        transDict, proxyUserName=transDict["Author"], proxyUserGroup=transDict["AuthorGroup"]
                     )
         else:
             self.log.error("Could not get the transformations", res["Message"])
@@ -244,22 +244,22 @@ def finalize(self):
                     self._executeClean(transDict)
                 else:
                     self.log.info(
-                        f"Cleaning transformation {transDict['TransformationID']} with {transDict['AuthorDN']}, {transDict['AuthorGroup']}"
+                        f"Cleaning transformation {transDict['TransformationID']} with {transDict['Author']}, {transDict['AuthorGroup']}"
                     )
                     executeWithUserProxy(self._executeClean)(
-                        transDict, proxyUserDN=transDict["AuthorDN"], proxyUserGroup=transDict["AuthorGroup"]
+                        transDict, proxyUserName=transDict["Author"], proxyUserGroup=transDict["AuthorGroup"]
                     )
 
             for transDict in toArchive:
                 if self.shifterProxy:
                     self._executeArchive(transDict)
                 else:
                     self.log.info(
-                        "Archiving files for transformation %(TransformationID)s with %(AuthorDN)s, %(AuthorGroup)s"
+                        "Archiving files for transformation %(TransformationID)s with %(Author)s, %(AuthorGroup)s"
                         % transDict
                     )
                     executeWithUserProxy(self._executeArchive)(
-                        transDict, proxyUserDN=transDict["AuthorDN"], proxyUserGroup=transDict["AuthorGroup"]
+                        transDict, proxyUserName=transDict["Author"], proxyUserGroup=transDict["AuthorGroup"]
                     )
 
             # Remove JobIDs that were unknown to the TransformationSystem

src/DIRAC/TransformationSystem/Agent/test/Test_Agent_TransformationSystem.py

@@ -148,9 +148,8 @@ def test_checkReservedTasks(
     "TransformationID": 1,
     "Operations": ["op1", "op2"],
     "Body": "veryBigBody",
-    "Owner": "prodMan",
-    "OwnerDN": "/ca=man/user=prodMan",
-    "OwnerGroup": "prodMans",
+    "Owner": "prod",
+    "OwnerGroup": "prods",
 }
 sOkJobDict = {"OK": True, "Value": {"JobDictionary": {123: "foo", 456: "bar"}}}
 sOkJobs = {"OK": True, "Value": {123: "foo", 456: "bar"}}

src/DIRAC/TransformationSystem/Client/RequestTasks.py

@@ -5,7 +5,6 @@
 from DIRAC.ConfigurationSystem.Client.Helpers.Registry import getDNForUsername
 from DIRAC.Core.Security.ProxyInfo import getProxyInfo
 from DIRAC.Core.Utilities.JEncode import decode
-
 from DIRAC.RequestManagementSystem.Client.ReqClient import ReqClient
 from DIRAC.RequestManagementSystem.Client.Request import Request
 from DIRAC.RequestManagementSystem.Client.Operation import Operation
@@ -36,7 +35,7 @@ def __init__(
         requestClient=None,
         requestClass=None,
         requestValidator=None,
-        ownerDN=None,
+        owner=None,
         ownerGroup=None,
     ):
         """c'tor
@@ -50,11 +49,13 @@ def __init__(
             logger = gLogger.getSubLogger(self.__class__.__name__)
 
         super().__init__(transClient, logger)
-        useCertificates = True if (bool(ownerDN) and bool(ownerGroup)) else False
+        useCertificates = True if (bool(owner) and bool(ownerGroup)) else False
 
         if not requestClient:
             self.requestClient = ReqClient(
-                useCertificates=useCertificates, delegatedDN=ownerDN, delegatedGroup=ownerGroup
+                useCertificates=useCertificates,
+                delegatedDN=getDNForUsername(owner)["Value"][0] if owner else None,
+                delegatedGroup=ownerGroup,
             )
         else:
             self.requestClient = requestClient

src/DIRAC/TransformationSystem/Client/Transformation.py

@@ -11,7 +11,6 @@
 from DIRAC.TransformationSystem.Client.BodyPlugin.BaseBody import BaseBody
 from DIRAC.TransformationSystem.Client.TransformationClient import TransformationClient
 from DIRAC.ConfigurationSystem.Client.Helpers.Operations import Operations
-from DIRAC.Core.Security.ProxyInfo import getProxyInfo
 from DIRAC.RequestManagementSystem.Client.Operation import Operation
 
 COMPONENT_NAME = "Transformation"
@@ -269,7 +268,7 @@ def getTransformationLogging(self, printOutput=False):
         loggingList = res["Value"]
         if printOutput:
             self._printFormattedDictList(
-                loggingList, ["Message", "MessageDate", "AuthorDN"], "MessageDate", "MessageDate"
+                loggingList, ["Message", "MessageDate", "Author"], "MessageDate", "MessageDate"
             )
         return S_OK(loggingList)
 
@@ -425,63 +424,19 @@ def getTransformations(
                 self._printFormattedDictList(res["Value"], outputFields, "TransformationID", orderBy)
         return res
 
-    #############################################################################
-    def getAuthorDNfromProxy(self):
-        """gets the AuthorDN and username of the transformation from the uploaded proxy"""
-        username = ""
-        author = ""
-        res = getProxyInfo()
-        if res["OK"]:
-            author = res["Value"]["identity"]
-            username = res["Value"]["username"]
-        else:
-            gLogger.error(f"Unable to get uploaded proxy Info {res['Message']} ")
-            return S_ERROR(res["Message"])
-
-        res = {"username": username, "authorDN": author}
-        return S_OK(res)
-
     #############################################################################
     def getTransformationsByUser(
         self,
-        authorDN="",
         userName="",
         transID=[],
         transStatus=[],
-        outputFields=["TransformationID", "Status", "AgentType", "TransformationName", "CreationDate", "AuthorDN"],
+        outputFields=["TransformationID", "Status", "AgentType", "TransformationName", "CreationDate", "Author"],
         orderBy="TransformationID",
         printOutput=False,
     ):
         condDict = {}
-        if authorDN == "":
-            res = self.getAuthorDNfromProxy()
-            if not res["OK"]:
-                gLogger.error(res["Message"])
-                return S_ERROR(res["Message"])
-            else:
-                foundUserName = res["Value"]["username"]
-                foundAuthor = res["Value"]["authorDN"]
-                # If the username whom created the uploaded proxy is different than the provided username report error and exit
-                if not (userName == "" or userName == foundUserName):
-                    gLogger.error(
-                        "Couldn't resolve the authorDN for user '%s' from the uploaded proxy (proxy created by '%s')"
-                        % (userName, foundUserName)
-                    )
-                    return S_ERROR(
-                        "Couldn't resolve the authorDN for user '%s' from the uploaded proxy (proxy created by '%s')"
-                        % (userName, foundUserName)
-                    )
-
-                userName = foundUserName
-                authorDN = foundAuthor
-                gLogger.info(
-                    "Will list transformations created by user '%s' with status '%s'"
-                    % (userName, ", ".join(transStatus))
-                )
-        else:
-            gLogger.info(f"Will list transformations created by '{authorDN}' with status '{', '.join(transStatus)}'")
-
-        condDict["AuthorDN"] = authorDN
+        gLogger.info(f"Will list transformations created by user '{userName}' with status '{transStatus}'")
+        condDict["Author"] = userName
         if transID:
             condDict["TransformationID"] = transID
         if transStatus: