ProxyDB

ProxyDB class is a front-end to the ProxyDB MySQL database.

Database contains the following tables:

  • ProxyDB_Requests – a delegation requests storage table for a given proxy Chain

  • ProxyDB_CleanProxies – table for storing proxies in “clean” form, ie without the presence of DIRAC and VOMS extensions.

  • ProxyDB_Proxies – obsolete table for storing proxies with already added DIRAC group extension, it is present only for backward compatibility and is used only if ProxyDB_CleanProxies does not have the required proxy.

  • ProxyDB_VOMSProxies – proxy storage table with VOMS extension already added.

  • ProxyDB_Log – table with logs.

  • ProxyDB_Tokens – token storage table for proxy requests.

class DIRAC.FrameworkSystem.DB.ProxyDB.ProxyDB(useMyProxy=False, mailFrom=None, parentLogger=None)

Bases: DB

NOTIFICATION_TIMES = [2592000, 1296000]
__init__(useMyProxy=False, mailFrom=None, parentLogger=None)
Parameters:
  • useMyProxy (bool) – use MyProxy…

  • mailFrom (str) – address to use as sender for the expiration reminder emails

buildCondition(condDict=None, older=None, newer=None, timeStamp=None, orderAttribute=None, limit=False, greater=None, smaller=None, offset=None, useLikeQuery=False)

Build SQL condition statement from provided condDict and other extra check on a specified time stamp. The conditions dictionary specifies for each attribute one or a List of possible values greater and smaller are dictionaries in which the keys are the names of the fields, that are requested to be >= or < than the corresponding value. For compatibility with current usage it uses Exceptions to exit in case of invalid arguments For performing LIKE queries use the parameter useLikeQuery=True

completeDelegation(requestId, userDN, delegatedPem)

Complete a delegation and store it in the db

Parameters:
  • requestId (int) – id of the request

  • userDN (str) – user DN

  • delegatedPem (str) – delegated proxy as string

Returns:

S_OK()/S_ERROR()

countEntries(table, condDict, older=None, newer=None, timeStamp=None, connection=False, greater=None, smaller=None)

Count the number of entries wit the given conditions

deleteEntries(tableName, condDict=None, limit=False, conn=None, older=None, newer=None, timeStamp=None, orderAttribute=None, greater=None, smaller=None)

Delete rows from “tableName” with N records can match the condition if limit is not False, the given limit is set String type values will be appropriately escaped, they can be single values or lists of values.

deleteProxy(userDN, userGroup=None, proxyProvider=None)

Remove proxy of the given user from the repository

Parameters:
  • userDN (str) – user DN

  • userGroup (str) – DIRAC group

  • proxyProvider (str) – proxy provider name

Returns:

S_OK()/S_ERROR()

deleteRequest(requestId)

Delete a request from the db

Parameters:

requestId (int) – id of the request

Returns:

S_OK()/S_ERROR()

executeStoredProcedure(packageName, parameters, outputIds, *, conn=None)
executeStoredProcedureWithCursor(packageName, parameters, *, conn=None)
generateDelegationRequest(proxyChain, userDN)

Generate a request and store it for a given proxy Chain

Parameters:
  • proxyChain (X509Chain()) – proxy as chain

  • userDN (str) – user DN

Returns:

S_OK(dict)/S_ERROR() – dict contain id and proxy as string of the request

generateToken(requesterDN, requesterGroup, numUses=1, lifeTime=0, retries=10)

Generate and return a token and the number of uses for the token

Parameters:
  • requesterDN (str) – DN of requester

  • requesterGroup (str) – DIRAC group of requester

  • numUses (int) – number of uses

  • lifeTime (int) – proxy live time in a seconds

  • retries (int) – number of retries

Returns:

S_OK(tuple)/S_ERROR() – tuple with token and number of uses

getCSOption(optionName, defaultValue=None)
getCounters(table, attrList, condDict, older=None, newer=None, timeStamp=None, connection=False, greater=None, smaller=None)

Count the number of records on each distinct combination of AttrList, selected with condition defined by condDict and time stamps

getCredentialsAboutToExpire(requiredSecondsLeft, onlyPersistent=True)

Get credentials about to expire for MyProxy

Parameters:
  • requiredSecondsLeft (int) – required seconds left

  • onlyPersistent (boolean) – look records only with persistent flag

Returns:

S_OK()/S_ERROR()

getDistinctAttributeValues(table, attribute, condDict=None, older=None, newer=None, timeStamp=None, connection=False, greater=None, smaller=None)

Get distinct values of a table attribute under specified conditions

getFields(tableName, outFields=None, condDict=None, limit=False, conn=None, older=None, newer=None, timeStamp=None, orderAttribute=None, greater=None, smaller=None, useLikeQuery=False)

Select “outFields” from “tableName” with condDict N records can match the condition return S_OK(tuple(Field, Value)) if outFields is None all fields in “tableName” are returned if limit is not False, the given limit is set inValues are properly escaped using the _escape_string method, they can be single values or lists of values. if useLikeQuery=True, then conDict can return matched rows if “%” is defined inside conDict.

getLogsContent(selDict, sortList, start=0, limit=0)
Function to get the contents of the logs table

parameters are a filter to the db

getMyProxyMaxLifeTime()

Get a maximum of the proxy lifetime delegated by MyProxy

Returns:

int – time in a seconds

getMyProxyServer()

Get MyProxy server from configuration

Returns:

str

getProxiesContent(selDict, sortList, start=0, limit=0)

Get the contents of the db, parameters are a filter to the db

Parameters:
  • selDict (dict) – selection dict that contain fields and their posible values

  • sortList (dict) – dict with sorting fields

  • start (int) – search limit start

  • start – search limit amount

Returns:

S_OK(dict)/S_ERROR() – dict contain fields, record list, total records

getProxy(userDN, userGroup, requiredLifeTime=None)

Get proxy string from the Proxy Repository for use with userDN in the userGroup

Parameters:
  • userDN (str) – user DN

  • userGroup (str) – required DIRAC group

  • requiredLifeTime (int) – required proxy live time in a seconds

Returns:

S_OK(tuple)/S_ERROR() – tuple with proxy as chain and proxy live time in a seconds

getProxyStrength(userDN, userGroup=None, vomsAttr=None)

Load the proxy in cache corresponding to the criteria, and check its strength

Parameters:
  • userDN – DN of the user

  • userGroup – group of the user

  • vomsAttr – VOMS attr we plan to add on the proxy

getUsers(validSecondsLeft=0, userMask=None)

Get all the distinct users from the Proxy Repository. Optionally, only users with valid proxies within the given validity period expressed in seconds

Parameters:
  • validSecondsLeft (int) – validity period expressed in seconds

  • userMask (str) – user name that need to add to search filter

Returns:

S_OK(list)/S_ERROR() – list contain dicts with user name, DN, group expiration time, persistent flag

getVOMSProxy(userDN, userGroup, requiredLifeTime=None, requestedVOMSAttr=None)

Get proxy string from the Proxy Repository for use with userDN in the userGroup

Parameters:
  • userDN (str) – user DN

  • userGroup (str) – required DIRAC group

  • requiredLifeTime (int) – required proxy live time in a seconds

  • requestedVOMSAttr (str) – VOMS attribute

Returns:

S_OK(tuple)/S_ERROR() – tuple with proxy as chain and proxy live time in a seconds

insertFields(tableName, inFields=None, inValues=None, conn=None, inDict=None)

Insert a new row in “tableName” assigning the values “inValues” to the fields “inFields”. String type values will be appropriately escaped.

logAction(action, issuerDN, issuerGroup, targetDN, targetGroup)

Add an action to the log

Parameters:
  • action (str) – proxy action

  • issuerDN (str) – user DN of issuer

  • issuerGroup (str) – DIRAC group of issuer

  • targetDN (str) – user DN of target

  • targetGroup (str) – DIRAC group of target

Returns:

S_ERROR()

purgeExpiredProxies(sendNotifications=True)

Purge expired requests from the db

Parameters:

sendNotifications (boolean) – if need to send notification

Returns:

S_OK(int)/S_ERROR() – int is number of purged expired proxies

purgeExpiredRequests()

Purge expired requests from the db

Returns:

S_OK()/S_ERROR()

purgeExpiredTokens()

Purge expired tokens from the db

Returns:

S_OK(boolean)/S_ERROR()

purgeLogs()

Purge expired requests from the db

Returns:

S_OK()/S_ERROR()

renewFromMyProxy(userDN, userGroup, lifeTime=None, chain=None)

Renew proxy from MyProxy

Parameters:
  • userDN (str) – user DN

  • userGroup (str) – user group

  • lifeTime (int) – needed proxy live time in a seconds

  • chain (X509Chain) – proxy as chain

Returns:

S_OK(X509Chain/S_ERROR()

sendExpirationNotifications()

Send notification about expiration

Returns:

S_OK(list)/S_ERROR() – tuple list of user DN, group and proxy left time

setPersistencyFlag(userDN, userGroup, persistent=True)

Set the proxy PersistentFlag to the flag value

Parameters:
  • userDN (str) – user DN

  • userGroup (str) – group name

  • persistent (boolean) – enable persistent flag

Returns:

S_OK()/S_ERROR()

transactionCommit()
transactionRollback()
transactionStart()
updateFields(tableName, updateFields=None, updateValues=None, condDict=None, limit=False, conn=None, updateDict=None, older=None, newer=None, timeStamp=None, orderAttribute=None, greater=None, smaller=None)

Update “updateFields” from “tableName” with “updateValues”. updateDict alternative way to provide the updateFields and updateValues N records can match the condition return S_OK( number of updated rows ) if limit is not False, the given limit is set String type values will be appropriately escaped.

useToken(token, requesterDN, requesterGroup)

Uses of token count

Parameters:
  • token (str) – token

  • requesterDN (str) – DN of requester

  • requesterGroup (str) – DIRAC group of requester

Returns:

S_OK(boolean)/S_ERROR()