Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Synchronize betweem VOMS/IAM/CS from VOMS2CSAgent #7416

Closed
2 tasks done
chaen opened this issue Jan 22, 2024 · 1 comment · Fixed by #7711
Closed
2 tasks done

Synchronize betweem VOMS/IAM/CS from VOMS2CSAgent #7416

chaen opened this issue Jan 22, 2024 · 1 comment · Fixed by #7711
Assignees
@chaen
Milestone
v9.0

Comments

@chaen
Copy link
Contributor

chaen commented Jan 22, 2024
edited
Loading

Edit: I add an extra usecase to this task

The VOMS interface provided by IAM does not actually expose the voms-admin API, which means we need to query the IAM API to list the users.

TODO:

In the VOMS2CSAgent, update the /DiracX/<vo><UserSubjects> section directly from IAM (https://indigo-iam.github.io/v/v1.8.3/docs/reference/api/account-api/#get-iamaccountsearch)

curl -q -L -s  -u ${CLIENT_ID}:${CLIENT_SECRET}  -d grant_type=client_credentials -d scope=iam:admin.read     ${IAM_TOKEN_ENDPOINT} > /tmp/token.json

export AT=$(cat /tmp/token.json  | jq ".access_token")
import requests, json
import os
token = os.environ.get('AT')

headers = {"Authorization": f"Bearer {token}"}
iam_list_url = 'https://lhcb-auth.web.cern.ch/iam/account/search'
results = []
startIndex = 1
totalResults = 1000  # total number of users
itemsPerPage = 10
while(startIndex < totalResults):
    resp = requests.get(iam_list_url, headers=headers, params = {'startIndex':startIndex})
    resp.raise_for_status()
    data = resp.json()
    # These 2 should never change, but just to be sure...
    totalResults = data['totalResults']
    itemsPerPage = data['itemsPerPage']

    startIndex += itemsPerPage
    results.extend(data['Resources'])
with open('accounts.json', 'w+') as fp:
    fp.write(json.dumps(results))

Originally posted by @chaen in DIRACGrid/diracx#191 (comment)
@chaen chaen transferred this issue from DIRACGrid/diracx Jan 23, 2024
@fstagni fstagni added this to the v9.0 milestone Jan 23, 2024
@chaen
Copy link
Contributor Author

chaen commented Apr 12, 2024

There's another API, probably better, because it only requires scim:read scope

https://indigo-iam.github.io/v/v1.8.3/docs/reference/api/scim-api/#get-scimusers

@chaen chaen changed the title Synchronize IAM to CS from VOMS2CSAgent Synchronize betweem VOMS/IAM/CS from VOMS2CSAgent May 14, 2024
@chaen chaen mentioned this issue May 14, 2024
Merged
@chaen chaen mentioned this issue Jun 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chaen chaen

Labels
None yet
Projects
None yet
Milestone
v9.0
Development

Successfully merging a pull request may close this issue.

[9.0] Populate diracx user subs from IAM chaen/DIRAC
2 participants
@fstagni @chaen