Details
-
Task
-
Status: Closed
-
Medium
-
Resolution: Fixed
-
fts-rest-server 3.12.0
-
Security Level: Public Data (This ticket is visible to anyone on the internet and will be indexed by search engines)
-
None
Description
A client using the fts-rest clients currently fails to delegate his credentials to the new fts-rest-flask server.
Example:
[root@joaopedro ~]# fts-rest-delegate -s https://fts-flask-03.cern.ch:8446 Error: Client error: list indices must be integers, not str
Problem:
The delegation process through the fts-rest-delegate command starts with the client asking the server the remaining life of his credentials.
With the current implementation, if no credential were previously delegated to the server, the delegation process will fail.
Cause:
To get the remaining lifetime of the current credentials the following method is used by the client:
def _get_remaining_life(self, delegation_id):
r = self.get_info(delegation_id)
if r is None:
return None
else:
expiration_time = datetime.strptime(r['termination_time'], '%Y-%m-%dT%H:%M:%S')
return expiration_time – datetime.utcnow()
which in its turn uses the method:
def get_info(self, delegation_id=None):
if delegation_id is None:
delegation_id = self._get_delegation_id()
return json.loads(self.context.get('/delegation/' + delegation_id))
The last method does a GET request to the endpoint “/delegation/<delegation_id>”. The current implementation expects to receive “null” in case the credentials do not exist in the server, but the new fts-rest-server returns an empty list instead:
[root@joaopedro fts-rest-flask]# curl --cacert /tmp/x509up_u0 --cert /tmp/x509up_u0 --capath /etc/grid-security/certificates/ https://fts-flask-03.cern.ch:8446/delegation/62fbf8b872aa7286 []
Causing an error in the function `_get_remaining_life()`.
The same request on the FTS-REST server:
[root@joaopedro fts-rest-flask]# curl --cacert /tmp/x509up_u0 --cert /tmp/x509up_u0 --capath /etc/grid-security/certificates/ https://joaopedro.cern.ch:8446/delegation/62fbf8b872aa7286 null
