Uploaded image for project: 'FTS'
  1. FTS
  2. FTS-1734

Backwards compatibility for FTS-REST-FLASK delegation

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Medium
    • Resolution: Fixed
    • fts-rest-server 3.12.0
    • fts-rest-server 3.12.0
    • FTS-Flask
    • Security Level: Public Data (This ticket is visible to anyone on the internet and will be indexed by search engines)
    • None

    Description

      A client using the fts-rest clients currently fails to delegate his credentials to the new fts-rest-flask server.

      Example:

      [root@joaopedro ~]# fts-rest-delegate -s https://fts-flask-03.cern.ch:8446
      Error: Client error: list indices must be integers, not str
      

      Problem:
      The delegation process through the fts-rest-delegate command starts with the client asking the server the remaining life of his credentials.
      With the current implementation, if no credential were previously delegated to the server, the delegation process will fail.

      Cause:
      To get the remaining lifetime of the current credentials the following method is used by the client:

          def _get_remaining_life(self, delegation_id):
              r = self.get_info(delegation_id)
              if r is None:
                  return None
              else:
                  expiration_time = datetime.strptime(r['termination_time'], '%Y-%m-%dT%H:%M:%S')
                  return expiration_time – datetime.utcnow()
      

      which in its turn uses the method:

          def get_info(self, delegation_id=None):
              if delegation_id is None:
                  delegation_id = self._get_delegation_id()
              return json.loads(self.context.get('/delegation/' + delegation_id))
      

      The last method does a GET request to the endpoint “/delegation/<delegation_id>”. The current implementation expects to receive “null” in case the credentials do not exist in the server, but the new fts-rest-server returns an empty list instead:

      [root@joaopedro fts-rest-flask]# curl --cacert /tmp/x509up_u0 --cert /tmp/x509up_u0 --capath /etc/grid-security/certificates/ https://fts-flask-03.cern.ch:8446/delegation/62fbf8b872aa7286
      []
      

      Causing an error in the function `_get_remaining_life()`.

      The same request on the FTS-REST server:

      [root@joaopedro fts-rest-flask]# curl --cacert /tmp/x509up_u0 --cert /tmp/x509up_u0 --capath /etc/grid-security/certificates/ https://joaopedro.cern.ch:8446/delegation/62fbf8b872aa7286 
      null
      

      Attachments

        Activity

          People

            batistal Joao Pedro Lopes
            batistal Joao Pedro Lopes
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: