Skip to content

Fix req compat#8150

Merged
chrisburr merged 3 commits intoDIRACGrid:integrationfrom
chaen:fix_req_compat
Apr 11, 2025
Merged

Fix req compat#8150
chrisburr merged 3 commits intoDIRACGrid:integrationfrom
chaen:fix_req_compat

Conversation

@chaen
Copy link
Copy Markdown
Contributor

@chaen chaen commented Apr 11, 2025

v8.0 requests have OwnerDN and OwnerGroup
v9.0 requests have Owner and OwnerGroup

There was a compatibility layer that allowed processing v8 request on a v9 server. Unfortunately that did not work well with server certificates (used in the ReqProxy for example).

To illustrate it, I created a Request and dumped it to a json file using v8.
I can then load it, and validate it with a v9 server, and you see the Owner and OwnerGroup are wrong

import json
from DIRAC import initialize

initialize()

from DIRAC.RequestManagementSystem.private.RequestValidator import RequestValidator
from DIRAC.RequestManagementSystem.Client.Request import Request

from DIRAC.Core.Base.Client import Client

validator = RequestValidator()

v8_req_json = '{"RequestName": null, "OwnerDN": "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=bond/CN=705305/CN=James Bond", "OwnerGroup": "lhcb_user", "Status": "Waiting", "Error": null, "DIRACSetup": null, "SourceComponent": null, "JobID": 0, "CreationTime": "2025-04-11 14:59:34", "SubmitTime": "2025-04-11 14:59:34", "LastUpdate": "2025-04-11 14:59:34", "NotBefore": "2025-04-11 14:59:34", "Operations": []}'

loaded_dict = json.loads(v8_req_json)

print(
    f"{loaded_dict.get('Owner')=} {loaded_dict.get('OwnerGroup')=} {loaded_dict.get('OwnerDN')=}"
)
req = Request(v8_req_json)

print(f"{req.Owner=} {req.OwnerGroup=} {req.OwnerDN=}")


host_credentials = Client(url="Configuration/Server").whoami()["Value"]
validator.setAndCheckRequestOwner(req, host_credentials)

print(f"{req.Owner=} {req.OwnerGroup=} {req.OwnerDN=}")
loaded_dict.get('Owner')=None loaded_dict.get('OwnerGroup')='lhcb_user' loaded_dict.get('OwnerDN')='/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=bond/CN=705305/CN=James Bond'
req.Owner=None req.OwnerGroup='lhcb_user' req.OwnerDN='/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=bond/CN=705305/CN=James Bond'
req.Owner='secret.cern.ch' req.OwnerGroup='hosts' req.OwnerDN='/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=bond/CN=705305/CN=James Bond'

The problem is that once the DB is screwed up, you have lost the group information for good, so you can only guess it.

There might still be a problem when the REA tries executing old requests, but since I don't have any of it anymore in the system, I can't check...

The only relevant commit is 543ffce
The other one is auto format...

BEGINRELEASENOTES

*RMS
FIX: RequestValidator sets correct Owner for v8 requests

ENDRELEASENOTES

@chrisburr chrisburr merged commit c87ae5e into DIRACGrid:integration Apr 11, 2025
23 checks passed
@DIRACGridBot DIRACGridBot added the sweep:ignore Prevent sweeping from being ran for this PR label Apr 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrisburr chrisburr chrisburr approved these changes

Assignees

No one assigned

Labels

sweep:ignore Prevent sweeping from being ran for this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chaen @chrisburr @DIRACGridBot