Skip to content

wmagent tokens - added feature flag OAUTH_CMS_TOKEN_NAME in WMAgent.secrets #1642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

wmagent tokens - added feature flag OAUTH_CMS_TOKEN_NAME in WMAgent.secrets #1642

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
74da50d
wmagent tokens - added feature flag OAUTH_CMS_TOKEN_NAME in WMAgent.s…
mapellidario Aug 21, 2025
52b81e8
wmagent - do not initialize if no token is present
mapellidario Aug 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion docker/pypi/wmagent/bin/manage
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,8 @@ init_wmagent(){
--rucio_account=$RUCIO_ACCOUNT \
--rucio_host=$RUCIO_HOST \
--rucio_auth=$RUCIO_AUTH \
--mspileup_url=$MSPILEUP_URL
--mspileup_url=$MSPILEUP_URL \
--oauth_cms_token_name=$OAUTH_CMS_TOKEN_NAME

let errVal+=$?

Expand Down
3 changes: 3 additions & 0 deletions docker/pypi/wmagent/bin/manage-common.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -446,6 +446,9 @@ _load_wmasecrets(){
if [[ -z $GRAFANA_TOKEN ]]; then
echo "$FUNCNAME: ERROR: Secrets file doesnt contain GRAFANA_TOKEN"; let errVal+=1
fi
if [[ -z $OAUTH_CMS_TOKEN_NAME ]]; then
echo "$FUNCNAME: WARNING: Secrets file doesnt contain OAUTH_CMS_TOKEN_NAME, disabling tokens in remote jobs.";
fi

# CouchDB settings
# if couch ssl certificate not specified check X509_USER_CERT and X509_USER_PROXY
Expand Down
29 changes: 29 additions & 0 deletions docker/pypi/wmagent/wmagent-docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,35 @@ while getopts ":t:hp" opt; do
esac
done

## if the VM does not have a valid token from bastion, do not initialize the
## WMAgent.
## If a valid token is present, then the expected output is
# cmst1@vocms0262:dmapelli $ condor_store_cred query-oauth -u cmst1@cms
# Account: cmst1@cms
# CredType: oauth
# A credential was stored and is valid.
# Credential info:
# cms_wmagent.top = 1756459330
# cms_wmagent.use = 1756469269
# fully_qualified_user = "cmst1@cms"
# cmst1@vocms0262:dmapelli $ echo $?
# 0
## If there is no valid token, then the output is
# cmst1@vocms0193:dmapelli $ condor_store_cred query-oauth -u cmst1@cms
# Account: cmst1@cms
# CredType: oauth
# Operation failed.
# Make sure your ALLOW_WRITE setting includes this host.
# cmst1@vocms0193:dmapelli $ echo $?
# 1
if condor_store_cred query-oauth -u cmst1@cms; then
echo "condor_store_cred found a valid token. WMAgent can be initialized"
else
echo "WARNING! condor_store_cred did NOT find a valid token. The WMAgent can not be initialized"
exit 1
fi


# Parsing the WMA_TAG in parts step by step
WMA_VER_MINOR=${WMA_TAG#*.*.}
WMA_VER_MAJOR=${WMA_TAG%.$WMA_VER_MINOR}
Expand Down