Include information about auth token in the job ClassAd
FNAL has requested that we include information about the token used to authenticate the job submission; the envisioned use case is their "JobSub" service which may need to route jobs internally based on the corresponding group information.
The idea is this would be quite analogous to how we record various attributes from the client certificate for GSI authentication.
Looking through the tokens (both IDTOKENS and SCITOKENS), the useful attributes appear to be:
Token ID (maybe)
Groups (if present)
I’m happy with the changes.
Commit 141fca6334a1595ed7812421c00a451effc5ac08 looks good to me, but assigning back to GregT to move to done if he’s satisfied.
Oh! For completeness, here’s an example of the new attributes in the job classad for a relatively complex token (includes all the new attributes):
Oddly enough, I don’t think so. Per this StackOverflow, on Linux, RTLD_DEFAULT defined to be the NULL. So, if dlopen fails, it’s going to search in the current scope … and most likely fail!
Regardless, this isn’t what we’re aiming for. The fact we ‘get lucky’ and avoid a segfault isn’t an excuse to not fix it. It’s easiest to just move these inside the success block for the conditional.
I believe if the dlopen fails on or about line 137 of condor_scitokens.cpp then we will segfault on or about line 153 when we call dlsym.