Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Ensure that Gratia accounts for SciTokens-based pilots

Description

The gratia probes by default will quarantine records without VO info (though that is configurable with QuarantineUnknownVORecords).

In the case of SciTokens-based pilots, we do not have or VO info directly available. But we still want to account for these records.

It seems the SciTokens config map files, which have lines in the format

SCITOKEN <URL> <USER>

might be of use to reverse-map the "Owner" in the classad to the URL/regex, which perhaps we can use to derive VO info.

Freshdesk Tickets

None

Activity

Tim Theisen August 12, 2021 at 4:16 AM

Promotions
Promoted gratia-probe-1.24.0-1, gratia-probe-2.1.0-1 to osg-3.5-el*-prerelease, osg-3.5-el*-rolling, osg-3.6-el*-prerelease

Build

Tag

gratia-probe-1.24.0-1.osg35.el7

osg-3.5-el7-rolling

gratia-probe-1.24.0-1.osg35.el7

osg-3.5-el7-prerelease

gratia-probe-1.24.0-1.osg35.el8

osg-3.5-el8-prerelease

gratia-probe-1.24.0-1.osg35.el8

osg-3.5-el8-rolling

gratia-probe-2.1.0-1.osg36.el7

osg-3.6-el7-prerelease

gratia-probe-2.1.0-1.osg36.el8

osg-3.6-el8-prerelease

Carl Edquist July 23, 2021 at 6:13 PM

Promotions
Promoted gratia-probe-1.24.0-1 to osg-3.5-el*-testing

Build

Tag

gratia-probe-1.24.0-1.osg35.el7

osg-3.5-el7-testing

gratia-probe-1.24.0-1.osg35.el8

osg-3.5-el8-testing

Carl Edquist June 17, 2021 at 2:14 PM
Edited

https:// github.com/opensciencegrid/gratia-probe/pull/99

This time against the 2.x branch

https://github.com/opensciencegrid/gratia-probe/pull/101

Brian Lin June 14, 2021 at 4:25 PM

the existing PR is starting to converge, can you make sure to submit a PR for gratia 2.x, too?

Carl Edquist May 12, 2021 at 8:08 PM

If you check the ITB Slurm CE’s history ads, are there fields in there that look like VO/token issuer info?

On itb-slurm-ce with condor_ce_history, the only things i saw that looked VO-related were

But apparently this will not help since x509 is going away.

After some discussion with , we might be able to look at all the SciTokens config map files combined, to produce a reverse map from the classad "Owner" (as the USER in the SciTokens mapping) to the URL. There are some issues with this (uniqueness of reverse map not guaranteed?), but in theory it should give us what we care about from the VO info.

, is this the right approach?

Fixed

Details

Assignee

Reporter

Priority

Fix versions

Components

Due date

Parent

Created May 11, 2021 at 7:07 PM
Updated August 12, 2021 at 11:35 PM
Resolved August 12, 2021 at 11:35 PM