Merge pull request #135 from matyasselmeci/pr/CERN-IAM-2.SOFTWARE-5843

matyasselmeci · web-flow · commit 22f0c8b1aa0f · 2024-03-15T18:47:07.000-05:00
Add entries to vomses file for SOFTWARE-5843 but remove them in the spec file
diff --git a/bin/vomses-crosscheck b/bin/vomses-crosscheck
@@ -7,17 +7,6 @@ import sys
 vomses_path = "vomses"
 vomsdir     = "vomsdir"
 
-
-# A list of .lsc files that are not meant to be in the vomses file (SOFTWARE-5843)
-lsc_ignore_missing_vomses = [
-    "alice/voms-alice-auth.cern.ch.lsc",
-    "atlas/voms-atlas-auth.cern.ch.lsc",
-    "cms/voms-cms-auth.cern.ch.lsc",
-    "dteam/voms-dteam-auth.cern.ch.lsc",
-    "lhcb/voms-lhcb-auth.cern.ch.lsc",
-]
-
-
 def usage():
     print("usage: %s [vomses vomsdir]" % os.path.basename(__file__))
     print("   or: %s --system" % os.path.basename(__file__))
@@ -71,7 +60,6 @@ vomses_entries = get_vomses()
 missing_lsc_files      = []
 missing_vomses_entries = []
 dn_mismatches          = []
-wrongly_ignored_lsc    = []
 
 for entry in vomses_entries:
     lsc = get_lsc(entry)
@@ -88,24 +76,15 @@ vomses_lsc_files = set(entry.lsc for entry in vomses_entries)
 
 os.chdir(vomsdir)
 for lsc_path in sorted(glob.glob("*/*.lsc")):
-    if lsc_path in lsc_ignore_missing_vomses:
-        if lsc_path in vomses_lsc_files:
-            wrongly_ignored_lsc += [
-                "vomses entry found for ignored lsc file %s; please remove from "
-                "lsc_ignore_missing_vomses"
-            ]
-    else:
-        if lsc_path not in vomses_lsc_files:
-            missing_vomses_entries += ["No vomses entry for %s" % lsc_path]
+    if lsc_path not in vomses_lsc_files:
+        missing_vomses_entries += ["No vomses entry for %s" % lsc_path]
 
-for x in (missing_lsc_files, missing_vomses_entries, dn_mismatches,
-          wrongly_ignored_lsc):
+for x in (missing_lsc_files, missing_vomses_entries, dn_mismatches):
     if x:
         for line in x:
             print(line)
         print()
 
-e = bool(missing_lsc_files or missing_vomses_entries or dn_mismatches or
-         wrongly_ignored_lsc)
+e = bool(missing_lsc_files or missing_vomses_entries or dn_mismatches)
 sys.exit(e)
 
diff --git a/rpm/vo-client.spec b/rpm/vo-client.spec
@@ -1,6 +1,8 @@
 # Set to 1 to enable IAM-based VOMS endpoints
-# (SOFTWARE-4666, SOFTWARE-4576, SOFTWARE-4595)
+# (SOFTWARE-4666, SOFTWARE-4576, SOFTWARE-4595, SOFTWARE-5843)
 %define iam 1
+# Set to 1 to include IAM-based VOMS endpoints in the vomses file (SOFTWARE-5843)
+%define iam_vomses 0
 
 Name:           vo-client
 Version:        135
@@ -44,15 +46,23 @@ Requires:       %{name} = %{version}-%{release}
 %build
 make
 
-%if ! 0%{iam}
+%if ! 0%{?iam}
 rm -f vomsdir/atlas/voms-atlas-auth.app.cern.ch.lsc
 rm -f vomsdir/cms/voms-cms-auth.app.cern.ch.lsc
+
+for vo in alice atlas cms dteam lhcb; do
+  rm -f vomsdir/${vo}/voms-${vo}-auth.cern.ch.lsc
+done
 %endif
 
 # FIXME: Remove IAM vomses entries to avoid use by VOMS clients until
 # IAM LSC files are more widely distributed across the world
 # (SOFTWARE-4595)
 sed -Ei '/.*voms-(alice|lhcb|ops)-auth.app.cern.ch.*/d' vomses
+%if ! 0%{?iam_vomses}
+# Additional entries from SOFTWARE-5843:
+sed -Ei '/.*voms-(alice|atlas|cms|dteam|lhcb)-auth.cern.ch.*/d' vomses
+%endif
 
 %install
 install -d $RPM_BUILD_ROOT/%{_sysconfdir}
diff --git a/vomses b/vomses
@@ -58,3 +58,8 @@
 "eic" "eic.voms2.opensciencegrid.org" "15001" "/DC=org/DC=incommon/C=US/ST=Wisconsin/O=University of Wisconsin-Madison/CN=eic.voms2.opensciencegrid.org" "eic"
 "eic" "eicvoms.sdcc.bnl.gov" "15001" "/DC=org/DC=incommon/C=US/ST=New York/O=Brookhaven National Laboratory/OU=SDCC/CN=eicvoms.sdcc.bnl.gov" "eic"
 "kagra" "voms.cc.kek.jp" "15027" "/C=JP/O=KEK/OU=CRC/CN=host/voms.cc.kek.jp" "kagra"
+"alice" "voms-alice-auth.cern.ch" "443" "/DC=ch/DC=cern/OU=computers/CN=alice-auth.cern.ch" "alice"
+"atlas" "voms-atlas-auth.cern.ch" "443" "/DC=ch/DC=cern/OU=computers/CN=atlas-auth.cern.ch" "atlas"
+"cms"   "voms-cms-auth.cern.ch"   "443" "/DC=ch/DC=cern/OU=computers/CN=cms-auth.cern.ch"   "cms"
+"dteam" "voms-dteam-auth.cern.ch" "443" "/DC=ch/DC=cern/OU=computers/CN=dteam-auth.cern.ch" "dteam"
+"lhcb"  "voms-lhcb-auth.cern.ch"  "443" "/DC=ch/DC=cern/OU=computers/CN=lhcb-auth.cern.ch"  "lhcb"
