Merge pull request #9 from ARGOeu-Metrics/devel

Version 0.2.0
ARGOeu-Metrics · Oct 5, 2023 · edc2013 · edc2013
2 parents b1332b0 + 0f75472
commit edc2013
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 62 deletions.
diff --git a/Makefile b/Makefile
@@ -4,12 +4,12 @@ PKGVERSION=$(shell grep -s '^Version:' $(SPECFILE) | sed -e 's/Version: *//')
 
 dist:
 	rm -rf dist
-	python setup.py sdist
+	python3 setup.py sdist
 	mv dist/${PKGNAME}-${PKGVERSION}.tar.gz .
 	rm -rf dist
 
 srpm: dist
-	rpmbuild -ts --define='dist .el6' ${PKGNAME}-${PKGVERSION}.tar.gz
+	rpmbuild -ts --define='dist .el7' ${PKGNAME}-${PKGVERSION}.tar.gz
 
 rpm: dist
 	rpmbuild -ta ${PKGNAME}-${PKGVERSION}.tar.gz

diff --git a/README.md b/README.md
@@ -1,39 +1,42 @@
 # argo-probe-oidc
 
-The package contains metrics to handle OIDC tokens. There are two metrics:
+The package contains probe to handle OIDC tokens. There are two probes:
 
 * `fetch-access-token`
 * `check-refresh-token-expiration`
 
-The former is used for fetching the OIDC access token, and the latter is used to check the validity of the refresh token which is needed for fetching of the access token.
+`fetch-access-token` probe is used for fetching of OIDC access token. `check-refresh-token-expiration` probe is used to check the validity of refresh token needed for fetching the access token.
 
 ## Synopsis
 
 ### fetch-access-token
 
-The probe `fetch-access-token` has several arguments.
+The probe `fetch-access-token` has several arguments. `<CLIENT_ID>`, `<CLIENT_SECRET>`, and `<REFRESH_TOKEN>` arguments are mandatory, and the rest have default values (which can be overridden).
 
 ```
 # /usr/libexec/argo/probes/oidc/fetch-access-token --help
 usage: fetch-access-token [-h] [-u URL] --client_id CLIENT_ID --client_secret
                           CLIENT_SECRET --refresh_token REFRESH_TOKEN
-                          [--token_file TOKEN_FILE] [-t TIMEOUT]
+                          [--token_file TOKEN_FILE] [-U USER] [-t TIMEOUT]
 
-Nagios probe for fetching OIDC tokens.
+ARGO probe for fetching OIDC tokens.
 
 optional arguments:
   -h, --help            show this help message and exit
-  -u URL, --url URL     URL from which the token is fetched
+  -u URL, --url URL     URL from which the token is fetched (default:
+                        https://aai.egi.eu/oidc/token)
   --client_id CLIENT_ID
-                        The identifier of the client
+                        identifier of client
   --client_secret CLIENT_SECRET
-                        The secret value of the client
+                        secret value of client
   --refresh_token REFRESH_TOKEN
-                        The value of the refresh token
+                        refresh token
   --token_file TOKEN_FILE
-                        File for storing obtained token
+                        file for storing obtained token (default:
+                        /etc/nagios/globus/oidc)
+  -U USER, --user USER  username of user executing the probe (default: nagios)
   -t TIMEOUT, --timeout TIMEOUT
-                        timeout
+                        timeout in seconds (default: 60)
 ```
 
 Example execution of the probe:
@@ -51,7 +54,7 @@ The probe `check-refresh-token-expiration` has two arguments.
 # /usr/libexec/argo/probes/oidc/check-refresh-token-expiration --help
 usage: check-refresh-token-expiration [-h] --token TOKEN [-t TIMEOUT]
 
-Nagios probe for checking refresh token expiration
+ARGO probe for checking refresh token expiration
 
 optional arguments:
   -h, --help            show this help message and exit

diff --git a/argo-probe-oidc.spec b/argo-probe-oidc.spec
@@ -1,43 +1,50 @@
-# sitelib
-%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 %define dir /usr/libexec/argo/probes/oidc
-
-Name: argo-probe-oidc
-Summary: ARGO probes for handling of OIDC tokens.
-Version: 0.1.1
-Release: 1%{?dist}
-License: ASL 2.0
-Source0: %{name}-%{version}.tar.gz
+%define underscore() %(echo %1 | sed 's/-/_/g')
+
+Name:      argo-probe-oidc
+Summary:   ARGO probes for handling of OIDC tokens.
+Version:   0.2.0
+Release:   1%{?dist}
+License:   ASL 2.0
+Group:     Development/System
+Source0:   %{name}-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+Prefix:    %{_prefix}
 BuildArch: noarch
-Requires: python-requests, python-argparse, python-jwt
+
+BuildRequires: python3-devel
+Requires: python36-requests
+Requires: python36-jwt
 
 %description
 This package includes probes for fetching OIDC access token and checking refresh token validity.
 
 %prep
 %setup -q
 
+
 %build
-%{__python} setup.py build
+%{py3_build}
+
 
 %install
-rm -rf %{buildroot}
-%{__python} setup.py install --skip-build --root %{buildroot} --record=INSTALLED_FILES
-install -d -m 755 %{buildroot}/%{dir}
-install -d -m 755 %{buildroot}/%{python_sitelib}/argo_probe_oidc
+%{py3_install "--record=INSTALLED_FILES" }
+
 
 %clean
-rm -rf %{buildroot}
+rm -rf $RPM_BUILD_ROOT
+
 
 %files -f INSTALLED_FILES
 %defattr(-,root,root,-)
-%{python_sitelib}/argo_probe_oidc
+%{python3_sitelib}/%{underscore %{name}}/
 %{dir}
 
 
 %changelog
-* Thu Jun 29 2022 Katarina Zailac <kzailac@srce.hr> - 0.1.1-1%{?dist}
+* Thu Oct 5 2023 Katarina Zailac <kzailac@srce.hr> - 0.2.0-1%{?dist}
+- ARGO-4389 Set username as parameter to probe fetching OIDC token
+* Thu Jun 30 2022 Katarina Zailac <kzailac@srce.hr> - 0.1.1-1%{?dist}
 - ARGO-3872 Improve probe return message when refresh token has expired
 * Thu Jun 9 2022 Katarina Zailac <kzailac@gmail.com> - 0.1.0-1%{?dist}
 - Initial version
diff --git a/modules/fetch_token.py b/modules/fetch_token.py
@@ -1,44 +1,48 @@
-#!/usr/bin/env python
 import argparse
 import grp
 import os
 import pwd
 import sys
 
 import requests
-
-from NagiosResponse import NagiosResponse
+from argo_probe_oidc.NagiosResponse import NagiosResponse
 
 
 def main():
     parser = argparse.ArgumentParser(
-        description="Nagios probe for fetching OIDC tokens."
+        description="ARGO probe for fetching OIDC tokens.",
     )
     parser.add_argument(
         "-u", "--url", dest="url", type=str,
         default="https://aai.egi.eu/oidc/token",
-        help="URL from which the token is fetched"
+        help="URL from which the token is fetched "
+             "(default: https://aai.egi.eu/oidc/token)"
     )
     parser.add_argument(
         "--client_id", dest="client_id", type=str, required=True,
-        help="The identifier of the client"
+        help="identifier of client"
     )
     parser.add_argument(
         "--client_secret", dest="client_secret", type=str, required=True,
-        help="The secret value of the client"
+        help="secret value of client"
     )
     parser.add_argument(
         "--refresh_token", dest="refresh_token", type=str, required=True,
-        help="The value of the refresh token"
+        help="refresh token"
     )
     parser.add_argument(
         "--token_file", dest="token_file", type=str,
         default="/etc/nagios/globus/oidc",
-        help="File for storing obtained token"
+        help="file for storing obtained token "
+             "(default: /etc/nagios/globus/oidc)"
+    )
+    parser.add_argument(
+        "-U", "--user", dest="user", type=str, default="nagios",
+        help="username of user executing the probe (default: nagios)"
     )
     parser.add_argument(
         "-t", "--timeout", dest="timeout", type=int, default=60,
-        help="timeout"
+        help="timeout in seconds (default: 60)"
     )
     args = parser.parse_args()
 
@@ -65,26 +69,26 @@ def main():
             f.write(access_token)
 
         try:
-            uid = pwd.getpwnam("nagios").pw_uid
+            uid = pwd.getpwnam(args.user).pw_uid
 
         except KeyError:
-            nagios.writeCriticalMessage("No user named 'nagios'")
+            nagios.writeCriticalMessage(f"No user named '{args.user}'")
             nagios.setCode(nagios.CRITICAL)
-            print nagios.getMsg()
+            print(nagios.getMsg())
             sys.exit(nagios.getCode())
 
         try:
-            gid = grp.getgrnam("nagios").gr_gid
+            gid = grp.getgrnam(args.user).gr_gid
 
         except KeyError:
-            nagios.writeCriticalMessage("No group named 'nagios'")
+            nagios.writeCriticalMessage(f"No group named '{args.user}'")
             nagios.setCode(nagios.CRITICAL)
-            print nagios.getMsg()
+            print(nagios.getMsg())
             sys.exit(nagios.getCode())
 
         os.chown(args.token_file, uid, gid)
 
-        print nagios.getMsg()
+        print(nagios.getMsg())
         sys.exit(nagios.getCode())
 
     except (
@@ -96,19 +100,19 @@ def main():
     ) as e:
         nagios.writeCriticalMessage(str(e))
         nagios.setCode(nagios.CRITICAL)
-        print nagios.getMsg()
+        print(nagios.getMsg())
         sys.exit(nagios.getCode())
 
     except IOError as e:
         nagios.writeCriticalMessage("Error creating file: " + str(e))
         nagios.setCode(nagios.CRITICAL)
-        print nagios.getMsg()
+        print(nagios.getMsg())
         sys.exit(nagios.getCode())
 
     except Exception as e:
         nagios.writeCriticalMessage(str(e))
         nagios.setCode(nagios.CRITICAL)
-        print nagios.getMsg()
+        print(nagios.getMsg())
         sys.exit(nagios.getCode())
 
 

diff --git a/modules/refresh_token_expiration.py b/modules/refresh_token_expiration.py
@@ -4,8 +4,7 @@
 import sys
 
 import jwt
-
-from NagiosResponse import NagiosResponse
+from argo_probe_oidc.NagiosResponse import NagiosResponse
 
 nagios = NagiosResponse()
 
@@ -68,13 +67,13 @@ def validate_token(args):
             )
             nagios.setCode(nagios.CRITICAL)
 
-        print nagios.getMsg()
+        print(nagios.getMsg())
 
     except jwt.exceptions.DecodeError as e:
-        print "UNKNOWN - Token is malformed: %s" % str(e)
+        print("UNKNOWN - Token is malformed: %s" % str(e))
 
     except Exception as e:
-        print "UNKNOWN - %s" % str(e)
+        print("UNKNOWN - %s" % str(e))
 
         nagios.setCode(nagios.UNKNOWN)
 
@@ -83,7 +82,7 @@ def validate_token(args):
 
 def main():
     parser = argparse.ArgumentParser(
-        description="Nagios probe for checking refresh token expiration"
+        description="ARGO probe for checking refresh token expiration"
     )
     parser.add_argument(
         "--token", dest="token", type=str, required=True, help="Refresh token"

diff --git a/setup.py b/setup.py
@@ -12,7 +12,7 @@ def get_ver():
             if "Version:" in line:
                 return line.split()[1]
     except IOError:
-        print "Make sure that %s is in directory"  % (NAME+'.spec')
+        print(f"Make sure that {NAME}.spec is in directory")
         sys.exit(1)
 
 
@@ -26,5 +26,5 @@ def get_ver():
       url='http://argoeu.github.io/',
       data_files=[(NAGIOSPLUGINS, glob.glob('src/*'))],
       packages=['argo_probe_oidc'],
-      package_dir={'argo_probe_oidc': 'modules/'},
+      package_dir={'argo_probe_oidc': 'modules'},
       )
diff --git a/src/check-refresh-token-expiration b/src/check-refresh-token-expiration
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
 from argo_probe_oidc import refresh_token_expiration
 
 refresh_token_expiration.main()
diff --git a/src/fetch-access-token b/src/fetch-access-token
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
 from argo_probe_oidc import fetch_token
 
 fetch_token.main()