DIRAC
DIRAC copied to clipboard
DIRACGrid
Synchronize betweem VOMS/IAM/CS from VOMS2CSAgent
Edit: I add an extra usecase to this task
The VOMS interface provided by IAM does not actually expose the voms-admin API, which means we need to query the IAM API to list the users.
TODO:
- [ ] Query IAM and expose the info like if it was coming from VOMS for it to be synced in VOMS2CSAgent
- [ ] populate
/DiracX/<vo>/UserSubjects
In the VOMS2CSAgent, update the /DiracX/<vo><UserSubjects> section directly from IAM (https://indigo-iam.github.io/v/v1.8.3/docs/reference/api/account-api/#get-iamaccountsearch)
curl -q -L -s -u ${CLIENT_ID}:${CLIENT_SECRET} -d grant_type=client_credentials -d scope=iam:admin.read ${IAM_TOKEN_ENDPOINT} > /tmp/token.json
export AT=$(cat /tmp/token.json | jq ".access_token")
import requests, json
import os
token = os.environ.get('AT')
headers = {"Authorization": f"Bearer {token}"}
iam_list_url = 'https://lhcb-auth.web.cern.ch/iam/account/search'
results = []
startIndex = 1
totalResults = 1000 # total number of users
itemsPerPage = 10
while(startIndex < totalResults):
resp = requests.get(iam_list_url, headers=headers, params = {'startIndex':startIndex})
resp.raise_for_status()
data = resp.json()
# These 2 should never change, but just to be sure...
totalResults = data['totalResults']
itemsPerPage = data['itemsPerPage']
startIndex += itemsPerPage
results.extend(data['Resources'])
with open('accounts.json', 'w+') as fp:
fp.write(json.dumps(results))
Originally posted by @chaen in https://github.com/DIRACGrid/diracx/issues/191#issuecomment-1904135971
There's another API, probably better, because it only requires scim:read scope
https://indigo-iam.github.io/v/v1.8.3/docs/reference/api/scim-api/#get-scimusers