DIRAC icon indicating copy to clipboard operation
DIRAC copied to clipboard
verified publisher icon DIRACGrid

[9.1?] Add secrets in DIRAC integration tests

Open Robin-Van-de-Merghel opened this issue 9 months ago • 1 comments

BEGINRELEASENOTES

Please follow the template: *Integration tests NEW: Add pilot secrets into the CI

ENDRELEASENOTES

Robin-Van-de-Merghel avatar Aug 07 '25 06:08 Robin-Van-de-Merghel

This PR serves as a POC for the pilot secret-exchange mechanism. We have two cases:

  1. Pilot with a secret (vacuum case with secret-exchange: DiracX)
  2. Pilot with a proxy (vacuum case with RegisterPilot: DIRAC)

With secret

Source: https://github.com/DIRACGrid/DIRAC/actions/runs/16797372818/job/47570725488?pr=8279#step:12:192

As expected we simulate a vacuum case: first exchange failed because the pilot is not registered, second exchange success because it's a vacuum registration.

Maybe I can add a test to show a classic secret-exchange without vacuum case

Then RegisterPilot is blocked because we are already registered through the secret-exchange: https://github.com/DIRACGrid/DIRAC/actions/runs/16797372818/job/47570725488?pr=8279#step:12:1880

Without secret

Source: https://github.com/DIRACGrid/DIRAC/actions/runs/16797372818/job/47570725469?pr=8279#step:12:185

As expected, continue without DiracX, tried to get the token but failed.

Then RegisterPilot is a success because we don't have a secret-exchange: https://github.com/DIRACGrid/DIRAC/actions/runs/16797372818/job/47570725469?pr=8279#step:12:1871

Refs

Linked to:

  • Pilot auth: https://github.com/DIRACGrid/Pilot/pull/248
  • Pilot auth in DiracX: https://github.com/DIRACGrid/diracx/pull/421
  • Pilot legacy adaptor in DIRAC: https://github.com/DIRACGrid/DIRAC/pull/8233

Robin-Van-de-Merghel avatar Aug 07 '25 07:08 Robin-Van-de-Merghel