VOMS implements a REST API that can be used to get a VOMS attribute certificate.
https://<voms.host>:<voms.port>/generate-ac
#!/bin/bash | |
set -e | |
exit_msg() { | |
echo "Giving up as requested by user..." | |
exit 1 | |
} | |
if [[ -z "${IAM_DEVICE_CODE_CLIENT_ID}" ]]; then | |
echo "Please set the IAM_DEVICE_CODE_CLIENT_ID env variable" |
oidc: | |
providers: | |
- name: google | |
issuer: https://accounts.google.com | |
client: | |
clientId: ${IAM_GOOGLE_CLIENT_ID} | |
clientSecret: ${IAM_GOOGLE_CLIENT_SECRET} | |
redirectUris: ${iam.baseUrl}/openid_connect_login | |
scope: openid,profile,email,address,phone | |
loginButton: |
I hereby claim:
To claim this, I am signing this object:
-- Selects and displays PtP requests that are stuck in progress for one month | |
SELECT rq.ID, rq.timeStamp, rp.targetSURL, sp.statusCode, sp.explanation | |
FROM storm_db.request_queue rq, storm_db.request_Put rp, storm_db.status_Put sp | |
WHERE rq.ID = rp.request_queueID and rp.ID = sp.request_PutID | |
and rq.status = 18 and rq.timeStamp <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 1 MONTH); | |
-- Marks PtP requests stuck in progress for one month as expired, so that the StoRM | |
-- request garbage collector will remove them from the database | |
UPDATE storm_db.request_queue rq, storm_db.request_Put rp, storm_db.status_Put sp | |
SET sp.statusCode = 1, sp.explanation = "Request expired.", rq.status = 1 |
#!/bin/bash | |
IAM_CLIENT_ID=${IAM_CLIENT_ID:-iam-client} | |
IAM_CLIENT_SECRET=${IAM_CLIENT_SECRET} | |
IAM_TOKEN_ENDPOINT=${IAM_TOKEN_ENDPOINT:-https://iam-test.indigo-datacloud.eu/token} | |
if [[ -z "${IAM_CLIENT_SECRET}" ]]; then | |
echo "Please provide a client secret setting the IAM_CLIENT_SECRET env variable." | |
exit 1; |
As reported in this ggus-ticket, in certain circumstances VOMS Admin accepts membership requests from users without a valid X.509 certificate.
This has no security impact on the server, but can lead to VO admins receiving membership request with strange user certificate subject, like the following:
![Strange request
def a(): | |
time.sleep(1) | |
def b(): | |
time.sleep(2) | |
class TestRunner: | |
def _run(self): | |
a() |