Graceful dealing with Frontend changing proxy DN
Here is the problem;
if the frontend changes the proxy DN and/or FQAN, it will be propagated to the factory,
and the factory will loose control of the already submitted glideins.
- track the DN+FQAN of submitted glideins, and refuse to accept anything different until those are gone, or
- add the (hash of the) DN+FQAN to the proxy file name... this way Condor-G will never loose track of the glideins (modulo expired proxy)
#5 Updated by Douglas Strain about 8 years ago
- Status changed from New to Assigned
- Assignee changed from Douglas Strain to Igor Sfiligoi
The review of this branch has been assigned during the meeting to Igor. I just implented the second option to change the filename. If there is additional work here, let me know and assign it back to me. Thanks!
#6 Updated by Parag Mhashilkar about 8 years ago
- Assignee changed from Igor Sfiligoi to Douglas Strain
1) You are only hashing the DN and not the FQAN. Use case of changes to FQAN is not handled.
2) Running the two commands from python prompt did not result in the subject being captured in dn. Need to verify if following actually works and you indeed get the dn value correctly in the variable.
dn_process = subprocess.Popen("openssl x509 -subject -noout", shell=True, stdin=subprocess.PIPE) (dn,err_out)=dn_process.communicate(proxy_data)