feat(VOMS2CS): report errors from IAM getUsers

andresailer · Sep 13, 2024 · e6c5eea · e6c5eea
1 parent 183c1d4
commit e6c5eea
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/src/DIRAC/ConfigurationSystem/Client/VOMS2CSSynchronizer.py b/src/DIRAC/ConfigurationSystem/Client/VOMS2CSSynchronizer.py
@@ -232,7 +232,7 @@ def _getUsers(self):
         vomsSrv = VOMSService(self.vo)
         voms_users = returnValueOrRaise(vomsSrv.getUsers())
         if self.compareWithIAM:
-            self.compareUsers(voms_users, iam_users)
+            self.compareUsers(voms_users.get("Users", {}), iam_users.get("Users", {}))
         return voms_users
 
     def syncCSWithVOMS(self):
@@ -259,9 +259,9 @@ def syncCSWithVOMS(self):
         if not result["OK"]:
             self.log.error("Could not retrieve user information", result["Message"])
             return result
-        if getUserErrors := result.get("Errors", []):
+        if getUserErrors := result["Value"]["Errors"]:
             self.adminMsgs["Errors"].extend(getUserErrors)
-        self.vomsUserDict = result["Value"]
+        self.vomsUserDict = result["Value"]["Users"]
         message = f"There are {len(self.vomsUserDict)} user entries in VOMS for VO {self.vomsVOName}"
         self.adminMsgs["Info"].append(message)
         self.log.info("VOMS user entries", message)

diff --git a/src/DIRAC/Core/Security/IAMService.py b/src/DIRAC/Core/Security/IAMService.py
@@ -129,6 +129,10 @@ def convert_iam_to_voms(self, iam_output):
         return converted_output
 
     def getUsers(self):
+        """Extract users from IAM user dump.
+
+        :return: dictionary of: "Users": user dictionary keyed by the user DN, "Errors": list of error messages
+        """
         self.iam_users_raw = self._getIamUserDump()
         users = {}
         errors = []
@@ -140,6 +144,5 @@ def getUsers(self):
                 self.log.error("Could not convert", f"{user['name']} {e!r}")
         self.log.error("There were in total", f"{len(errors)} errors")
         self.userDict = dict(users)
-        result = S_OK(users)
-        result["Errors"] = errors
+        result = S_OK({"Users": users, "Errors": errors})
         return result
diff --git a/src/DIRAC/Core/Security/VOMSService.py b/src/DIRAC/Core/Security/VOMSService.py
@@ -81,7 +81,7 @@ def attGetUserNickname(self, dn, _ca=None):
     def getUsers(self):
         """Get all the users of the VOMS VO with their detailed information
 
-        :return: user dictionary keyed by the user DN
+        :return: dictionary of: "Users": user dictionary keyed by the user DN, "Errors": empty list
         """
         if not self.urls:
             return S_ERROR(DErrno.ENOAUTH, "No VOMS server defined")
@@ -148,4 +148,5 @@ def getUsers(self):
                             resultDict[dn]["nickname"] = attribute.get("value")
 
         self.userDict = dict(resultDict)
-        return S_OK(resultDict)
+        # for consistency with IAM interface, we add Errors
+        return S_OK({"Users": resultDict, "Errors": []})