From d43104ab3890dbb3b4aa09028e1ef3470aa26289 Mon Sep 17 00:00:00 2001 From: Carl Edquist Date: Fri, 3 Jun 2022 11:32:38 -0500 Subject: [PATCH] add python2/3 compatibility (SOFTWARE-4875) --- .../x509_scitokens_issuer.py | 33 ++++++++++--------- tools/cms-scitoken-init | 19 ++++++----- tools/cms-update-mapping | 11 +++---- tools/macaroon-init | 1 - tools/x509-scitoken-init | 13 +++++--- 5 files changed, 42 insertions(+), 35 deletions(-) diff --git a/src/x509_scitokens_issuer/x509_scitokens_issuer.py b/src/x509_scitokens_issuer/x509_scitokens_issuer.py index cf50fb2..0c102f6 100644 --- a/src/x509_scitokens_issuer/x509_scitokens_issuer.py +++ b/src/x509_scitokens_issuer/x509_scitokens_issuer.py @@ -1,18 +1,22 @@ from __future__ import print_function +from __future__ import absolute_import import os import re import glob import json import time -import urllib -import urlparse +try: + from urllib.parse import unquote_plus, SplitResult, urlunsplit +except ImportError: + from urllib import unquote_plus + from urlparse import SplitResult, urlunsplit import threading import traceback import platform import requests import scitokens -import utils as x509_utils +from . import utils as x509_utils import cryptography.hazmat.primitives.asymmetric.ec as ec @@ -97,7 +101,7 @@ def matches(self, grst_fqan): if not grst_fqan.startswith("fqan:"): return False - grst_fqan = urllib.unquote_plus(grst_fqan[5:]) + grst_fqan = unquote_plus(grst_fqan[5:]) grst_group, grst_role = self.parse_fqan(grst_fqan) if not grst_group.startswith(self.group): @@ -119,7 +123,7 @@ def matches(self, grst_dn): if not grst_dn.startswith("dn:"): return False - grst_dn = urllib.unquote_plus(grst_dn[3:]) + grst_dn = unquote_plus(grst_dn[3:]) return grst_dn == self.dn @@ -139,9 +143,9 @@ def regenerate_mappings(): if scope: scopes.append(scope) if match.startswith("dn:"): - rule_list.append((DNMatcher(urllib.unquote_plus(match[3:])), scopes)) + rule_list.append((DNMatcher(unquote_plus(match[3:])), scopes)) elif match.startswith("fqan:"): - rule_list.append((FQANMatcher(urllib.unquote_plus(match[5:])), scopes)) + rule_list.append((FQANMatcher(unquote_plus(match[5:])), scopes)) users_fname = app.config.get("DN_MAPPING") if users_fname: @@ -194,11 +198,11 @@ def updater_target(repeat=True): def generate_formats(cred): info = {} if cred.startswith('username:'): - info['username'] = urllib.unquote_plus(cred[9:]) + info['username'] = unquote_plus(cred[9:]) return info if cred.startswith("dn:"): - dn = urllib.unquote_plus(cred[3:]) - username = app.users_mapping.get(urllib.unquote_plus(cred[3:])) + dn = unquote_plus(cred[3:]) + username = app.users_mapping.get(unquote_plus(cred[3:])) if username: info["username"] = username return info @@ -297,8 +301,7 @@ def token_issuer(): entry_num += 1 else: entry_num = int(key[15:]) # 15 = len("GRST_CRED_AURI_") - keys = creds.keys() - keys.sort() + keys = sorted(creds.keys()) entries = [] for key in keys: if not dn_cred and creds[key].startswith("dn:"): @@ -307,7 +310,7 @@ def token_issuer(): if not dn_cred: return return_oauth_error_response("No client certificate or proxy used for TLS authentication.") - dn_cred = urllib.unquote_plus(dn_cred) + dn_cred = unquote_plus(dn_cred) scopes, user = generate_scopes_and_user(entries) if app.config.get('VERBOSE', False): @@ -350,8 +353,8 @@ def token_issuer(): if 'ISSUER' in app.config: issuer = app.config['ISSUER'] else: - split = urlparse.SplitResult(scheme="https", netloc=request.environ['HTTP_HOST'], path=request.environ['REQUEST_URI'], query="", fragment="") - issuer = urlparse.urlunsplit(split) + split = SplitResult(scheme="https", netloc=request.environ['HTTP_HOST'], path=request.environ['REQUEST_URI'], query="", fragment="") + issuer = urlunsplit(split) try: serialized_token = token.serialize(issuer = issuer, lifetime = app.config['LIFETIME']) diff --git a/tools/cms-scitoken-init b/tools/cms-scitoken-init index 618cd42..2b5864c 100755 --- a/tools/cms-scitoken-init +++ b/tools/cms-scitoken-init @@ -7,7 +7,10 @@ Given an X509 proxy, act as an OAuth client and generate a corresponding SciToke import os import sys import json -import urlparse +try: + from urllib.parse import urljoin +except ImportError: + from urllib import urljoin import requests @@ -46,14 +49,14 @@ def get_token_endpoint(issuer): """ if not issuer.endswith("/"): issuer += "/" - config_url = urlparse.urljoin(issuer, ".well-known/openid-configuration") + config_url = urljoin(issuer, ".well-known/openid-configuration") response = requests.get(config_url) endpoint_info = json.loads(response.text) if response.status_code != requests.codes.ok: - print >> sys.stderr, "Failed to access the auto-discovery URL (%s) for issuer %s (status=%d): %s" % (config_url, issuer, response.status_code, response.text[:2048]) + print("Failed to access the auto-discovery URL (%s) for issuer %s (status=%d): %s" % (config_url, issuer, response.status_code, response.text[:2048]), file=sys.stderr) sys.exit(1) elif 'token_endpoint' not in endpoint_info: - print >> sys.stderr, "Token endpoint not available for issuer %s" % issuer + print("Token endpoint not available for issuer %s" % issuer, file=sys.stderr) sys.exit(1) return endpoint_info['token_endpoint'] @@ -63,23 +66,23 @@ def generate_token(endpoint): Call out to the OAuth2 token issuer, using the client credentials grant type, and receive a SciToken. """ - print "Querying %s for new token." % endpoint + print("Querying %s for new token." % endpoint) with configure_authenticated_session() as session: response = session.post(endpoint, headers={"Accept": "application/json"}, data={"grant_type": "client_credentials"}) if response.status_code == requests.codes.ok: - print "Successfully generated a new token:" + print("Successfully generated a new token:") return response.text else: - print >> sys.stderr, "Issuer failed request (status %d): %s" % (response.status_code, response.text[:2048]) + print("Issuer failed request (status %d): %s" % (response.status_code, response.text[:2048]), file=sys.stderr) sys.exit(1) def main(): endpoint = get_token_endpoint(DEFAULT_ISSUER) token = generate_token(endpoint) - print token + print(token) if __name__ == '__main__': diff --git a/tools/cms-update-mapping b/tools/cms-update-mapping index 472a267..0f3116c 100755 --- a/tools/cms-update-mapping +++ b/tools/cms-update-mapping @@ -6,7 +6,6 @@ import json import pprint import requests import tempfile -import ConfigParser def configure_session(): @@ -52,13 +51,13 @@ def load_sitedb(): with configure_session() as session: response = session.get("https://cmsweb.cern.ch/sitedb/data/prod/people", headers={"Accept": "application/json"}) if response.status_code == requests.codes.ok: - print "Successfully queried SiteDB; response length %d" % len(response.text) + print("Successfully queried SiteDB; response length %d" % len(response.text)) else: - print >> sys.stderr, "SiteDB request failed: %s" % response.text[:2048] + print("SiteDB request failed: %s" % response.text[:2048], file=sys.stderr) sys.exit(1) response_json = json.loads(response.text) if ('desc' not in response_json) or ('result' not in response_json) or ('columns' not in response_json['desc']): - print >> sys.stderr, "SiteDB returned an invalid response." + print("SiteDB returned an invalid response.", file=sys.stderr) sys.exit(1) columns = response_json['desc']['columns'] result = response_json['result'] @@ -66,7 +65,7 @@ def load_sitedb(): username_idx = columns.index("username") dn_idx = columns.index("dn") except ValueError: - print >> sys.stderr, "Columns missing mapping data." + print("Columns missing mapping data.", file=sys.stderr) sys.exit(1) return dict([(entry[dn_idx], entry[username_idx]) for entry in result]) @@ -80,7 +79,7 @@ def main(): dpath, fname = os.path.split(output_fname) with tempfile.NamedTemporaryFile(prefix=fname, dir=dpath, delete=False) as tfile: json.dump(dn_to_username, tfile) - os.chmod(tfile.name, 0644) + os.chmod(tfile.name, 0o644) os.rename(tfile.name, output_fname) else: pprint.pprint(dn_to_username) diff --git a/tools/macaroon-init b/tools/macaroon-init index 31bb37b..4a0c468 100755 --- a/tools/macaroon-init +++ b/tools/macaroon-init @@ -9,7 +9,6 @@ from __future__ import print_function import os import sys import json -import urlparse import argparse import requests diff --git a/tools/x509-scitoken-init b/tools/x509-scitoken-init index d964cbe..a6e6f4e 100755 --- a/tools/x509-scitoken-init +++ b/tools/x509-scitoken-init @@ -7,7 +7,10 @@ Given an X509 proxy, act as an OAuth client and generate a corresponding SciToke import os import sys import json -import urlparse +try: + from urllib.parse import urljoin +except ImportError: + from urlparse import urljoin import optparse import logging @@ -46,7 +49,7 @@ def get_token_endpoint(issuer): """ if not issuer.endswith("/"): issuer += "/" - config_url = urlparse.urljoin(issuer, ".well-known/openid-configuration") + config_url = urljoin(issuer, ".well-known/openid-configuration") response = requests.get(config_url) if response.status_code != requests.codes.ok: logging.error("Failed to access the auto-discovery URL (%s) for issuer %s (status=%d): %s" % (config_url, issuer, response.status_code, response.text[:512])) @@ -57,7 +60,7 @@ def get_token_endpoint(issuer): logging.exception("Failure when loading JSON response from issuer auto-discovery: %s" % response.text[:2048]) sys.exit(1) if 'token_endpoint' not in endpoint_info: - print >> sys.stderr, "Token endpoint not available for issuer %s" % issuer + print("Token endpoint not available for issuer %s" % issuer, file=sys.stderr) sys.exit(1) return endpoint_info['token_endpoint'] @@ -88,13 +91,13 @@ def main(): logging.basicConfig(level=logging.DEBUG) if len(args) != 1: - print "Must provide a token issuer to query (example: https://scitokens.org/dteam/)" + print("Must provide a token issuer to query (example: https://scitokens.org/dteam/)") sys.exit(1) issuer = args[0] endpoint = get_token_endpoint(issuer) token = generate_token(endpoint) - print token + print(token) if __name__ == '__main__':