Add certificates handling to Tier0Handler

Author: JanChyczynski

CondCore/Utilities/python/tier0.py

@@ -23,7 +23,7 @@ def __init__(self, message):
 
 def unique(seq, keepstr=True):
     t = type(seq)
-    if t in (unicode, str):
+    if t is str:
         t = (list, t('').join)[bool(keepstr)]
     try:
         remaining = set(seq)
@@ -90,29 +90,51 @@ def unsetDebug( self ):
     def setProxy( self, proxy ):
         self._proxy = proxy
 
+    def _getCerts( self ) -> str:
+        cert_path = os.getenv('X509_USER_CERT', '')
+        key_path = os.getenv('X509_USER_KEY', '')
+        
+        certs = ""
+        if cert_path:
+            certs += f' --cert {cert_path}'
+        else:
+            logging.warn("No certificate, nor proxy provided for Tier0 access")
+        if key_path:
+            certs += f' --key {key_path}'
+        return certs
+
+    def _curlQueryTier0( self, url:str, force_debug:bool = False) -> int:
+        userAgent = "User-Agent: ConditionWebServices/1.0 python/%d.%d.%d PycURL/%s" \
+            % ( sys.version_info[ :3 ] + ( pycurl.version_info()[ 1 ], ) )
+        debug = "-v" if self._debug or force_debug else "-s -S"
+
+        proxy = ""
+        certs = ""
+        if self._proxy:
+            proxy = f"--proxy {self._proxy}"
+        else:
+            certs = self._getCerts()
+
+        cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s %s' \
+            % (userAgent, proxy, self._timeOut, self._retries, debug, url, certs)
+
+        # time the curl to understand if re-tries have been carried out
+        start = time.time()
+        process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        (stdoutdata, stderrdata) =  process.communicate()
+        return process.returncode, stdoutdata, stderrdata
+
     def _queryTier0DataSvc( self, url ):
         """
         Queries Tier0DataSvc.
         url: Tier0DataSvc URL.
         @returns: dictionary, from whence the required information must be retrieved according to the API call.
         Raises if connection error, bad response, or timeout after retries occur.
         """
-        
-        userAgent = "User-Agent: ConditionWebServices/1.0 python/%d.%d.%d PycURL/%s" % ( sys.version_info[ :3 ] + ( pycurl.version_info()[ 1 ], ) )
-
-        proxy = ""
-        if self._proxy: proxy = ' --proxy=%s ' % self._proxy
-        
-        debug = " -s -S "
-        if self._debug: debug = " -v "
-        
-        cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s ' % (userAgent, proxy, self._timeOut, self._retries, debug, url)
 
         # time the curl to understand if re-tries have been carried out
         start = time.time()
-        process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-        (stdoutdata, stderrdata) =  process.communicate()
-        retcode = process.returncode
+        retcode, stdoutdata, stderrdata = self._curlQueryTier0(url)
         end = time.time()
 
         if retcode != 0 or stderrdata:
@@ -123,10 +145,7 @@ def _queryTier0DataSvc( self, url ):
            logging.error(msg)
 
            time.sleep(10)
-           cmd = '/usr/bin/curl -k -L --user-agent "%s" %s --connect-timeout %i --retry %i %s %s ' % (userAgent, proxy, self._timeOut, self._retries, "-v", url)
-           process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-           (stdoutdata, stderrdata) =  process.communicate()
-           retcode = process.returncode
+           retcode, stdoutdata, stderrdata = self._curlQueryTier0(url, force_debug=True)
            if retcode != 0:
               msg = "looks like curl returned an error for the second time: retcode=%s" % (retcode,)
               msg += ' msg = "'+str(stderrdata)+'"'