mambelli
commented
2 years ago Those were in comments kept around for the error strings, anyway I removed them.
Closed mambelli closed 2 years ago
mambelli
commented
2 years ago Those were in comments kept around for the error strings, anyway I removed them.
namrathaurs
commented
2 years ago My bad, did not notice closely that the line was commented out. It’s now ready for merging!
Adding the possibility to set TRUST_DOMAIN via the attr TRUST_DOMAIN
By default TRUST_DOMAIN is GLIDEIN_Collector and if that is empty, CCB_ADDRESS. Now if TRUST_DOMAIN is set it will be checked and used first.
And fixed TRUST_DOMAIN value: now it is the first collector (with port and synful string).
Considering only the first collector in the list (CE collectors could be added to the glidein). Secondary collectors could have a different port and synful string, but it is OK because the Glidein TRUST_DOMAIN does not have to be the same as the collector. Both shell script and python code (the one to evaluate the issuer of the token) have been updated accordingly
Then fixed condor config vars: TRUST_DOMAIN is a condor expression, not a quoted string (suggested by TJ)
Added also unit tests for setup_x509.sh And resed SEC_PASSWORD_DIRECTORY to an empty string (not needed in a client)
TODO: evaluate if the entry/credential trust domain from the Frontend configuration should be considered instead of the HTCSS one. Does it really matter what value is the TRUST_DOMAIN of the Glidein/startd? Will open an issue for it.
This includes and closes PR #223