This is a python script that can be used to import data from a VOMS Admin VO into an IAM organization.

For those who use VSCode, there is support for a remote Devcontainer, which comes preconfigured with the test VOMS at meteora.cloud.cnaf.infn.it.

Note (and beware) that $HOME/.globus and $HOME/.config/oidc-agent are mounted from the host.

To run the vomsimporter script, you first need to obtain an admin VOMS proxy with voms-proxy-init and an admin access token with oidc-token.

This is an example to import users from the test.vo hosted in meteora, into iam-dev.

Pre-requisites

• being an admin of meteora
• being an admin of iam-dev
• the X.509 certificate linked to the VOMS admin has to be the same as for the IAM admin
• having a local oidc-configuration (generated with Centos7) whith at least the following scopes allowed: openid iam:admin.read iam:admin.write scim:read scim:write proxy:generate

Define the following environment variables:

OIDC_AGENT_ALIAS=<your-client-alias>
OIDC_AGENT_SECRET=<your-client-secret>
IAM_ENDPOINT=https://iam-dev.cloud.cnaf.infn.it
IAM_HOST=iam-dev.cloud.cnaf.infn.it
VOMS_HOST=meteora.cloud.cnaf.infn.it
VOMS_VO=test.vo
X509_USER_PROXY=/tmp/x509up_u1000

Initialize your admin credentials with

$ ./docker/init-credentials.sh

Run the importer with

python vomsimporter.py --vo ${VOMS_VO} --voms-host ${VOMS_HOST} --iam-host ${IAM_HOST} --skip-duplicate-accounts-checks --username-attr nickname --debug --voms-port 8443