From 0574c0c458d84f64f28928e5907471b09fcbeea0 Mon Sep 17 00:00:00 2001
From: Andre Sailer <andre.philippe.sailer@cern.ch>
Date: Wed, 11 Sep 2024 09:31:22 +0200
Subject: [PATCH] feat(VOMS2CSAgent): add ForceNickname option to only add
 users where a nickname attribute is defined

---
 src/DIRAC/ConfigurationSystem/Agent/VOMS2CSAgent.py      | 9 +++++++++
 .../ConfigurationSystem/Client/VOMS2CSSynchronizer.py    | 6 ++++++
 src/DIRAC/ConfigurationSystem/ConfigTemplate.cfg         | 2 ++
 3 files changed, 17 insertions(+)

diff --git a/src/DIRAC/ConfigurationSystem/Agent/VOMS2CSAgent.py b/src/DIRAC/ConfigurationSystem/Agent/VOMS2CSAgent.py
index 9028021ef95..4df5742ec1e 100644
--- a/src/DIRAC/ConfigurationSystem/Agent/VOMS2CSAgent.py
+++ b/src/DIRAC/ConfigurationSystem/Agent/VOMS2CSAgent.py
@@ -55,6 +55,7 @@ def __init__(self, *args, **kwargs):
         self.syncPluginName = None
         self.compareWithIAM = False
         self.useIAM = False
+        self.forceNickname = False
 
     def initialize(self):
         """Initialize the default parameters"""
@@ -70,6 +71,7 @@ def initialize(self):
         self.syncPluginName = self.am_getOption("SyncPluginName", self.syncPluginName)
         self.compareWithIAM = self.am_getOption("CompareWithIAM", self.compareWithIAM)
         self.useIAM = self.am_getOption("UseIAM", self.useIAM)
+        self.forceNickname = self.am_getOption("ForceNickname", self.forceNickname)
 
         self.detailedReport = self.am_getOption("DetailedReport", self.detailedReport)
         self.mailFrom = self.am_getOption("MailFrom", self.mailFrom)
@@ -127,6 +129,7 @@ def execute(self):
                 compareWithIAM=compareWithIAM,
                 useIAM=useIAM,
                 accessToken=accessToken,
+                forceNickname=self.forceNickname,
             )
 
             result = self.__syncCSWithVOMS(  # pylint: disable=unexpected-keyword-arg
@@ -145,6 +148,7 @@ def execute(self):
             csapi = resultDict.get("CSAPI")
             adminMessages = resultDict.get("AdminMessages", {"Errors": [], "Info": []})
             voChanged = resultDict.get("VOChanged", False)
+            noNickname = resultDict.get("NoNickname", [])
             self.log.info(
                 "Run user results",
                 ": new %d, modified %d, deleted %d, new/suspended %d"
@@ -194,6 +198,11 @@ def execute(self):
                 mailMsg = ""
                 if adminMessages["Errors"]:
                     mailMsg += "\nErrors list:\n  %s" % "\n  ".join(adminMessages["Errors"])
+                if self.forceNickname and noNickname:
+                    mailMsg += "There are users without nicknames in the IAM\n"
+                    for entry in noNickname:
+                        mailMsg += str(entry)
+                        mailMsg += "\n\n"
                 if adminMessages["Info"]:
                     mailMsg += "\nRun result:\n  %s" % "\n  ".join(adminMessages["Info"])
                 if self.detailedReport:
diff --git a/src/DIRAC/ConfigurationSystem/Client/VOMS2CSSynchronizer.py b/src/DIRAC/ConfigurationSystem/Client/VOMS2CSSynchronizer.py
index 7512428f383..8c926fd5631 100644
--- a/src/DIRAC/ConfigurationSystem/Client/VOMS2CSSynchronizer.py
+++ b/src/DIRAC/ConfigurationSystem/Client/VOMS2CSSynchronizer.py
@@ -132,6 +132,7 @@ def __init__(
         compareWithIAM=False,
         useIAM=False,
         accessToken=None,
+        forceNickname=False,
     ):
         """VOMS2CSSynchronizer class constructor
 
@@ -165,6 +166,7 @@ def __init__(
         self.compareWithIAM = compareWithIAM
         self.useIAM = useIAM
         self.accessToken = accessToken
+        self.forceNickname = forceNickname
 
         if syncPluginName:
             objLoader = ObjectLoader()
@@ -329,6 +331,10 @@ def syncCSWithVOMS(self):
                 # Check the nickName in the same VO to see if the user is already registered
                 # with another DN
                 nickName = self.vomsUserDict[dn].get("nickname")
+                if not nickName and self.forceNickname:
+                    resultDict["NoNickname"].append(self.vomsUserDict[dn])
+                    self.log.error("No nickname defined for", self.vomsUserDict[dn])
+                    continue
                 if nickName in diracUserDict or nickName in newAddedUserDict:
                     diracName = nickName
                     # This is a flag for adding the new DN to an already existing user
diff --git a/src/DIRAC/ConfigurationSystem/ConfigTemplate.cfg b/src/DIRAC/ConfigurationSystem/ConfigTemplate.cfg
index a7ef2410236..e1b27eaf93a 100644
--- a/src/DIRAC/ConfigurationSystem/ConfigTemplate.cfg
+++ b/src/DIRAC/ConfigurationSystem/ConfigTemplate.cfg
@@ -76,6 +76,8 @@ Agents
     CompareWithIAM = False
     # If set to true, will only query IAM and return the list of users from there
     UseIAM = False
+    # If set to true only users with a nickname attribute defined in the IAM are created in DIRAC
+    ForceNickname = False
   }
   ##END
   ##BEGIN GOCDB2CSAgent