ATLAS scope policies for transfer tests

• created new IAM optional groups
  • /atlas/policy - not used, just mandatory parent group
  • /atlas/policy/storage-test - for ATLAS SAM probes and SE tests
  • /atlas/policy/compute-test - for ATLAS SAM probes and SE tests
  • /atlas/policy/compute-pilot - for normal grid job submission (Harvester, aCT)
•  new groups to avoid too generic "production" group that's now used everywhere
• "internal" to the IAM (optional groups) that'll be used only for scope/token exchange policies
• storage policies
  • everything DENY by default
  • storage-test
    • allowed to get storage.read, storage.create, storage.modify
    • only for paths /atlasdatadisk/SAM/ and /atlasscratchdisk/SAM/
• ask P.V. (or VO-Admin) if you would like to get these test storage tokens
  • read/write/delete in test area of any storage configured to accept ATLAS tokens

CMS SAM tests for transfers with tokens

• CMS SAM token tests for WebDAV and XRootD endpoints
  • WebDAV: se_webdav.py (documentation)
  • xrootd: se_xrootd.py (documentation)
• recent XRootD client (5.5.2 or 5.5.3) required to avoid SEGV