def endpoint_create(**kwargs):
"""
Create a new endpoint.
Requires a display name and exactly one of --personal, --server, or --shared to make
a Globus Connect Personal, Globus Connect Server, or Shared endpoint respectively.
"""
client = get_client()
# get endpoint type, ensure unambiguous.
personal = kwargs.pop("personal")
server = kwargs.pop("server")
shared = kwargs.pop("shared")
if personal and (not server) and (not shared):
endpoint_type = "personal"
elif server and (not personal) and (not shared):
endpoint_type = "server"
elif shared and (not personal) and (not server):
endpoint_type = "shared"
else:
raise click.UsageError(
"Exactly one of --personal, --server, or --shared is required.")
# validate options
kwargs["is_globus_connect"] = personal or None
validate_endpoint_create_and_update_params(endpoint_type, False, kwargs)
# shared endpoint creation
if shared:
endpoint_id, host_path = shared
kwargs["host_endpoint"] = endpoint_id
kwargs["host_path"] = host_path
ep_doc = assemble_generic_doc("shared_endpoint", **kwargs)
autoactivate(client, endpoint_id, if_expires_in=60)
res = client.create_shared_endpoint(ep_doc)
# non shared endpoint creation
else:
# omit `is_globus_connect` key if not GCP, otherwise include as `True`
ep_doc = assemble_generic_doc("endpoint", **kwargs)
res = client.create_endpoint(ep_doc)
# output
formatted_print(
res,
fields=(COMMON_FIELDS + GCP_FIELDS if personal else COMMON_FIELDS),
text_format=FORMAT_TEXT_RECORD,
)
def endpoint_update(**kwargs):
"""
Executor for `globus endpoint update`
"""
# validate params. Requires a get call to check the endpoint type
client = get_client()
endpoint_id = kwargs.pop("endpoint_id")
get_res = client.get_endpoint(endpoint_id)
if get_res["host_endpoint_id"]:
endpoint_type = "shared"
elif get_res["is_globus_connect"]:
endpoint_type = "personal"
elif get_res["s3_url"]:
endpoint_type = "s3"
else:
endpoint_type = "server"
validate_endpoint_create_and_update_params(
endpoint_type, get_res["subscription_id"], kwargs
)
# make the update
ep_doc = assemble_generic_doc("endpoint", **kwargs)
res = client.update_endpoint(endpoint_id, ep_doc)
formatted_print(res, text_format=FORMAT_TEXT_RAW, response_key="message")
def server_update(
endpoint_id,
server_id,
subject,
port,
scheme,
hostname,
incoming_data_ports,
outgoing_data_ports,
):
"""
Executor for `globus endpoint server update`
"""
client = get_client()
server_doc = assemble_generic_doc(
"server", subject=subject, port=port, scheme=scheme, hostname=hostname
)
# n.b. must be done after assemble_generic_doc(), as that function filters
# out `None`s, which we need to be able to set for `'unspecified'`
if incoming_data_ports:
server_doc.update(
incoming_data_port_start=incoming_data_ports[0],
incoming_data_port_end=incoming_data_ports[1],
)
if outgoing_data_ports:
server_doc.update(
outgoing_data_port_start=outgoing_data_ports[0],
outgoing_data_port_end=outgoing_data_ports[1],
)
res = client.update_endpoint_server(endpoint_id, server_id, server_doc)
formatted_print(res, text_format=FORMAT_TEXT_RAW, response_key="message")
def server_add(
endpoint_id,
subject,
port,
scheme,
hostname,
incoming_data_ports,
outgoing_data_ports,
):
"""
Executor for `globus endpoint server add`
"""
client = get_client()
server_doc = assemble_generic_doc("server",
subject=subject,
port=port,
scheme=scheme,
hostname=hostname)
# n.b. must be done after assemble_generic_doc(), as that function filters
# out `None`s, which we need to be able to set for `'unspecified'`
if incoming_data_ports:
server_doc.update(
incoming_data_port_start=incoming_data_ports[0],
incoming_data_port_end=incoming_data_ports[1],
)
if outgoing_data_ports:
server_doc.update(
outgoing_data_port_start=outgoing_data_ports[0],
outgoing_data_port_end=outgoing_data_ports[1],
)
res = client.add_endpoint_server(endpoint_id, server_doc)
formatted_print(res, text_format=FORMAT_TEXT_RAW, response_key="message")
def role_create(role, principal, endpoint_id):
"""
Create a role on an endpoint.
You must have sufficient privileges to modify the roles on the endpoint.
Either *--group* or *--identity* is required. You may not pass both.
Which one of these options you use will determine the 'Principal Type' on the
role, and the value given will be the 'Principal' of the resulting role.
The term "Principal" is used in the sense of "a security principal", an entity
which has some privileges associated with it.
"""
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity.")
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
role_doc = assemble_generic_doc("role",
principal_type=principal_type,
principal=principal_val,
role=role)
res = client.add_endpoint_role(endpoint_id, role_doc)
formatted_print(res, simple_text="ID: {}".format(res["id"]))
def role_create(role, principal, endpoint_id):
"""
Executor for `globus endpoint role show`
"""
principal_type, principal_val = principal
client = get_client()
if principal_type == 'identity':
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
'Identity does not exist. '
'Use --provision-identity to auto-provision an identity.')
elif principal_type == 'provision-identity':
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = 'identity'
role_doc = assemble_generic_doc('role',
principal_type=principal_type,
principal=principal_val,
role=role)
res = client.add_endpoint_role(endpoint_id, role_doc)
formatted_print(res, simple_text='ID: {}'.format(res['id']))
def endpoint_update(**kwargs):
"""
Executor for `globus endpoint update`
"""
# validate params. Requires a get call to check the endpoint type
client = get_client()
endpoint_id = kwargs.pop("endpoint_id")
get_res = client.get_endpoint(endpoint_id)
if get_res["host_endpoint_id"]:
endpoint_type = "shared"
elif get_res["is_globus_connect"]:
endpoint_type = "personal"
elif get_res["s3_url"]:
endpoint_type = "s3"
else:
endpoint_type = "server"
validate_endpoint_create_and_update_params(endpoint_type,
get_res["subscription_id"],
kwargs)
# make the update
ep_doc = assemble_generic_doc('endpoint', **kwargs)
res = client.update_endpoint(endpoint_id, ep_doc)
formatted_print(res, text_format=FORMAT_TEXT_RAW, response_key='message')
def role_create(role, principal, endpoint_id):
"""
Executor for `globus endpoint role show`
"""
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity."
)
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
role_doc = assemble_generic_doc(
"role", principal_type=principal_type, principal=principal_val, role=role
)
res = client.add_endpoint_role(endpoint_id, role_doc)
formatted_print(res, simple_text="ID: {}".format(res["id"]))
def update_command(permissions, rule_id, endpoint_id):
"""
Executor for `globus endpoint permission update`
"""
client = get_client()
rule_data = assemble_generic_doc("access", permissions=permissions)
res = client.update_endpoint_acl_rule(endpoint_id, rule_id, rule_data)
formatted_print(res, text_format=FORMAT_TEXT_RAW, response_key="message")
def update_command(permissions, rule_id, endpoint_id):
"""
Executor for `globus endpoint permission update`
"""
client = get_client()
rule_data = assemble_generic_doc("access", permissions=permissions)
res = client.update_endpoint_acl_rule(endpoint_id, rule_id, rule_data)
formatted_print(res, text_format=FORMAT_TEXT_RAW, response_key="message")
def update_task(deadline, label, task_id):
"""
Executor for `globus task update`
"""
client = get_client()
task_doc = assemble_generic_doc("task", label=label, deadline=deadline)
res = client.update_task(task_id, task_doc)
formatted_print(res, simple_text="Success")
def update_task(deadline, label, task_id):
"""
Update label and/or deadline on an active task.
If a Task has completed, these attributes may no longer be updated.
"""
client = get_client()
task_doc = assemble_generic_doc("task", label=label, deadline=deadline)
res = client.update_task(task_id, task_doc)
formatted_print(res, simple_text="Success")
def update_command(permissions, rule_id, endpoint_id):
"""
Update an existing access control rule's permissions.
The --permissions option is required, as it is currently the only field
that can be updated.
"""
client = get_client()
rule_data = assemble_generic_doc("access", permissions=permissions)
res = client.update_endpoint_acl_rule(endpoint_id, rule_id, rule_data)
formatted_print(res, text_format=FORMAT_TEXT_RAW, response_key="message")
def create_command(principal, permissions, endpoint_plus_path, notify_email,
notify_message):
"""
Create a new access control rule on the target endpoint, granting users new
permissions on the given path.
The target endpoint must be a shared endpoint, as only these use access control
lists to manage permissions.
The '--permissions' option is required, and exactly one of '--all-authenticated'
'--anonymous', '--group', or '--identity' is required to know to whom permissions
are being granted.
"""
if not principal:
raise click.UsageError(
"A security principal is required for this command")
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity.")
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc(
"access",
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message,
)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(
res,
text_format=FORMAT_TEXT_RECORD,
fields=[("Message", "message"), ("Rule ID", "access_id")],
)
def create_command(
principal, permissions, endpoint_plus_path, notify_email, notify_message
):
"""
Executor for `globus endpoint permission create`
"""
if not principal:
raise click.UsageError("A security principal is required for this command")
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity."
)
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc(
"access",
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message,
)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(
res,
text_format=FORMAT_TEXT_RECORD,
fields=[("Message", "message"), ("Rule ID", "access_id")],
)
def create_command(principal, permissions, endpoint_plus_path, notify_email,
notify_message):
"""
Executor for `globus endpoint permission create`
"""
if not principal:
raise click.UsageError(
"A security principal is required for this command")
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == "identity":
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
"Identity does not exist. "
"Use --provision-identity to auto-provision an identity.")
elif principal_type == "provision-identity":
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = "identity"
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc(
"access",
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message,
)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(
res,
text_format=FORMAT_TEXT_RECORD,
fields=[("Message", "message"), ("Rule ID", "access_id")],
)
def create_command(principal, permissions, endpoint_plus_path, notify_email,
notify_message):
"""
Executor for `globus endpoint permission create`
"""
if not principal:
raise click.UsageError(
'A security principal is required for this command')
endpoint_id, path = endpoint_plus_path
principal_type, principal_val = principal
client = get_client()
if principal_type == 'identity':
principal_val = maybe_lookup_identity_id(principal_val)
if not principal_val:
raise click.UsageError(
'Identity does not exist. '
'Use --provision-identity to auto-provision an identity.')
elif principal_type == 'provision-identity':
principal_val = maybe_lookup_identity_id(principal_val, provision=True)
principal_type = 'identity'
if not notify_email:
notify_message = None
rule_data = assemble_generic_doc('access',
permissions=permissions,
principal=principal_val,
principal_type=principal_type,
path=path,
notify_email=notify_email,
notify_message=notify_message)
res = client.add_endpoint_acl_rule(endpoint_id, rule_data)
formatted_print(res,
text_format=FORMAT_TEXT_RECORD,
fields=[('Message', 'message'), ('Rule ID', 'access_id')])