def import_accounts(accounts, vo='def', session=None):
vo_filter = {'account': InternalAccount(account='*', vo=vo)}
old_accounts = {account['account']: account for account in account_module.list_accounts(filter_=vo_filter, session=session)}
missing_accounts = [account for account in accounts if account['account'] not in old_accounts]
outdated_accounts = [account for account in accounts if account['account'] in old_accounts]
to_be_removed_accounts = [old_account for old_account in old_accounts if old_account not in [account['account'] for account in accounts]]
old_identities = identity_module.list_identities(session=session)
old_identity_account = session.query(models.IdentityAccountAssociation.identity, models.IdentityAccountAssociation.identity_type, models.IdentityAccountAssociation.account).all()
# add missing accounts
for account_dict in missing_accounts:
account = account_dict['account']
email = account_dict['email']
account_module.add_account(account=account, type_=AccountType.USER, email=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
# remove left over accounts
for account in to_be_removed_accounts:
if account.external != 'root':
account_module.del_account(account=account, session=session)
# update existing accounts
for account_dict in outdated_accounts:
account = account_dict['account']
email = account_dict['email']
old_account = old_accounts[account]
if email and old_account['email'] != email:
account_module.update_account(account, key='email', value=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
def update_account(account, key, value, issuer='root'):
""" Update a property of an account_core.
:param account: Name of the account_core.
:param key: Account property like status.
:param value: Property value.
"""
validate_schema(name='account', obj=account)
kwargs = {}
if not rucio.api.permission.has_permission(
issuer=issuer, action='update_account', kwargs=kwargs):
raise rucio.common.exception.AccessDenied(
'Account %s can not change %s of the account' % (issuer, key))
return account_core.update_account(account, key, value)
def update_account(account, key, value, issuer='root', vo='def', session=None):
""" Update a property of an account_core.
:param account: Name of the account_core.
:param key: Account property like status.
:param value: Property value.
:param issuer: The issuer account
:param vo: The VO to act on.
:param session: The database session in use.
"""
validate_schema(name='account', obj=account, vo=vo)
kwargs = {}
if not rucio.api.permission.has_permission(issuer=issuer,
vo=vo,
action='update_account',
kwargs=kwargs,
session=session):
raise rucio.common.exception.AccessDenied(
'Account %s can not change %s of the account' % (issuer, key))
account = InternalAccount(account, vo=vo)
return account_core.update_account(account, key, value, session=session)