def get(self): """ Sign a URL for a limited lifetime for a particular service. :reqheader X-Rucio-VO: VO name as a string (Multi-VO only). :reqheader X-Rucio-Account: Account identifier as a string. :reqheader X-Rucio-AppID: Application identifier as a string. :status 200: Successfully signed URL :status 400: Bad Request :status 401: Unauthorized :status 406: Not Acceptable :status 500: Internal Server Error """ vo = request.headers.get('X-Rucio-VO', default='def') account = request.headers.get('X-Rucio-Account', default=None) appid = request.headers.get('X-Rucio-AppID', default='unknown') ip = request.headers.get('X-Forwarded-For', default=request.remote_addr) rse, svc, operation, url = None, None, None, None try: query_string = request.query_string.decode(encoding='utf-8') params = parse_qs(query_string) rse = params.get('rse', [None])[0] lifetime = params.get('lifetime', [600])[0] service = params.get('svc', ['gcs'])[0] operation = params.get('op', ['read'])[0] url = params.get('url', [None])[0] except ValueError: return generate_http_error_flask(400, 'ValueError', 'Cannot decode json parameter list') if service not in ['gcs', 's3', 'swift']: return generate_http_error_flask(400, 'ValueError', 'Parameter "svc" must be either empty(=gcs), gcs, s3 or swift') if url is None: return generate_http_error_flask(400, 'ValueError', 'Parameter "url" not found') if rse is None: return generate_http_error_flask(400, 'ValueError', 'Parameter "rse" not found') if operation not in ['read', 'write', 'delete']: return generate_http_error_flask(400, 'ValueError', 'Parameter "op" must be either empty(=read), read, write, or delete.') try: result = get_signed_url(account, appid, ip, rse=rse, service=service, operation=operation, url=url, lifetime=lifetime, vo=vo) except RucioException as error: return generate_http_error_flask(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) return str(error), 500 if not result: return generate_http_error_flask(401, 'CannotAuthenticate', 'Cannot generate signed URL for account %(account)s' % locals()) return str(result), 200
def get(self): """ Sign a URL for a limited lifetime for a particular service. :reqheader X-Rucio-VO: VO name as a string (Multi-VO only). :reqheader X-Rucio-Account: Account identifier as a string. :reqheader X-Rucio-AppID: Application identifier as a string. :status 200: Successfully signed URL :status 400: Bad Request :status 401: Unauthorized :status 406: Not Acceptable """ headers = self.get_headers() vo = request.headers.get('X-Rucio-VO', default='def') account = request.headers.get('X-Rucio-Account', default=None) appid = request.headers.get('X-Rucio-AppID', default='unknown') ip = request.headers.get('X-Forwarded-For', default=request.remote_addr) if 'rse' not in request.args: return generate_http_error_flask(400, ValueError.__name__, 'Parameter "rse" not found', headers=headers) rse = request.args.get('rse') lifetime = request.args.get('lifetime', type=int, default=600) service = request.args.get('svc', default='gcs') operation = request.args.get('op', default='read') if 'url' not in request.args: return generate_http_error_flask(400, ValueError.__name__, 'Parameter "url" not found', headers=headers) url = request.args.get('url') if service not in ['gcs', 's3', 'swift']: return generate_http_error_flask( 400, ValueError.__name__, 'Parameter "svc" must be either empty(=gcs), gcs, s3 or swift', headers=headers) if operation not in ['read', 'write', 'delete']: return generate_http_error_flask( 400, ValueError.__name__, 'Parameter "op" must be either empty(=read), read, write, or delete.', headers=headers) result = get_signed_url(account, appid, ip, rse=rse, service=service, operation=operation, url=url, lifetime=lifetime, vo=vo) if not result: return generate_http_error_flask( 401, CannotAuthenticate.__name__, f'Cannot generate signed URL for account {account}', headers=headers) return str(result), 200, headers
def get(self): """ Sign a URL for a limited lifetime for a particular service. :reqheader X-Rucio-Account: Account identifier as a string. :reqheader X-Rucio-AppID: Application identifier as a string. :resheader Access-Control-Allow-Origin: :resheader Access-Control-Allow-Headers: :resheader Access-Control-Allow-Methods: :resheader Access-Control-Allow-Credentials: :resheader Access-Control-Expose-Headers: :resheader X-Rucio-Auth-Token: The authentication token :status 200: Successfully signed URL :status 400: Bad Request :status 401: Unauthorized :status 500: Internal Server Error """ response = Response() response.headers['Access-Control-Allow-Origin'] = request.environ.get( 'HTTP_ORIGIN') response.headers['Access-Control-Allow-Headers'] = request.environ.get( 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS') response.headers['Access-Control-Allow-Methods'] = '*' response.headers['Access-Control-Allow-Credentials'] = 'true' response.headers[ 'Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token' response.headers['Content-Type'] = 'application/octet-stream' response.headers[ 'Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate' response.headers['Cache-Control'] = 'post-check=0, pre-check=0' response.headers['Pragma'] = 'no-cache' account = request.environ.get('HTTP_X_RUCIO_ACCOUNT') appid = request.environ.get('HTTP_X_RUCIO_APPID') if appid is None: appid = 'unknown' ip = request.environ.get('HTTP_X_FORWARDED_FOR') if ip is None: ip = request.remote_addr try: validate_auth_token(request.environ.get('HTTP_X_RUCIO_AUTH_TOKEN')) except AccessDenied: return generate_http_error_flask( 401, 'CannotAuthenticate', 'Cannot authenticate to account %(account)s with given credentials' % locals()) except RucioException as error: return generate_http_error_flask(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) return error, 500 svc, operation, url = None, None, None try: params = parse_qs(request.query[1:]) lifetime = params.get('lifetime', [600])[0] service = params.get('svc', ['gcs'])[0] operation = params.get('op', ['read'])[0] url = params.get('url', [None])[0] except ValueError: return generate_http_error_flask( 400, 'ValueError', 'Cannot decode json parameter list') if service not in ['gcs']: return generate_http_error_flask( 400, 'ValueError', 'Parameter "svc" must be either empty(=gcs), or gcs') if url is None: return generate_http_error_flask(400, 'ValueError', 'Parameter "url" not found') if operation not in ['read', 'write', 'delete']: return generate_http_error_flask( 400, 'ValueError', 'Parameter "op" must be either empty(=read), read, write, or delete.' ) try: result = get_signed_url(account, appid, ip, service=service, operation='read', url=url, lifetime=lifetime) except RucioException as error: return generate_http_error_flask(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) return error, 500 if not result: return generate_http_error_flask( 401, 'CannotAuthenticate', 'Cannot generate signed URL for account %(account)s' % locals()) return response
def GET(self): """ HTTP Success: 200 OK HTTP Error: 400 Bad Request 401 Unauthorized 406 Not Acceptable 500 Internal Server Error :param Rucio-VO: VO name as a string (Multi-VO only). :param Rucio-Account: Account identifier as a string. :param Rucio-AppID: Application identifier as a string. :returns: Signed URL. """ vo = ctx.env.get('HTTP_X_RUCIO_VO') account = ctx.env.get('HTTP_X_RUCIO_ACCOUNT') appid = ctx.env.get('HTTP_X_RUCIO_APPID') if appid is None: appid = 'unknown' ip = ctx.env.get('HTTP_X_FORWARDED_FOR') if ip is None: ip = ctx.ip try: validate_auth_token(ctx.env.get('HTTP_X_RUCIO_AUTH_TOKEN')) except RucioException as e: raise generate_http_error(500, e.__class__.__name__, e.args[0][0]) except Exception as e: print(format_exc()) raise InternalError(e) svc, operation, url = None, None, None try: params = parse_qs(ctx.query[1:]) lifetime = params.get('lifetime', [600])[0] service = params.get('svc', ['gcs'])[0] operation = params.get('op', ['read'])[0] url = params.get('url', [None])[0] except ValueError: raise generate_http_error(400, 'ValueError', 'Cannot decode json parameter list') if service not in ['gcs', 's3', 'swift']: raise generate_http_error( 400, 'ValueError', 'Parameter "svc" must be either empty(=gcs), gcs, s3 or swift') if url is None: raise generate_http_error(400, 'ValueError', 'Parameter "url" not found') if operation not in ['read', 'write', 'delete']: raise generate_http_error( 400, 'ValueError', 'Parameter "op" must be either empty(=read), read, write, or delete.' ) try: result = get_signed_url(account, appid, ip, service=service, operation=operation, url=url, lifetime=lifetime, vo=vo) except RucioException as e: raise generate_http_error(500, e.__class__.__name__, e.args[0]) except Exception as e: print(format_exc()) raise InternalError(e) if not result: raise generate_http_error( 401, 'CannotAuthenticate', 'Cannot generate signed URL for account %(account)s' % locals()) return result
def get(self): """ --- summary: Sign URL description: Sign a url for a limited lifetime for a particular srevice. tags: - Credentials parameters: - name: rse in: query description: The RSE to authenticate against. schema: type: string required: true - name: lifetime in: query description: The lifetime, default 600s. schema: type: string required: false - name: svc in: query description: The service, default gcs. schema: type: string required: false - name: op in: query description: The operation. schema: type: string required: false - name: url in: query description: The Url of the authentification. schema: type: string required: true requestBody: content: 'application/octet-stream': schema: type: object properties: X-Rucio-Account: description: Account identifier. type: string X-Rucio-VO: description: VO name (Multi-VO only). type: string X-Rucio-AppID: description: Application identifier. type: string responses: 200: description: OK content: application/json: schema: type: array items: type: object description: An account attribute. properties: key: description: The key of the account attribute. type: string value: description: The value of the account attribute. type: string 401: description: Invalid Auth Token 400: description: bad request, no rse or url found. 406: description: Not acceptable. """ headers = self.get_headers() vo = extract_vo(request.headers) account = request.headers.get('X-Rucio-Account', default=None) appid = request.headers.get('X-Rucio-AppID', default='unknown') ip = request.headers.get('X-Forwarded-For', default=request.remote_addr) if 'rse' not in request.args: return generate_http_error_flask(400, ValueError.__name__, 'Parameter "rse" not found', headers=headers) rse = request.args.get('rse') lifetime = request.args.get('lifetime', type=int, default=600) service = request.args.get('svc', default='gcs') operation = request.args.get('op', default='read') if 'url' not in request.args: return generate_http_error_flask(400, ValueError.__name__, 'Parameter "url" not found', headers=headers) url = request.args.get('url') if service not in ['gcs', 's3', 'swift']: return generate_http_error_flask( 400, ValueError.__name__, 'Parameter "svc" must be either empty(=gcs), gcs, s3 or swift', headers=headers) if operation not in ['read', 'write', 'delete']: return generate_http_error_flask( 400, ValueError.__name__, 'Parameter "op" must be either empty(=read), read, write, or delete.', headers=headers) result = get_signed_url(account, appid, ip, rse=rse, service=service, operation=operation, url=url, lifetime=lifetime, vo=vo) if not result: return generate_http_error_flask( 401, CannotAuthenticate.__name__, f'Cannot generate signed URL for account {account}', headers=headers) return str(result), 200, headers