def add_account_identity(identity, type, account, email, default=False, password=None, session=None):
"""
Adds a membership association between identity and account.
:param identity: The identity key name. For example x509 DN, or a username.
:param type: The type of the authentication (x509, gss, userpass, ssh, saml, oidc).
:param account: The account name.
:param email: The Email address associated with the identity.
:param default: If True, the account should be used by default with the provided identity.
:param password: Password if type is userpass.
:param session: The database session in use.
"""
if not account_exists(account, session=session):
raise exception.AccountNotFound('Account \'%s\' does not exist.' % account)
id = session.query(models.Identity).filter_by(identity=identity, identity_type=type).first()
if id is None:
add_identity(identity=identity, type=type, email=email, password=password, session=session)
id = session.query(models.Identity).filter_by(identity=identity, identity_type=type).first()
iaa = models.IdentityAccountAssociation(identity=id.identity, identity_type=id.identity_type, account=account)
try:
iaa.save(session=session)
except IntegrityError:
raise exception.Duplicate('Identity pair \'%s\',\'%s\' already exists!' % (identity, type))
def list_identities(account, session=None):
"""
List all identities on an account.
:param account: The account name.
:param session: the database session in use.
"""
identity_list = list()
query = session.query(models.Account).filter_by(account=account).filter_by(
status=AccountStatus.ACTIVE)
try:
query.one()
except exc.NoResultFound:
raise exception.AccountNotFound(
'Account with ID \'%s\' cannot be found' % account)
query = session.query(models.IdentityAccountAssociation, models.Identity)\
.join(models.Identity, and_(models.Identity.identity == models.IdentityAccountAssociation.identity,
models.Identity.identity_type == models.IdentityAccountAssociation.identity_type))\
.filter(models.IdentityAccountAssociation.account == account)
for identity in query:
identity_list.append({
'type': identity[0].identity_type,
'identity': identity[0].identity,
'email': identity[1].email
})
return identity_list
def add_account_attribute(account, key, value, session=None):
"""
Add an attribute for the given account name.
:param key: the key for the new attribute.
:param value: the value for the new attribute.
:param account: the account to add the attribute to.
:param session: The database session in use.
"""
query = session.query(models.Account).filter_by(
account=account, status=AccountStatus.ACTIVE)
try:
query.one()
except exc.NoResultFound:
raise exception.AccountNotFound(
"Account ID '{0}' does not exist".format(account))
new_attr = models.AccountAttrAssociation(account=account,
key=key,
value=value)
try:
new_attr.save(session=session)
except IntegrityError as error:
if match('.*IntegrityError.*ORA-00001: unique constraint.*ACCOUNT_ATTR_MAP_PK.*violated.*', error.args[0]) \
or match('.*IntegrityError.*1062.*Duplicate entry.*for key.*', error.args[0]) \
or match('.*IntegrityError.*UNIQUE constraint failed: account_attr_map.account, account_attr_map.key.*', error.args[0]) \
or match('.*IntegrityError.*columns? account.*key.*not unique.*', error.args[0]) \
or match('.*IntegrityError.*duplicate key value violates unique constraint.*', error.args[0]) \
or match('.*UniqueViolation.*duplicate key value violates unique constraint.*', error.args[0]):
raise exception.Duplicate(
'Key {0} already exist for account {1}!'.format(key, account))
except Exception:
raise exception.RucioException(str(format_exc()))
def add_account_identity(identity, type_, account, email, default=False, password=None, session=None):
"""
Adds a membership association between identity and account.
:param identity: The identity key name. For example x509 DN, or a username.
:param type_: The type of the authentication (x509, gss, userpass, ssh, saml, oidc).
:param account: The account name.
:param email: The Email address associated with the identity.
:param default: If True, the account should be used by default with the provided identity.
:param password: Password if type is userpass.
:param session: The database session in use.
"""
if not account_exists(account, session=session):
raise exception.AccountNotFound('Account \'%s\' does not exist.' % account)
id_ = session.query(models.Identity).filter_by(identity=identity, identity_type=type_).first()
if id_ is None:
add_identity(identity=identity, type_=type_, email=email, password=password, session=session)
id_ = session.query(models.Identity).filter_by(identity=identity, identity_type=type_).first()
iaa = models.IdentityAccountAssociation(identity=id_.identity, identity_type=id_.identity_type, account=account,
is_default=default)
try:
iaa.save(session=session)
except IntegrityError as error:
if match('.*IntegrityError.*ORA-00001: unique constraint.*violated.*', error.args[0]) \
or match('.*IntegrityError.*UNIQUE constraint failed.*', error.args[0]) \
or match('.*IntegrityError.*1062.*Duplicate entry.*for key.*', error.args[0]) \
or match('.*IntegrityError.*duplicate key value violates unique constraint.*', error.args[0]) \
or match('.*UniqueViolation.*duplicate key value violates unique constraint.*', error.args[0]) \
or match('.*IntegrityError.*columns? .*not unique.*', error.args[0]):
raise exception.Duplicate('Identity pair \'%s\',\'%s\' already exists!' % (identity, type_))
def del_account_attribute(account, key, session=None):
"""
Add an attribute for the given account name.
:param account: the account to add the attribute to.
:param key: the key for the new attribute.
:param session: The database session in use.
"""
aid = session.query(models.AccountAttrAssociation).filter_by(key=key, account=account).first()
if aid is None:
raise exception.AccountNotFound('Attribute ({0}) does not exist for the account {1}!'.format(key, account))
aid.delete(session=session)
def del_account(account, session=None):
""" Disable an account with the given account name.
:param account: the account name.
:param session: the database session in use.
"""
query = session.query(models.Account).filter_by(account=account).filter_by(status=AccountStatus.ACTIVE)
try:
account = query.one()
except exc.NoResultFound:
raise exception.AccountNotFound('Account with ID \'%s\' cannot be found' % account)
account.update({'status': AccountStatus.DELETED, 'deleted_at': datetime.utcnow()})
def get_account(account, session=None):
""" Returns an account for the given account name.
:param account: the name of the account.
:param session: the database session in use.
:returns: a dict with all information for the account.
"""
query = session.query(models.Account).filter_by(account=account)
result = query.first()
if result is None:
raise exception.AccountNotFound('Account with ID \'%s\' cannot be found' % account)
return result
def set_account_status(account, status, session=None):
""" Set the status of an account.
:param account: Name of the account.
:param status: The status for the account.
:param session: the database session in use.
"""
query = session.query(models.Account).filter_by(account=account)
try:
account = query.one()
except exc.NoResultFound:
raise exception.AccountNotFound(
'Account with ID \'%s\' cannot be found' % account)
if (isinstance(status, str) or isinstance(status, unicode)):
status = AccountStatus.from_sym(status)
if status == AccountStatus.SUSPENDED:
query.update({'status': status, 'suspended_at': datetime.utcnow()})
elif status == AccountStatus.ACTIVE:
query.update({'status': status, 'suspended_at': None})
def list_account_attributes(account, session=None):
"""
Get all attributes defined for an account.
:param account: the account name to list the scopes of.
:param session: The database session in use.
:returns: a list of all key, value pairs for this account.
"""
attr_list = []
query = session.query(models.Account).filter_by(account=account).filter_by(status=AccountStatus.ACTIVE)
try:
query.one()
except exc.NoResultFound:
raise exception.AccountNotFound("Account ID '{0}' does not exist".format(account))
query = session.query(models.AccountAttrAssociation).filter_by(account=account)
for attr in query:
attr_list.append({'key': attr.key, 'value': attr.value})
return attr_list
def update_account(account, key, value, session=None):
""" Update a property of an account.
:param account: Name of the account.
:param key: Account property like status.
:param value: Property value.
:param session: the database session in use.
"""
query = session.query(models.Account).filter_by(account=account)
try:
account = query.one()
except exc.NoResultFound:
raise exception.AccountNotFound('Account with ID \'%s\' cannot be found' % account)
if key == 'status':
if isinstance(value, string_types):
value = AccountStatus.from_sym(value)
if value == AccountStatus.SUSPENDED:
query.update({'status': value, 'suspended_at': datetime.utcnow()})
elif value == AccountStatus.ACTIVE:
query.update({'status': value, 'suspended_at': None})
else:
query.update({key: value})
