Example #1
0
def add_account(account, type_, email, issuer, vo='def', session=None):
    """
    Creates an account with the provided account name, contact information, etc.

    :param account: The account name.
    :param type_: The account type
    :param email: The Email address associated with the account.

    :param issuer: The issuer account_core.
    :param vo: The VO to act on.
    :param session: The database session in use.

    """

    validate_schema(name='account', obj=account, vo=vo)

    kwargs = {'account': account, 'type': type_}
    if not rucio.api.permission.has_permission(issuer=issuer,
                                               vo=vo,
                                               action='add_account',
                                               kwargs=kwargs,
                                               session=session):
        raise rucio.common.exception.AccessDenied(
            'Account %s can not add account' % (issuer))

    account = InternalAccount(account, vo=vo)

    account_core.add_account(account,
                             AccountType[type_.upper()],
                             email,
                             session=session)
Example #2
0
def import_accounts(accounts, vo='def', session=None):
    vo_filter = {'account': InternalAccount(account='*', vo=vo)}
    old_accounts = {account['account']: account for account in account_module.list_accounts(filter_=vo_filter, session=session)}
    missing_accounts = [account for account in accounts if account['account'] not in old_accounts]
    outdated_accounts = [account for account in accounts if account['account'] in old_accounts]
    to_be_removed_accounts = [old_account for old_account in old_accounts if old_account not in [account['account'] for account in accounts]]
    old_identities = identity_module.list_identities(session=session)
    old_identity_account = session.query(models.IdentityAccountAssociation.identity, models.IdentityAccountAssociation.identity_type, models.IdentityAccountAssociation.account).all()

    # add missing accounts
    for account_dict in missing_accounts:
        account = account_dict['account']
        email = account_dict['email']
        account_module.add_account(account=account, type_=AccountType.USER, email=email, session=session)
        identities = account_dict.get('identities', [])
        if identities:
            import_identities(identities, account, old_identities, old_identity_account, email, session=session)

    # remove left over accounts
    for account in to_be_removed_accounts:
        if account.external != 'root':
            account_module.del_account(account=account, session=session)

    # update existing accounts
    for account_dict in outdated_accounts:
        account = account_dict['account']
        email = account_dict['email']
        old_account = old_accounts[account]
        if email and old_account['email'] != email:
            account_module.update_account(account, key='email', value=email, session=session)

        identities = account_dict.get('identities', [])
        if identities:
            import_identities(identities, account, old_identities, old_identity_account, email, session=session)
Example #3
0
    def setUpClass(cls):
        if config_get_bool('common',
                           'multi_vo',
                           raise_exception=False,
                           default=False):
            cls.vo = {
                'vo':
                config_get('client',
                           'vo',
                           raise_exception=False,
                           default='tst')
            }
            cls.multi_vo = True
        else:
            cls.vo = {}
            cls.multi_vo = False

        # Add test account
        cls.account = InternalAccount(
            ''.join(random.choice(string.ascii_uppercase) for x in range(10)),
            **cls.vo)
        add_account(account=cls.account,
                    type=AccountType.USER,
                    email='*****@*****.**')

        # Add test RSE
        cls.rse1 = 'MOCK'
        cls.rse2 = 'MOCK2'

        cls.rse1_id = get_rse_id(rse=cls.rse1, **cls.vo)
        cls.rse2_id = get_rse_id(rse=cls.rse2, **cls.vo)

        cls.db_session = session.get_session()
Example #4
0
    def setUp(self):
        """ Setup the Test Case """
        if config_get_bool('common', 'multi_vo', raise_exception=False, default=False):
            self.vo = {'vo': config_get('client', 'vo', raise_exception=False, default='tst')}
        else:
            self.vo = {}

        self.account = InternalAccount(account_name_generator(), **self.vo)
        add_account(self.account, AccountType.USER, '*****@*****.**')
Example #5
0
 def test_create_and_list_subscription_by_account(self):
     """ SUBSCRIPTION (CLIENT): Test retrieval of subscriptions for an account """
     subscription_name = uuid()
     account_name = uuid()[:10]
     add_account(InternalAccount(account_name, **self.vo), AccountType.USER, '*****@*****.**')
     subid = self.sub_client.add_subscription(name=subscription_name, account=account_name, filter_={'project': self.projects, 'datatype': ['AOD', ], 'excluded_pattern': self.pattern1, 'account': ['tier0', ]},
                                              replication_rules=[{'lifetime': 86400, 'rse_expression': 'MOCK|MOCK2', 'copies': 2, 'activity': 'Data Brokering'}], lifetime=100000, retroactive=0, dry_run=0, comments='Ni ! Ni!')
     result = [sub['id'] for sub in self.sub_client.list_subscriptions(account=account_name)]
     assert subid == result[0]
Example #6
0
def create_accounts(account_list, user_type):
    """ Registers a set of accounts

    :param account_list: the list of accounts to be added
    :param user_type: the type of accounts
    """
    for account in account_list:
        try:
            add_account(account, user_type, email=None)
        except exception.Duplicate:
            pass  # Account already exists, no need to create it
Example #7
0
    def setUpClass(cls):
        # Add test account
        cls.account = ''.join(random.choice(string.ascii_uppercase) for x in range(10))
        add_account(account=cls.account, type=AccountType.USER)

        # Add test RSE
        cls.rse1 = 'MOCK'
        cls.rse2 = 'MOCK2'

        cls.rse1_id = get_rse(cls.rse1).id
        cls.rse2_id = get_rse(cls.rse2).id
Example #8
0
    def setUpClass(cls):
        # Add test account
        cls.account = ''.join(random.choice(string.ascii_uppercase) for x in range(10))
        add_account(account=cls.account, type=AccountType.USER, email='*****@*****.**')

        # Add test RSE
        cls.rse1 = 'MOCK'
        cls.rse2 = 'MOCK2'

        cls.rse1_id = get_rse(cls.rse1).id
        cls.rse2_id = get_rse(cls.rse2).id
Example #9
0
def create_accounts(account_list, user_type):
    """ Registers a set of accounts

    :param account_list: the list of accounts to be added
    :param user_type: the type of accounts
    """
    for account in account_list:
        try:
            add_account(account, user_type)
        except exception.Duplicate:
            pass  # Account already exists, no need to create it
Example #10
0
def add_vo(vo, description, email, session=None):
    """
    Add a VO and setup a new root user.
    New root user will have account name 'root' and a userpass identity with username: '******' and password: '******'

    :param vo: 3-letter unique tag for a VO.
    :param descrition: Descriptive string for the VO (e.g. Full name).
    :param email: Contact email for the VO.
    :param session: The db session in use.
    """
    if not config_get_bool(
            'common', 'multi_vo', raise_exception=False, default=False):
        raise exception.UnsupportedOperation(
            'VO operations cannot be performed in single VO mode.')

    if len(vo) != 3:
        raise exception.RucioException('Invalid VO tag, must be 3 chars.')

    new_vo = models.VO(vo=vo, description=description, email=email)

    try:
        new_vo.save(session=session)
    except IntegrityError:
        raise exception.Duplicate('VO {} already exists!'.format(vo))
    except DatabaseError as error:
        raise exception.RucioException(error.args)

    from rucio.core.account import add_account, list_identities
    from rucio.core.identity import add_account_identity
    new_root = InternalAccount('root', vo=vo)
    add_account(account=new_root,
                type_=AccountType['SERVICE'],
                email=email,
                session=session)
    add_account_identity(identity='root@{}'.format(vo),
                         type_=IdentityType['USERPASS'],
                         account=new_root,
                         email=email,
                         default=False,
                         password='******',
                         session=session)

    for ident in list_identities(account=InternalAccount('super_root',
                                                         vo='def'),
                                 session=session):
        add_account_identity(identity=ident['identity'],
                             type_=ident['type'],
                             account=new_root,
                             email='',
                             session=session)
Example #11
0
    def setUpClass(cls):
        # Add test account
        cls.account = InternalAccount(''.join(
            random.choice(string.ascii_uppercase) for x in range(10)))
        add_account(account=cls.account,
                    type=AccountType.USER,
                    email='*****@*****.**')

        # Add test RSE
        cls.rse1 = 'MOCK'
        cls.rse2 = 'MOCK2'

        cls.rse1_id = get_rse_id(rse=cls.rse1)
        cls.rse2_id = get_rse_id(rse=cls.rse2)

        cls.db_session = session.get_session()
    def sync_accounts(self, iam_users):

        for user in iam_users:

            username = user['userName']
            email = user['emails'][0]['value']

            if not user['active']:
                logging.debug(
                    'Skipped account creation for User {} [not active]'.format(
                        username))
                continue

            # Rucio DB schema restriction
            if len(username) > 25:
                logging.debug(
                    'Skipped account creation for User {} [len(username) > 25]'
                    .format(username))
                continue

            if not account.account_exists(InternalAccount(username)):
                account.add_account(InternalAccount(username),
                                    AccountType.SERVICE, email)
                logging.debug(
                    'Created account for User {} ***'.format(username))

                # Give account quota for all RSEs
                for rse_obj in rse.list_rses():
                    set_local_account_limit(InternalAccount(username),
                                            rse_obj['id'], 1000000000000)

                # Make the user an admin & able to sign URLs
                try:
                    add_account_attribute(InternalAccount(username), 'admin',
                                          'True')
                    add_account_attribute(InternalAccount(username),
                                          'sign-gcs', 'True')
                except Exception as e:
                    logging.debug(e)

            if "groups" in user:
                for group in user['groups']:
                    group_name = group['display']
                    if not account.has_account_attribute(
                            InternalAccount(username), group_name):
                        add_account_attribute(InternalAccount(username),
                                              group_name, 'True')
Example #13
0
def add_vo(vo, description, password, email, session=None):
    """
    Add a VO and setup a new root user.
    New root user will have account name 'root' and a userpass identity with username: '******' and password from the rootpass parameter

    :param vo: 3-letter unique tag for a VO.
    :param descrition: Descriptive string for the VO (e.g. Full name).
    :param email: Contact email for the VO.
    :param password: The password to set for the root user of the new VO
    :param session: The db session in use.
    """

    if len(vo) != 3:
        raise exception.RucioException('Invalid VO tag, must be 3 chars.')

    new_vo = models.VO(vo=vo, description=description, email=email)

    try:
        new_vo.save(session=session)
    except IntegrityError:
        raise exception.Duplicate('VO {} already exists!'.format(vo))
    except DatabaseError as error:
        raise exception.RucioException(error.args)

    from rucio.core.account import add_account, list_identities
    from rucio.core.identity import add_account_identity
    new_root = InternalAccount('root', vo=vo)
    add_account(account=new_root,
                type=AccountType.from_sym('SERVICE'),
                email=email,
                session=session)
    add_account_identity(identity='root@{}'.format(vo),
                         type=IdentityType.from_sym('userpass'),
                         account=new_root,
                         email=email,
                         default=False,
                         password=password,
                         session=session)

    for ident in list_identities(account=InternalAccount('super_root',
                                                         vo='def'),
                                 session=session):
        add_account_identity(identity=ident['identity'],
                             type=ident['type'],
                             account=new_root,
                             email='',
                             session=session)
Example #14
0
def add_account(account, type, issuer):
    """
    Creates an account with the provided account name, contact information, etc.

    :param account: The account name.
    :param type: The account type
    :param issuer: The issuer account_core.

    """

    validate_schema(name="account", obj=account)

    kwargs = {"account": account, "type": type}
    if not rucio.api.permission.has_permission(issuer=issuer, action="add_account", kwargs=kwargs):
        raise rucio.common.exception.AccessDenied("Account %s can not add account" % (issuer))

    account_core.add_account(account, AccountType.from_sym(type))
Example #15
0
def add_account(account, type, email, issuer):
    """
    Creates an account with the provided account name, contact information, etc.

    :param account: The account name.
    :param type: The account type
    :param email: The Email address associated with the account.

    :param issuer: The issuer account_core.

    """

    validate_schema(name='account', obj=account)

    kwargs = {'account': account, 'type': type}
    if not rucio.api.permission.has_permission(
            issuer=issuer, action='add_account', kwargs=kwargs):
        raise rucio.common.exception.AccessDenied(
            'Account %s can not add account' % (issuer))

    account_core.add_account(account, AccountType.from_sym(type), email)
Example #16
0
 def setup(self):
     """ Setup the Test Case """
     self.account = account_name_generator()
     add_account(self.account, AccountType.USER, '*****@*****.**')
Example #17
0
 def setup(self):
     self.account = account_name_generator()
     add_account(self.account, AccountType.USER)
Example #18
0
    def setup(self):
        # New RSE
        self.new_rse = rse_name_generator()

        # RSE 1 that already exists
        self.old_rse_1 = rse_name_generator()
        self.old_rse_id_1 = add_rse(self.old_rse_1,
                                    availability=1,
                                    region_code='DE',
                                    country_name='DE',
                                    deterministic=True,
                                    volatile=True,
                                    staging_area=True,
                                    time_zone='Europe',
                                    latitude='1',
                                    longitude='2')
        add_protocol(
            self.old_rse_id_1, {
                'scheme': 'scheme1',
                'hostname': 'hostname1',
                'port': 1000,
                'impl': 'TODO'
            })
        add_protocol(
            self.old_rse_id_1, {
                'scheme': 'scheme3',
                'hostname': 'hostname3',
                'port': 1000,
                'impl': 'TODO'
            })

        set_rse_limits(rse_id=self.old_rse_id_1,
                       name='MaxBeingDeletedFiles',
                       value='10')
        set_rse_limits(rse_id=self.old_rse_id_1,
                       name='MinFreeSpace',
                       value='10')
        add_rse_attribute(rse_id=self.old_rse_id_1,
                          key='attr1',
                          value='test10')
        add_rse_attribute(rse_id=self.old_rse_id_1,
                          key='lfn2pfn_algorithm',
                          value='test10')
        add_rse_attribute(rse_id=self.old_rse_id_1,
                          key='verify_checksum',
                          value=True)

        # RSE 2 that already exists
        self.old_rse_2 = rse_name_generator()
        self.old_rse_id_2 = add_rse(self.old_rse_2)

        # RSE 3 that already exists
        self.old_rse_3 = rse_name_generator()
        self.old_rse_id_3 = add_rse(self.old_rse_3)

        # RSE 4 that already exists
        self.old_rse_4 = rse_name_generator()
        self.old_rse_id_4 = add_rse(self.old_rse_4)

        # RSE 4 that already exists
        self.old_rse_4 = rse_name_generator()
        add_rse(self.old_rse_4)
        self.old_rse_id_4 = get_rse_id(self.old_rse_4)

        # Distance that already exists
        add_distance(self.old_rse_id_1, self.old_rse_id_2)

        # Account 1 that already exists
        self.old_account_1 = InternalAccount(rse_name_generator())
        add_account(self.old_account_1, AccountType.USER, email='test')

        # Account 2 that already exists
        self.old_account_2 = InternalAccount(rse_name_generator())
        add_account(self.old_account_2, AccountType.USER, email='test')

        # Identity that should be removed
        self.identity_to_be_removed = rse_name_generator()
        add_identity(self.identity_to_be_removed,
                     IdentityType.X509,
                     email='email')
        add_account_identity(self.identity_to_be_removed, IdentityType.X509,
                             self.old_account_2, 'email')

        # Identity that already exsits but should be added to the account
        self.identity_to_be_added_to_account = rse_name_generator()
        add_identity(self.identity_to_be_added_to_account,
                     IdentityType.X509,
                     email='email')

        self.data1 = {
            'rses': {
                self.new_rse: {
                    'rse_type':
                    RSEType.TAPE,
                    'availability':
                    3,
                    'city':
                    'NewCity',
                    'region_code':
                    'CH',
                    'country_name':
                    'switzerland',
                    'staging_area':
                    False,
                    'time_zone':
                    'Europe',
                    'latitude':
                    1,
                    'longitude':
                    2,
                    'deterministic':
                    True,
                    'volatile':
                    False,
                    'protocols': [{
                        'scheme': 'scheme',
                        'hostname': 'hostname',
                        'port': 1000,
                        'impl': 'impl'
                    }],
                    'attributes': {
                        'attr1': 'test'
                    },
                    'MinFreeSpace':
                    20000,
                    'lfn2pfn_algorithm':
                    'hash2',
                    'verify_checksum':
                    False,
                    'availability_delete':
                    True,
                    'availability_read':
                    False,
                    'availability_write':
                    True
                },
                self.old_rse_1: {
                    'rse_type':
                    RSEType.TAPE,
                    'deterministic':
                    False,
                    'volatile':
                    False,
                    'region_code':
                    'US',
                    'country_name':
                    'US',
                    'staging_area':
                    False,
                    'time_zone':
                    'Asia',
                    'longitude':
                    5,
                    'city':
                    'City',
                    'availability':
                    2,
                    'latitude':
                    10,
                    'protocols': [{
                        'scheme': 'scheme1',
                        'hostname': 'hostname1',
                        'port': 1000,
                        'prefix': 'prefix',
                        'impl': 'impl1'
                    }, {
                        'scheme': 'scheme2',
                        'hostname': 'hostname2',
                        'port': 1001,
                        'impl': 'impl'
                    }],
                    'attributes': {
                        'attr1': 'test1',
                        'attr2': 'test2'
                    },
                    'MinFreeSpace':
                    10000,
                    'MaxBeingDeletedFiles':
                    1000,
                    'verify_checksum':
                    False,
                    'lfn2pfn_algorithm':
                    'hash3',
                    'availability_delete':
                    False,
                    'availability_read':
                    False,
                    'availability_write':
                    True
                },
                self.old_rse_2: {},
                self.old_rse_3: {}
            },
            'distances': {
                self.old_rse_1: {
                    self.old_rse_2: {
                        'src_rse': self.old_rse_1,
                        'dest_rse': self.old_rse_2,
                        'ranking': 10
                    },
                    self.old_rse_3: {
                        'src_rse': self.old_rse_1,
                        'dest_rse': self.old_rse_3,
                        'ranking': 4
                    }
                }
            },
            'accounts': [{
                'account':
                InternalAccount('new_account'),
                'email':
                'email',
                'identities': [{
                    'type': 'userpass',
                    'identity': 'username',
                    'password': '******'
                }]
            }, {
                'account': InternalAccount('new_account2'),
                'email': 'email'
            }, {
                'account':
                self.old_account_2,
                'email':
                'new_email',
                'identities': [{
                    'identity': self.identity_to_be_added_to_account,
                    'type': 'x509'
                }, {
                    'type': 'userpass',
                    'identity': 'username2',
                    'password': '******'
                }]
            }, {
                'account': InternalAccount('jdoe'),
                'email': 'email'
            }]
        }

        self.data2 = {'rses': {self.new_rse: {'rse': self.new_rse}}}
        self.data3 = {'distances': {}}