def add_account(account, type_, email, issuer, vo='def', session=None):
"""
Creates an account with the provided account name, contact information, etc.
:param account: The account name.
:param type_: The account type
:param email: The Email address associated with the account.
:param issuer: The issuer account_core.
:param vo: The VO to act on.
:param session: The database session in use.
"""
validate_schema(name='account', obj=account, vo=vo)
kwargs = {'account': account, 'type': type_}
if not rucio.api.permission.has_permission(issuer=issuer,
vo=vo,
action='add_account',
kwargs=kwargs,
session=session):
raise rucio.common.exception.AccessDenied(
'Account %s can not add account' % (issuer))
account = InternalAccount(account, vo=vo)
account_core.add_account(account,
AccountType[type_.upper()],
email,
session=session)
def import_accounts(accounts, vo='def', session=None):
vo_filter = {'account': InternalAccount(account='*', vo=vo)}
old_accounts = {account['account']: account for account in account_module.list_accounts(filter_=vo_filter, session=session)}
missing_accounts = [account for account in accounts if account['account'] not in old_accounts]
outdated_accounts = [account for account in accounts if account['account'] in old_accounts]
to_be_removed_accounts = [old_account for old_account in old_accounts if old_account not in [account['account'] for account in accounts]]
old_identities = identity_module.list_identities(session=session)
old_identity_account = session.query(models.IdentityAccountAssociation.identity, models.IdentityAccountAssociation.identity_type, models.IdentityAccountAssociation.account).all()
# add missing accounts
for account_dict in missing_accounts:
account = account_dict['account']
email = account_dict['email']
account_module.add_account(account=account, type_=AccountType.USER, email=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
# remove left over accounts
for account in to_be_removed_accounts:
if account.external != 'root':
account_module.del_account(account=account, session=session)
# update existing accounts
for account_dict in outdated_accounts:
account = account_dict['account']
email = account_dict['email']
old_account = old_accounts[account]
if email and old_account['email'] != email:
account_module.update_account(account, key='email', value=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
def setUpClass(cls):
if config_get_bool('common',
'multi_vo',
raise_exception=False,
default=False):
cls.vo = {
'vo':
config_get('client',
'vo',
raise_exception=False,
default='tst')
}
cls.multi_vo = True
else:
cls.vo = {}
cls.multi_vo = False
# Add test account
cls.account = InternalAccount(
''.join(random.choice(string.ascii_uppercase) for x in range(10)),
**cls.vo)
add_account(account=cls.account,
type=AccountType.USER,
email='*****@*****.**')
# Add test RSE
cls.rse1 = 'MOCK'
cls.rse2 = 'MOCK2'
cls.rse1_id = get_rse_id(rse=cls.rse1, **cls.vo)
cls.rse2_id = get_rse_id(rse=cls.rse2, **cls.vo)
cls.db_session = session.get_session()
def setUp(self):
""" Setup the Test Case """
if config_get_bool('common', 'multi_vo', raise_exception=False, default=False):
self.vo = {'vo': config_get('client', 'vo', raise_exception=False, default='tst')}
else:
self.vo = {}
self.account = InternalAccount(account_name_generator(), **self.vo)
add_account(self.account, AccountType.USER, '*****@*****.**')
def test_create_and_list_subscription_by_account(self):
""" SUBSCRIPTION (CLIENT): Test retrieval of subscriptions for an account """
subscription_name = uuid()
account_name = uuid()[:10]
add_account(InternalAccount(account_name, **self.vo), AccountType.USER, '*****@*****.**')
subid = self.sub_client.add_subscription(name=subscription_name, account=account_name, filter_={'project': self.projects, 'datatype': ['AOD', ], 'excluded_pattern': self.pattern1, 'account': ['tier0', ]},
replication_rules=[{'lifetime': 86400, 'rse_expression': 'MOCK|MOCK2', 'copies': 2, 'activity': 'Data Brokering'}], lifetime=100000, retroactive=0, dry_run=0, comments='Ni ! Ni!')
result = [sub['id'] for sub in self.sub_client.list_subscriptions(account=account_name)]
assert subid == result[0]
def create_accounts(account_list, user_type):
""" Registers a set of accounts
:param account_list: the list of accounts to be added
:param user_type: the type of accounts
"""
for account in account_list:
try:
add_account(account, user_type, email=None)
except exception.Duplicate:
pass # Account already exists, no need to create it
def setUpClass(cls):
# Add test account
cls.account = ''.join(random.choice(string.ascii_uppercase) for x in range(10))
add_account(account=cls.account, type=AccountType.USER)
# Add test RSE
cls.rse1 = 'MOCK'
cls.rse2 = 'MOCK2'
cls.rse1_id = get_rse(cls.rse1).id
cls.rse2_id = get_rse(cls.rse2).id
def setUpClass(cls):
# Add test account
cls.account = ''.join(random.choice(string.ascii_uppercase) for x in range(10))
add_account(account=cls.account, type=AccountType.USER, email='*****@*****.**')
# Add test RSE
cls.rse1 = 'MOCK'
cls.rse2 = 'MOCK2'
cls.rse1_id = get_rse(cls.rse1).id
cls.rse2_id = get_rse(cls.rse2).id
def create_accounts(account_list, user_type):
""" Registers a set of accounts
:param account_list: the list of accounts to be added
:param user_type: the type of accounts
"""
for account in account_list:
try:
add_account(account, user_type)
except exception.Duplicate:
pass # Account already exists, no need to create it
def add_vo(vo, description, email, session=None):
"""
Add a VO and setup a new root user.
New root user will have account name 'root' and a userpass identity with username: '******' and password: '******'
:param vo: 3-letter unique tag for a VO.
:param descrition: Descriptive string for the VO (e.g. Full name).
:param email: Contact email for the VO.
:param session: The db session in use.
"""
if not config_get_bool(
'common', 'multi_vo', raise_exception=False, default=False):
raise exception.UnsupportedOperation(
'VO operations cannot be performed in single VO mode.')
if len(vo) != 3:
raise exception.RucioException('Invalid VO tag, must be 3 chars.')
new_vo = models.VO(vo=vo, description=description, email=email)
try:
new_vo.save(session=session)
except IntegrityError:
raise exception.Duplicate('VO {} already exists!'.format(vo))
except DatabaseError as error:
raise exception.RucioException(error.args)
from rucio.core.account import add_account, list_identities
from rucio.core.identity import add_account_identity
new_root = InternalAccount('root', vo=vo)
add_account(account=new_root,
type_=AccountType['SERVICE'],
email=email,
session=session)
add_account_identity(identity='root@{}'.format(vo),
type_=IdentityType['USERPASS'],
account=new_root,
email=email,
default=False,
password='******',
session=session)
for ident in list_identities(account=InternalAccount('super_root',
vo='def'),
session=session):
add_account_identity(identity=ident['identity'],
type_=ident['type'],
account=new_root,
email='',
session=session)
def setUpClass(cls):
# Add test account
cls.account = InternalAccount(''.join(
random.choice(string.ascii_uppercase) for x in range(10)))
add_account(account=cls.account,
type=AccountType.USER,
email='*****@*****.**')
# Add test RSE
cls.rse1 = 'MOCK'
cls.rse2 = 'MOCK2'
cls.rse1_id = get_rse_id(rse=cls.rse1)
cls.rse2_id = get_rse_id(rse=cls.rse2)
cls.db_session = session.get_session()
def sync_accounts(self, iam_users):
for user in iam_users:
username = user['userName']
email = user['emails'][0]['value']
if not user['active']:
logging.debug(
'Skipped account creation for User {} [not active]'.format(
username))
continue
# Rucio DB schema restriction
if len(username) > 25:
logging.debug(
'Skipped account creation for User {} [len(username) > 25]'
.format(username))
continue
if not account.account_exists(InternalAccount(username)):
account.add_account(InternalAccount(username),
AccountType.SERVICE, email)
logging.debug(
'Created account for User {} ***'.format(username))
# Give account quota for all RSEs
for rse_obj in rse.list_rses():
set_local_account_limit(InternalAccount(username),
rse_obj['id'], 1000000000000)
# Make the user an admin & able to sign URLs
try:
add_account_attribute(InternalAccount(username), 'admin',
'True')
add_account_attribute(InternalAccount(username),
'sign-gcs', 'True')
except Exception as e:
logging.debug(e)
if "groups" in user:
for group in user['groups']:
group_name = group['display']
if not account.has_account_attribute(
InternalAccount(username), group_name):
add_account_attribute(InternalAccount(username),
group_name, 'True')
def add_vo(vo, description, password, email, session=None):
"""
Add a VO and setup a new root user.
New root user will have account name 'root' and a userpass identity with username: '******' and password from the rootpass parameter
:param vo: 3-letter unique tag for a VO.
:param descrition: Descriptive string for the VO (e.g. Full name).
:param email: Contact email for the VO.
:param password: The password to set for the root user of the new VO
:param session: The db session in use.
"""
if len(vo) != 3:
raise exception.RucioException('Invalid VO tag, must be 3 chars.')
new_vo = models.VO(vo=vo, description=description, email=email)
try:
new_vo.save(session=session)
except IntegrityError:
raise exception.Duplicate('VO {} already exists!'.format(vo))
except DatabaseError as error:
raise exception.RucioException(error.args)
from rucio.core.account import add_account, list_identities
from rucio.core.identity import add_account_identity
new_root = InternalAccount('root', vo=vo)
add_account(account=new_root,
type=AccountType.from_sym('SERVICE'),
email=email,
session=session)
add_account_identity(identity='root@{}'.format(vo),
type=IdentityType.from_sym('userpass'),
account=new_root,
email=email,
default=False,
password=password,
session=session)
for ident in list_identities(account=InternalAccount('super_root',
vo='def'),
session=session):
add_account_identity(identity=ident['identity'],
type=ident['type'],
account=new_root,
email='',
session=session)
def add_account(account, type, issuer):
"""
Creates an account with the provided account name, contact information, etc.
:param account: The account name.
:param type: The account type
:param issuer: The issuer account_core.
"""
validate_schema(name="account", obj=account)
kwargs = {"account": account, "type": type}
if not rucio.api.permission.has_permission(issuer=issuer, action="add_account", kwargs=kwargs):
raise rucio.common.exception.AccessDenied("Account %s can not add account" % (issuer))
account_core.add_account(account, AccountType.from_sym(type))
def add_account(account, type, email, issuer):
"""
Creates an account with the provided account name, contact information, etc.
:param account: The account name.
:param type: The account type
:param email: The Email address associated with the account.
:param issuer: The issuer account_core.
"""
validate_schema(name='account', obj=account)
kwargs = {'account': account, 'type': type}
if not rucio.api.permission.has_permission(
issuer=issuer, action='add_account', kwargs=kwargs):
raise rucio.common.exception.AccessDenied(
'Account %s can not add account' % (issuer))
account_core.add_account(account, AccountType.from_sym(type), email)
def setup(self):
""" Setup the Test Case """
self.account = account_name_generator()
add_account(self.account, AccountType.USER, '*****@*****.**')
def setup(self):
self.account = account_name_generator()
add_account(self.account, AccountType.USER)
def setup(self):
# New RSE
self.new_rse = rse_name_generator()
# RSE 1 that already exists
self.old_rse_1 = rse_name_generator()
self.old_rse_id_1 = add_rse(self.old_rse_1,
availability=1,
region_code='DE',
country_name='DE',
deterministic=True,
volatile=True,
staging_area=True,
time_zone='Europe',
latitude='1',
longitude='2')
add_protocol(
self.old_rse_id_1, {
'scheme': 'scheme1',
'hostname': 'hostname1',
'port': 1000,
'impl': 'TODO'
})
add_protocol(
self.old_rse_id_1, {
'scheme': 'scheme3',
'hostname': 'hostname3',
'port': 1000,
'impl': 'TODO'
})
set_rse_limits(rse_id=self.old_rse_id_1,
name='MaxBeingDeletedFiles',
value='10')
set_rse_limits(rse_id=self.old_rse_id_1,
name='MinFreeSpace',
value='10')
add_rse_attribute(rse_id=self.old_rse_id_1,
key='attr1',
value='test10')
add_rse_attribute(rse_id=self.old_rse_id_1,
key='lfn2pfn_algorithm',
value='test10')
add_rse_attribute(rse_id=self.old_rse_id_1,
key='verify_checksum',
value=True)
# RSE 2 that already exists
self.old_rse_2 = rse_name_generator()
self.old_rse_id_2 = add_rse(self.old_rse_2)
# RSE 3 that already exists
self.old_rse_3 = rse_name_generator()
self.old_rse_id_3 = add_rse(self.old_rse_3)
# RSE 4 that already exists
self.old_rse_4 = rse_name_generator()
self.old_rse_id_4 = add_rse(self.old_rse_4)
# RSE 4 that already exists
self.old_rse_4 = rse_name_generator()
add_rse(self.old_rse_4)
self.old_rse_id_4 = get_rse_id(self.old_rse_4)
# Distance that already exists
add_distance(self.old_rse_id_1, self.old_rse_id_2)
# Account 1 that already exists
self.old_account_1 = InternalAccount(rse_name_generator())
add_account(self.old_account_1, AccountType.USER, email='test')
# Account 2 that already exists
self.old_account_2 = InternalAccount(rse_name_generator())
add_account(self.old_account_2, AccountType.USER, email='test')
# Identity that should be removed
self.identity_to_be_removed = rse_name_generator()
add_identity(self.identity_to_be_removed,
IdentityType.X509,
email='email')
add_account_identity(self.identity_to_be_removed, IdentityType.X509,
self.old_account_2, 'email')
# Identity that already exsits but should be added to the account
self.identity_to_be_added_to_account = rse_name_generator()
add_identity(self.identity_to_be_added_to_account,
IdentityType.X509,
email='email')
self.data1 = {
'rses': {
self.new_rse: {
'rse_type':
RSEType.TAPE,
'availability':
3,
'city':
'NewCity',
'region_code':
'CH',
'country_name':
'switzerland',
'staging_area':
False,
'time_zone':
'Europe',
'latitude':
1,
'longitude':
2,
'deterministic':
True,
'volatile':
False,
'protocols': [{
'scheme': 'scheme',
'hostname': 'hostname',
'port': 1000,
'impl': 'impl'
}],
'attributes': {
'attr1': 'test'
},
'MinFreeSpace':
20000,
'lfn2pfn_algorithm':
'hash2',
'verify_checksum':
False,
'availability_delete':
True,
'availability_read':
False,
'availability_write':
True
},
self.old_rse_1: {
'rse_type':
RSEType.TAPE,
'deterministic':
False,
'volatile':
False,
'region_code':
'US',
'country_name':
'US',
'staging_area':
False,
'time_zone':
'Asia',
'longitude':
5,
'city':
'City',
'availability':
2,
'latitude':
10,
'protocols': [{
'scheme': 'scheme1',
'hostname': 'hostname1',
'port': 1000,
'prefix': 'prefix',
'impl': 'impl1'
}, {
'scheme': 'scheme2',
'hostname': 'hostname2',
'port': 1001,
'impl': 'impl'
}],
'attributes': {
'attr1': 'test1',
'attr2': 'test2'
},
'MinFreeSpace':
10000,
'MaxBeingDeletedFiles':
1000,
'verify_checksum':
False,
'lfn2pfn_algorithm':
'hash3',
'availability_delete':
False,
'availability_read':
False,
'availability_write':
True
},
self.old_rse_2: {},
self.old_rse_3: {}
},
'distances': {
self.old_rse_1: {
self.old_rse_2: {
'src_rse': self.old_rse_1,
'dest_rse': self.old_rse_2,
'ranking': 10
},
self.old_rse_3: {
'src_rse': self.old_rse_1,
'dest_rse': self.old_rse_3,
'ranking': 4
}
}
},
'accounts': [{
'account':
InternalAccount('new_account'),
'email':
'email',
'identities': [{
'type': 'userpass',
'identity': 'username',
'password': '******'
}]
}, {
'account': InternalAccount('new_account2'),
'email': 'email'
}, {
'account':
self.old_account_2,
'email':
'new_email',
'identities': [{
'identity': self.identity_to_be_added_to_account,
'type': 'x509'
}, {
'type': 'userpass',
'identity': 'username2',
'password': '******'
}]
}, {
'account': InternalAccount('jdoe'),
'email': 'email'
}]
}
self.data2 = {'rses': {self.new_rse: {'rse': self.new_rse}}}
self.data3 = {'distances': {}}