def add_vo(new_vo,
issuer,
description=None,
email=None,
vo='def',
session=None):
'''
Add a new VO.
:param new_vo: The name/tag of the VO to add (3 characters).
:param description: A description of the VO. e.g the full name or a brief description
:param email: A contact for the VO.
:param issuer: The user issuing the command.
:param vo: The vo of the user issuing the command.
:param session: The database session in use.
'''
new_vo = vo_core.map_vo(new_vo)
validate_schema('vo', new_vo, vo=vo)
kwargs = {}
if not has_permission(
issuer=issuer, action='add_vo', kwargs=kwargs, vo=vo,
session=session):
raise exception.AccessDenied(
'Account {} cannot add a VO'.format(issuer))
vo_core.add_vo(vo=new_vo,
description=description,
email=email,
session=session)
def tmp_rse_info(rse=None, vo='def', rse_id=None, session=None):
if rse_id is None:
# This can be called directly by client tools if they're co-located on a server
# i.e. running rucio cli on a server and during the test suite.
# We have to map to VO name here for this situations, despite this nominally
# not being a client interface.
rse_id = get_rse_id(rse=rse, vo=map_vo(vo))
return get_rse_protocols(rse_id=rse_id, session=session)
def extract_vo(headers: "HeadersType") -> "str":
""" Extract the VO name from the given request.headers object and
does any name mapping. Returns the short VO name or raise a
flask.abort if the VO name doesn't meet the name specification.
:papam headers: The request.headers object for the current request.
:returns: a string containing the short VO name.
"""
try:
return map_vo(headers.get('X-Rucio-VO', default='def'))
except RucioException as err:
# VO Name doesn't match allowed spec
flask.abort(generate_http_error_flask(status_code=400, exc=err))
def update_vo(updated_vo, parameters, issuer, vo='def'):
"""
Update VO properties (email, description).
:param updated_vo: The VO to update.
:param parameters: A dictionary with the new properties.
:param issuer: The user issuing the command.
:param vo: The VO of the user issusing the command.
"""
kwargs = {}
updated_vo = vo_core.map_vo(updated_vo)
if not has_permission(
issuer=issuer, action='update_vo', kwargs=kwargs, vo=vo):
raise exception.AccessDenied(
'Account {} cannot update VO'.format(issuer))
return vo_core.update_vo(vo=updated_vo, parameters=parameters)
def recover_vo_root_identity(root_vo,
identity_key,
id_type,
email,
issuer,
default=False,
password=None,
vo='def',
session=None):
"""
Adds a membership association between identity and the root account for given VO.
:param root_vo: The VO whose root needs recovery
:param identity_key: The identity key name. For example x509 DN, or a username.
:param id_type: The type of the authentication (x509, gss, userpass, ssh, saml).
:param email: The Email address associated with the identity.
:param issuer: The issuer account.
:param default: If True, the account should be used by default with the provided identity.
:param password: Password if id_type is userpass.
:param vo: the VO to act on.
:param session: The database session in use.
"""
kwargs = {}
root_vo = vo_core.map_vo(root_vo)
if not has_permission(issuer=issuer,
vo=vo,
action='recover_vo_root_identity',
kwargs=kwargs,
session=session):
raise exception.AccessDenied(
'Account %s can not recover root identity' % (issuer))
account = InternalAccount('root', vo=root_vo)
return identity.add_account_identity(identity=identity_key,
type_=IdentityType[id_type.upper()],
default=default,
email=email,
account=account,
password=password,
session=session)
def get_vo():
""" Gets the current short/mapped VO name for testing.
Maps the vo name to the short name, if configured.
:returns: VO name string.
"""
return map_vo(get_long_vo())
except Exception as err:
print(err)
if __name__ == '__main__':
# Create config table including the long VO mappings
reset_config_table()
if config_get_bool('common',
'multi_vo',
raise_exception=False,
default=False):
vo = {
'vo':
map_vo(
config_get('client',
'vo',
raise_exception=False,
default='tst'))
}
try:
add_vo(new_vo=vo['vo'],
issuer='super_root',
description='A VO to test multi-vo features',
email='N/A',
vo='def')
except Duplicate:
print('VO {} already added'.format(vo['vo']) % locals())
else:
vo = {}
try: