def add_account(account, type, email, session=None):
""" Add an account with the given account name and type.
:param account: the name of the new account.
:param type: the type of the new account.
:param email: The Email address associated with the account.
:param session: the database session in use.
"""
vo = account.vo
if not vo_exists(vo=vo, session=session):
raise exception.VONotFound('VO {} not found'.format(vo))
# Reserve the name 'super_root' for multi_vo admins
if account.external == 'super_root':
if not (vo == 'def' and config_get_bool(
'common', 'multi_vo', raise_exception=False, default=False)):
raise exception.UnsupportedAccountName(
'The name "%s" cannot be used.' % account.external)
new_account = models.Account(account=account,
account_type=type,
email=email,
status=AccountStatus.ACTIVE)
try:
new_account.save(session=session)
except IntegrityError:
raise exception.Duplicate('Account ID \'%s\' already exists!' %
account)
# Create the account counters for this account
rucio.core.account_counter.create_counters_for_new_account(account=account,
session=session)
def create_root_account():
""" Inserts the default root account to an existing database. Make sure to change the default password later. """
up_id = 'ddmlab'
up_pwd = '2ccee6f6dd1bc2269cddd7cd5e47578e98e430539807c36df23fab7dd13e7583'
up_email = '*****@*****.**'
x509_id = '/C=CH/ST=Geneva/O=CERN/OU=PH-ADP-CO/CN=DDMLAB Client Certificate/[email protected]'
x509_email = '*****@*****.**'
gss_id = '*****@*****.**'
gss_email = '*****@*****.**'
ssh_id = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq5LySllrQFpPL614sulXQ7wnIr1aGhGtl8b+HCB/'\
'0FhMSMTHwSjX78UbfqEorZV16rXrWPgUpvcbp2hqctw6eCbxwqcgu3uGWaeS5A0iWRw7oXUh6ydn'\
'Vy89zGzX1FJFFDZ+AgiZ3ytp55tg1bjqqhK1OSC0pJxdNe878TRVVo5MLI0S/rZY2UovCSGFaQG2'\
'iLj14wz/YqI7NFMUuJFR4e6xmNsOP7fCZ4bGMsmnhR0GmY0dWYTupNiP5WdYXAfKExlnvFLTlDI5'\
'Mgh4Z11NraQ8pv4YE1woolYpqOc/IMMBBXFniTT4tC7cgikxWb9ZmFe+r4t6yCDpX4IL8L5GOQ== ddmlab'
ssh_email = '*****@*****.**'
try:
up_id = config_get('bootstrap', 'userpass_identity')
up_pwd = config_get('bootstrap', 'userpass_pwd')
up_email = config_get('bootstrap', 'userpass_email')
x509_id = config_get('bootstrap', 'x509_identity')
x509_email = config_get('bootstrap', 'x509_email')
gss_id = config_get('bootstrap', 'gss_identity')
gss_email = config_get('bootstrap', 'gss_email')
ssh_id = config_get('bootstrap', 'ssh_identity')
ssh_email = config_get('bootstrap', 'ssh_email')
except:
pass
# print 'Config values are missing (check rucio.cfg{.template}). Using hardcoded defaults.'
s = session.get_session()
account = models.Account(account=InternalAccount('root'), account_type=AccountType.SERVICE, status=AccountStatus.ACTIVE)
identity1 = models.Identity(identity=up_id, identity_type=IdentityType.USERPASS, password=up_pwd, salt='0', email=up_email)
iaa1 = models.IdentityAccountAssociation(identity=identity1.identity, identity_type=identity1.identity_type, account=account.account, is_default=True)
# X509 authentication
identity2 = models.Identity(identity=x509_id, identity_type=IdentityType.X509, email=x509_email)
iaa2 = models.IdentityAccountAssociation(identity=identity2.identity, identity_type=identity2.identity_type, account=account.account, is_default=True)
# GSS authentication
identity3 = models.Identity(identity=gss_id, identity_type=IdentityType.GSS, email=gss_email)
iaa3 = models.IdentityAccountAssociation(identity=identity3.identity, identity_type=identity3.identity_type, account=account.account, is_default=True)
# SSH authentication
identity4 = models.Identity(identity=ssh_id, identity_type=IdentityType.SSH, email=ssh_email)
iaa4 = models.IdentityAccountAssociation(identity=identity4.identity, identity_type=identity4.identity_type, account=account.account, is_default=True)
# Account counters
create_counters_for_new_account(account=account.account, session=s)
# Apply
s.add_all([account, identity1, identity2, identity3, identity4])
s.commit()
s.add_all([iaa1, iaa2, iaa3, iaa4])
s.commit()
def add_account(account, type, email, session=None):
""" Add an account with the given account name and type.
:param account: the name of the new account.
:param type: the type of the new account.
:param email: The Email address associated with the account.
:param session: the database session in use.
"""
new_account = models.Account(account=account, account_type=type, email=email,
status=AccountStatus.ACTIVE)
try:
new_account.save(session=session)
except IntegrityError:
raise exception.Duplicate('Account ID \'%s\' already exists!' % account)
# Create the account counters for this account
rucio.core.account_counter.create_counters_for_new_account(account=account, session=session)
def create_root_account(create_counters=True):
"""
Inserts the default root account to an existing database. Make sure to change the default password later.
:param create_counters: If True, create counters for the new account at existing RSEs.
"""
multi_vo = bool(config_get('common', 'multi_vo', False, False))
up_id = 'ddmlab'
up_pwd = 'secret'
up_email = '*****@*****.**'
x509_id = '/C=CH/ST=Geneva/O=CERN/OU=PH-ADP-CO/CN=DDMLAB Client Certificate/[email protected]'
x509_email = '*****@*****.**'
gss_id = '*****@*****.**'
gss_email = '*****@*****.**'
ssh_id = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq5LySllrQFpPL614sulXQ7wnIr1aGhGtl8b+HCB/'\
'0FhMSMTHwSjX78UbfqEorZV16rXrWPgUpvcbp2hqctw6eCbxwqcgu3uGWaeS5A0iWRw7oXUh6ydn'\
'Vy89zGzX1FJFFDZ+AgiZ3ytp55tg1bjqqhK1OSC0pJxdNe878TRVVo5MLI0S/rZY2UovCSGFaQG2'\
'iLj14wz/YqI7NFMUuJFR4e6xmNsOP7fCZ4bGMsmnhR0GmY0dWYTupNiP5WdYXAfKExlnvFLTlDI5'\
'Mgh4Z11NraQ8pv4YE1woolYpqOc/IMMBBXFniTT4tC7cgikxWb9ZmFe+r4t6yCDpX4IL8L5GOQ== ddmlab'
ssh_email = '*****@*****.**'
try:
up_id = config_get('bootstrap', 'userpass_identity')
up_pwd = config_get('bootstrap', 'userpass_pwd')
up_email = config_get('bootstrap', 'userpass_email')
x509_id = config_get('bootstrap', 'x509_identity')
x509_email = config_get('bootstrap', 'x509_email')
gss_id = config_get('bootstrap', 'gss_identity')
gss_email = config_get('bootstrap', 'gss_email')
ssh_id = config_get('bootstrap', 'ssh_identity')
ssh_email = config_get('bootstrap', 'ssh_email')
except:
pass
# print 'Config values are missing (check rucio.cfg{.template}). Using hardcoded defaults.'
s = get_session()
if multi_vo:
access = 'super_root'
else:
access = 'root'
account = models.Account(account=InternalAccount(access, 'def'), account_type=AccountType.SERVICE, status=AccountStatus.ACTIVE)
salt = urandom(255)
salted_password = salt + up_pwd.encode()
hashed_password = sha256(salted_password).hexdigest()
identity1 = models.Identity(identity=up_id, identity_type=IdentityType.USERPASS, password=hashed_password, salt=salt, email=up_email)
iaa1 = models.IdentityAccountAssociation(identity=identity1.identity, identity_type=identity1.identity_type, account=account.account, is_default=True)
# X509 authentication
identity2 = models.Identity(identity=x509_id, identity_type=IdentityType.X509, email=x509_email)
iaa2 = models.IdentityAccountAssociation(identity=identity2.identity, identity_type=identity2.identity_type, account=account.account, is_default=True)
# GSS authentication
identity3 = models.Identity(identity=gss_id, identity_type=IdentityType.GSS, email=gss_email)
iaa3 = models.IdentityAccountAssociation(identity=identity3.identity, identity_type=identity3.identity_type, account=account.account, is_default=True)
# SSH authentication
identity4 = models.Identity(identity=ssh_id, identity_type=IdentityType.SSH, email=ssh_email)
iaa4 = models.IdentityAccountAssociation(identity=identity4.identity, identity_type=identity4.identity_type, account=account.account, is_default=True)
# Account counters
if create_counters:
create_counters_for_new_account(account=account.account, session=s)
# Apply
for identity in [identity1, identity2, identity3, identity4]:
try:
s.add(identity)
s.commit()
except IntegrityError:
# Identities may already be in the DB when running multi-VO conversion
s.rollback()
s.add(account)
s.commit()
s.add_all([iaa1, iaa2, iaa3, iaa4])
s.commit()
