def import_accounts(accounts, vo='def', session=None):
vo_filter = {'account': InternalAccount(account='*', vo=vo)}
old_accounts = {account['account']: account for account in account_module.list_accounts(filter_=vo_filter, session=session)}
missing_accounts = [account for account in accounts if account['account'] not in old_accounts]
outdated_accounts = [account for account in accounts if account['account'] in old_accounts]
to_be_removed_accounts = [old_account for old_account in old_accounts if old_account not in [account['account'] for account in accounts]]
old_identities = identity_module.list_identities(session=session)
old_identity_account = session.query(models.IdentityAccountAssociation.identity, models.IdentityAccountAssociation.identity_type, models.IdentityAccountAssociation.account).all()
# add missing accounts
for account_dict in missing_accounts:
account = account_dict['account']
email = account_dict['email']
account_module.add_account(account=account, type_=AccountType.USER, email=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
# remove left over accounts
for account in to_be_removed_accounts:
if account.external != 'root':
account_module.del_account(account=account, session=session)
# update existing accounts
for account_dict in outdated_accounts:
account = account_dict['account']
email = account_dict['email']
old_account = old_accounts[account]
if email and old_account['email'] != email:
account_module.update_account(account, key='email', value=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
def convert_to_svo(old_vo, delete_vos=False, commit_changes=False, skip_history=False, echo=True):
"""
Converts a multi-VO database to a single-VO one by renaming the given VO and (optionally) deleting entries for other VOs and the super_root.
Intended to be run on a copy of the original database that contains several VOs.
:param old_vo: The 3 character string for the old VO.
:param delete_vos: If True then all entries associated with a VO other than `old_vo` will be deleted.
:param commit_changes: If True then changes are made against the database directly and the old super_root account will be (soft) deleted.
If False, then nothing is commited and the commands needed are dumped to be run later.
:param skip_history: If True then tables without FKC containing historical data will not be converted to save time.
"""
if not config_get_bool('common', 'multi_vo', False, False):
print('Multi-VO mode is not enabled in the config file, aborting conversion.')
return
rename_vo(old_vo, 'def', commit_changes=commit_changes, skip_history=skip_history)
s = session.get_session()
if delete_vos:
success_all = True
for vo in list_vos(session=s):
if vo['vo'] != 'def':
success = remove_vo(vo['vo'], commit_changes=commit_changes, skip_history=skip_history)
success_all = success_all and success
if commit_changes and success_all:
del_account(InternalAccount('super_root', vo='def'), session=s)
s.close()
def del_account(account, issuer):
"""
Disables an account with the provided account name.
:param account: The account name.
:param issuer: The issuer account_core.
"""
kwargs = {"account": account}
if not rucio.api.permission.has_permission(issuer=issuer, action="del_account", kwargs=kwargs):
raise rucio.common.exception.AccessDenied("Account %s can not delete account" % (issuer))
account_core.del_account(account)
def del_account(account, issuer):
"""
Disables an account with the provided account name.
:param account: The account name.
:param issuer: The issuer account_core.
"""
kwargs = {'account': account}
if not rucio.api.permission.has_permission(
issuer=issuer, action='del_account', kwargs=kwargs):
raise rucio.common.exception.AccessDenied(
'Account %s can not delete account' % (issuer))
account_core.del_account(account)
def del_account(account, issuer, vo='def', session=None):
"""
Disables an account with the provided account name.
:param account: The account name.
:param issuer: The issuer account.
:param vo: The VO to act on.
:param session: The database session in use.
"""
kwargs = {'account': account}
if not rucio.api.permission.has_permission(issuer=issuer,
vo=vo,
action='del_account',
kwargs=kwargs,
session=session):
raise rucio.common.exception.AccessDenied(
'Account %s can not delete account' % (issuer))
account = InternalAccount(account, vo=vo)
account_core.del_account(account, session=session)
def tearDown(self):
del_account(self.account)
def tearDown(self):
""" Tear down the Test Case """
del_account(self.account)
