def add_vo(new_vo, issuer, description=None, email=None, vo='def', session=None): ''' Add a new VO. :param new_vo: The name/tag of the VO to add (3 characters). :param description: A description of the VO. e.g the full name or a brief description :param email: A contact for the VO. :param issuer: The user issuing the command. :param vo: The vo of the user issuing the command. :param session: The database session in use. ''' new_vo = vo_core.map_vo(new_vo) validate_schema('vo', new_vo, vo=vo) kwargs = {} if not has_permission( issuer=issuer, action='add_vo', kwargs=kwargs, vo=vo, session=session): raise exception.AccessDenied( 'Account {} cannot add a VO'.format(issuer)) vo_core.add_vo(vo=new_vo, description=description, email=email, session=session)
def tmp_rse_info(rse=None, vo='def', rse_id=None, session=None): if rse_id is None: # This can be called directly by client tools if they're co-located on a server # i.e. running rucio cli on a server and during the test suite. # We have to map to VO name here for this situations, despite this nominally # not being a client interface. rse_id = get_rse_id(rse=rse, vo=map_vo(vo)) return get_rse_protocols(rse_id=rse_id, session=session)
def extract_vo(headers: "HeadersType") -> "str": """ Extract the VO name from the given request.headers object and does any name mapping. Returns the short VO name or raise a flask.abort if the VO name doesn't meet the name specification. :papam headers: The request.headers object for the current request. :returns: a string containing the short VO name. """ try: return map_vo(headers.get('X-Rucio-VO', default='def')) except RucioException as err: # VO Name doesn't match allowed spec flask.abort(generate_http_error_flask(status_code=400, exc=err))
def update_vo(updated_vo, parameters, issuer, vo='def'): """ Update VO properties (email, description). :param updated_vo: The VO to update. :param parameters: A dictionary with the new properties. :param issuer: The user issuing the command. :param vo: The VO of the user issusing the command. """ kwargs = {} updated_vo = vo_core.map_vo(updated_vo) if not has_permission( issuer=issuer, action='update_vo', kwargs=kwargs, vo=vo): raise exception.AccessDenied( 'Account {} cannot update VO'.format(issuer)) return vo_core.update_vo(vo=updated_vo, parameters=parameters)
def recover_vo_root_identity(root_vo, identity_key, id_type, email, issuer, default=False, password=None, vo='def', session=None): """ Adds a membership association between identity and the root account for given VO. :param root_vo: The VO whose root needs recovery :param identity_key: The identity key name. For example x509 DN, or a username. :param id_type: The type of the authentication (x509, gss, userpass, ssh, saml). :param email: The Email address associated with the identity. :param issuer: The issuer account. :param default: If True, the account should be used by default with the provided identity. :param password: Password if id_type is userpass. :param vo: the VO to act on. :param session: The database session in use. """ kwargs = {} root_vo = vo_core.map_vo(root_vo) if not has_permission(issuer=issuer, vo=vo, action='recover_vo_root_identity', kwargs=kwargs, session=session): raise exception.AccessDenied( 'Account %s can not recover root identity' % (issuer)) account = InternalAccount('root', vo=root_vo) return identity.add_account_identity(identity=identity_key, type_=IdentityType[id_type.upper()], default=default, email=email, account=account, password=password, session=session)
def get_vo(): """ Gets the current short/mapped VO name for testing. Maps the vo name to the short name, if configured. :returns: VO name string. """ return map_vo(get_long_vo())
except Exception as err: print(err) if __name__ == '__main__': # Create config table including the long VO mappings reset_config_table() if config_get_bool('common', 'multi_vo', raise_exception=False, default=False): vo = { 'vo': map_vo( config_get('client', 'vo', raise_exception=False, default='tst')) } try: add_vo(new_vo=vo['vo'], issuer='super_root', description='A VO to test multi-vo features', email='N/A', vo='def') except Duplicate: print('VO {} already added'.format(vo['vo']) % locals()) else: vo = {} try: