def setUpClass(cls): if config_get_bool('common', 'multi_vo', raise_exception=False, default=False): cls.vo = {'vo': config_get('client', 'vo', raise_exception=False, default='tst')} cls.new_vo = {'vo': 'new'} cls.def_header = {'X-Rucio-VO': 'def'} cls.vo_header = {'X-Rucio-VO': cls.vo['vo']} cls.new_header = {'X-Rucio-VO': 'new'} if not vo_exists(**cls.new_vo): add_vo(description='Test', email='*****@*****.**', **cls.new_vo) # Setup accounts at two VOs so we can determine which VO we authenticated against usr_uuid = str(generate_uuid()).lower()[:16] cls.account_tst = 'tst-%s' % usr_uuid cls.account_new = 'new-%s' % usr_uuid add_account(cls.account_tst, 'USER', '*****@*****.**', 'root', **cls.vo) add_account(cls.account_new, 'USER', '*****@*****.**', 'root', **cls.new_vo) else: LOG.warning('multi_vo mode is not enabled. Running multi_vo tests in single_vo mode will result in failures.') cls.vo = {} cls.new_vo = {} cls.def_header = {} cls.vo_header = {} cls.new_header = {} cls.account_tst = '' cls.account_new = ''
def test_delete_identity_of_account(vo, rest_client): """ ACCOUNT (REST): send a DELETE to remove an identity of an account.""" account = account_name_generator() identity = uuid() password = '******' add_account(account, 'USER', '*****@*****.**', 'root', vo=vo) add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password) add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, vo=vo), '*****@*****.**') auth_response = rest_client.get('/auth/userpass', headers=headers( loginhdr(account, identity, password), vohdr(vo))) assert auth_response.status_code == 200 assert 'X-Rucio-Auth-Token' in auth_response.headers token = str(auth_response.headers.get('X-Rucio-Auth-Token')) assert len(token) != 0 # normal deletion data = {'authtype': 'USERPASS', 'identity': identity} response = rest_client.delete('/accounts/' + account + '/identities', headers=headers(auth(token)), json=data) assert response.status_code == 200 # unauthorized deletion other_account = account_name_generator() data = {'authtype': 'USERPASS', 'identity': identity} response = rest_client.delete('/accounts/' + other_account + '/identities', headers=headers(auth(token)), json=data) assert response.status_code == 401
def post(self, account): """ create account with given account name. .. :quickref: AccountParameter; Add account. :param account: The account identifier. :<json string type: The account type. :<json string email: The account email. :status 201: Successfully created. :status 401: Invalid auth token. :status 409: Account already exists. :status 500: Database exception. """ try: parameter = loads(request.data.decode()) except ValueError: return generate_http_error_flask( 400, 'ValueError', 'cannot decode json parameter dictionary') type, email = None, None try: type = parameter['type'] except KeyError as error: if error.args[0] == 'type': return generate_http_error_flask(400, 'KeyError', '%s not defined' % str(error)) raise except TypeError: return generate_http_error_flask(400, 'TypeError', 'body must be a json dictionary') try: email = parameter['email'] except KeyError as error: if error.args[0] == 'email': return generate_http_error_flask(400, 'KeyError', '%s not defined' % str(error)) raise except TypeError: return generate_http_error_flask(400, 'TypeError', 'body must be a json dictionary') try: add_account(account, type, email, issuer=request.environ.get('issuer'), vo=request.environ.get('vo')) except Duplicate as error: return generate_http_error_flask(409, 'Duplicate', error.args[0]) except AccessDenied as error: return generate_http_error_flask(401, 'AccessDenied', error.args[0]) except RucioException as error: return generate_http_error_flask(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) return str(error), 500 return 'Created', 201
def post(self, account): """ create account with given account name. .. :quickref: AccountParameter; Add account. :param account: The account identifier. :<json string type: The account type. :<json string email: The account email. :status 201: Successfully created. :status 401: Invalid auth token. :status 409: Account already exists. """ parameters = json_parameters() type_param = param_get(parameters, 'type') email = param_get(parameters, 'email') try: add_account(account, type_param, email, issuer=request.environ.get('issuer'), vo=request.environ.get('vo')) except Duplicate as error: return generate_http_error_flask(409, error) except AccessDenied as error: return generate_http_error_flask(401, error) except InvalidObject as error: return generate_http_error_flask(400, error) return 'Created', 201
def test_delete_identity_of_account(self): """ ACCOUNT (REST): send a DELETE to remove an identity of an account.""" mw = [] account = account_name_generator() identity = uuid() password = '******' add_account(account, 'USER', '*****@*****.**', 'root', **self.vo) add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password) add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, **self.vo), '*****@*****.**') headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': identity, 'X-Rucio-Password': password} headers1.update(self.vo_header) res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True) token = str(res1.header('X-Rucio-Auth-Token')) # normal deletion headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'authtype': 'USERPASS', 'identity': identity}) res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 200) # unauthorized deletion other_account = account_name_generator() headers2 = {'X-Rucio-Auth-Token': str(token)} data = dumps({'authtype': 'USERPASS', 'identity': identity}) res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + other_account + '/identities', headers=headers2, params=data, expect_errors=True) assert_equal(res2.status, 401)
def setUpClass(cls): if config_get_bool('common', 'multi_vo', raise_exception=False, default=False): cls.vo = {'vo': config_get('client', 'vo', raise_exception=False, default='tst')} cls.new_vo = {'vo': 'new'} cls.multi_vo = True if not vo_exists(**cls.new_vo): add_vo(description='Test', email='*****@*****.**', **cls.new_vo) else: cls.vo = {} cls.new_vo = {} cls.multi_vo = False # Add test account cls.account_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10)) add_account(account=cls.account_name, type='user', email='*****@*****.**', issuer='root', **cls.vo) cls.account = InternalAccount(cls.account_name, **cls.vo) # Add test scope cls.scope_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10)) add_scope(scope=cls.scope_name, account=cls.account_name, issuer='root', **cls.vo) cls.scope = InternalScope(cls.scope_name, **cls.vo) # Get test RSEs cls.rse_name = 'MOCK' cls.rse_id = get_rse_id(rse=cls.rse_name, **cls.vo) cls.rse2_name = 'MOCK2' cls.rse2_id = get_rse_id(rse=cls.rse2_name, **cls.vo) cls.rse3_name = rse_name_generator() cls.rse3_id = api_rse.add_rse(cls.rse3_name, 'root', **cls.new_vo) cls.rse4_name = rse_name_generator() cls.rse4_id = api_rse.add_rse(cls.rse4_name, 'root', **cls.new_vo) api_rse.add_distance(cls.rse3_name, cls.rse4_name, issuer='root', distance=3, **cls.new_vo)
def test_create_and_check_for_user(self): """ ACCOUNT (CORE): Test the creation, query, and deletion of an account """ usr = account_name_generator() invalid_usr = account_name_generator() add_account(usr, 'USER', 'root') assert_equal(account_exists(usr), True) assert_equal(account_exists(invalid_usr), False) del_account(usr, 'root')
def test_create_and_check_for_user(self): """ ACCOUNT (CORE): Test the creation, query, and deletion of an account """ usr = account_name_generator() invalid_usr = account_name_generator() add_account(usr, 'USER', '*****@*****.**', 'root') assert_equal(account_exists(usr), True) assert_equal(account_exists(invalid_usr), False) del_account(usr, 'root')
def POST(self, account): """ create account with given account name. HTTP Success: 201 Created HTTP Error: 400 Bad Reqeust 401 Unauthorized 409 Conflict 500 Internal Error :param Rucio-Account: Account identifier. :param Rucio-Auth-Token: as an 32 character hex string. :params Rucio-Type: the type of the new account. """ json_data = data() try: parameter = loads(json_data) except ValueError: raise generate_http_error( 400, 'ValueError', 'cannot decode json parameter dictionary') type, email = None, None try: type = parameter['type'] except KeyError as error: if error.args[0] == 'type': raise generate_http_error(400, 'KeyError', '%s not defined' % str(error)) except TypeError: raise generate_http_error(400, 'TypeError', 'body must be a json dictionary') try: email = parameter['email'] except KeyError as error: if error.args[0] == 'email': raise generate_http_error(400, 'KeyError', '%s not defined' % str(error)) except TypeError: raise generate_http_error(400, 'TypeError', 'body must be a json dictionary') try: add_account(account, type, email, issuer=ctx.env.get('issuer')) except Duplicate as error: raise generate_http_error(409, 'Duplicate', error.args[0]) except AccessDenied as error: raise generate_http_error(401, 'AccessDenied', error.args[0]) except RucioException as error: raise generate_http_error(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) raise InternalError(error) raise Created()
def createScope(): for i in range(2000): print(i) user = '******' % (i) try: add_account(user, 'user', 'root') add_scope('user.%s' % user, user, 'root') except Duplicate as e: print(e)
def createScope(): for i in xrange(0, 2000): print i user = '******' % (i) try: add_account(user, 'user', 'root') add_scope('user.%s' % (user), user, 'root') except Duplicate, e: print e
def test_account_status(self): """ ACCOUNT (CORE): Test changing and quering account status """ usr = account_name_generator() add_account(usr, 'USER', 'root') assert_equal(get_account_status(usr), AccountStatus.ACTIVE) # Should be active by default set_account_status(usr, AccountStatus.SUSPENDED) assert_equal(get_account_status(usr), AccountStatus.SUSPENDED) set_account_status(usr, AccountStatus.ACTIVE) assert_equal(get_account_status(usr), AccountStatus.ACTIVE) del_account(usr, 'root')
def test_account_status(self): """ ACCOUNT (CORE): Test changing and quering account status """ usr = account_name_generator() add_account(usr, 'USER', '*****@*****.**', 'root') assert_equal(get_account_status(usr), AccountStatus.ACTIVE) # Should be active by default set_account_status(usr, AccountStatus.SUSPENDED) assert_equal(get_account_status(usr), AccountStatus.SUSPENDED) set_account_status(usr, AccountStatus.ACTIVE) assert_equal(get_account_status(usr), AccountStatus.ACTIVE) del_account(usr, 'root')
def test_update_account(self): """ ACCOUNT (CORE): Test changing and quering account parameters """ usr = account_name_generator() add_account(usr, 'USER', '*****@*****.**', 'root') assert_equal(get_account_info(usr)['status'], AccountStatus.ACTIVE) # Should be active by default update_account(account=usr, key='status', value=AccountStatus.SUSPENDED) assert_equal(get_account_info(usr)['status'], AccountStatus.SUSPENDED) update_account(account=usr, key='status', value=AccountStatus.ACTIVE) assert_equal(get_account_info(usr)['status'], AccountStatus.ACTIVE) update_account(account=usr, key='email', value='test') email = get_account_info(account=usr)['email'] assert_equal(email, 'test') del_account(usr, 'root')
def test_update_account(self): """ ACCOUNT (CORE): Test changing and quering account parameters """ usr = account_name_generator() add_account(usr, 'USER', '*****@*****.**', 'root', **self.vo) assert get_account_info(usr, **self.vo)['status'] == AccountStatus.ACTIVE # Should be active by default update_account(account=usr, key='status', value=AccountStatus.SUSPENDED, **self.vo) assert get_account_info(usr, **self.vo)['status'] == AccountStatus.SUSPENDED update_account(account=usr, key='status', value=AccountStatus.ACTIVE, **self.vo) assert get_account_info(usr, **self.vo)['status'] == AccountStatus.ACTIVE update_account(account=usr, key='email', value='test', **self.vo) email = get_account_info(account=usr, **self.vo)['email'] assert email == 'test' del_account(usr, 'root', **self.vo)
def createScope(): # add_account('panda', 'user', 'root') # add_account('tier0', 'user', 'root') # add_scope('data12_8TeV', 'root', 'root') add_scope('mc12_8TeV', 'root', 'root') for i in xrange(0, 20): print i group = 'group%i' % (i) try: add_account(group, 'user', 'root') add_scope('group.%s' % (group), group, 'root') except Duplicate, e: print e
def test_api_subscription(self): """ SUBSCRIPTION (API): Test external representation of subscriptions """ sub = 'ext_' + generate_uuid() did = 'ext_' + generate_uuid() new_acc_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10)) new_scope_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10)) add_account(new_acc_name, 'USER', '*****@*****.**', 'root', **self.new_vo) add_scope(new_scope_name, new_acc_name, 'root', **self.new_vo) api_acc_lim.set_local_account_limit(new_acc_name, self.rse3_name, 10, 'root', **self.new_vo) api_acc_lim.set_local_account_limit(new_acc_name, self.rse4_name, 10, 'root', **self.new_vo) add_did(new_scope_name, did, 'DATASET', 'root', account=new_acc_name, rse=self.rse3_name, **self.new_vo) sub_id = add_subscription(sub, new_acc_name, {'account': [new_acc_name], 'scope': [new_scope_name]}, [{'copies': 1, 'rse_expression': self.rse3_name, 'weight': 0, 'activity': 'User Subscriptions', 'source_replica_expression': self.rse4_name}], '', False, 0, 0, 3, 'root', **self.new_vo) add_replication_rule(dids=[{'scope': new_scope_name, 'name': did}], copies=1, rse_expression=self.rse3_name, weight=None, lifetime=180, grouping='DATASET', account=new_acc_name, locked=False, subscription_id=sub_id, source_replica_expression=self.rse4_name, activity='User Subscriptions', notify=None, purge_replicas=False, ignore_availability=False, comment='', ask_approval=False, asynchronous=False, priority=0, split_container=False, meta='', issuer='root', **self.new_vo) out = list_subscriptions(sub, **self.new_vo) out = list(out) assert_not_equal(0, len(out)) assert_in(sub_id, [o['id'] for o in out]) for o in out: if o['id'] == sub_id: assert_equal(o['account'], new_acc_name) rules = loads(o['replication_rules'])[0] assert_equal(rules['rse_expression'], self.rse3_name) assert_equal(rules['source_replica_expression'], self.rse4_name) fil = loads(o['filter']) assert_equal(fil['account'], [new_acc_name]) assert_equal(fil['scope'], [new_scope_name]) out = list_subscription_rule_states(sub, **self.new_vo) out = list(out) assert_not_equal(0, len(out)) for o in out: assert_equal(o.account, new_acc_name) out = get_subscription_by_id(sub_id, **self.new_vo) assert_equal(out['account'], new_acc_name) rules = loads(out['replication_rules'])[0] assert_equal(rules['rse_expression'], self.rse3_name) assert_equal(rules['source_replica_expression'], self.rse4_name) fil = loads(out['filter']) assert_equal(fil['account'], [new_acc_name]) assert_equal(fil['scope'], [new_scope_name])
def test_account_counters_at_different_vos(self): """ MULTI VO (CLIENT): Test that account counters from 2nd vo don't interfere """ session = db_session.get_session() # add some RSEs to test create_counters_for_new_account rse_client = RSEClient() rse_str = ''.join(choice(ascii_uppercase) for x in range(10)) tst_rse1 = 'TST1_%s' % rse_str new_rse1 = 'NEW1_%s' % rse_str rse_client.add_rse(tst_rse1) add_rse(new_rse1, 'root', **self.new_vo) # add an account - should have counters created for RSEs on the same VO usr_uuid = str(generate_uuid()).lower()[:16] new_acc_str = 'shr-%s' % usr_uuid new_acc = InternalAccount(new_acc_str, **self.new_vo) add_account(new_acc_str, 'USER', '*****@*****.**', 'root', **self.new_vo) query = session.query(models.AccountUsage.account, models.AccountUsage.rse_id).\ distinct(models.AccountUsage.account, models.AccountUsage.rse_id).\ filter_by(account=new_acc) acc_counters = list(query.all()) assert_not_equal(0, len(acc_counters)) for counter in acc_counters: rse_id = counter[1] vo = get_rse_vo(rse_id) assert_equal(vo, self.new_vo['vo']) # add an RSE - should have counters created for accounts on the same VO new_rse2 = 'NEW2_' + rse_str new_rse2_id = add_rse(new_rse2, 'root', **self.new_vo) query = session.query(models.AccountUsage.account, models.AccountUsage.rse_id).\ distinct(models.AccountUsage.account, models.AccountUsage.rse_id).\ filter_by(rse_id=new_rse2_id) rse_counters = list(query.all()) assert_not_equal(0, len(rse_counters)) for counter in rse_counters: account = counter[0] assert_equal(account.vo, self.new_vo['vo']) session.commit()
def test_accounts_at_different_vos(self): """ MULTI VO (CLIENT): Test that accounts from 2nd vo don't interfere """ account_client = AccountClient() usr_uuid = str(generate_uuid()).lower()[:16] tst = 'tst-%s' % usr_uuid new = 'new-%s' % usr_uuid shr = 'shr-%s' % usr_uuid account_client.add_account(tst, 'USER', '*****@*****.**') account_client.add_account(shr, 'USER', '*****@*****.**') add_account(new, 'USER', '*****@*****.**', 'root', **self.new_vo) add_account(shr, 'USER', '*****@*****.**', 'root', **self.new_vo) account_list_tst = [a['account'] for a in account_client.list_accounts()] account_list_new = [a['account'] for a in list_accounts(filter={}, **self.new_vo)] assert_true(tst in account_list_tst) assert_false(new in account_list_tst) assert_true(shr in account_list_tst) assert_false(tst in account_list_new) assert_true(new in account_list_new) assert_true(shr in account_list_new)
def test_super_root_naming(self): """ MULTI VO (CORE): Test we can only name accounts super_root when appropriate """ with assert_raises(Duplicate): # Ensure we fail from duplication rather than the choice of name add_account('super_root', 'USER', '*****@*****.**', 'root', vo='def') with assert_raises(UnsupportedAccountName): add_account('super_root', 'USER', '*****@*****.**', 'root', **self.vo) try: config_remove_option('common', 'multi_vo') with assert_raises(UnsupportedAccountName): add_account('super_root', 'USER', '*****@*****.**', 'root', **self.vo) with assert_raises(UnsupportedAccountName): add_account('super_root', 'USER', '*****@*****.**', 'root', vo='def') finally: # Make sure we don't leave the config changed due to a test failure if self.vo: config_set('common', 'multi_vo', 'True') else: config_remove_option('common', 'multi_vo')
try: parameter = loads(json_data) except ValueError: raise generate_http_error(400, 'ValueError', 'cannot decode json parameter dictionary') type = None try: type = parameter['type'] except KeyError, e: if e.args[0] == 'type': raise generate_http_error(400, 'KeyError', '%s not defined' % str(e)) except TypeError: raise generate_http_error(400, 'TypeError', 'body must be a json dictionary') try: add_account(account, type, issuer=ctx.env.get('issuer')) except Duplicate as e: raise generate_http_error(409, 'Duplicate', e.args[0][0]) except AccessDenied, e: raise generate_http_error(401, 'AccessDenied', e.args[0][0]) except RucioException, e: raise generate_http_error(500, e.__class__.__name__, e.args[0][0]) except Exception, e: print format_exc() raise InternalError(e) raise Created() def DELETE(self, account): """ disable account with given account name.
'%s not defined' % str(e)) except TypeError: raise generate_http_error(400, 'TypeError', 'body must be a json dictionary') try: email = parameter['email'] except KeyError, e: if e.args[0] == 'email': raise generate_http_error(400, 'KeyError', '%s not defined' % str(e)) except TypeError: raise generate_http_error(400, 'TypeError', 'body must be a json dictionary') try: add_account(account, type, email, issuer=ctx.env.get('issuer')) except Duplicate as e: raise generate_http_error(409, 'Duplicate', e.args[0][0]) except AccessDenied, e: raise generate_http_error(401, 'AccessDenied', e.args[0][0]) except RucioException, e: raise generate_http_error(500, e.__class__.__name__, e.args[0][0]) except Exception, e: print format_exc() raise InternalError(e) raise Created() def DELETE(self, account): """ disable account with given account name.
def setUp(self): self.accountstring = 'test_' + rndstr() self.accountstring = self.accountstring.lower() try: add_account(self.accountstring, 'USER', '*****@*****.**', 'root') except Duplicate: pass # create 2 sessions that expire in 5 min and 3 that expire 'now' save_oauth_session_params(self.accountstring, 300) save_oauth_session_params(self.accountstring, 300) save_oauth_session_params(self.accountstring, 0) save_oauth_session_params(self.accountstring, 0) save_oauth_session_params(self.accountstring, 0) assert_true(get_oauth_session_param_count(self.accountstring) == 5) # assuming daemon looprate of 10 min # test cases for access tokens without any refresh token save_oidc_token(self.accountstring, 0, 0, None, False, '0_to_be_deleted') save_oidc_token(self.accountstring, 300, 0, None, False, '00_to_be_kept') save_oidc_token(self.accountstring, 1000, 0, None, False, '000_to_be_kept') # test cases for access token with refresh token save_oidc_token(self.accountstring, 0, 300, "1_at_inval_rt_val_refresh_False_" + rndstr(), False, "1_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 300, 300, "2_at_val_rt_val_refresh_False_" + rndstr(), False, "2_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 0, 0, "3_at_inval_rt_inval_refresh_False_" + rndstr(), False, "3_to_be_deleted") save_oidc_token(self.accountstring, 300, 0, "4_at_val_rt_inval_refresh_False_" + rndstr(), False, "4_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 0, 1000, "5_at_inval_rt_longval_refresh_False_" + rndstr(), False, "5_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 1000, 1000, "6_at_longval_rt_longval_refresh_False_" + rndstr(), False, "6_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 1000, 0, "7_at_longval_rt_inval_refresh_False_" + rndstr(), False, "7_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 300, 1000, "8_at_val_rt_longval_refresh_False_" + rndstr(), False, "8_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 1000, 300, "9_at_longval_rt_val_refresh_False_" + rndstr(), False, "9_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 0, 300, "10_at_inval_rt_val_refresh_True_" + rndstr(), True, "10_original_refreshed_and_deleted") save_oidc_token(self.accountstring, 300, 300, "11_at_val_rt_val_refresh_True_" + rndstr(), True, "11_to_be_kept_and_refreshed") save_oidc_token(self.accountstring, 0, 0, "12_at_inval_rt_inval_refresh_True_" + rndstr(), True, "12_to_be_deleted") save_oidc_token(self.accountstring, 300, 0, "13_at_val_rt_inval_refresh_True_" + rndstr(), True, "13_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 0, 1000, "14_at_inval_rt_longval_refresh_True_" + rndstr(), True, "14_original_refreshed_and_deleted") save_oidc_token(self.accountstring, 1000, 1000, "15_at_longval_rt_longval_refresh_True_" + rndstr(), True, "15_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 1000, 0, "16_at_longval_rt_inval_refresh_True_" + rndstr(), True, "16_to_be_kept_no_refresh") save_oidc_token(self.accountstring, 300, 1000, "17_at_val_rt_longval_refresh_True_" + rndstr(), True, "17_to_be_kept_and_refreshed") save_oidc_token(self.accountstring, 1000, 300, "18_at_longval_rt_val_refresh_True_" + rndstr(), True, "18_to_be_kept_no_refresh") assert_true(get_token_count(self.accountstring) == 21) sleep(1)
def setUp(self): if config_get_bool('common', 'multi_vo', raise_exception=False, default=False): self.vo = { 'vo': config_get('client', 'vo', raise_exception=False, default='tst') } else: self.vo = {} self.accountstring = 'test_' + rndstr() self.accountstring = self.accountstring.lower() self.account = InternalAccount(self.accountstring, **self.vo) try: add_account(self.accountstring, 'USER', '*****@*****.**', 'root', **self.vo) except Duplicate: pass # create 2 sessions that expire in 5 min and 3 that expire 'now' save_oauth_session_params(self.account, 300) save_oauth_session_params(self.account, 300) save_oauth_session_params(self.account, 0) save_oauth_session_params(self.account, 0) save_oauth_session_params(self.account, 0) assert get_oauth_session_param_count(self.account) == 5 # assuming daemon looprate of 10 min # test cases for access tokens without any refresh token save_oidc_token(self.account, 0, 0, None, False, '0_to_be_deleted') save_oidc_token(self.account, 300, 0, None, False, '00_to_be_kept') save_oidc_token(self.account, 1000, 0, None, False, '000_to_be_kept') # test cases for access token with refresh token save_oidc_token(self.account, 0, 300, "1_at_inval_rt_val_refresh_False_" + rndstr(), False, "1_to_be_kept_no_refresh") save_oidc_token(self.account, 300, 300, "2_at_val_rt_val_refresh_False_" + rndstr(), False, "2_to_be_kept_no_refresh") save_oidc_token(self.account, 0, 0, "3_at_inval_rt_inval_refresh_False_" + rndstr(), False, "3_to_be_deleted") save_oidc_token(self.account, 300, 0, "4_at_val_rt_inval_refresh_False_" + rndstr(), False, "4_to_be_kept_no_refresh") save_oidc_token(self.account, 0, 1000, "5_at_inval_rt_longval_refresh_False_" + rndstr(), False, "5_to_be_kept_no_refresh") save_oidc_token(self.account, 1000, 1000, "6_at_longval_rt_longval_refresh_False_" + rndstr(), False, "6_to_be_kept_no_refresh") save_oidc_token(self.account, 1000, 0, "7_at_longval_rt_inval_refresh_False_" + rndstr(), False, "7_to_be_kept_no_refresh") save_oidc_token(self.account, 300, 1000, "8_at_val_rt_longval_refresh_False_" + rndstr(), False, "8_to_be_kept_no_refresh") save_oidc_token(self.account, 1000, 300, "9_at_longval_rt_val_refresh_False_" + rndstr(), False, "9_to_be_kept_no_refresh") save_oidc_token(self.account, 0, 300, "10_at_inval_rt_val_refresh_True_" + rndstr(), True, "10_original_refreshed_and_deleted") save_oidc_token(self.account, 300, 300, "11_at_val_rt_val_refresh_True_" + rndstr(), True, "11_to_be_kept_and_refreshed") save_oidc_token(self.account, 0, 0, "12_at_inval_rt_inval_refresh_True_" + rndstr(), True, "12_to_be_deleted") save_oidc_token(self.account, 300, 0, "13_at_val_rt_inval_refresh_True_" + rndstr(), True, "13_to_be_kept_no_refresh") save_oidc_token(self.account, 0, 1000, "14_at_inval_rt_longval_refresh_True_" + rndstr(), True, "14_original_refreshed_and_deleted") save_oidc_token(self.account, 1000, 1000, "15_at_longval_rt_longval_refresh_True_" + rndstr(), True, "15_to_be_kept_no_refresh") save_oidc_token(self.account, 1000, 0, "16_at_longval_rt_inval_refresh_True_" + rndstr(), True, "16_to_be_kept_no_refresh") save_oidc_token(self.account, 300, 1000, "17_at_val_rt_longval_refresh_True_" + rndstr(), True, "17_to_be_kept_and_refreshed") save_oidc_token(self.account, 1000, 300, "18_at_longval_rt_val_refresh_True_" + rndstr(), True, "18_to_be_kept_no_refresh") assert get_token_count(self.account) == 21 sleep(1)
import os from rucio.api.account import add_account from rucio.api.identity import add_account_identity from rucio.api.scope import add_scope from rucio.api.did import add_did from rucio.api.rse import add_rse, add_distance from rucio.db.sqla.util import build_database, create_root_account from rucio.core.account_limit import set_account_limit from rucio.core.rse import add_protocol, get_rse_id, add_rse_attribute if __name__ == '__main__': #build database build_database() # create root account create_root_account() add_account_identity('/CN=docker client', 'x509', 'root', '*****@*****.**', issuer="root") # create gfronze account add_account('gfronze', 'USER', 'test', 'root') # create some scopes add_scope('user.gfronze', 'gfronze', 'root') add_scope('user.root', 'root', 'root') add_scope('tests', 'root', 'root')
def test_subscriptions_at_different_vos(self): """ MULTI VO (CLIENT): Test that subscriptions from 2nd vo don't interfere """ account_client = AccountClient() usr_uuid = str(generate_uuid()).lower()[:16] shr_acc = 'shr-%s' % usr_uuid account_client.add_account(shr_acc, 'USER', '*****@*****.**') add_account(shr_acc, 'USER', '*****@*****.**', 'root', **self.new_vo) scope_client = ScopeClient() scope_uuid = str(generate_uuid()).lower()[:16] tst_scope = 'tst_%s' % scope_uuid new_scope = 'new_%s' % scope_uuid scope_client.add_scope('root', tst_scope) add_scope(new_scope, 'root', 'root', **self.new_vo) did_client = DIDClient() did_uuid = str(generate_uuid()).lower()[:16] tst_did = 'tstset_%s' % did_uuid new_did = 'newset_%s' % did_uuid rse_client = RSEClient() rse_str = ''.join(choice(ascii_uppercase) for x in range(10)) tst_rse1 = 'TST1_%s' % rse_str tst_rse2 = 'TST2_%s' % rse_str new_rse1 = 'NEW1_%s' % rse_str new_rse2 = 'NEW2_%s' % rse_str rse_client.add_rse(tst_rse1) rse_client.add_rse(tst_rse2) add_rse(new_rse1, 'root', **self.new_vo) add_rse(new_rse2, 'root', **self.new_vo) acc_lim_client = AccountLimitClient() acc_lim_client.set_local_account_limit(shr_acc, tst_rse1, 10) acc_lim_client.set_local_account_limit(shr_acc, tst_rse2, 10) set_local_account_limit(shr_acc, new_rse1, 10, 'root', **self.new_vo) set_local_account_limit(shr_acc, new_rse2, 10, 'root', **self.new_vo) did_client.add_did(tst_scope, tst_did, 'DATASET', rse=tst_rse1) add_did(new_scope, new_did, 'DATASET', 'root', rse=new_rse1, **self.new_vo) sub_client = SubscriptionClient() sub_str = generate_uuid() tst_sub = 'tstsub_' + sub_str new_sub = 'newsub_' + sub_str shr_sub = 'shrsub_' + sub_str tst_sub_id = sub_client.add_subscription(tst_sub, shr_acc, {'scope': [tst_scope]}, [{'copies': 1, 'rse_expression': tst_rse2, 'weight': 0, 'activity': 'User Subscriptions'}], '', None, 0, 0) shr_tst_sub_id = sub_client.add_subscription(shr_sub, shr_acc, {'scope': [tst_scope]}, [{'copies': 1, 'rse_expression': tst_rse2, 'weight': 0, 'activity': 'User Subscriptions'}], '', None, 0, 0) new_sub_id = add_subscription(new_sub, shr_acc, {'scope': [new_scope]}, [{'copies': 1, 'rse_expression': new_rse2, 'weight': 0, 'activity': 'User Subscriptions'}], '', False, 0, 0, 3, 'root', **self.new_vo) shr_new_sub_id = add_subscription(shr_sub, shr_acc, {'scope': [new_scope]}, [{'copies': 1, 'rse_expression': new_rse2, 'weight': 0, 'activity': 'User Subscriptions'}], '', False, 0, 0, 3, 'root', **self.new_vo) tst_subs = [s['id'] for s in sub_client.list_subscriptions()] assert_in(tst_sub_id, tst_subs) assert_in(shr_tst_sub_id, tst_subs) assert_not_in(new_sub_id, tst_subs) assert_not_in(shr_new_sub_id, tst_subs) new_subs = [s['id'] for s in list_subscriptions(**self.new_vo)] assert_in(new_sub_id, new_subs) assert_in(shr_new_sub_id, new_subs) assert_not_in(tst_sub_id, new_subs) assert_not_in(shr_tst_sub_id, new_subs) shr_tst_subs = [s['id'] for s in sub_client.list_subscriptions(name=shr_sub)] assert_in(shr_tst_sub_id, shr_tst_subs) assert_not_in(shr_new_sub_id, shr_tst_subs) shr_new_subs = [s['id'] for s in list_subscriptions(name=shr_sub, **self.new_vo)] assert_in(shr_new_sub_id, shr_new_subs) assert_not_in(shr_tst_sub_id, shr_new_subs) acc_tst_subs = [s['id'] for s in sub_client.list_subscriptions(account=shr_acc)] assert_in(tst_sub_id, acc_tst_subs) assert_in(shr_tst_sub_id, acc_tst_subs) assert_not_in(new_sub_id, acc_tst_subs) assert_not_in(shr_new_sub_id, acc_tst_subs) acc_new_subs = [s['id'] for s in list_subscriptions(account=shr_acc, **self.new_vo)] assert_in(new_sub_id, acc_new_subs) assert_in(shr_new_sub_id, acc_new_subs) assert_not_in(tst_sub_id, acc_new_subs) assert_not_in(shr_tst_sub_id, acc_new_subs)
from rucio.db.sqla.util import build_database, create_root_account from rucio.core.account_limit import set_account_limit from rucio.core.rse import add_protocol, get_rse_id, add_rse_attribute if __name__ == '__main__': # Create the Database and the root account build_database() create_root_account() add_account_identity('/CN=docker client', 'x509', 'root', '*****@*****.**', issuer="root") # Create a user called jdoe add_account('jdoe', 'USER', 'test', 'root') # Add 2 scopes add_scope('user.jdoe', 'jdoe', 'root') add_scope('tests', 'root', 'root') # Create a test dataset for jdoe add_did('user.jdoe', 'test1', 'DATASET', 'root', account='jdoe') # Create 2 sites into the /tmp partition os.mkdir('/tmp/SITE2_DISK') os.mkdir('/tmp/SITE1_DISK') params = { 'scheme': 'file', 'prefix': '/tmp/SITE1_DISK/',
def post(self, account): """ --- summary: Create description: Create an account. tags: - Account parameters: - name: account in: path description: The account identifier. schema: type: string style: simple requestBody: content: 'application/json': schema: type: object required: - type - email properties: type: description: The account type. type: string enum: ["USER", "GROUP", "SERVICE"] email: description: The email for the account. type: string responses: 201: description: OK content: application/json: schema: type: string enum: ["Created"] 401: description: Invalid Auth Token 409: description: Account already exists 400: description: Unknown status """ parameters = json_parameters() type_param = param_get(parameters, 'type') email = param_get(parameters, 'email') try: add_account(account, type_param, email, issuer=request.environ.get('issuer'), vo=request.environ.get('vo')) except Duplicate as error: return generate_http_error_flask(409, error) except AccessDenied as error: return generate_http_error_flask(401, error) except InvalidObject as error: return generate_http_error_flask(400, error) return 'Created', 201