def get_auth_token_ssh(account, signature, appid, ip=None):
"""
Authenticate a Rucio account temporarily via SSH key exchange.
The token lifetime is 1 hour.
:param account: Account identifier as a string.
:param signature: Response to challenge token signed with SSH private key as a base64 encoded string.
:param appid: The application identifier as a string.
:param ip: IP address of the client as a string.
:returns: Authentication token as a variable-length string.
"""
kwargs = {'account': account, 'signature': signature}
if not permission.has_permission(issuer=account, action='get_auth_token_ssh', kwargs=kwargs):
raise exception.AccessDenied('User with provided signature can not log to account %s' % account)
return authentication.get_auth_token_ssh(account, signature, appid, ip)
def get_auth_token_ssh(account,
signature,
appid,
ip=None,
vo='def',
session=None):
"""
Authenticate a Rucio account temporarily via SSH key exchange.
The token lifetime is 1 hour.
:param account: Account identifier as a string.
:param signature: Response to challenge token signed with SSH private key as a base64 encoded string.
:param appid: The application identifier as a string.
:param ip: IP address of the client as a string.
:param vo: The VO to act on.
:param session: The database session in use.
:returns: A dict with token and expires_at entries.
"""
kwargs = {'account': account, 'signature': signature}
if not permission.has_permission(issuer=account,
vo=vo,
action='get_auth_token_ssh',
kwargs=kwargs,
session=session):
raise exception.AccessDenied(
'User with provided signature can not log to account %s' % account)
account = InternalAccount(account, vo=vo)
return authentication.get_auth_token_ssh(account,
signature,
appid,
ip,
session=session)
