Exemplo n.º 1
0
    def fileinfo(self, **kwargs):
        """Retrieve the file summary information.

           The caller needs to be a CMS user with a valid CMS x509 cert/proxy.

           :arg str hashkey: the sha256 hexdigest of the file, calculated over the tuple
                             (name, size, mtime, uname) of all the tarball members
           :return: hashkey, name, size of the requested file"""

        hashkey = kwargs['hashkey']
        result = {}
        filename = None
        infilepath = filepath(self.cachedir, kwargs['username'])

        # defining the path/name from the hash of the file
        filename = os.path.join(infilepath, hashkey[0:2], hashkey)
        result['hashkey'] = hashkey

        if not os.path.isfile(filename):
            raise MissingObject("Not such file")
        result['exists'] = True
        result['size'] = os.path.getsize(filename)
        result['accessed'] = os.path.getctime(filename)
        result['changed'] = os.path.getctime(filename)
        result['modified'] = os.path.getmtime(filename)
        touch(filename)

        return [result]
Exemplo n.º 2
0
def authz_owner_match(dbapi, workflows, Task):
    """Match user against authorisation requirements to modify an existing resource.
       Allows to cache couchdb fetched documents if the caller needs them.

       :arg WMCore.CMSCouch.Database database: database connection to retrieve the docs
       :arg str list workflows: a list of workflows unique name as positive check
       :return: in case retrieve_docs is not false the list of couchdb documents."""
    user = cherrypy.request.user
    log = cherrypy.log

    alldocs = []

    for wf in workflows:
        wfrow = None
        try:
            wfrow = dbapi.query(None,
                                None,
                                Task.GetUserFromID_sql,
                                taskname=wf).next()
        except Exception, ex:
            excauthz = RuntimeError(
                "The document '%s' is not retrievable '%s'" % (wf, str(ex)))
            raise MissingObject("The resource requested does not exist",
                                trace=traceback.format_exc(),
                                errobj=excauthz)

        if wfrow[0] == cherrypy.request.user['login']:
            alldocs.append(wfrow)
            continue
        log("ERROR: authz denied for user '%s' to the resource '%s. Resource belong to %s'"
            % (user, wf, wfrow[0]))
        raise cherrypy.HTTPError(
            403, "You are not allowed to access this resource.")
Exemplo n.º 3
0
def authz_owner_match(dbapi, workflows, Task):
    """ Match user against authorization requirements to modify an existing (list of) workflows.
        Either the user is the one who submitted the workflow, or it is an operator.

        :arg str list workflows: a list of workflows unique name as positive check
    """
    user = cherrypy.request.user
    log = cherrypy.log

    #if the user trying to access the resource is an operator just exit to allow access
    if 'crab3' in cherrypy.request.user.get('roles', {}).get('operator', {}).get('group', set()):
        log("DEBUG: authz operator %s to access resources %s" % (user, workflows))
        return

    alldocs = []
    for wf in workflows:
        wfrow = None
        try:
            wfrow = next(dbapi.query(None, None, Task.GetUserFromID_sql, taskname = wf))
        except Exception as ex:
            excauthz = RuntimeError("The document '%s' is not retrievable '%s'" % (wf, str(ex)))
            raise MissingObject("The resource requested does not exist", trace=traceback.format_exc(), errobj = excauthz)

        if wfrow[0] == cherrypy.request.user['login']:
            alldocs.append(wfrow)
            continue
        log("ERROR: authz denied for user '%s' to the resource '%s. Resource belong to %s'" % (user, wf, wfrow[0]))
        raise cherrypy.HTTPError(403, "You are not allowed to access this resource.")

    if len(workflows) == len(alldocs):
        log("DEBUG: authz user %s to access resources %s" % (user, workflows))
        return

    log("ERROR: authz denied for user '%s' to resource '%s'" % (user, str(workflows)))
    raise cherrypy.HTTPError(403, "You are not allowed to access this resource.")
Exemplo n.º 4
0
    def logs(self, campaign, limit):
        """Returns the campaign log archive PFN. It takes care of the LFN - PFN conversion too.

           :arg str campaign: a campaign name
           :arg int limit: the limit on the number of PFN to return
           :return: an object with the list of log pfns"""
        workflows = self.getCampaignWorkflows(campaign)
        if not workflows:
            raise MissingObject("Cannot find workflows in campaign")

        yield self.userworkflow.log(workflows, limit)
Exemplo n.º 5
0
 def validate(self, apiobj, method, api, param, safe):
     if not param.args:
         raise InvalidParameter("Path required")
     for name in param.args:
         if not RX_PATH.match(name):
             raise InvalidParameter("Invalid path")
     item = self._prefix + tuple(param.args)
     if not self.api.scraper.exists(item, lambda v: bool(v.data)):
         raise MissingObject("No such image")
     safe.kwargs["item"] = item
     param.args[:] = []
Exemplo n.º 6
0
    def resubmit(self, campaign, workflows=None):
        """Resubmit all the unfinished workflows in the campaign.

           :arg str campaign: the unique campaign name
           :arg list str workflows: the list of workflows part of the campaign
           :return: the workflows unique names."""

        workflows = self.getCampaignWorkflows(campaign)
        if not workflows:
            raise MissingObject("Cannot find workflows in campaign")

        for workflow in workflows:
            yield self.userworkflow.resubmit(workflow)
Exemplo n.º 7
0
    def kill(self, campaign, force, workflows=None):
        """Cancel all the unfinished workflows in the campaign.

           :arg str campaign: the unique campaign name
           :arg int force: in case the workflow has to be forced when deleted
           :arg list str workflows: the list of workflows part of the campaign
           :return: potentially nothing"""

        workflows = self.getCampaignWorkflows(campaign)
        if not workflows:
            raise MissingObject("Cannot find workflows in campaign")

        for workflow in workflows:
            yield self.userworkflow.kill(workflow)
Exemplo n.º 8
0
    def campaignSummary(self, campaign, workflows=None):
        """Provide the campaign status summary. This method iterates on all the workflows
           part of the campaign starting from the oldest one, and counts the number of
           jobs in each state. Then it returns a list where the first element is the
           campaign name, the second element is the campaign status, the third is a dict
           where keys are the 'main' states and values are number of jobs, the fourth is
           the breakdown of the 'main' states, and finally a dict containing the same
           information grouped by site

           :arg str campaign: the unique campaign name
           :arg list str workflows: the list of workflows part of the campaign
           :return: the campaign status summary"""

        workflows = self.getCampaignWorkflows(campaign)
        if not workflows:
            raise MissingObject("Cannot find workflows in campaign")

        for workflow in workflows:
            yield self.userworkflow.status(workflow)
Exemplo n.º 9
0
    def get(self, hashkey, username):
        """Retrieve a file previously uploaded to the local filesystem.
           The base path on the local filesystem is configurable.

           The caller needs to be a CMS user with a valid CMS x509 cert/proxy.

           :arg str hashkey: the sha256 hexdigest of the file, calculated over the tuple
                             (name, size, mtime, uname) of all the tarball members
           :return: the raw file"""
        filename = None
        infilepath = filepath(self.cachedir, username)

        # defining the path/name from the hash of the file
        filename = os.path.join(infilepath, hashkey[0:2], hashkey)

        if not os.path.isfile(filename):
            raise MissingObject("Not such file")
        touch(filename)
        return serve_file(filename, "application/octet-stream", "attachment")
Exemplo n.º 10
0
    def fileremove(self, **kwargs):
        """Remove the file with the specified hashkey.

           The caller needs to be a CMS user with a valid CMS x509 cert/proxy. Users can only delete their own files

           :arg str hashkey: the sha256 hexdigest of the file, calculated over the tuple
                             (name, size, mtime, uname) of all the tarball members
        """
        hashkey = kwargs['hashkey']

        infilepath = filepath(self.cachedir)
        # defining the path/name from the hash of the file
        filename = os.path.join(infilepath, hashkey[0:2], hashkey)

        if not os.path.isfile(filename):
            raise MissingObject("Not such file")

        try:
            os.remove(filename)
        except Exception as ex:
            raise ExecutionError("Impossible to remove the file: %s" % str(ex))
Exemplo n.º 11
0
from WMCore.REST.Error import NoSuchInstance
from WMCore.REST.Error import DatabaseError
from WMCore.REST.Error import DatabaseUnavailable
from WMCore.REST.Error import DatabaseConnectionError
from WMCore.REST.Error import DatabaseExecutionError
from WMCore.REST.Error import MissingParameter
from WMCore.REST.Error import InvalidParameter
from WMCore.REST.Error import MissingObject
from WMCore.REST.Error import TooManyObjects
from WMCore.REST.Error import ObjectAlreadyExists
from WMCore.REST.Error import InvalidObject
from WMCore.REST.Error import ExecutionError
RESTError()
NotAcceptable()
UnsupportedMethod()
MethodWithoutQueryString()
APIMethodMismatch()
APINotSpecified()
NoSuchInstance()
DatabaseError()
DatabaseUnavailable()
DatabaseConnectionError()
DatabaseExecutionError()
MissingParameter()
InvalidParameter()
MissingObject()
TooManyObjects()
ObjectAlreadyExists()
InvalidObject()
ExecutionError()