def setUpClass(cls):
if config_get_bool('common', 'multi_vo', raise_exception=False, default=False):
cls.vo = {'vo': config_get('client', 'vo', raise_exception=False, default='tst')}
cls.new_vo = {'vo': 'new'}
cls.def_header = {'X-Rucio-VO': 'def'}
cls.vo_header = {'X-Rucio-VO': cls.vo['vo']}
cls.new_header = {'X-Rucio-VO': 'new'}
if not vo_exists(**cls.new_vo):
add_vo(description='Test', email='*****@*****.**', **cls.new_vo)
# Setup accounts at two VOs so we can determine which VO we authenticated against
usr_uuid = str(generate_uuid()).lower()[:16]
cls.account_tst = 'tst-%s' % usr_uuid
cls.account_new = 'new-%s' % usr_uuid
add_account(cls.account_tst, 'USER', '*****@*****.**', 'root', **cls.vo)
add_account(cls.account_new, 'USER', '*****@*****.**', 'root', **cls.new_vo)
else:
LOG.warning('multi_vo mode is not enabled. Running multi_vo tests in single_vo mode will result in failures.')
cls.vo = {}
cls.new_vo = {}
cls.def_header = {}
cls.vo_header = {}
cls.new_header = {}
cls.account_tst = ''
cls.account_new = ''
def test_delete_identity_of_account(vo, rest_client):
""" ACCOUNT (REST): send a DELETE to remove an identity of an account."""
account = account_name_generator()
identity = uuid()
password = '******'
add_account(account, 'USER', '*****@*****.**', 'root', vo=vo)
add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password)
add_account_identity(identity, IdentityType.USERPASS,
InternalAccount(account, vo=vo), '*****@*****.**')
auth_response = rest_client.get('/auth/userpass',
headers=headers(
loginhdr(account, identity, password),
vohdr(vo)))
assert auth_response.status_code == 200
assert 'X-Rucio-Auth-Token' in auth_response.headers
token = str(auth_response.headers.get('X-Rucio-Auth-Token'))
assert len(token) != 0
# normal deletion
data = {'authtype': 'USERPASS', 'identity': identity}
response = rest_client.delete('/accounts/' + account + '/identities',
headers=headers(auth(token)),
json=data)
assert response.status_code == 200
# unauthorized deletion
other_account = account_name_generator()
data = {'authtype': 'USERPASS', 'identity': identity}
response = rest_client.delete('/accounts/' + other_account + '/identities',
headers=headers(auth(token)),
json=data)
assert response.status_code == 401
def post(self, account):
""" create account with given account name.
.. :quickref: AccountParameter; Add account.
:param account: The account identifier.
:<json string type: The account type.
:<json string email: The account email.
:status 201: Successfully created.
:status 401: Invalid auth token.
:status 409: Account already exists.
:status 500: Database exception.
"""
try:
parameter = loads(request.data.decode())
except ValueError:
return generate_http_error_flask(
400, 'ValueError', 'cannot decode json parameter dictionary')
type, email = None, None
try:
type = parameter['type']
except KeyError as error:
if error.args[0] == 'type':
return generate_http_error_flask(400, 'KeyError',
'%s not defined' % str(error))
raise
except TypeError:
return generate_http_error_flask(400, 'TypeError',
'body must be a json dictionary')
try:
email = parameter['email']
except KeyError as error:
if error.args[0] == 'email':
return generate_http_error_flask(400, 'KeyError',
'%s not defined' % str(error))
raise
except TypeError:
return generate_http_error_flask(400, 'TypeError',
'body must be a json dictionary')
try:
add_account(account,
type,
email,
issuer=request.environ.get('issuer'),
vo=request.environ.get('vo'))
except Duplicate as error:
return generate_http_error_flask(409, 'Duplicate', error.args[0])
except AccessDenied as error:
return generate_http_error_flask(401, 'AccessDenied',
error.args[0])
except RucioException as error:
return generate_http_error_flask(500, error.__class__.__name__,
error.args[0])
except Exception as error:
print(format_exc())
return str(error), 500
return 'Created', 201
def post(self, account):
""" create account with given account name.
.. :quickref: AccountParameter; Add account.
:param account: The account identifier.
:<json string type: The account type.
:<json string email: The account email.
:status 201: Successfully created.
:status 401: Invalid auth token.
:status 409: Account already exists.
"""
parameters = json_parameters()
type_param = param_get(parameters, 'type')
email = param_get(parameters, 'email')
try:
add_account(account,
type_param,
email,
issuer=request.environ.get('issuer'),
vo=request.environ.get('vo'))
except Duplicate as error:
return generate_http_error_flask(409, error)
except AccessDenied as error:
return generate_http_error_flask(401, error)
except InvalidObject as error:
return generate_http_error_flask(400, error)
return 'Created', 201
def test_delete_identity_of_account(self):
""" ACCOUNT (REST): send a DELETE to remove an identity of an account."""
mw = []
account = account_name_generator()
identity = uuid()
password = '******'
add_account(account, 'USER', '*****@*****.**', 'root', **self.vo)
add_identity(identity, IdentityType.USERPASS, '*****@*****.**', password)
add_account_identity(identity, IdentityType.USERPASS, InternalAccount(account, **self.vo), '*****@*****.**')
headers1 = {'X-Rucio-Account': account, 'X-Rucio-Username': identity, 'X-Rucio-Password': password}
headers1.update(self.vo_header)
res1 = TestApp(auth_app.wsgifunc(*mw)).get('/userpass', headers=headers1, expect_errors=True)
token = str(res1.header('X-Rucio-Auth-Token'))
# normal deletion
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 200)
# unauthorized deletion
other_account = account_name_generator()
headers2 = {'X-Rucio-Auth-Token': str(token)}
data = dumps({'authtype': 'USERPASS', 'identity': identity})
res2 = TestApp(account_app.wsgifunc(*mw)).delete('/' + other_account + '/identities', headers=headers2, params=data, expect_errors=True)
assert_equal(res2.status, 401)
def setUpClass(cls):
if config_get_bool('common', 'multi_vo', raise_exception=False, default=False):
cls.vo = {'vo': config_get('client', 'vo', raise_exception=False, default='tst')}
cls.new_vo = {'vo': 'new'}
cls.multi_vo = True
if not vo_exists(**cls.new_vo):
add_vo(description='Test', email='*****@*****.**', **cls.new_vo)
else:
cls.vo = {}
cls.new_vo = {}
cls.multi_vo = False
# Add test account
cls.account_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10))
add_account(account=cls.account_name, type='user', email='*****@*****.**', issuer='root', **cls.vo)
cls.account = InternalAccount(cls.account_name, **cls.vo)
# Add test scope
cls.scope_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10))
add_scope(scope=cls.scope_name, account=cls.account_name, issuer='root', **cls.vo)
cls.scope = InternalScope(cls.scope_name, **cls.vo)
# Get test RSEs
cls.rse_name = 'MOCK'
cls.rse_id = get_rse_id(rse=cls.rse_name, **cls.vo)
cls.rse2_name = 'MOCK2'
cls.rse2_id = get_rse_id(rse=cls.rse2_name, **cls.vo)
cls.rse3_name = rse_name_generator()
cls.rse3_id = api_rse.add_rse(cls.rse3_name, 'root', **cls.new_vo)
cls.rse4_name = rse_name_generator()
cls.rse4_id = api_rse.add_rse(cls.rse4_name, 'root', **cls.new_vo)
api_rse.add_distance(cls.rse3_name, cls.rse4_name, issuer='root', distance=3, **cls.new_vo)
def test_create_and_check_for_user(self):
""" ACCOUNT (CORE): Test the creation, query, and deletion of an account """
usr = account_name_generator()
invalid_usr = account_name_generator()
add_account(usr, 'USER', 'root')
assert_equal(account_exists(usr), True)
assert_equal(account_exists(invalid_usr), False)
del_account(usr, 'root')
def test_create_and_check_for_user(self):
""" ACCOUNT (CORE): Test the creation, query, and deletion of an account """
usr = account_name_generator()
invalid_usr = account_name_generator()
add_account(usr, 'USER', '*****@*****.**', 'root')
assert_equal(account_exists(usr), True)
assert_equal(account_exists(invalid_usr), False)
del_account(usr, 'root')
def POST(self, account):
""" create account with given account name.
HTTP Success:
201 Created
HTTP Error:
400 Bad Reqeust
401 Unauthorized
409 Conflict
500 Internal Error
:param Rucio-Account: Account identifier.
:param Rucio-Auth-Token: as an 32 character hex string.
:params Rucio-Type: the type of the new account.
"""
json_data = data()
try:
parameter = loads(json_data)
except ValueError:
raise generate_http_error(
400, 'ValueError', 'cannot decode json parameter dictionary')
type, email = None, None
try:
type = parameter['type']
except KeyError as error:
if error.args[0] == 'type':
raise generate_http_error(400, 'KeyError',
'%s not defined' % str(error))
except TypeError:
raise generate_http_error(400, 'TypeError',
'body must be a json dictionary')
try:
email = parameter['email']
except KeyError as error:
if error.args[0] == 'email':
raise generate_http_error(400, 'KeyError',
'%s not defined' % str(error))
except TypeError:
raise generate_http_error(400, 'TypeError',
'body must be a json dictionary')
try:
add_account(account, type, email, issuer=ctx.env.get('issuer'))
except Duplicate as error:
raise generate_http_error(409, 'Duplicate', error.args[0])
except AccessDenied as error:
raise generate_http_error(401, 'AccessDenied', error.args[0])
except RucioException as error:
raise generate_http_error(500, error.__class__.__name__,
error.args[0])
except Exception as error:
print(format_exc())
raise InternalError(error)
raise Created()
def createScope():
for i in range(2000):
print(i)
user = '******' % (i)
try:
add_account(user, 'user', 'root')
add_scope('user.%s' % user, user, 'root')
except Duplicate as e:
print(e)
def createScope():
for i in xrange(0, 2000):
print i
user = '******' % (i)
try:
add_account(user, 'user', 'root')
add_scope('user.%s' % (user), user, 'root')
except Duplicate, e:
print e
def createScope():
for i in xrange(0, 2000):
print i
user = '******' % (i)
try:
add_account(user, 'user', 'root')
add_scope('user.%s' % (user), user, 'root')
except Duplicate, e:
print e
def test_account_status(self):
""" ACCOUNT (CORE): Test changing and quering account status """
usr = account_name_generator()
add_account(usr, 'USER', 'root')
assert_equal(get_account_status(usr), AccountStatus.ACTIVE) # Should be active by default
set_account_status(usr, AccountStatus.SUSPENDED)
assert_equal(get_account_status(usr), AccountStatus.SUSPENDED)
set_account_status(usr, AccountStatus.ACTIVE)
assert_equal(get_account_status(usr), AccountStatus.ACTIVE)
del_account(usr, 'root')
def test_account_status(self):
""" ACCOUNT (CORE): Test changing and quering account status """
usr = account_name_generator()
add_account(usr, 'USER', '*****@*****.**', 'root')
assert_equal(get_account_status(usr),
AccountStatus.ACTIVE) # Should be active by default
set_account_status(usr, AccountStatus.SUSPENDED)
assert_equal(get_account_status(usr), AccountStatus.SUSPENDED)
set_account_status(usr, AccountStatus.ACTIVE)
assert_equal(get_account_status(usr), AccountStatus.ACTIVE)
del_account(usr, 'root')
def test_update_account(self):
""" ACCOUNT (CORE): Test changing and quering account parameters """
usr = account_name_generator()
add_account(usr, 'USER', '*****@*****.**', 'root')
assert_equal(get_account_info(usr)['status'], AccountStatus.ACTIVE) # Should be active by default
update_account(account=usr, key='status', value=AccountStatus.SUSPENDED)
assert_equal(get_account_info(usr)['status'], AccountStatus.SUSPENDED)
update_account(account=usr, key='status', value=AccountStatus.ACTIVE)
assert_equal(get_account_info(usr)['status'], AccountStatus.ACTIVE)
update_account(account=usr, key='email', value='test')
email = get_account_info(account=usr)['email']
assert_equal(email, 'test')
del_account(usr, 'root')
def test_update_account(self):
""" ACCOUNT (CORE): Test changing and quering account parameters """
usr = account_name_generator()
add_account(usr, 'USER', '*****@*****.**', 'root', **self.vo)
assert get_account_info(usr, **self.vo)['status'] == AccountStatus.ACTIVE # Should be active by default
update_account(account=usr, key='status', value=AccountStatus.SUSPENDED, **self.vo)
assert get_account_info(usr, **self.vo)['status'] == AccountStatus.SUSPENDED
update_account(account=usr, key='status', value=AccountStatus.ACTIVE, **self.vo)
assert get_account_info(usr, **self.vo)['status'] == AccountStatus.ACTIVE
update_account(account=usr, key='email', value='test', **self.vo)
email = get_account_info(account=usr, **self.vo)['email']
assert email == 'test'
del_account(usr, 'root', **self.vo)
def createScope():
# add_account('panda', 'user', 'root')
# add_account('tier0', 'user', 'root')
# add_scope('data12_8TeV', 'root', 'root')
add_scope('mc12_8TeV', 'root', 'root')
for i in xrange(0, 20):
print i
group = 'group%i' % (i)
try:
add_account(group, 'user', 'root')
add_scope('group.%s' % (group), group, 'root')
except Duplicate, e:
print e
def createScope():
# add_account('panda', 'user', 'root')
# add_account('tier0', 'user', 'root')
# add_scope('data12_8TeV', 'root', 'root')
add_scope('mc12_8TeV', 'root', 'root')
for i in xrange(0, 20):
print i
group = 'group%i' % (i)
try:
add_account(group, 'user', 'root')
add_scope('group.%s' % (group), group, 'root')
except Duplicate, e:
print e
def test_api_subscription(self):
""" SUBSCRIPTION (API): Test external representation of subscriptions """
sub = 'ext_' + generate_uuid()
did = 'ext_' + generate_uuid()
new_acc_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10))
new_scope_name = ''.join(random.choice(string.ascii_lowercase) for x in range(10))
add_account(new_acc_name, 'USER', '*****@*****.**', 'root', **self.new_vo)
add_scope(new_scope_name, new_acc_name, 'root', **self.new_vo)
api_acc_lim.set_local_account_limit(new_acc_name, self.rse3_name, 10, 'root', **self.new_vo)
api_acc_lim.set_local_account_limit(new_acc_name, self.rse4_name, 10, 'root', **self.new_vo)
add_did(new_scope_name, did, 'DATASET', 'root', account=new_acc_name, rse=self.rse3_name, **self.new_vo)
sub_id = add_subscription(sub, new_acc_name, {'account': [new_acc_name], 'scope': [new_scope_name]},
[{'copies': 1, 'rse_expression': self.rse3_name, 'weight': 0, 'activity': 'User Subscriptions',
'source_replica_expression': self.rse4_name}],
'', False, 0, 0, 3, 'root', **self.new_vo)
add_replication_rule(dids=[{'scope': new_scope_name, 'name': did}], copies=1, rse_expression=self.rse3_name, weight=None,
lifetime=180, grouping='DATASET', account=new_acc_name, locked=False, subscription_id=sub_id,
source_replica_expression=self.rse4_name, activity='User Subscriptions', notify=None,
purge_replicas=False, ignore_availability=False, comment='', ask_approval=False, asynchronous=False,
priority=0, split_container=False, meta='', issuer='root', **self.new_vo)
out = list_subscriptions(sub, **self.new_vo)
out = list(out)
assert_not_equal(0, len(out))
assert_in(sub_id, [o['id'] for o in out])
for o in out:
if o['id'] == sub_id:
assert_equal(o['account'], new_acc_name)
rules = loads(o['replication_rules'])[0]
assert_equal(rules['rse_expression'], self.rse3_name)
assert_equal(rules['source_replica_expression'], self.rse4_name)
fil = loads(o['filter'])
assert_equal(fil['account'], [new_acc_name])
assert_equal(fil['scope'], [new_scope_name])
out = list_subscription_rule_states(sub, **self.new_vo)
out = list(out)
assert_not_equal(0, len(out))
for o in out:
assert_equal(o.account, new_acc_name)
out = get_subscription_by_id(sub_id, **self.new_vo)
assert_equal(out['account'], new_acc_name)
rules = loads(out['replication_rules'])[0]
assert_equal(rules['rse_expression'], self.rse3_name)
assert_equal(rules['source_replica_expression'], self.rse4_name)
fil = loads(out['filter'])
assert_equal(fil['account'], [new_acc_name])
assert_equal(fil['scope'], [new_scope_name])
def test_account_counters_at_different_vos(self):
""" MULTI VO (CLIENT): Test that account counters from 2nd vo don't interfere """
session = db_session.get_session()
# add some RSEs to test create_counters_for_new_account
rse_client = RSEClient()
rse_str = ''.join(choice(ascii_uppercase) for x in range(10))
tst_rse1 = 'TST1_%s' % rse_str
new_rse1 = 'NEW1_%s' % rse_str
rse_client.add_rse(tst_rse1)
add_rse(new_rse1, 'root', **self.new_vo)
# add an account - should have counters created for RSEs on the same VO
usr_uuid = str(generate_uuid()).lower()[:16]
new_acc_str = 'shr-%s' % usr_uuid
new_acc = InternalAccount(new_acc_str, **self.new_vo)
add_account(new_acc_str, 'USER', '*****@*****.**', 'root', **self.new_vo)
query = session.query(models.AccountUsage.account, models.AccountUsage.rse_id).\
distinct(models.AccountUsage.account, models.AccountUsage.rse_id).\
filter_by(account=new_acc)
acc_counters = list(query.all())
assert_not_equal(0, len(acc_counters))
for counter in acc_counters:
rse_id = counter[1]
vo = get_rse_vo(rse_id)
assert_equal(vo, self.new_vo['vo'])
# add an RSE - should have counters created for accounts on the same VO
new_rse2 = 'NEW2_' + rse_str
new_rse2_id = add_rse(new_rse2, 'root', **self.new_vo)
query = session.query(models.AccountUsage.account, models.AccountUsage.rse_id).\
distinct(models.AccountUsage.account, models.AccountUsage.rse_id).\
filter_by(rse_id=new_rse2_id)
rse_counters = list(query.all())
assert_not_equal(0, len(rse_counters))
for counter in rse_counters:
account = counter[0]
assert_equal(account.vo, self.new_vo['vo'])
session.commit()
def test_accounts_at_different_vos(self):
""" MULTI VO (CLIENT): Test that accounts from 2nd vo don't interfere """
account_client = AccountClient()
usr_uuid = str(generate_uuid()).lower()[:16]
tst = 'tst-%s' % usr_uuid
new = 'new-%s' % usr_uuid
shr = 'shr-%s' % usr_uuid
account_client.add_account(tst, 'USER', '*****@*****.**')
account_client.add_account(shr, 'USER', '*****@*****.**')
add_account(new, 'USER', '*****@*****.**', 'root', **self.new_vo)
add_account(shr, 'USER', '*****@*****.**', 'root', **self.new_vo)
account_list_tst = [a['account'] for a in account_client.list_accounts()]
account_list_new = [a['account'] for a in list_accounts(filter={}, **self.new_vo)]
assert_true(tst in account_list_tst)
assert_false(new in account_list_tst)
assert_true(shr in account_list_tst)
assert_false(tst in account_list_new)
assert_true(new in account_list_new)
assert_true(shr in account_list_new)
def test_super_root_naming(self):
""" MULTI VO (CORE): Test we can only name accounts super_root when appropriate """
with assert_raises(Duplicate): # Ensure we fail from duplication rather than the choice of name
add_account('super_root', 'USER', '*****@*****.**', 'root', vo='def')
with assert_raises(UnsupportedAccountName):
add_account('super_root', 'USER', '*****@*****.**', 'root', **self.vo)
try:
config_remove_option('common', 'multi_vo')
with assert_raises(UnsupportedAccountName):
add_account('super_root', 'USER', '*****@*****.**', 'root', **self.vo)
with assert_raises(UnsupportedAccountName):
add_account('super_root', 'USER', '*****@*****.**', 'root', vo='def')
finally:
# Make sure we don't leave the config changed due to a test failure
if self.vo:
config_set('common', 'multi_vo', 'True')
else:
config_remove_option('common', 'multi_vo')
try:
parameter = loads(json_data)
except ValueError:
raise generate_http_error(400, 'ValueError', 'cannot decode json parameter dictionary')
type = None
try:
type = parameter['type']
except KeyError, e:
if e.args[0] == 'type':
raise generate_http_error(400, 'KeyError', '%s not defined' % str(e))
except TypeError:
raise generate_http_error(400, 'TypeError', 'body must be a json dictionary')
try:
add_account(account, type, issuer=ctx.env.get('issuer'))
except Duplicate as e:
raise generate_http_error(409, 'Duplicate', e.args[0][0])
except AccessDenied, e:
raise generate_http_error(401, 'AccessDenied', e.args[0][0])
except RucioException, e:
raise generate_http_error(500, e.__class__.__name__, e.args[0][0])
except Exception, e:
print format_exc()
raise InternalError(e)
raise Created()
def DELETE(self, account):
""" disable account with given account name.
'%s not defined' % str(e))
except TypeError:
raise generate_http_error(400, 'TypeError',
'body must be a json dictionary')
try:
email = parameter['email']
except KeyError, e:
if e.args[0] == 'email':
raise generate_http_error(400, 'KeyError',
'%s not defined' % str(e))
except TypeError:
raise generate_http_error(400, 'TypeError',
'body must be a json dictionary')
try:
add_account(account, type, email, issuer=ctx.env.get('issuer'))
except Duplicate as e:
raise generate_http_error(409, 'Duplicate', e.args[0][0])
except AccessDenied, e:
raise generate_http_error(401, 'AccessDenied', e.args[0][0])
except RucioException, e:
raise generate_http_error(500, e.__class__.__name__, e.args[0][0])
except Exception, e:
print format_exc()
raise InternalError(e)
raise Created()
def DELETE(self, account):
""" disable account with given account name.
def setUp(self):
self.accountstring = 'test_' + rndstr()
self.accountstring = self.accountstring.lower()
try:
add_account(self.accountstring, 'USER', '*****@*****.**', 'root')
except Duplicate:
pass
# create 2 sessions that expire in 5 min and 3 that expire 'now'
save_oauth_session_params(self.accountstring, 300)
save_oauth_session_params(self.accountstring, 300)
save_oauth_session_params(self.accountstring, 0)
save_oauth_session_params(self.accountstring, 0)
save_oauth_session_params(self.accountstring, 0)
assert_true(get_oauth_session_param_count(self.accountstring) == 5)
# assuming daemon looprate of 10 min
# test cases for access tokens without any refresh token
save_oidc_token(self.accountstring, 0, 0, None, False,
'0_to_be_deleted')
save_oidc_token(self.accountstring, 300, 0, None, False,
'00_to_be_kept')
save_oidc_token(self.accountstring, 1000, 0, None, False,
'000_to_be_kept')
# test cases for access token with refresh token
save_oidc_token(self.accountstring, 0, 300,
"1_at_inval_rt_val_refresh_False_" + rndstr(), False,
"1_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 300, 300,
"2_at_val_rt_val_refresh_False_" + rndstr(), False,
"2_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 0, 0,
"3_at_inval_rt_inval_refresh_False_" + rndstr(), False,
"3_to_be_deleted")
save_oidc_token(self.accountstring, 300, 0,
"4_at_val_rt_inval_refresh_False_" + rndstr(), False,
"4_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 0, 1000,
"5_at_inval_rt_longval_refresh_False_" + rndstr(),
False, "5_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 1000, 1000,
"6_at_longval_rt_longval_refresh_False_" + rndstr(),
False, "6_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 1000, 0,
"7_at_longval_rt_inval_refresh_False_" + rndstr(),
False, "7_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 300, 1000,
"8_at_val_rt_longval_refresh_False_" + rndstr(), False,
"8_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 1000, 300,
"9_at_longval_rt_val_refresh_False_" + rndstr(), False,
"9_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 0, 300,
"10_at_inval_rt_val_refresh_True_" + rndstr(), True,
"10_original_refreshed_and_deleted")
save_oidc_token(self.accountstring, 300, 300,
"11_at_val_rt_val_refresh_True_" + rndstr(), True,
"11_to_be_kept_and_refreshed")
save_oidc_token(self.accountstring, 0, 0,
"12_at_inval_rt_inval_refresh_True_" + rndstr(), True,
"12_to_be_deleted")
save_oidc_token(self.accountstring, 300, 0,
"13_at_val_rt_inval_refresh_True_" + rndstr(), True,
"13_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 0, 1000,
"14_at_inval_rt_longval_refresh_True_" + rndstr(),
True, "14_original_refreshed_and_deleted")
save_oidc_token(self.accountstring, 1000, 1000,
"15_at_longval_rt_longval_refresh_True_" + rndstr(),
True, "15_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 1000, 0,
"16_at_longval_rt_inval_refresh_True_" + rndstr(),
True, "16_to_be_kept_no_refresh")
save_oidc_token(self.accountstring, 300, 1000,
"17_at_val_rt_longval_refresh_True_" + rndstr(), True,
"17_to_be_kept_and_refreshed")
save_oidc_token(self.accountstring, 1000, 300,
"18_at_longval_rt_val_refresh_True_" + rndstr(), True,
"18_to_be_kept_no_refresh")
assert_true(get_token_count(self.accountstring) == 21)
sleep(1)
def setUp(self):
if config_get_bool('common',
'multi_vo',
raise_exception=False,
default=False):
self.vo = {
'vo':
config_get('client',
'vo',
raise_exception=False,
default='tst')
}
else:
self.vo = {}
self.accountstring = 'test_' + rndstr()
self.accountstring = self.accountstring.lower()
self.account = InternalAccount(self.accountstring, **self.vo)
try:
add_account(self.accountstring, 'USER', '*****@*****.**', 'root',
**self.vo)
except Duplicate:
pass
# create 2 sessions that expire in 5 min and 3 that expire 'now'
save_oauth_session_params(self.account, 300)
save_oauth_session_params(self.account, 300)
save_oauth_session_params(self.account, 0)
save_oauth_session_params(self.account, 0)
save_oauth_session_params(self.account, 0)
assert get_oauth_session_param_count(self.account) == 5
# assuming daemon looprate of 10 min
# test cases for access tokens without any refresh token
save_oidc_token(self.account, 0, 0, None, False, '0_to_be_deleted')
save_oidc_token(self.account, 300, 0, None, False, '00_to_be_kept')
save_oidc_token(self.account, 1000, 0, None, False, '000_to_be_kept')
# test cases for access token with refresh token
save_oidc_token(self.account, 0, 300,
"1_at_inval_rt_val_refresh_False_" + rndstr(), False,
"1_to_be_kept_no_refresh")
save_oidc_token(self.account, 300, 300,
"2_at_val_rt_val_refresh_False_" + rndstr(), False,
"2_to_be_kept_no_refresh")
save_oidc_token(self.account, 0, 0,
"3_at_inval_rt_inval_refresh_False_" + rndstr(), False,
"3_to_be_deleted")
save_oidc_token(self.account, 300, 0,
"4_at_val_rt_inval_refresh_False_" + rndstr(), False,
"4_to_be_kept_no_refresh")
save_oidc_token(self.account, 0, 1000,
"5_at_inval_rt_longval_refresh_False_" + rndstr(),
False, "5_to_be_kept_no_refresh")
save_oidc_token(self.account, 1000, 1000,
"6_at_longval_rt_longval_refresh_False_" + rndstr(),
False, "6_to_be_kept_no_refresh")
save_oidc_token(self.account, 1000, 0,
"7_at_longval_rt_inval_refresh_False_" + rndstr(),
False, "7_to_be_kept_no_refresh")
save_oidc_token(self.account, 300, 1000,
"8_at_val_rt_longval_refresh_False_" + rndstr(), False,
"8_to_be_kept_no_refresh")
save_oidc_token(self.account, 1000, 300,
"9_at_longval_rt_val_refresh_False_" + rndstr(), False,
"9_to_be_kept_no_refresh")
save_oidc_token(self.account, 0, 300,
"10_at_inval_rt_val_refresh_True_" + rndstr(), True,
"10_original_refreshed_and_deleted")
save_oidc_token(self.account, 300, 300,
"11_at_val_rt_val_refresh_True_" + rndstr(), True,
"11_to_be_kept_and_refreshed")
save_oidc_token(self.account, 0, 0,
"12_at_inval_rt_inval_refresh_True_" + rndstr(), True,
"12_to_be_deleted")
save_oidc_token(self.account, 300, 0,
"13_at_val_rt_inval_refresh_True_" + rndstr(), True,
"13_to_be_kept_no_refresh")
save_oidc_token(self.account, 0, 1000,
"14_at_inval_rt_longval_refresh_True_" + rndstr(),
True, "14_original_refreshed_and_deleted")
save_oidc_token(self.account, 1000, 1000,
"15_at_longval_rt_longval_refresh_True_" + rndstr(),
True, "15_to_be_kept_no_refresh")
save_oidc_token(self.account, 1000, 0,
"16_at_longval_rt_inval_refresh_True_" + rndstr(),
True, "16_to_be_kept_no_refresh")
save_oidc_token(self.account, 300, 1000,
"17_at_val_rt_longval_refresh_True_" + rndstr(), True,
"17_to_be_kept_and_refreshed")
save_oidc_token(self.account, 1000, 300,
"18_at_longval_rt_val_refresh_True_" + rndstr(), True,
"18_to_be_kept_no_refresh")
assert get_token_count(self.account) == 21
sleep(1)
import os
from rucio.api.account import add_account
from rucio.api.identity import add_account_identity
from rucio.api.scope import add_scope
from rucio.api.did import add_did
from rucio.api.rse import add_rse, add_distance
from rucio.db.sqla.util import build_database, create_root_account
from rucio.core.account_limit import set_account_limit
from rucio.core.rse import add_protocol, get_rse_id, add_rse_attribute
if __name__ == '__main__':
#build database
build_database()
# create root account
create_root_account()
add_account_identity('/CN=docker client',
'x509',
'root',
'*****@*****.**',
issuer="root")
# create gfronze account
add_account('gfronze', 'USER', 'test', 'root')
# create some scopes
add_scope('user.gfronze', 'gfronze', 'root')
add_scope('user.root', 'root', 'root')
add_scope('tests', 'root', 'root')
def test_subscriptions_at_different_vos(self):
""" MULTI VO (CLIENT): Test that subscriptions from 2nd vo don't interfere """
account_client = AccountClient()
usr_uuid = str(generate_uuid()).lower()[:16]
shr_acc = 'shr-%s' % usr_uuid
account_client.add_account(shr_acc, 'USER', '*****@*****.**')
add_account(shr_acc, 'USER', '*****@*****.**', 'root', **self.new_vo)
scope_client = ScopeClient()
scope_uuid = str(generate_uuid()).lower()[:16]
tst_scope = 'tst_%s' % scope_uuid
new_scope = 'new_%s' % scope_uuid
scope_client.add_scope('root', tst_scope)
add_scope(new_scope, 'root', 'root', **self.new_vo)
did_client = DIDClient()
did_uuid = str(generate_uuid()).lower()[:16]
tst_did = 'tstset_%s' % did_uuid
new_did = 'newset_%s' % did_uuid
rse_client = RSEClient()
rse_str = ''.join(choice(ascii_uppercase) for x in range(10))
tst_rse1 = 'TST1_%s' % rse_str
tst_rse2 = 'TST2_%s' % rse_str
new_rse1 = 'NEW1_%s' % rse_str
new_rse2 = 'NEW2_%s' % rse_str
rse_client.add_rse(tst_rse1)
rse_client.add_rse(tst_rse2)
add_rse(new_rse1, 'root', **self.new_vo)
add_rse(new_rse2, 'root', **self.new_vo)
acc_lim_client = AccountLimitClient()
acc_lim_client.set_local_account_limit(shr_acc, tst_rse1, 10)
acc_lim_client.set_local_account_limit(shr_acc, tst_rse2, 10)
set_local_account_limit(shr_acc, new_rse1, 10, 'root', **self.new_vo)
set_local_account_limit(shr_acc, new_rse2, 10, 'root', **self.new_vo)
did_client.add_did(tst_scope, tst_did, 'DATASET', rse=tst_rse1)
add_did(new_scope, new_did, 'DATASET', 'root', rse=new_rse1, **self.new_vo)
sub_client = SubscriptionClient()
sub_str = generate_uuid()
tst_sub = 'tstsub_' + sub_str
new_sub = 'newsub_' + sub_str
shr_sub = 'shrsub_' + sub_str
tst_sub_id = sub_client.add_subscription(tst_sub, shr_acc, {'scope': [tst_scope]},
[{'copies': 1, 'rse_expression': tst_rse2, 'weight': 0,
'activity': 'User Subscriptions'}],
'', None, 0, 0)
shr_tst_sub_id = sub_client.add_subscription(shr_sub, shr_acc, {'scope': [tst_scope]},
[{'copies': 1, 'rse_expression': tst_rse2, 'weight': 0,
'activity': 'User Subscriptions'}],
'', None, 0, 0)
new_sub_id = add_subscription(new_sub, shr_acc, {'scope': [new_scope]},
[{'copies': 1, 'rse_expression': new_rse2, 'weight': 0, 'activity': 'User Subscriptions'}],
'', False, 0, 0, 3, 'root', **self.new_vo)
shr_new_sub_id = add_subscription(shr_sub, shr_acc, {'scope': [new_scope]},
[{'copies': 1, 'rse_expression': new_rse2, 'weight': 0, 'activity': 'User Subscriptions'}],
'', False, 0, 0, 3, 'root', **self.new_vo)
tst_subs = [s['id'] for s in sub_client.list_subscriptions()]
assert_in(tst_sub_id, tst_subs)
assert_in(shr_tst_sub_id, tst_subs)
assert_not_in(new_sub_id, tst_subs)
assert_not_in(shr_new_sub_id, tst_subs)
new_subs = [s['id'] for s in list_subscriptions(**self.new_vo)]
assert_in(new_sub_id, new_subs)
assert_in(shr_new_sub_id, new_subs)
assert_not_in(tst_sub_id, new_subs)
assert_not_in(shr_tst_sub_id, new_subs)
shr_tst_subs = [s['id'] for s in sub_client.list_subscriptions(name=shr_sub)]
assert_in(shr_tst_sub_id, shr_tst_subs)
assert_not_in(shr_new_sub_id, shr_tst_subs)
shr_new_subs = [s['id'] for s in list_subscriptions(name=shr_sub, **self.new_vo)]
assert_in(shr_new_sub_id, shr_new_subs)
assert_not_in(shr_tst_sub_id, shr_new_subs)
acc_tst_subs = [s['id'] for s in sub_client.list_subscriptions(account=shr_acc)]
assert_in(tst_sub_id, acc_tst_subs)
assert_in(shr_tst_sub_id, acc_tst_subs)
assert_not_in(new_sub_id, acc_tst_subs)
assert_not_in(shr_new_sub_id, acc_tst_subs)
acc_new_subs = [s['id'] for s in list_subscriptions(account=shr_acc, **self.new_vo)]
assert_in(new_sub_id, acc_new_subs)
assert_in(shr_new_sub_id, acc_new_subs)
assert_not_in(tst_sub_id, acc_new_subs)
assert_not_in(shr_tst_sub_id, acc_new_subs)
from rucio.db.sqla.util import build_database, create_root_account
from rucio.core.account_limit import set_account_limit
from rucio.core.rse import add_protocol, get_rse_id, add_rse_attribute
if __name__ == '__main__':
# Create the Database and the root account
build_database()
create_root_account()
add_account_identity('/CN=docker client',
'x509',
'root',
'*****@*****.**',
issuer="root")
# Create a user called jdoe
add_account('jdoe', 'USER', 'test', 'root')
# Add 2 scopes
add_scope('user.jdoe', 'jdoe', 'root')
add_scope('tests', 'root', 'root')
# Create a test dataset for jdoe
add_did('user.jdoe', 'test1', 'DATASET', 'root', account='jdoe')
# Create 2 sites into the /tmp partition
os.mkdir('/tmp/SITE2_DISK')
os.mkdir('/tmp/SITE1_DISK')
params = {
'scheme': 'file',
'prefix': '/tmp/SITE1_DISK/',
def post(self, account):
"""
---
summary: Create
description: Create an account.
tags:
- Account
parameters:
- name: account
in: path
description: The account identifier.
schema:
type: string
style: simple
requestBody:
content:
'application/json':
schema:
type: object
required:
- type
- email
properties:
type:
description: The account type.
type: string
enum: ["USER", "GROUP", "SERVICE"]
email:
description: The email for the account.
type: string
responses:
201:
description: OK
content:
application/json:
schema:
type: string
enum: ["Created"]
401:
description: Invalid Auth Token
409:
description: Account already exists
400:
description: Unknown status
"""
parameters = json_parameters()
type_param = param_get(parameters, 'type')
email = param_get(parameters, 'email')
try:
add_account(account,
type_param,
email,
issuer=request.environ.get('issuer'),
vo=request.environ.get('vo'))
except Duplicate as error:
return generate_http_error_flask(409, error)
except AccessDenied as error:
return generate_http_error_flask(401, error)
except InvalidObject as error:
return generate_http_error_flask(400, error)
return 'Created', 201
