def get_auth_token_x509(account, dn, appid, ip=None, vo='def'): """ Authenticate a Rucio account temporarily via an x509 certificate. The token lifetime is 1 hour. :param account: Account identifier as a string. If account is none, the default will be used. :param dn: Client certificate distinguished name string, as extracted by Apache/mod_ssl. :param appid: The application identifier as a string. :param ip: IP address of the client as a string. :param vo: The VO to act on. :returns: A models.Token object as saved to the database. """ if account is None: account = identity.get_default_account(dn, IdentityType.X509).external kwargs = {'account': account, 'dn': dn} if not permission.has_permission( issuer=account, vo=vo, action='get_auth_token_x509', kwargs=kwargs): raise exception.AccessDenied( 'User with identity %s can not log to account %s' % (dn, account)) account = InternalAccount(account, vo=vo) return authentication.get_auth_token_x509(account, dn, appid, ip)
def get_default_account(identity_key, type): """ Returns the default account for this identity. :param identity_key: The identity key name. For example x509 DN, or a username. :param type: The type of the authentication (x509, gss, userpass). """ return identity.get_default_account(identity_key, IdentityType.from_sym(type))
def get_default_account(identity_key, id_type): """ Returns the default account for this identity. :param identity_key: The identity key name. For example x509 DN, or a username. :param id_type: The type of the authentication (x509, gss, userpass, ssh). """ return identity.get_default_account(identity_key, IdentityType.from_sym(id_type))
def get_default_account(identity_key, id_type): """ Returns the default account for this identity. :param identity_key: The identity key name. For example x509 DN, or a username. :param id_type: The type of the authentication (x509, gss, userpass, ssh, saml). """ account = identity.get_default_account(identity_key, IdentityType[id_type.upper()]) return account.external
def get_auth_token_x509(account, dn, appid, ip=None): """ Authenticate a Rucio account temporarily via an x509 certificate. The token lifetime is 1 hour. :param account: Account identifier as a string. If account is none, the default will be used. :param dn: Client certificate distinguished name string, as extracted by Apache/mod_ssl. :param appid: The application identifier as a string. :param ip: IP address of the client as a string. :returns: Authentication token as a variable-length string. """ if account is None: account = identity.get_default_account(dn, IdentityType.X509) kwargs = {'account': account, 'dn': dn} if not permission.has_permission(issuer=account, action='get_auth_token_x509', kwargs=kwargs): raise exception.AccessDenied('User with identity %s can not log to account %s' % (dn, account)) return authentication.get_auth_token_x509(account, dn, appid, ip)