def delete_replicas(rse, files, issuer, ignore_availability=False): """ Bulk delete file replicas. :param rse: The RSE name. :param files: The list of files. :param issuer: The issuer account. :param ignore_availability: Ignore the RSE blacklisting. :returns: True is successful, False otherwise """ validate_schema(name='r_dids', obj=files) kwargs = {'rse': rse} if not permission.has_permission(issuer=issuer, action='delete_replicas', kwargs=kwargs): raise exception.AccessDenied('Account %s can not delete file replicas on %s' % (issuer, rse)) if not permission.has_permission(issuer=issuer, action='skip_availability_check', kwargs=kwargs): ignore_availability = False replica.delete_replicas(rse=rse, files=files, ignore_availability=ignore_availability)
def declare_bad_file_replicas(pfns, rse, issuer): """ Declare a list of bad replicas. :param pfns: The list of PFNs. :param rse: The RSE name. :param issuer: The issuer account. """ kwargs = {} if not permission.has_permission(issuer=issuer, action='declare_bad_file_replicas', kwargs=kwargs): raise exception.AccessDenied('Account %s can not declare bad replicas on %s' % (issuer, rse)) return replica.declare_bad_file_replicas(pfns=pfns, rse=rse)
def add_section(section, issuer=None): """ Add a section to the configuration. :param section: The name of the section. :param issuer: The issuer account. """ kwargs = {'issuer': issuer, 'section': section} if not permission.has_permission(issuer=issuer, action='config_add_section', kwargs=kwargs): raise exception.AccessDenied('%s cannot add section %s' % (issuer, section)) return config.add_section(section)
def delete_replication_rule(rule_id, issuer): """ Deletes a replication rule and all associated locks. :param rule_id: The id of the rule to be deleted :param issuer: The issuing account of this operation :raises: RuleNotFound, AccessDenied """ kwargs = {'rule_id': rule_id} if not has_permission(issuer=issuer, action='del_rule', kwargs=kwargs): raise AccessDenied('Account %s can not remove this replication rule.' % (issuer)) rule.delete_rule(rule_id)
def sections(issuer=None): """ Return a list of the sections available. :param issuer: The issuer account. :returns: ['section_name', ...] """ kwargs = {'issuer': issuer} if not permission.has_permission(issuer=issuer, action='config_sections', kwargs=kwargs): raise exception.AccessDenied('%s cannot retrieve sections' % issuer) return config.sections()
def list_replicas(dids, schemes=None, unavailable=False, request_id=None, ignore_availability=True, all_states=False, rse_expression=None, client_location=None, domain=None, signature_lifetime=None, resolve_archives=True, resolve_parents=False, issuer=None): """ List file replicas for a list of data identifiers. :param dids: The list of data identifiers (DIDs). :param schemes: A list of schemes to filter the replicas. (e.g. file, http, ...) :param unavailable: Also include unavailable replicas in the list. :param request_id: ID associated with the request for debugging. :param all_states: Return all replicas whatever state they are in. Adds an extra 'states' entry in the result dictionary. :param rse_expression: The RSE expression to restrict replicas on a set of RSEs. :param client_location: Client location dictionary for PFN modification {'ip', 'fqdn', 'site'} :param domain: The network domain for the call, either None, 'wan' or 'lan'. Compatibility fallback: None falls back to 'wan'. :param signature_lifetime: If supported, in seconds, restrict the lifetime of the signed PFN. :param resolve_archives: When set to True, find archives which contain the replicas. :param resolve_parents: When set to True, find all parent datasets which contain the replicas. :param issuer: The issuer account. """ validate_schema(name='r_dids', obj=dids) # Allow selected authenticated users to retrieve signed URLs. # Unauthenticated users, or permission-less users will get the raw URL without the signature. sign_urls = False if permission.has_permission(issuer=issuer, action='get_signed_url', kwargs={}): sign_urls = True return replica.list_replicas(dids=dids, schemes=schemes, unavailable=unavailable, request_id=request_id, ignore_availability=ignore_availability, all_states=all_states, rse_expression=rse_expression, client_location=client_location, domain=domain, sign_urls=sign_urls, signature_lifetime=signature_lifetime, resolve_archives=resolve_archives, resolve_parents=resolve_parents)
def add_section(section, issuer=None, vo='def'): """ Add a section to the configuration. :param section: The name of the section. :param issuer: The issuer account. :param vo: The VO to act on. """ kwargs = {'issuer': issuer, 'section': section} if not permission.has_permission(issuer=issuer, vo=vo, action='config_add_section', kwargs=kwargs): raise exception.AccessDenied('%s cannot add section %s' % (issuer, section)) return config.add_section(section)
def has_section(section, issuer=None): """ Indicates whether the named section is present in the configuration. :param section: The name of the section. :param issuer: The issuer account. :returns: True/False """ kwargs = {'issuer': issuer, 'section': section} if not permission.has_permission(issuer=issuer, action='config_has_section', kwargs=kwargs): raise exception.AccessDenied('%s cannot check existence of section %s' % (issuer, section)) return config.has_section(section)
def del_rse(rse, issuer): """ Disables a RSE with the provided RSE name. :param rse: The RSE name. :param issuer: The issuer account. """ kwargs = {'rse': rse} if not permission.has_permission(issuer=issuer, action='del_rse', kwargs=kwargs): raise exception.AccessDenied('Account %s can not delete RSE' % (issuer)) return rse_module.del_rse(rse)
def remove_section(section, issuer=None): """ Remove the specified option from the specified section. :param section: The name of the section. :param issuer: The issuer account. :returns: True/False. """ kwargs = {'issuer': issuer, 'section': section} if not permission.has_permission(issuer=issuer, action='config_remove_section', kwargs=kwargs): raise exception.AccessDenied('%s cannot remove section %s' % (issuer, section)) return config.remove_section(section)
def move_replication_rule(rule_id, rse_expression, override, issuer, vo='def', session=None): """ Move a replication rule to another RSE and, once done, delete the original one. :param rule_id: Rule to be moved. :param rse_expression: RSE expression of the new rule. :param override: Configurations to update for the new rule. :param session: The DB Session. :param vo: The VO to act on. :raises: RuleNotFound, RuleReplaceFailed, InvalidRSEExpression, AccessDenied """ kwargs = { 'rule_id': rule_id, 'rse_expression': rse_expression, 'override': override, } if is_multi_vo( session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session): raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer)) if not has_permission(issuer=issuer, vo=vo, action='move_rule', kwargs=kwargs, session=session): raise AccessDenied('Account %s can not move this replication rule.' % (issuer)) return rule.move_rule(**kwargs, session=session)
def add_protocol(rse, issuer, **data): """ Creates a new protocol entry for an existing RSE. :param rse: The RSE name. :param issuer: The issuer account. :param data: Parameters (protocol identifier, port, hostname, ...) provided by the request. """ kwargs = {'rse': rse} if not permission.has_permission(issuer=issuer, action='add_protocol', kwargs=kwargs): raise exception.AccessDenied('Account %s can not add protocols to RSE %s' % (issuer, rse)) rse_module.add_protocol(rse, data['data'])
def update_replication_rule(rule_id, options, issuer): """ Update lock state of a replication rule. :param rule_id: The rule_id to lock. :param options: Options dictionary. :param issuer: The issuing account of this operation :raises: RuleNotFound if no Rule can be found. """ kwargs = {'rule_id': rule_id, 'options': options} if not has_permission(issuer=issuer, action='update_rule', kwargs=kwargs): raise AccessDenied('Account %s can not update this replication rule.' % (issuer)) rule.update_rule(rule_id=rule_id, options=options)
def sections(issuer=None): """ Return a list of the sections available. :param issuer: The issuer account. :returns: ['section_name', ...] """ kwargs = {'issuer': issuer} if not permission.has_permission( issuer=issuer, action='config_sections', kwargs=kwargs): raise exception.AccessDenied('%s cannot retrieve sections' % issuer) return config.sections()
def delete_replication_rule(rule_id, purge_replicas, issuer): """ Deletes a replication rule and all associated locks. :param rule_id: The id of the rule to be deleted :param issuer: The issuing account of this operation :raises: RuleNotFound, AccessDenied """ kwargs = {'rule_id': rule_id, 'purge_replicas': purge_replicas} if not has_permission(issuer=issuer, action='del_rule', kwargs=kwargs): raise AccessDenied('Account %s can not remove this replication rule.' % (issuer)) rule.delete_rule(rule_id=rule_id, purge_replicas=purge_replicas, soft=True)
def move_replication_rule(rule_id, rse_expression, issuer): """ Move a replication rule to another RSE and, once done, delete the original one. :param rule_id: Rule to be moved. :param rse_expression: RSE expression of the new rule. :param session: The DB Session. :raises: RuleNotFound, RuleReplaceFailed """ kwargs = {'rule_id': rule_id, 'rse_expression': rse_expression} if not has_permission(issuer=issuer, action='move_rule', kwargs=kwargs): raise AccessDenied('Account %s can not move this replication rule.' % (issuer)) return rule.move_rule(rule_id=rule_id, rse_expression=rse_expression)
def get_replication_rule(rule_id, issuer, estimate_ttc=None, vo='def'): """ Get replication rule by it's id. :param rule_id: The rule_id to get. :param issuer: The issuing account of this operation. :param vo: The VO of the issuer. """ kwargs = {'rule_id': rule_id} if not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs): raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer)) result = rule.get_rule(rule_id, estimate_ttc) return api_update_return_dict(result)
def update_exception(exception_id, state, issuer, vo='def'): """ Update exceptions state to Lifetime Model. :param id: The id of the exception. :param state: The states to filter. :param issuer: The issuer account. :param vo: The VO to act on. """ kwargs = {'exception_id': exception_id, 'vo': vo} if not permission.has_permission(issuer=issuer, vo=vo, action='update_lifetime_exceptions', kwargs=kwargs): raise exception.AccessDenied('Account %s can not update lifetime exceptions' % (issuer)) return lifetime_exception.update_exception(exception_id=exception_id, state=state)
def del_identity(identity_key, id_type, issuer): """ Deletes a user identity. :param identity_key: The identity key name. For example x509 DN, or a username. :param id_type: The type of the authentication (x509, gss, userpass, ssh, saml). :param issuer: The issuer account. """ id_type = IdentityType.from_sym(id_type) kwargs = {'accounts': identity.list_accounts_for_identity(identity_key, id_type)} if not permission.has_permission(issuer=issuer, action='del_identity', kwargs=kwargs): raise exception.AccessDenied('Account %s can not delete identity' % (issuer)) return identity.del_identity(identity_key, id_type)
def options(section, issuer=None): """ Returns a list of options available in the specified section. :param section: The name of the section. :param issuer: The issuer account. :returns: ['option', ...] """ kwargs = {'issuer': issuer, 'section': section} if not permission.has_permission(issuer=issuer, action='config_options', kwargs=kwargs): raise exception.AccessDenied('%s cannot retrieve options from section %s' % (issuer, section)) return config.options(section)
def list_heartbeats(issuer=None, vo='def'): """ Return a list of tuples of all heartbeats. :param issuer: The issuer account. :param vo: the VO for the issuer. :returns: List of tuples [('Executable', 'Hostname', ...), ...] """ kwargs = {'issuer': issuer} if not permission.has_permission(issuer=issuer, vo=vo, action='list_heartbeats', kwargs=kwargs): raise exception.AccessDenied('%s cannot list heartbeats' % issuer) return heartbeat.list_heartbeats()
def add_files(lfns, issuer, ignore_availability): """ Bulk add files : - Create the file and replica. - If doesn't exist create the dataset containing the file as well as a rule on the dataset on ANY sites. - Create all the ascendants of the dataset if they do not exist :param lfns: List of lfn (dictionary {'lfn': <lfn>, 'rse': <rse>, 'bytes': <bytes>, 'adler32': <adler32>, 'guid': <guid>, 'pfn': <pfn>} :param issuer: The issuer account. :param ignore_availability: A boolean to ignore blacklisted sites. """ scopes = list_scopes() dids = [] rses = {} for lfn in lfns: scope, name = extract_scope(lfn['lfn'], scopes) dids.append({'scope': scope, 'name': name}) rse = lfn['rse'] if rse not in rses: rse_id = get_rse_id(rse=rse) rses[rse] = rse_id lfn['rse_id'] = rses[rse] # Check if the issuer can add dids and use skip_availabitlity for rse in rses: rse_id = rses[rse] kwargs = {'rse': rse, 'rse_id': rse_id} if not has_permission(issuer=issuer, action='add_replicas', kwargs=kwargs): raise AccessDenied('Account %s can not add file replicas on %s' % (issuer, rse)) if not has_permission(issuer=issuer, action='skip_availability_check', kwargs=kwargs): ignore_availability = False # Check if the issuer can add the files kwargs = {'issuer': issuer, 'dids': dids} if not has_permission(issuer=issuer, action='add_dids', kwargs=kwargs): raise AccessDenied('Account %s can not bulk add data identifier' % (issuer)) dirac.add_files(lfns=lfns, account=issuer, ignore_availability=ignore_availability, session=None)
def add_replicas(rse, files, issuer, ignore_availability=False): """ Bulk add file replicas. :param rse: The RSE name. :param files: The list of files. :param issuer: The issuer account. :param ignore_availability: Ignore the RSE blacklisting. :returns: True is successful, False otherwise """ for v_file in files: v_file.update( {"type": "FILE"}) # Make sure DIDs are identified as files for checking validate_schema(name='dids', obj=files) rse_id = get_rse_id(rse=rse) kwargs = {'rse': rse, 'rse_id': rse_id} if not permission.has_permission( issuer=issuer, action='add_replicas', kwargs=kwargs): raise exception.AccessDenied( 'Account %s can not add file replicas on %s' % (issuer, rse)) if not permission.has_permission( issuer=issuer, action='skip_availability_check', kwargs=kwargs): ignore_availability = False issuer = InternalAccount(issuer) for f in files: f['scope'] = InternalScope(f['scope']) if 'account' in f: f['account'] = InternalAccount(f['account']) replica.add_replicas(rse_id=rse_id, files=files, account=issuer, ignore_availability=ignore_availability)
def set(section, option, value, issuer=None): """ Set the given option to the specified value. :param section: The name of the section. :param option: The name of the option. :param value: The content of the value. :param issuer: The issuer account. """ kwargs = {'issuer': issuer, 'section': section, 'option': option, 'value': value} if not permission.has_permission(issuer=issuer, action='config_set', kwargs=kwargs): raise exception.AccessDenied('%s cannot set option %s to %s in section %s' % (issuer, option, value, section)) return config.set(section, option, value)
def queue_requests(requests, issuer): """ Submit transfer or deletion requests on destination RSEs for data identifiers. :param requests: List of dictionaries containing 'scope', 'name', 'dest_rse_id', 'request_type', 'attributes' :param issuer: Issuing account as a string. :returns: List of Request-IDs as 32 character hex strings """ kwargs = {'requests': requests, 'issuer': issuer} if not permission.has_permission(issuer=issuer, action='queue_requests', kwargs=kwargs): raise exception.AccessDenied('%(issuer)s can not queue request' % locals()) return request.queue_requests(requests)
def items(section, issuer=None): """ Return a list of (option, value) pairs for each option in the given section. Values are auto-coerced as in get(). :param section: The name of the section. :param value: The content of the value. :param issuer: The issuer account. :returns: [('option', auto-coerced value), ...] """ kwargs = {'issuer': issuer, 'section': section} if not permission.has_permission(issuer=issuer, action='config_items', kwargs=kwargs): raise exception.AccessDenied('%s cannot retrieve options and values from section %s' % (issuer, section)) return config.items(section)
def reduce_replication_rule(rule_id, copies, exclude_expression, issuer): """ Reduce the number of copies for a rule by atomically replacing the rule. :param rule_id: Rule to be reduced. :param copies: Number of copies of the new rule. :param exclude_expression: RSE Expression of RSEs to exclude. :param issuer: The issuing account of this operation :raises: RuleReplaceFailed, RuleNotFound """ kwargs = {'rule_id': rule_id, 'copies': copies, 'exclude_expression': exclude_expression} if not has_permission(issuer=issuer, action='reduce_rule', kwargs=kwargs): raise AccessDenied('Account %s can not reduce this replication rule.' % (issuer)) return rule.reduce_rule(rule_id=rule_id, copies=copies, exclude_expression=exclude_expression)
def update_replication_rule(rule_id, options, issuer): """ Update lock state of a replication rule. :param rule_id: The rule_id to lock. :param options: Options dictionary. :param issuer: The issuing account of this operation :raises: RuleNotFound if no Rule can be found. """ kwargs = {'rule_id': rule_id, 'options': options} if 'approve' in options: if not has_permission(issuer=issuer, action='approve_rule', kwargs=kwargs): raise AccessDenied('Account %s can not approve/deny this replication rule.' % (issuer)) issuer = InternalAccount(issuer) if options['approve']: rule.approve_rule(rule_id=rule_id, approver=issuer) else: rule.deny_rule(rule_id=rule_id, approver=issuer, reason=options.get('comment', None)) else: if not has_permission(issuer=issuer, action='update_rule', kwargs=kwargs): raise AccessDenied('Account %s can not update this replication rule.' % (issuer)) rule.update_rule(rule_id=rule_id, options=options)
def cancel_request(request_id, issuer, account): """ Cancel a request. :param request_id: Request Identifier as a 32 character hex string. :param issuer: Issuing account as a string. :param account: Account identifier as a string. """ kwargs = {'account': account, 'issuer': issuer, 'request_id': request_id} if not permission.has_permission(issuer=issuer, action='cancel_request_', kwargs=kwargs): raise exception.AccessDenied('%s cannot cancel request %s' % (account, request_id)) raise NotImplementedError
def update_vo(updated_vo, parameters, issuer, vo='def'): """ Update VO properties (email, description). :param updated_vo: The VO to update. :param parameters: A dictionary with the new properties. :param issuer: The user issuing the command. :param vo: The VO of the user issusing the command. """ kwargs = {} if not has_permission(issuer=issuer, action='update_vo', kwargs=kwargs, vo=vo): raise exception.AccessDenied('Account {} cannot update VO'.format(issuer)) return vo_core.update_vo(vo=updated_vo, parameters=parameters)
def has_option(section, option, issuer=None): """ Check if the given section exists and contains the given option. :param section: The name of the section. :param option: The name of the option. :param issuer: The issuer account. :returns: True/False """ kwargs = {'issuer': issuer, 'section': section, 'option': option} if not permission.has_permission(issuer=issuer, action='config_has_option', kwargs=kwargs): raise exception.AccessDenied('%s cannot check existence of option %s from section %s' % (issuer, option, section)) return config.has_option(section, option)
def cancel_request(request_id, issuer, account): """ Cancel a request. :param request_id: Request Identifier as a 32 character hex string. :param issuer: Issuing account as a string. :param account: Account identifier as a string. """ kwargs = {'account': account, 'issuer': issuer, 'request_id': request_id} if not permission.has_permission(issuer=issuer, action='cancel_request_', kwargs=kwargs): raise exception.AccessDenied('%(account)s cannot cancel request %s(request_id)s' % locals()) return request.cancel_request(request_id)
def add_value(key, value, issuer, vo='def'): """ Add a new value to a key. :param key: the name for the key. :param value: the value. :param vo: the vo to act on. """ kwargs = {'key': key, 'value': value} if not has_permission( issuer=issuer, vo=vo, action='add_value', kwargs=kwargs): raise AccessDenied('Account %s can not add value %s to key %s' % (issuer, value, key)) return meta.add_value(key=key, value=value)
def import_data(data, issuer, vo='def'): """ Import data to add/update/delete records in Rucio. :param data: data to be imported. :param issuer: the issuer. :param vo: the VO of the issuer. """ kwargs = {'issuer': issuer} validate_schema(name='import', obj=data) if not permission.has_permission(issuer=issuer, vo=vo, action='import', kwargs=kwargs): raise exception.AccessDenied('Account %s can not import data' % issuer) return importer.import_data(data, vo=vo)
def list_replication_rule_history(rule_id, issuer, vo='def'): """ Lists replication rule history.. :param rule_id: The rule_id to list. :param issuer: The issuing account of this operation. :param vo: The VO of the issuer. """ kwargs = {'rule_id': rule_id} if is_multi_vo() and not has_permission( issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs): raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer)) return rule.list_rule_history(rule_id)
def set_tombstone(rse, scope, name, issuer): """ Sets a tombstone on one replica. :param rse: name of the RSE. :param scope: scope of the replica DID. :param name: name of the replica DID. :param issuer: The issuer account """ if not permission.has_permission( issuer=issuer, action='set_tombstone', kwargs={}): raise exception.AccessDenied('Account %s can not set tombstones' % (issuer)) replica.set_tombstone(rse, scope, name)
def list_vos(issuer, vo='def'): ''' List the VOs. :param issuer: The user issuing the command. :param vo: The vo of the user issuing the command. ''' kwargs = {} if not has_permission( issuer=issuer, action='list_vos', kwargs=kwargs, vo=vo): raise exception.AccessDenied( 'Account {} cannot list VOs'.format(issuer)) return vo_core.list_vos()
def update_rse(rse, parameters, issuer): """ Update RSE properties like availability or name. :param rse: the name of the new rse. :param parameters: A dictionnary with property (name, read, write, delete as keys). :param issuer: The issuer account. :raises RSENotFound: If RSE is not found. """ kwargs = {'rse': rse} if not permission.has_permission(issuer=issuer, action='update_rse', kwargs=kwargs): raise exception.AccessDenied('Account %s can not update RSE' % (issuer)) return rse_module.update_rse(rse=rse, parameters=parameters)
def add_replication_rule(dids, copies, rse_expression, weight, lifetime, grouping, account, locked, subscription_id, source_replica_expression, activity, notify, purge_replicas, ignore_availability, issuer): """ Adds a replication rule. :param dids: The data identifier set. :param copies: The number of replicas. :param rse_expression: Boolean string expression to give the list of RSEs. :param weight: If the weighting option of the replication rule is used, the choice of RSEs takes their weight into account. :param lifetime: The lifetime of the replication rules (in seconds). :param grouping: ALL - All files will be replicated to the same RSE. DATASET - All files in the same dataset will be replicated to the same RSE. NONE - Files will be completely spread over all allowed RSEs without any grouping considerations at all. :param account: The account owning the rule. :param locked: If the rule is locked, it cannot be deleted. :param subscription_id: The subscription_id, if the rule is created by a subscription. :param source_replica_expression: Only use replicas from this RSE as sources. :param activity: Activity to be passed on to the conveyor. :param notify: Notification setting of the rule. :purge purge_replicas: The purge setting to delete replicas immediately after rule deletion. :param ignore_availability: Option to ignore the availability of RSEs. :param issuer: The issuing account of this operation. :returns: List of created replication rules. """ if account is None: account = issuer kwargs = {'dids': dids, 'copies': copies, 'rse_expression': rse_expression, 'weight': weight, 'lifetime': lifetime, 'grouping': grouping, 'account': account, 'locked': locked, 'subscription_id': subscription_id, 'source_replica_expression': source_replica_expression, 'notify': notify, 'activity': activity, 'purge_replicas': purge_replicas, 'ignore_availability': ignore_availability} validate_schema(name='activity', obj=kwargs['activity']) if not has_permission(issuer=issuer, action='add_rule', kwargs=kwargs): raise AccessDenied('Account %s can not add replication rule' % (issuer)) return rule.add_rule(account=account, dids=dids, copies=copies, rse_expression=rse_expression, grouping=grouping, weight=weight, lifetime=lifetime, locked=locked, subscription_id=subscription_id, source_replica_expression=source_replica_expression, activity=activity, notify=notify, purge_replicas=purge_replicas, ignore_availability=ignore_availability)
def submit_deletion(url, issuer, account): """ Submit a deletion request to a deletiontool. :param url: URL acceptable to deletiontool as a string. :param issuer: Issuing account as a string. :param account: Account identifier as a string. :returns: Deletiontool external ID. """ kwargs = {'account': account, 'issuer': issuer, 'url': url} if not permission.has_permission(issuer=issuer, action='submit_deletion', kwargs=kwargs): raise exception.AccessDenied('%(account)s can not delete' % locals()) return request.submit_deletion(url)
def update_protocols(rse, scheme, data, issuer, hostname=None, port=None): """ Updates all provided attributes for all matching protocol entries of the given RSE.. :param rse: The RSE name. :param issuer: The issuer account. :param scheme: The protocol identifier. :param data: A dict including the attributes of the protocol to be updated. Keys must match the column names in the database. :param hostname: The hostname (to be used if more then one protocol using the same identifier are present) :param port: The port (to be used if more than one protocol using the same identifier and hostname are present) """ kwargs = {'rse': rse} if not permission.has_permission(issuer=issuer, action='update_protocol', kwargs=kwargs): raise exception.AccessDenied('Account %s can not update protocols from RSE %s' % (issuer, rse)) rse_module.update_protocols(rse, scheme=scheme, hostname=hostname, port=port, data=data)
def del_rse_attribute(rse, key, issuer): """ Delete a RSE attribute. :param rse: the name of the rse_module. :param key: the attribute key. :return: True if RSE attribute was deleted successfully, False otherwise. """ kwargs = {'rse': rse, 'key': key} if not permission.has_permission(issuer=issuer, action='del_rse_attribute', kwargs=kwargs): raise exception.AccessDenied('Account %s can not delete RSE attributes' % (issuer)) return rse_module.del_rse_attribute(rse=rse, key=key)
def query_request(request_id, issuer, account): """ Query the status of a request. :param request_id: Request-ID as a 32 character hex string. :param issuer: Issuing account as a string. :param account: Account identifier as a string. :returns: Request status information as a dictionary. """ kwargs = {'account': account, 'issuer': issuer, 'request_id': request_id} if not permission.has_permission(issuer=issuer, action='query_request', kwargs=kwargs): raise exception.AccessDenied('%(account)s cannot query request %s(request_id)s' % locals()) return request.query_request(request_id)
def set_rse_limits(rse, name, value, issuer): """ Set RSE limits. :param rse: The RSE name. :param name: The name of the limit. :param value: The feature value. Set to -1 to remove the limit. :param issuer: The issuer account. :returns: True if successful, otherwise false. """ kwargs = {'rse': rse} if not permission.has_permission(issuer=issuer, action='set_rse_limits', kwargs=kwargs): raise exception.AccessDenied('Account %s can not update RSE limits for RSE %s' % (issuer, rse)) return rse_module.set_rse_limits(rse=rse, name=name, value=value)
def add_account_identity(identity_key, type, account, email, issuer, default=False): """ Adds a membership association between identity and account. :param identity_key: The identity key name. For example x509 DN, or a username. :param type: The type of the authentication (x509, gss, userpass). :param account: The account name. :param email: The Email address associated with the identity. :param issuer: The issuer account. :param default: If True, the account should be used by default with the provided identity. """ kwargs = {'identity': identity_key, 'type': type, 'account': account} if not permission.has_permission(issuer=issuer, action='add_account_identity', kwargs=kwargs): raise exception.AccessDenied('Account %s can not add account identity' % (issuer)) return identity.add_account_identity(identity=identity_key, type=IdentityType.from_sym(type), default=default, email=email, account=account)
def del_protocols(rse, scheme, issuer, hostname=None, port=None): """ Deletes all matching protocol entries for the given RSE.. :param rse: The RSE name. :param issuer: The issuer account. :param scheme: The protocol identifier. :param hostname: The hostname (to be used if more then one protocol using the same identifier are present) :param port: The port (to be used if more than one protocol using the same identifier and hostname are present) """ kwargs = {'rse': rse} if not permission.has_permission(issuer=issuer, action='del_protocol', kwargs=kwargs): raise exception.AccessDenied('Account %s can not delete protocols from RSE %s' % (issuer, rse)) rse_module.del_protocols(rse, scheme=scheme, hostname=hostname, port=port)
def add_rse_attribute(rse, key, value, issuer): """ Adds a RSE attribute. :param rse: the rse name. :param key: the key name. :param value: the value name. :param issuer: The issuer account. returns: True if successful, False otherwise. """ kwargs = {'rse': rse, 'key': key, 'value': value} if not permission.has_permission(issuer=issuer, action='add_rse_attribute', kwargs=kwargs): raise exception.AccessDenied('Account %s can not add RSE attributes' % (issuer)) return rse_module.add_rse_attribute(rse=rse, key=key, value=value)
def get_request_by_did(scope, name, rse, issuer): """ Retrieve a request by its DID for a destination RSE. :param scope: The scope of the data identifier as a string. :param name: The name of the data identifier as a string. :param rse: The destination RSE of the request as a string. :param issuer: Issuing account as a string. :returns: Request as a dictionary. """ kwargs = {'scope': scope, 'name': name, 'rse': rse, 'issuer': issuer} if not permission.has_permission(issuer=issuer, action='get_request_by_did', kwargs=kwargs): raise exception.AccessDenied('%(issuer)s cannot retrieve the request DID %(scope)s:%(name)s to RSE %(rse)s' % locals()) return request.get_request_by_did(scope, name, rse)
def get_next(request_type, state, issuer, account): """ Retrieve the next request matching the request type and state. :param request_type: Type of the request as a string. :param state: State of the request as a string. :param issuer: Issuing account as a string. :param account: Account identifier as a string. :returns: Request as a dictionary. """ kwargs = {'account': account, 'issuer': issuer, 'request_type': request_type, 'state': state} if not permission.has_permission(issuer=issuer, action='get_next', kwargs=kwargs): raise exception.AccessDenied('%(account)s cannot get the next request of type %(request_type)s in state %(state)s' % locals()) return request.get_next(request_type, state)
def cancel_request_did(scope, name, dest_rse, request_type, issuer, account): """ Cancel a request based on a DID and request type. :param scope: Data identifier scope as a string. :param name: Data identifier name as a string. :param dest_rse: RSE name as a string. :param request_type: Type of the request as a string. :param issuer: Issuing account as a string. :param account: Account identifier as a string. """ kwargs = {'account': account, 'issuer': issuer} if not permission.has_permission(issuer=issuer, action='cancel_request_did', kwargs=kwargs): raise exception.AccessDenied('%(account)s cannot cancel %(request_type)s request for %(scope)s:%(name)s' % locals()) return request.cancel_request_did(scope, name, dest_rse, request_type)
def get(section, option, issuer=None): """ Get an option value for the named section. Value can be auto-coerced to int, float, and bool; string otherwise. Caveat emptor: Strings, regardless the case, matching 'on'/off', 'true'/'false', 'yes'/'no' are converted to bool. 0/1 are converted to int, and not to bool. :param section: The name of the section. :param option: The name of the option. :param issuer: The issuer account. :returns: The auto-coerced value. """ kwargs = {'issuer': issuer, 'section': section, 'option': option} if not permission.has_permission(issuer=issuer, action='config_get', kwargs=kwargs): raise exception.AccessDenied('%s cannot retrieve option %s from section %s' % (issuer, option, section)) return config.get(section, option)