lsst-ctrl-bps-panda 29.2025.4100__py3-none-any.whl → 29.2025.4300__py3-none-any.whl

lsst/ctrl/bps/panda/cli/cmd/__init__.py

@@ -25,6 +25,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-__all__ = ["clean", "reset", "status"]
+__all__ = ["clean", "reset", "refresh", "status"]
 
-from .panda_auth_commands import clean, reset, status
+from .panda_auth_commands import clean, reset, refresh, status

lsst/ctrl/bps/panda/cli/cmd/panda_auth_commands.py

@@ -28,6 +28,7 @@
 
 __all__ = [
     "clean",
+    "refresh",
     "reset",
     "status",
 ]
@@ -37,7 +38,12 @@ import click
 
 from lsst.daf.butler.cli.utils import MWCommand
 
-from ...panda_auth_drivers import panda_auth_clean_driver, panda_auth_reset_driver, panda_auth_status_driver
+from ...panda_auth_drivers import (
+    panda_auth_clean_driver,
+    panda_auth_refresh_driver,
+    panda_auth_reset_driver,
+    panda_auth_status_driver,
+)
 
 
 class PandaAuthCommand(MWCommand):
@@ -62,3 +68,13 @@ def reset(*args, **kwargs):
 def clean(*args, **kwargs):
     """Clean up token and token cache files."""
     panda_auth_clean_driver(*args, **kwargs)
+
+
+@click.command(cls=PandaAuthCommand)
+@click.option("--days", default=4, help="The earlist remaining days to refresh the token.")
+@click.option("--verbose", is_flag=True, help="Enable verbose output")
+def refresh(*args, **kwargs):
+    """Refresh auth tocken."""
+    days = kwargs.get("days", 4)
+    verbose = kwargs.get("verbose", False)
+    panda_auth_refresh_driver(days, verbose)

lsst/ctrl/bps/panda/panda_auth_drivers.py

@@ -33,6 +33,7 @@ the subcommand method.
 
 __all__ = [
     "panda_auth_clean_driver",
+    "panda_auth_refresh_driver",
     "panda_auth_reset_driver",
     "panda_auth_status_driver",
 ]
@@ -41,7 +42,19 @@ __all__ = [
 import logging
 from datetime import datetime
 
-from .panda_auth_utils import panda_auth_clean, panda_auth_status, panda_auth_update
+from lsst.ctrl.bps.panda.panda_exceptions import (
+    PandaAuthError,
+    TokenExpiredError,
+    TokenNotFoundError,
+    TokenTooEarlyError,
+)
+
+from .panda_auth_utils import (
+    panda_auth_clean,
+    panda_auth_refresh,
+    panda_auth_status,
+    panda_auth_update,
+)
 
 _LOG = logging.getLogger(__name__)
 
@@ -56,6 +69,20 @@ def panda_auth_reset_driver():
     panda_auth_update(None, True)
 
 
+def panda_auth_refresh_driver(days, verbose):
+    """Refresh auth token."""
+    try:
+        panda_auth_refresh(days, verbose)
+    except TokenNotFoundError as e:
+        print(f"[ERROR] {e}")
+    except TokenExpiredError as e:
+        print(f"[ERROR] {e}")
+    except TokenTooEarlyError as e:
+        print(f"[INFO] {e}")
+    except PandaAuthError as e:
+        print(f"[FAIL] {e}")
+
+
 def panda_auth_status_driver():
     """Gather information about a token if it exists."""
     status = panda_auth_status()

lsst/ctrl/bps/panda/panda_auth_utils.py

@@ -30,19 +30,32 @@
 __all__ = [
     "panda_auth_clean",
     "panda_auth_expiration",
+    "panda_auth_refresh",
     "panda_auth_setup",
     "panda_auth_status",
     "panda_auth_update",
 ]
 
 
+import base64
+import json
 import logging
 import os
+from datetime import UTC, datetime, timedelta
 
 import idds.common.utils as idds_utils
 import pandaclient.idds_api
 from pandaclient.openidc_utils import OpenIdConnect_Utils
 
+from lsst.ctrl.bps.panda.panda_exceptions import (
+    AuthConfigError,
+    PandaAuthError,
+    TokenExpiredError,
+    TokenNotFoundError,
+    TokenRefreshError,
+    TokenTooEarlyError,
+)
+
 _LOG = logging.getLogger(__name__)
 
 
@@ -151,3 +164,87 @@ def panda_auth_update(idds_server=None, reset=False):
         # idds server given.  So for now, check result string for keywords.
         if "request_id" not in ret[1][-1] or "status" not in ret[1][-1]:
             raise RuntimeError(f"Error contacting PanDA service: {ret}")
+
+
+def panda_auth_refresh(days=4, verbose=False):
+    """
+    Refresh the current valid IAM OpenID authentication token.
+
+    This function checks the expiration time of the existing token stored
+    in the local token file and attempts to refresh it if it is close to
+    expiring (within a specified number of days).
+
+    Parameters
+    ----------
+    days : `int`, optional
+        The minimum number of days before token expiration to trigger a
+        refresh. If the token expires in more than this number of days,
+        the refresh is skipped. Default is 4.
+    verbose : `bool`, optional
+        If True, enables verbose output for debugging or logging.
+        Default is False.
+
+    Returns
+    -------
+    status: `dict`
+        A dictionary containing the refreshed token status
+    """
+    panda_url = os.environ.get("PANDA_URL")
+    panda_auth_vo = os.environ.get("PANDA_AUTH_VO")
+
+    if not panda_url or not panda_auth_vo:
+        raise PandaAuthError("Missing required environment variables: PANDA_URL or PANDA_AUTH_VO")
+
+    url_prefix = panda_url.split("/server", 1)[0]
+    auth_url = f"{url_prefix}/auth/{panda_auth_vo}_auth_config.json"
+    open_id = OpenIdConnect_Utils(auth_url, log_stream=_LOG, verbose=verbose)
+
+    token_file = open_id.get_token_path()
+    if not os.path.exists(token_file):
+        raise TokenNotFoundError("Cannot find token file. Use 'panda_auth reset' to obtain a new token.")
+
+    with open(token_file) as f:
+        data = json.load(f)
+    enc = data["id_token"].split(".")[1]
+    enc += "=" * (-len(enc) % 4)
+    dec = json.loads(base64.urlsafe_b64decode(enc.encode()))
+    exp_time = datetime.fromtimestamp(dec["exp"], tz=UTC)
+    delta = exp_time - datetime.now(UTC)
+    minutes = delta.total_seconds() / 60
+    print(f"Token will expire in {minutes} minutes.")
+    print(f"Token expiration time : {exp_time.strftime('%Y-%m-%d %H:%M:%S')} UTC")
+    if delta < timedelta(minutes=0):
+        raise TokenExpiredError("Token already expired. Cannot refresh.")
+    elif delta > timedelta(days=days):
+        raise TokenTooEarlyError(
+            f"Too early to refresh. More than {days} day(s) until expiration.\n"
+            f"Use '--days' option to adjust threshold, e.g.:\n"
+            f"  panda_auth refresh --days 10"
+        )
+
+    refresh_token_string = data["refresh_token"]
+
+    s, auth_config = open_id.fetch_page(open_id.auth_config_url)
+    if not s:
+        raise AuthConfigError("Failed to get Auth configuration.")
+
+    s, endpoint_config = open_id.fetch_page(auth_config["oidc_config_url"])
+    if not s:
+        raise AuthConfigError("Failed to get endpoint configuration.")
+
+    s, o = open_id.refresh_token(
+        endpoint_config["token_endpoint"],
+        auth_config["client_id"],
+        auth_config["client_secret"],
+        refresh_token_string,
+    )
+
+    if not s:
+        raise TokenRefreshError("Failed to refresh token.")
+
+    status = panda_auth_status()
+    if status:
+        exp_time = datetime.fromtimestamp(status["exp"], tz=UTC)
+        print(f"{'New expiration time:':23} {exp_time.strftime('%Y-%m-%d %H:%M:%S')} UTC")
+    print("Success to refresh token")
+    return status

lsst/ctrl/bps/panda/panda_exceptions.py

@@ -0,0 +1,34 @@
+class PandaAuthError(Exception):
+    """Base class for authentication errors."""
+
+    pass
+
+
+class TokenNotFoundError(PandaAuthError):
+    """Raised when the token file is missing."""
+
+    pass
+
+
+class TokenExpiredError(PandaAuthError):
+    """Raised when the token has already expired."""
+
+    pass
+
+
+class TokenTooEarlyError(PandaAuthError):
+    """Raised when attempting to refresh too early."""
+
+    pass
+
+
+class AuthConfigError(PandaAuthError):
+    """Raised when fetching the auth or endpoint configuration fails."""
+
+    pass
+
+
+class TokenRefreshError(PandaAuthError):
+    """Raised when token refresh fails."""
+
+    pass

lsst/ctrl/bps/panda/version.py

@@ -1,2 +1,2 @@
 __all__ = ["__version__"]
-__version__ = "29.2025.4100"
+__version__ = "29.2025.4300"

{lsst_ctrl_bps_panda-29.2025.4100.dist-info → lsst_ctrl_bps_panda-29.2025.4300.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lsst-ctrl-bps-panda
-Version: 29.2025.4100
+Version: 29.2025.4300
 Summary: PanDA plugin for lsst-ctrl-bps.
 Author-email: Rubin Observatory Data Management <dm-admin@lists.lsst.org>
 License: BSD 3-Clause License

{lsst_ctrl_bps_panda-29.2025.4100.dist-info → lsst_ctrl_bps_panda-29.2025.4300.dist-info}/RECORD

@@ -1,15 +1,16 @@
 lsst/ctrl/bps/panda/__init__.py,sha256=oApEOBGMuIv98uQvcDf6DLVvrbD6_8p9o0m2YPTenPY,1351
 lsst/ctrl/bps/panda/cmd_line_embedder.py,sha256=_gyqWQQxM8ZtZzQbWlOdgjfgrotrwV3sFvwWXxe-jfQ,6778
 lsst/ctrl/bps/panda/constants.py,sha256=hhV1CDHW9G-Z6z2wGaAc41EMlJ-yn2NN3A8psDyjTkw,1907
-lsst/ctrl/bps/panda/panda_auth_drivers.py,sha256=Ff0QsrTgQYbHDCK89_Gayu_2ZC1i3RRt-Dnnx10b8G4,2558
-lsst/ctrl/bps/panda/panda_auth_utils.py,sha256=wb-vlB9jvabVIHKlqukE1vILO_0Q9iixE3xXyROeN2s,5093
+lsst/ctrl/bps/panda/panda_auth_drivers.py,sha256=LoD-tP990ELmVks3Vxv76jm4a8j3h3cNRTNX2XtFGHk,3163
+lsst/ctrl/bps/panda/panda_auth_utils.py,sha256=kJnevhvjvUegbXfAyiVcoxinONsc_TJqfK4neTmcN5k,8544
+lsst/ctrl/bps/panda/panda_exceptions.py,sha256=HcOKWMuG79c16Y9j7IJbp990k4DBQ54e7haY1Fsl6XQ,629
 lsst/ctrl/bps/panda/panda_service.py,sha256=5briN6eFJ9RolV2PM5Y_OguiB-7844Pu-FSBO0QyhM8,18935
 lsst/ctrl/bps/panda/utils.py,sha256=H_dTQSHgvr3TTav97NsWM040T7DhG_57g_CIaGtIniA,41060
-lsst/ctrl/bps/panda/version.py,sha256=imQpc8l8n1Xj3guWKoFaXrBR3HnAY8jkMITBuZx-5DA,55
+lsst/ctrl/bps/panda/version.py,sha256=pmH-QwBOGm7hpNEwNmgwgFuJ9J8NNZQ81N3RGqBJ3YU,55
 lsst/ctrl/bps/panda/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 lsst/ctrl/bps/panda/cli/panda_auth.py,sha256=i54ati_HoKSlyslQRBl7QpX1w5z8MjSfHHMpT43ZeXQ,2055
-lsst/ctrl/bps/panda/cli/cmd/__init__.py,sha256=WVcBiZ3z9rnG4FOsYMgp1QYGwlkM9n_edpMbGDBvCrs,1393
-lsst/ctrl/bps/panda/cli/cmd/panda_auth_commands.py,sha256=BdLaURmUs5QIqNSDsGXHBUuqGpY-DxmTgCW5ZnERNHk,2219
+lsst/ctrl/bps/panda/cli/cmd/__init__.py,sha256=QNhn-2QmXHKVUgwmtuX7wnDv3qOUuU_30juuM_2AGaE,1413
+lsst/ctrl/bps/panda/cli/cmd/panda_auth_commands.py,sha256=pdNpwBh9NEaMWEoMgzGC9wfqJbiEqoANuFSxtIW4Tas,2666
 lsst/ctrl/bps/panda/conf_example/example_panda_SLAC.yaml,sha256=2ybJOm0Lmz-0QunoR-gYLptTowpr1761OKQHoGjGpVA,5855
 lsst/ctrl/bps/panda/conf_example/pipelines_check_idf.yaml,sha256=9bfRF0y4SMhlkh6OK1VEOMOG59ytv25AZSfg-Ia8YwQ,877
 lsst/ctrl/bps/panda/conf_example/test_idf.yaml,sha256=P-FLBEmKZ2o0QiR6w8GZ9AAAOPIQwQ_Z0IE5ttMRox0,399
@@ -18,12 +19,12 @@ lsst/ctrl/bps/panda/conf_example/test_usdf.yaml,sha256=WIbXCJZDaG7zYUHt7U96MUjUs
 lsst/ctrl/bps/panda/edgenode/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 lsst/ctrl/bps/panda/edgenode/build_cmd_line_decoder.py,sha256=CjB_ESDKLK67QPlcZHWoJzfaqgC733ih_iIQrwYkiUo,3067
 lsst/ctrl/bps/panda/edgenode/cmd_line_decoder.py,sha256=cqPeJLA7KfB7KnPTR-ykyEoHQ-_YE17h8_EfnqWA5eA,14616
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/licenses/COPYRIGHT,sha256=5ATATZSyXxMNKoJuCJdATg4YNm56ubTwU_hDbShxIWw,116
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/licenses/LICENSE,sha256=pRExkS03v0MQW-neNfIcaSL6aiAnoLxYgtZoFzQ6zkM,232
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/licenses/bsd_license.txt,sha256=7MIcv8QRX9guUtqPSBDMPz2SnZ5swI-xZMqm_VDSfxY,1606
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/licenses/gpl-v3.0.txt,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/METADATA,sha256=PpwmK4wGLQOCWgklUi7Y0kZHmhDGBdepQZYVreZIuHI,2375
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/top_level.txt,sha256=eUWiOuVVm9wwTrnAgiJT6tp6HQHXxIhj2QSZ7NYZH80,5
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
-lsst_ctrl_bps_panda-29.2025.4100.dist-info/RECORD,,
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/licenses/COPYRIGHT,sha256=5ATATZSyXxMNKoJuCJdATg4YNm56ubTwU_hDbShxIWw,116
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/licenses/LICENSE,sha256=pRExkS03v0MQW-neNfIcaSL6aiAnoLxYgtZoFzQ6zkM,232
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/licenses/bsd_license.txt,sha256=7MIcv8QRX9guUtqPSBDMPz2SnZ5swI-xZMqm_VDSfxY,1606
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/licenses/gpl-v3.0.txt,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/METADATA,sha256=omJhEQM4Bd2q6T_aHS41VNxzAGUdTWWCMXXJNiZw6i4,2375
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/top_level.txt,sha256=eUWiOuVVm9wwTrnAgiJT6tp6HQHXxIhj2QSZ7NYZH80,5
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1
+lsst_ctrl_bps_panda-29.2025.4300.dist-info/RECORD,,