PyPI - rucio - Versions diffs - 32.8.6__py3-none-any.whl → 35.8.0__py3-none-any.whl - Mend

rucio 32.8.6py3-none-any.whl → 35.8.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rucio might be problematic. Click here for more details.

Files changed (502) hide show

rucio/__init__.py +0 -1
rucio/alembicrevision.py +1 -2
rucio/client/__init__.py +0 -1
rucio/client/accountclient.py +45 -25
rucio/client/accountlimitclient.py +37 -9
rucio/client/baseclient.py +199 -154
rucio/client/client.py +2 -3
rucio/client/configclient.py +19 -6
rucio/client/credentialclient.py +9 -4
rucio/client/didclient.py +238 -63
rucio/client/diracclient.py +13 -5
rucio/client/downloadclient.py +162 -51
rucio/client/exportclient.py +4 -4
rucio/client/fileclient.py +3 -4
rucio/client/importclient.py +4 -4
rucio/client/lifetimeclient.py +21 -5
rucio/client/lockclient.py +18 -8
rucio/client/{metaclient.py → metaconventionsclient.py} +18 -15
rucio/client/pingclient.py +0 -1
rucio/client/replicaclient.py +15 -5
rucio/client/requestclient.py +35 -19
rucio/client/rseclient.py +133 -51
rucio/client/ruleclient.py +29 -22
rucio/client/scopeclient.py +8 -6
rucio/client/subscriptionclient.py +47 -35
rucio/client/touchclient.py +8 -4
rucio/client/uploadclient.py +166 -82
rucio/common/__init__.py +0 -1
rucio/common/cache.py +4 -4
rucio/common/config.py +52 -47
rucio/common/constants.py +69 -2
rucio/common/constraints.py +0 -1
rucio/common/didtype.py +24 -22
rucio/common/dumper/__init__.py +70 -41
rucio/common/dumper/consistency.py +26 -22
rucio/common/dumper/data_models.py +16 -23
rucio/common/dumper/path_parsing.py +0 -1
rucio/common/exception.py +281 -222
rucio/common/extra.py +0 -1
rucio/common/logging.py +54 -38
rucio/common/pcache.py +122 -101
rucio/common/plugins.py +153 -0
rucio/common/policy.py +4 -4
rucio/common/schema/__init__.py +17 -10
rucio/common/schema/atlas.py +7 -5
rucio/common/schema/belleii.py +7 -5
rucio/common/schema/domatpc.py +7 -5
rucio/common/schema/escape.py +7 -5
rucio/common/schema/generic.py +8 -6
rucio/common/schema/generic_multi_vo.py +7 -5
rucio/common/schema/icecube.py +7 -5
rucio/common/stomp_utils.py +0 -1
rucio/common/stopwatch.py +0 -1
rucio/common/test_rucio_server.py +2 -2
rucio/common/types.py +262 -17
rucio/common/utils.py +743 -451
rucio/core/__init__.py +0 -1
rucio/core/account.py +99 -29
rucio/core/account_counter.py +89 -24
rucio/core/account_limit.py +90 -24
rucio/core/authentication.py +86 -29
rucio/core/config.py +108 -38
rucio/core/credential.py +14 -7
rucio/core/did.py +680 -782
rucio/core/did_meta_plugins/__init__.py +8 -6
rucio/core/did_meta_plugins/did_column_meta.py +17 -12
rucio/core/did_meta_plugins/did_meta_plugin_interface.py +60 -11
rucio/core/did_meta_plugins/filter_engine.py +90 -50
rucio/core/did_meta_plugins/json_meta.py +41 -16
rucio/core/did_meta_plugins/mongo_meta.py +25 -8
rucio/core/did_meta_plugins/postgres_meta.py +3 -4
rucio/core/dirac.py +46 -17
rucio/core/distance.py +66 -43
rucio/core/exporter.py +5 -5
rucio/core/heartbeat.py +181 -81
rucio/core/identity.py +22 -12
rucio/core/importer.py +23 -12
rucio/core/lifetime_exception.py +32 -32
rucio/core/lock.py +244 -142
rucio/core/message.py +79 -38
rucio/core/{meta.py → meta_conventions.py} +57 -44
rucio/core/monitor.py +19 -13
rucio/core/naming_convention.py +68 -27
rucio/core/nongrid_trace.py +17 -5
rucio/core/oidc.py +151 -29
rucio/core/permission/__init__.py +18 -6
rucio/core/permission/atlas.py +50 -35
rucio/core/permission/belleii.py +6 -5
rucio/core/permission/escape.py +8 -6
rucio/core/permission/generic.py +82 -80
rucio/core/permission/generic_multi_vo.py +9 -7
rucio/core/quarantined_replica.py +91 -58
rucio/core/replica.py +1303 -772
rucio/core/replica_sorter.py +10 -12
rucio/core/request.py +1133 -285
rucio/core/rse.py +142 -102
rucio/core/rse_counter.py +49 -18
rucio/core/rse_expression_parser.py +6 -7
rucio/core/rse_selector.py +41 -16
rucio/core/rule.py +1538 -474
rucio/core/rule_grouping.py +213 -68
rucio/core/scope.py +50 -22
rucio/core/subscription.py +92 -44
rucio/core/topology.py +66 -24
rucio/core/trace.py +42 -28
rucio/core/transfer.py +543 -259
rucio/core/vo.py +36 -18
rucio/core/volatile_replica.py +59 -32
rucio/daemons/__init__.py +0 -1
rucio/daemons/abacus/__init__.py +0 -1
rucio/daemons/abacus/account.py +29 -19
rucio/daemons/abacus/collection_replica.py +21 -10
rucio/daemons/abacus/rse.py +22 -12
rucio/daemons/atropos/__init__.py +0 -1
rucio/daemons/atropos/atropos.py +1 -2
rucio/daemons/auditor/__init__.py +56 -28
rucio/daemons/auditor/hdfs.py +17 -6
rucio/daemons/auditor/srmdumps.py +116 -45
rucio/daemons/automatix/__init__.py +0 -1
rucio/daemons/automatix/automatix.py +30 -18
rucio/daemons/badreplicas/__init__.py +0 -1
rucio/daemons/badreplicas/minos.py +29 -18
rucio/daemons/badreplicas/minos_temporary_expiration.py +5 -7
rucio/daemons/badreplicas/necromancer.py +9 -13
rucio/daemons/bb8/__init__.py +0 -1
rucio/daemons/bb8/bb8.py +10 -13
rucio/daemons/bb8/common.py +151 -154
rucio/daemons/bb8/nuclei_background_rebalance.py +15 -9
rucio/daemons/bb8/t2_background_rebalance.py +15 -8
rucio/daemons/c3po/__init__.py +0 -1
rucio/daemons/c3po/algorithms/__init__.py +0 -1
rucio/daemons/c3po/algorithms/simple.py +8 -5
rucio/daemons/c3po/algorithms/t2_free_space.py +10 -7
rucio/daemons/c3po/algorithms/t2_free_space_only_pop.py +10 -7
rucio/daemons/c3po/algorithms/t2_free_space_only_pop_with_network.py +30 -15
rucio/daemons/c3po/c3po.py +81 -52
rucio/daemons/c3po/collectors/__init__.py +0 -1
rucio/daemons/c3po/collectors/agis.py +17 -17
rucio/daemons/c3po/collectors/free_space.py +32 -13
rucio/daemons/c3po/collectors/jedi_did.py +14 -5
rucio/daemons/c3po/collectors/mock_did.py +11 -6
rucio/daemons/c3po/collectors/network_metrics.py +12 -4
rucio/daemons/c3po/collectors/workload.py +21 -19
rucio/daemons/c3po/utils/__init__.py +0 -1
rucio/daemons/c3po/utils/dataset_cache.py +15 -5
rucio/daemons/c3po/utils/expiring_dataset_cache.py +16 -5
rucio/daemons/c3po/utils/expiring_list.py +6 -7
rucio/daemons/c3po/utils/popularity.py +5 -2
rucio/daemons/c3po/utils/timeseries.py +25 -12
rucio/daemons/cache/__init__.py +0 -1
rucio/daemons/cache/consumer.py +21 -15
rucio/daemons/common.py +42 -18
rucio/daemons/conveyor/__init__.py +0 -1
rucio/daemons/conveyor/common.py +69 -37
rucio/daemons/conveyor/finisher.py +83 -46
rucio/daemons/conveyor/poller.py +101 -69
rucio/daemons/conveyor/preparer.py +35 -28
rucio/daemons/conveyor/receiver.py +64 -21
rucio/daemons/conveyor/stager.py +33 -28
rucio/daemons/conveyor/submitter.py +71 -47
rucio/daemons/conveyor/throttler.py +99 -35
rucio/daemons/follower/__init__.py +0 -1
rucio/daemons/follower/follower.py +12 -8
rucio/daemons/hermes/__init__.py +0 -1
rucio/daemons/hermes/hermes.py +57 -21
rucio/daemons/judge/__init__.py +0 -1
rucio/daemons/judge/cleaner.py +27 -17
rucio/daemons/judge/evaluator.py +31 -18
rucio/daemons/judge/injector.py +31 -23
rucio/daemons/judge/repairer.py +28 -18
rucio/daemons/oauthmanager/__init__.py +0 -1
rucio/daemons/oauthmanager/oauthmanager.py +7 -8
rucio/daemons/reaper/__init__.py +0 -1
rucio/daemons/reaper/dark_reaper.py +15 -9
rucio/daemons/reaper/reaper.py +109 -67
rucio/daemons/replicarecoverer/__init__.py +0 -1
rucio/daemons/replicarecoverer/suspicious_replica_recoverer.py +255 -116
rucio/{api → daemons/rsedecommissioner}/__init__.py +0 -1
rucio/daemons/rsedecommissioner/config.py +81 -0
rucio/daemons/rsedecommissioner/profiles/__init__.py +24 -0
rucio/daemons/rsedecommissioner/profiles/atlas.py +60 -0
rucio/daemons/rsedecommissioner/profiles/generic.py +451 -0
rucio/daemons/rsedecommissioner/profiles/types.py +92 -0
rucio/daemons/rsedecommissioner/rse_decommissioner.py +280 -0
rucio/daemons/storage/__init__.py +0 -1
rucio/daemons/storage/consistency/__init__.py +0 -1
rucio/daemons/storage/consistency/actions.py +152 -59
rucio/daemons/tracer/__init__.py +0 -1
rucio/daemons/tracer/kronos.py +47 -24
rucio/daemons/transmogrifier/__init__.py +0 -1
rucio/daemons/transmogrifier/transmogrifier.py +35 -26
rucio/daemons/undertaker/__init__.py +0 -1
rucio/daemons/undertaker/undertaker.py +10 -10
rucio/db/__init__.py +0 -1
rucio/db/sqla/__init__.py +16 -2
rucio/db/sqla/constants.py +10 -1
rucio/db/sqla/migrate_repo/__init__.py +0 -1
rucio/db/sqla/migrate_repo/env.py +0 -1
rucio/db/sqla/migrate_repo/versions/01eaf73ab656_add_new_rule_notification_state_progress.py +0 -1
rucio/db/sqla/migrate_repo/versions/0437a40dbfd1_add_eol_at_in_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/0f1adb7a599a_create_transfer_hops_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/102efcf145f4_added_stuck_at_column_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/13d4f70c66a9_introduce_transfer_limits.py +1 -3
rucio/db/sqla/migrate_repo/versions/140fef722e91_cleanup_distances_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/14ec5aeb64cf_add_request_external_host.py +0 -3
rucio/db/sqla/migrate_repo/versions/156fb5b5a14_add_request_type_to_requests_idx.py +1 -4
rucio/db/sqla/migrate_repo/versions/1677d4d803c8_split_rse_availability_into_multiple.py +0 -1
rucio/db/sqla/migrate_repo/versions/16a0aca82e12_create_index_on_table_replicas_path.py +0 -2
rucio/db/sqla/migrate_repo/versions/1803333ac20f_adding_provenance_and_phys_group.py +0 -1
rucio/db/sqla/migrate_repo/versions/1a29d6a9504c_add_didtype_chck_to_requests.py +0 -1
rucio/db/sqla/migrate_repo/versions/1a80adff031a_create_index_on_rules_hist_recent.py +0 -2
rucio/db/sqla/migrate_repo/versions/1c45d9730ca6_increase_identity_length.py +0 -1
rucio/db/sqla/migrate_repo/versions/1d1215494e95_add_quarantined_replicas_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/1d96f484df21_asynchronous_rules_and_rule_approval.py +0 -1
rucio/db/sqla/migrate_repo/versions/1f46c5f240ac_add_bytes_column_to_bad_replicas.py +0 -3
rucio/db/sqla/migrate_repo/versions/1fc15ab60d43_add_message_history_table.py +0 -1
rucio/db/sqla/migrate_repo/versions/2190e703eb6e_move_rse_settings_to_rse_attributes.py +1 -2
rucio/db/sqla/migrate_repo/versions/21d6b9dc9961_add_mismatch_scheme_state_to_requests.py +0 -1
rucio/db/sqla/migrate_repo/versions/22cf51430c78_add_availability_column_to_table_rses.py +0 -3
rucio/db/sqla/migrate_repo/versions/22d887e4ec0a_create_sources_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/25821a8a45a3_remove_unique_constraint_on_requests.py +1 -4
rucio/db/sqla/migrate_repo/versions/25fc855625cf_added_unique_constraint_to_rules.py +0 -2
rucio/db/sqla/migrate_repo/versions/269fee20dee9_add_repair_cnt_to_locks.py +0 -3
rucio/db/sqla/migrate_repo/versions/271a46ea6244_add_ignore_availability_column_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/277b5fbb41d3_switch_heartbeats_executable.py +1 -2
rucio/db/sqla/migrate_repo/versions/27e3a68927fb_remove_replicas_tombstone_and_replicas_.py +0 -1
rucio/db/sqla/migrate_repo/versions/2854cd9e168_added_rule_id_column.py +0 -1
rucio/db/sqla/migrate_repo/versions/295289b5a800_processed_by_and__at_in_requests.py +0 -2
rucio/db/sqla/migrate_repo/versions/2962ece31cf4_add_nbaccesses_column_in_the_did_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/2af3291ec4c_added_replicas_history_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/2b69addda658_add_columns_for_third_party_copy_read_.py +0 -2
rucio/db/sqla/migrate_repo/versions/2b8e7bcb4783_add_config_table.py +1 -4
rucio/db/sqla/migrate_repo/versions/2ba5229cb54c_add_submitted_at_to_requests_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/2cbee484dcf9_added_column_volume_to_rse_transfer_.py +1 -4
rucio/db/sqla/migrate_repo/versions/2edee4a83846_add_source_to_requests_and_requests_.py +0 -1
rucio/db/sqla/migrate_repo/versions/2eef46be23d4_change_tokens_pk.py +1 -3
rucio/db/sqla/migrate_repo/versions/2f648fc909f3_index_in_rule_history_on_scope_name.py +0 -2
rucio/db/sqla/migrate_repo/versions/3082b8cef557_add_naming_convention_table_and_closed_.py +1 -3
rucio/db/sqla/migrate_repo/versions/30fa38b6434e_add_index_on_service_column_in_the_message_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/3152492b110b_added_staging_area_column.py +1 -2
rucio/db/sqla/migrate_repo/versions/32c7d2783f7e_create_bad_replicas_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/3345511706b8_replicas_table_pk_definition_is_in_.py +1 -3
rucio/db/sqla/migrate_repo/versions/35ef10d1e11b_change_index_on_table_requests.py +0 -2
rucio/db/sqla/migrate_repo/versions/379a19b5332d_create_rse_limits_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/384b96aa0f60_created_rule_history_tables.py +2 -3
rucio/db/sqla/migrate_repo/versions/3ac1660a1a72_extend_distance_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/3ad36e2268b0_create_collection_replicas_updates_table.py +1 -4
rucio/db/sqla/migrate_repo/versions/3c9df354071b_extend_waiting_request_state.py +0 -1
rucio/db/sqla/migrate_repo/versions/3d9813fab443_add_a_new_state_lost_in_badfilesstatus.py +0 -1
rucio/db/sqla/migrate_repo/versions/40ad39ce3160_add_transferred_at_to_requests_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/4207be2fd914_add_notification_column_to_rules.py +0 -1
rucio/db/sqla/migrate_repo/versions/42db2617c364_create_index_on_requests_external_id.py +0 -2
rucio/db/sqla/migrate_repo/versions/436827b13f82_added_column_activity_to_table_requests.py +0 -3
rucio/db/sqla/migrate_repo/versions/44278720f774_update_requests_typ_sta_upd_idx_index.py +0 -2
rucio/db/sqla/migrate_repo/versions/45378a1e76a8_create_collection_replica_table.py +2 -4
rucio/db/sqla/migrate_repo/versions/469d262be19_removing_created_at_index.py +0 -2
rucio/db/sqla/migrate_repo/versions/4783c1f49cb4_create_distance_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/49a21b4d4357_create_index_on_table_tokens.py +1 -4
rucio/db/sqla/migrate_repo/versions/4a2cbedda8b9_add_source_replica_expression_column_to_.py +0 -3
rucio/db/sqla/migrate_repo/versions/4a7182d9578b_added_bytes_length_accessed_at_columns.py +0 -3
rucio/db/sqla/migrate_repo/versions/4bab9edd01fc_create_index_on_requests_rule_id.py +0 -2
rucio/db/sqla/migrate_repo/versions/4c3a4acfe006_new_attr_account_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/4cf0a2e127d4_adding_transient_metadata.py +0 -3
rucio/db/sqla/migrate_repo/versions/4df2c5ddabc0_remove_temporary_dids.py +55 -0
rucio/db/sqla/migrate_repo/versions/50280c53117c_add_qos_class_to_rse.py +0 -2
rucio/db/sqla/migrate_repo/versions/52153819589c_add_rse_id_to_replicas_table.py +0 -2
rucio/db/sqla/migrate_repo/versions/52fd9f4916fa_added_activity_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/53b479c3cb0f_fix_did_meta_table_missing_updated_at_.py +0 -3
rucio/db/sqla/migrate_repo/versions/5673b4b6e843_add_wfms_metadata_to_rule_tables.py +0 -3
rucio/db/sqla/migrate_repo/versions/575767d9f89_added_source_history_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/58bff7008037_add_started_at_to_requests.py +0 -3
rucio/db/sqla/migrate_repo/versions/58c8b78301ab_rename_callback_to_message.py +1 -3
rucio/db/sqla/migrate_repo/versions/5f139f77382a_added_child_rule_id_column.py +1 -3
rucio/db/sqla/migrate_repo/versions/688ef1840840_adding_did_meta_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/6e572a9bfbf3_add_new_split_container_column_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/70587619328_add_comment_column_for_subscriptions.py +0 -3
rucio/db/sqla/migrate_repo/versions/739064d31565_remove_history_table_pks.py +1 -2
rucio/db/sqla/migrate_repo/versions/7541902bf173_add_didsfollowed_and_followevents_table.py +2 -4
rucio/db/sqla/migrate_repo/versions/7ec22226cdbf_new_replica_state_for_temporary_.py +0 -1
rucio/db/sqla/migrate_repo/versions/810a41685bc1_added_columns_rse_transfer_limits.py +1 -4
rucio/db/sqla/migrate_repo/versions/83f991c63a93_correct_rse_expression_length.py +0 -2
rucio/db/sqla/migrate_repo/versions/8523998e2e76_increase_size_of_extended_attributes_.py +0 -3
rucio/db/sqla/migrate_repo/versions/8ea9122275b1_adding_missing_function_based_indices.py +1 -2
rucio/db/sqla/migrate_repo/versions/90f47792bb76_add_clob_payload_to_messages.py +0 -3
rucio/db/sqla/migrate_repo/versions/914b8f02df38_new_table_for_lifetime_model_exceptions.py +1 -3
rucio/db/sqla/migrate_repo/versions/94a5961ddbf2_add_estimator_columns.py +0 -3
rucio/db/sqla/migrate_repo/versions/9a1b149a2044_add_saml_identity_type.py +0 -1
rucio/db/sqla/migrate_repo/versions/9a45bc4ea66d_add_vp_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/9eb936a81eb1_true_is_true.py +0 -2
rucio/db/sqla/migrate_repo/versions/a08fa8de1545_transfer_stats_table.py +55 -0
rucio/db/sqla/migrate_repo/versions/a118956323f8_added_vo_table_and_vo_col_to_rse.py +1 -3
rucio/db/sqla/migrate_repo/versions/a193a275255c_add_status_column_in_messages.py +0 -2
rucio/db/sqla/migrate_repo/versions/a5f6f6e928a7_1_7_0.py +1 -4
rucio/db/sqla/migrate_repo/versions/a616581ee47_added_columns_to_table_requests.py +0 -1
rucio/db/sqla/migrate_repo/versions/a6eb23955c28_state_idx_non_functional.py +0 -1
rucio/db/sqla/migrate_repo/versions/a74275a1ad30_added_global_quota_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/a93e4e47bda_heartbeats.py +1 -4
rucio/db/sqla/migrate_repo/versions/ae2a56fcc89_added_comment_column_to_rules.py +0 -1
rucio/db/sqla/migrate_repo/versions/b0070f3695c8_add_deletedidmeta_table.py +57 -0
rucio/db/sqla/migrate_repo/versions/b4293a99f344_added_column_identity_to_table_tokens.py +0 -3
rucio/db/sqla/migrate_repo/versions/b5493606bbf5_fix_primary_key_for_subscription_history.py +41 -0
rucio/db/sqla/migrate_repo/versions/b7d287de34fd_removal_of_replicastate_source.py +1 -2
rucio/db/sqla/migrate_repo/versions/b818052fa670_add_index_to_quarantined_replicas.py +1 -3
rucio/db/sqla/migrate_repo/versions/b8caac94d7f0_add_comments_column_for_subscriptions_.py +0 -3
rucio/db/sqla/migrate_repo/versions/b96a1c7e1cc4_new_bad_pfns_table_and_bad_replicas_.py +1 -5
rucio/db/sqla/migrate_repo/versions/bb695f45c04_extend_request_state.py +1 -3
rucio/db/sqla/migrate_repo/versions/bc68e9946deb_add_staging_timestamps_to_request.py +0 -3
rucio/db/sqla/migrate_repo/versions/bf3baa1c1474_correct_pk_and_idx_for_history_tables.py +1 -3
rucio/db/sqla/migrate_repo/versions/c0937668555f_add_qos_policy_map_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/c129ccdb2d5_add_lumiblocknr_to_dids.py +0 -3
rucio/db/sqla/migrate_repo/versions/ccdbcd48206e_add_did_type_column_index_on_did_meta_.py +1 -4
rucio/db/sqla/migrate_repo/versions/cebad904c4dd_new_payload_column_for_heartbeats.py +1 -2
rucio/db/sqla/migrate_repo/versions/d1189a09c6e0_oauth2_0_and_jwt_feature_support_adding_.py +1 -4
rucio/db/sqla/migrate_repo/versions/d23453595260_extend_request_state_for_preparer.py +1 -3
rucio/db/sqla/migrate_repo/versions/d6dceb1de2d_added_purge_column_to_rules.py +1 -4
rucio/db/sqla/migrate_repo/versions/d6e2c3b2cf26_remove_third_party_copy_column_from_rse.py +0 -2
rucio/db/sqla/migrate_repo/versions/d91002c5841_new_account_limits_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/e138c364ebd0_extending_columns_for_filter_and_.py +0 -3
rucio/db/sqla/migrate_repo/versions/e59300c8b179_support_for_archive.py +1 -3
rucio/db/sqla/migrate_repo/versions/f1b14a8c2ac1_postgres_use_check_constraints.py +0 -1
rucio/db/sqla/migrate_repo/versions/f41ffe206f37_oracle_global_temporary_tables.py +1 -2
rucio/db/sqla/migrate_repo/versions/f85a2962b021_adding_transfertool_column_to_requests_.py +1 -3
rucio/db/sqla/migrate_repo/versions/fa7a7d78b602_increase_refresh_token_size.py +0 -2
rucio/db/sqla/migrate_repo/versions/fb28a95fe288_add_replicas_rse_id_tombstone_idx.py +0 -1
rucio/db/sqla/migrate_repo/versions/fe1a65b176c9_set_third_party_copy_read_and_write_.py +1 -2
rucio/db/sqla/migrate_repo/versions/fe8ea2fa9788_added_third_party_copy_column_to_rse_.py +0 -3
rucio/db/sqla/models.py +122 -216
rucio/db/sqla/sautils.py +12 -5
rucio/db/sqla/session.py +71 -43
rucio/db/sqla/types.py +3 -4
rucio/db/sqla/util.py +91 -69
rucio/gateway/__init__.py +13 -0
rucio/{api → gateway}/account.py +119 -46
rucio/{api → gateway}/account_limit.py +12 -13
rucio/{api → gateway}/authentication.py +106 -33
rucio/{api → gateway}/config.py +12 -13
rucio/{api → gateway}/credential.py +15 -4
rucio/{api → gateway}/did.py +384 -140
rucio/{api → gateway}/dirac.py +16 -6
rucio/{api → gateway}/exporter.py +3 -4
rucio/{api → gateway}/heartbeat.py +17 -5
rucio/{api → gateway}/identity.py +63 -19
rucio/{api → gateway}/importer.py +3 -4
rucio/{api → gateway}/lifetime_exception.py +35 -10
rucio/{api → gateway}/lock.py +34 -12
rucio/{api/meta.py → gateway/meta_conventions.py} +18 -16
rucio/{api → gateway}/permission.py +4 -5
rucio/{api → gateway}/quarantined_replica.py +13 -4
rucio/{api → gateway}/replica.py +12 -11
rucio/{api → gateway}/request.py +129 -28
rucio/{api → gateway}/rse.py +11 -12
rucio/{api → gateway}/rule.py +117 -35
rucio/{api → gateway}/scope.py +24 -14
rucio/{api → gateway}/subscription.py +65 -43
rucio/{api → gateway}/vo.py +17 -7
rucio/rse/__init__.py +3 -4
rucio/rse/protocols/__init__.py +0 -1
rucio/rse/protocols/bittorrent.py +184 -0
rucio/rse/protocols/cache.py +1 -2
rucio/rse/protocols/dummy.py +1 -2
rucio/rse/protocols/gfal.py +12 -10
rucio/rse/protocols/globus.py +7 -7
rucio/rse/protocols/gsiftp.py +2 -3
rucio/rse/protocols/http_cache.py +1 -2
rucio/rse/protocols/mock.py +1 -2
rucio/rse/protocols/ngarc.py +1 -2
rucio/rse/protocols/posix.py +12 -13
rucio/rse/protocols/protocol.py +116 -52
rucio/rse/protocols/rclone.py +6 -7
rucio/rse/protocols/rfio.py +4 -5
rucio/rse/protocols/srm.py +9 -10
rucio/rse/protocols/ssh.py +8 -9
rucio/rse/protocols/storm.py +2 -3
rucio/rse/protocols/webdav.py +17 -14
rucio/rse/protocols/xrootd.py +23 -17
rucio/rse/rsemanager.py +19 -7
rucio/tests/__init__.py +0 -1
rucio/tests/common.py +43 -17
rucio/tests/common_server.py +3 -3
rucio/transfertool/__init__.py +0 -1
rucio/transfertool/bittorrent.py +199 -0
rucio/transfertool/bittorrent_driver.py +52 -0
rucio/transfertool/bittorrent_driver_qbittorrent.py +133 -0
rucio/transfertool/fts3.py +250 -138
rucio/transfertool/fts3_plugins.py +152 -0
rucio/transfertool/globus.py +9 -8
rucio/transfertool/globus_library.py +1 -2
rucio/transfertool/mock.py +21 -12
rucio/transfertool/transfertool.py +33 -24
rucio/vcsversion.py +4 -4
rucio/version.py +5 -13
rucio/web/__init__.py +0 -1
rucio/web/rest/__init__.py +0 -1
rucio/web/rest/flaskapi/__init__.py +0 -1
rucio/web/rest/flaskapi/authenticated_bp.py +0 -1
rucio/web/rest/flaskapi/v1/__init__.py +0 -1
rucio/web/rest/flaskapi/v1/accountlimits.py +15 -13
rucio/web/rest/flaskapi/v1/accounts.py +49 -48
rucio/web/rest/flaskapi/v1/archives.py +12 -10
rucio/web/rest/flaskapi/v1/auth.py +146 -144
rucio/web/rest/flaskapi/v1/common.py +82 -41
rucio/web/rest/flaskapi/v1/config.py +5 -6
rucio/web/rest/flaskapi/v1/credentials.py +7 -8
rucio/web/rest/flaskapi/v1/dids.py +158 -28
rucio/web/rest/flaskapi/v1/dirac.py +8 -8
rucio/web/rest/flaskapi/v1/export.py +3 -5
rucio/web/rest/flaskapi/v1/heartbeats.py +3 -5
rucio/web/rest/flaskapi/v1/identities.py +3 -5
rucio/web/rest/flaskapi/v1/import.py +3 -4
rucio/web/rest/flaskapi/v1/lifetime_exceptions.py +6 -9
rucio/web/rest/flaskapi/v1/locks.py +2 -4
rucio/web/rest/flaskapi/v1/main.py +10 -2
rucio/web/rest/flaskapi/v1/{meta.py → meta_conventions.py} +26 -11
rucio/web/rest/flaskapi/v1/metrics.py +1 -2
rucio/web/rest/flaskapi/v1/nongrid_traces.py +4 -4
rucio/web/rest/flaskapi/v1/ping.py +6 -7
rucio/web/rest/flaskapi/v1/redirect.py +8 -9
rucio/web/rest/flaskapi/v1/replicas.py +43 -19
rucio/web/rest/flaskapi/v1/requests.py +178 -21
rucio/web/rest/flaskapi/v1/rses.py +61 -26
rucio/web/rest/flaskapi/v1/rules.py +48 -18
rucio/web/rest/flaskapi/v1/scopes.py +3 -5
rucio/web/rest/flaskapi/v1/subscriptions.py +22 -18
rucio/web/rest/flaskapi/v1/traces.py +4 -4
rucio/web/rest/flaskapi/v1/types.py +20 -0
rucio/web/rest/flaskapi/v1/vos.py +3 -5
rucio/web/rest/main.py +0 -1
rucio/web/rest/metrics.py +0 -1
rucio/web/rest/ping.py +27 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/ldap.cfg.template +1 -1
rucio-35.8.0.data/data/rucio/requirements.server.txt +268 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/tools/bootstrap.py +3 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/tools/merge_rucio_configs.py +2 -5
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/tools/reset_database.py +3 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio +87 -85
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-abacus-account +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-abacus-collection-replica +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-abacus-rse +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-admin +45 -32
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-atropos +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-auditor +13 -7
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-automatix +1 -2
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-bb8 +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-c3po +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-cache-client +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-cache-consumer +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-finisher +1 -2
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-poller +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-preparer +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-receiver +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-stager +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-submitter +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-throttler +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-dark-reaper +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-dumper +11 -10
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-follower +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-hermes +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-cleaner +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-evaluator +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-injector +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-repairer +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-kronos +1 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-minos +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-minos-temporary-expiration +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-necromancer +1 -2
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-oauth-manager +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-reaper +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-replica-recoverer +6 -7
rucio-35.8.0.data/scripts/rucio-rse-decommissioner +66 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-storage-consistency-actions +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-transmogrifier +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-undertaker +1 -2
rucio-35.8.0.dist-info/METADATA +72 -0
rucio-35.8.0.dist-info/RECORD +493 -0
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/WHEEL +1 -1
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/licenses/AUTHORS.rst +3 -0
rucio/api/temporary_did.py +0 -49
rucio/common/schema/cms.py +0 -478
rucio/common/schema/lsst.py +0 -423
rucio/core/permission/cms.py +0 -1166
rucio/core/temporary_did.py +0 -188
rucio/daemons/reaper/light_reaper.py +0 -255
rucio/web/rest/flaskapi/v1/tmp_dids.py +0 -115
rucio-32.8.6.data/data/rucio/requirements.txt +0 -55
rucio-32.8.6.data/scripts/rucio-light-reaper +0 -53
rucio-32.8.6.dist-info/METADATA +0 -83
rucio-32.8.6.dist-info/RECORD +0 -481
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/alembic.ini.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/alembic_offline.ini.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/globus-config.yml.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_approval_request.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_approved_admin.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_approved_user.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_denied_admin.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_denied_user.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_ok_notification.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rse-accounts.cfg.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rucio.cfg.atlas.client.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rucio.cfg.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rucio_multi_vo.cfg.template +0 -0
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/licenses/LICENSE +0 -0
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/top_level.txt +0 -0

rucio/core/naming_convention.py CHANGED Viewed

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 # Copyright European Organization for Nuclear Research (CERN) since 2012
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,27 +12,42 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-from re import match, compile, error
+from re import compile, error, match
 from traceback import format_exc
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Any, Optional, cast
 from dogpile.cache.api import NO_VALUE
+from sqlalchemy import and_, delete, select
 from sqlalchemy.exc import IntegrityError
 from rucio.common.cache import make_region_memcached
-from rucio.common.exception import Duplicate, RucioException, InvalidObject
+from rucio.common.exception import Duplicate, InvalidObject, RucioException
 from rucio.db.sqla import models
 from rucio.db.sqla.constants import KeyType
 from rucio.db.sqla.session import read_session, transactional_session
 if TYPE_CHECKING:
+    from typing import TypedDict
     from sqlalchemy.orm import Session
+    from rucio.common.types import InternalScope
+    class NamingConventionDict(TypedDict):
+        scope: InternalScope
+        regexp: str
 REGION = make_region_memcached(expiration_time=900)
 @transactional_session
-def add_naming_convention(scope, regexp, convention_type, *, session: "Session"):
+def add_naming_convention(
+    scope: "InternalScope",
+    regexp: str,
+    convention_type: KeyType,
+    *,
+    session: "Session"
+) -> None:
     """
     add a naming convention for a given scope
@@ -60,7 +74,12 @@ def add_naming_convention(scope, regexp, convention_type, *, session: "Session")
 @read_session
-def get_naming_convention(scope, convention_type, *, session: "Session"):
+def get_naming_convention(
+    scope: "InternalScope",
+    convention_type: KeyType,
+    *,
+    session: "Session"
+) -> Optional[str]:
     """
     Get the naming convention for a given scope
@@ -70,15 +89,22 @@ def get_naming_convention(scope, convention_type, *, session: "Session"):
     :returns: the regular expression.
     """
-    query = session.query(models.NamingConvention.regexp).\
-        filter(models.NamingConvention.scope == scope).\
-        filter(models.NamingConvention.convention_type == convention_type)
-    for row in query:
-        return row[0]
+    stmt = select(
+        models.NamingConvention.regexp
+    ).where(
+        and_(models.NamingConvention.scope == scope,
+             models.NamingConvention.convention_type == convention_type)
+    )
+    return session.execute(stmt).scalar()
 @transactional_session
-def delete_naming_convention(scope, convention_type, *, session: "Session"):
+def delete_naming_convention(
+    scope: "InternalScope",
+    convention_type: KeyType,
+    *,
+    session: "Session"
+) -> int:
     """
     delete a naming convention for a given scope
@@ -87,14 +113,19 @@ def delete_naming_convention(scope, convention_type, *, session: "Session"):
     :param convention_type: the did_type on which the regexp should apply.
     :param session: The database session in use.
     """
-    REGION.delete(scope.internal)
-    return session.query(models.NamingConvention) \
-        .filter_by(scope=scope, convention_type=convention_type) \
-        .delete()
+    if scope.internal is not None:
+        REGION.delete(scope.internal)
+    stmt = delete(
+        models.NamingConvention
+    ).where(
+        and_(models.NamingConvention.scope == scope,
+             models.NamingConvention.convention_type == convention_type)
+    )
+    return session.execute(stmt).rowcount
 @read_session
-def list_naming_conventions(*, session: "Session"):
+def list_naming_conventions(*, session: "Session") -> list["NamingConventionDict"]:
     """
     List all naming conventions.
@@ -102,13 +133,21 @@ def list_naming_conventions(*, session: "Session"):
     :returns: a list of dictionaries.
     """
-    query = session.query(models.NamingConvention.scope,
-                          models.NamingConvention.regexp)
-    return [row._asdict() for row in query]
+    stmt = select(
+        models.NamingConvention.scope,
+        models.NamingConvention.regexp
+    )
+    return [cast("NamingConventionDict", row._asdict()) for row in session.execute(stmt).all()]
 @read_session
-def validate_name(scope, name, did_type, *, session: "Session"):
+def validate_name(
+    scope: "InternalScope",
+    name: str,
+    did_type: str,
+    *,
+    session: "Session"
+) -> Optional[dict[str, Any]]:
     """
     Validate a name according to a naming convention.
@@ -120,10 +159,11 @@ def validate_name(scope, name, did_type, *, session: "Session"):
     :returns: a dictionary with metadata.
     """
-    if scope.external.startswith('user'):
-        return {'project': 'user'}
-    elif scope.external.startswith('group'):
-        return {'project': 'group'}
+    if scope.external is not None:
+        if scope.external.startswith('user'):
+            return {'project': 'user'}
+        elif scope.external.startswith('group'):
+            return {'project': 'group'}
     # Check if naming convention can be found in cache region
     regexp = REGION.get(scope.internal)
@@ -131,13 +171,14 @@ def validate_name(scope, name, did_type, *, session: "Session"):
         regexp = get_naming_convention(scope=scope,
                                        convention_type=KeyType.DATASET,
                                        session=session)
-        regexp and REGION.set(scope.internal, regexp)
+        if scope.internal is not None:
+            regexp and REGION.set(scope.internal, regexp)
     if not regexp:
         return
     # Validate with regexp
-    groups = match(regexp, str(name))
+    groups = match(regexp, str(name))  # type: ignore
     if groups:
         meta = groups.groupdict()
         # Hack to get task_id from version

rucio/core/nongrid_trace.py CHANGED Viewed

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 # Copyright European Organization for Nuclear Research (CERN) since 2012
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,6 +16,7 @@ import json
 import logging.handlers
 import random
 import socket
+from typing import TYPE_CHECKING, Any, Union, overload
 import stomp
@@ -24,6 +24,9 @@ from rucio.common.config import config_get, config_get_int
 from rucio.common.logging import rucio_log_formatter
 from rucio.core.monitor import MetricManager
+if TYPE_CHECKING:
+    from datetime import datetime
 METRICS = MetricManager(module=__name__)
 CONFIG_COMMON_LOGLEVEL = getattr(logging, config_get('common', 'loglevel', raise_exception=False, default='DEBUG').upper())
@@ -80,14 +83,23 @@ for broker in BROKERS_RESOLVED:
     CONNS.append(stomp.Connection(host_and_ports=[(broker, PORT)], vhost=VHOST, reconnect_attempts_max=3))
-def date_handler(obj):
-    '''
-    '''
+@overload
+def date_handler(obj: "datetime") -> str:
+    ...
+@overload
+def date_handler(obj: object) -> object:
+    ...
+def date_handler(obj: Any) -> Union[str, object]:
+    """ Format dates to ISO format. """
     return obj.isoformat() if hasattr(obj, 'isoformat') else obj
 @METRICS.count_it
-def trace(payload):
+def trace(payload: dict[str, Any]) -> None:
     """
     Write a trace to the buffer log file and send it to active mq.

rucio/core/oidc.py CHANGED Viewed

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 # Copyright European Organization for Nuclear Research (CERN) since 2012
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,46 +12,52 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import hashlib
 import json
 import logging
-import random
 import subprocess
 import traceback
 from datetime import datetime, timedelta
-from typing import Any, TYPE_CHECKING, Optional
-from urllib.parse import urlparse, parse_qs
+from math import floor
+from secrets import choice
+from typing import TYPE_CHECKING, Any, Final, Optional, Union
+from urllib.parse import parse_qs, urljoin, urlparse
+import requests
+from dogpile.cache.api import NoValue
 from jwkest.jws import JWS
 from jwkest.jwt import JWT
-from math import floor
 from oic import rndstr
 from oic.oauth2.message import CCAccessTokenRequest
-from oic.oic import Client, Grant, Token, REQUEST2ENDPOINT
-from oic.oic.message import (AccessTokenResponse, AuthorizationResponse,
-                             Message, RegistrationResponse)
+from oic.oic import REQUEST2ENDPOINT, Client, Grant, Token
+from oic.oic.message import AccessTokenResponse, AuthorizationResponse, Message, RegistrationResponse
 from oic.utils import time_util
 from oic.utils.authn.client import CLIENT_AUTHN_METHOD
 from sqlalchemy import delete, select, update
 from sqlalchemy.sql.expression import true
 from rucio.common import types
+from rucio.common.cache import make_region_memcached
 from rucio.common.config import config_get, config_get_int
-from rucio.common.exception import (CannotAuthenticate, CannotAuthorize,
-                                    RucioException)
+from rucio.common.exception import CannotAuthenticate, CannotAuthorize, RucioException
 from rucio.common.stopwatch import Stopwatch
 from rucio.common.utils import all_oidc_req_claims_present, build_url, val_to_space_sep_str
 from rucio.core.account import account_exists
 from rucio.core.identity import exist_identity_account, get_default_account
 from rucio.core.monitor import MetricManager
-from rucio.db.sqla import filter_thread_work
-from rucio.db.sqla import models
+from rucio.db.sqla import filter_thread_work, models
 from rucio.db.sqla.constants import IdentityType
 from rucio.db.sqla.session import read_session, transactional_session
 if TYPE_CHECKING:
     from sqlalchemy.orm import Session
+# The WLCG Common JWT Profile dictates that the lifetime of access and ID tokens
+# should range from five minutes to six hours.
+TOKEN_MIN_LIFETIME: Final = config_get_int('oidc', 'token_min_lifetime', default=300)
+TOKEN_MAX_LIFETIME: Final = config_get_int('oidc', 'token_max_lifetime', default=21600)
+REGION: Final = make_region_memcached(expiration_time=TOKEN_MAX_LIFETIME)
 METRICS = MetricManager(module=__name__)
 # worokaround for a bug in pyoidc (as of Dec 2019)
@@ -75,6 +80,81 @@ LEEWAY_SECS = 120
 # --> check 'profile' info (requested profile scope)
+@METRICS.time_it
+def _token_cache_get(
+    key: str,
+    min_lifetime: int = TOKEN_MIN_LIFETIME,
+) -> Optional[str]:
+    """Retrieve a token from the cache.
+    Return ``None`` if the cache backend did not return a value, the value is
+    not a valid JWT, or the token has a remaining lifetime less than
+    ``min_lifetime`` seconds.
+    """
+    value = REGION.get(key)
+    if isinstance(value, NoValue):
+        METRICS.counter('token_cache.miss').inc()
+        return None
+    if isinstance(value, str):
+        try:
+            payload = JWT().unpack(value).payload()
+        except Exception:
+            METRICS.counter('token_cache.invalid').inc()
+            return None
+    else:
+        METRICS.counter('token_cache.invalid').inc()
+        return None
+    now = datetime.utcnow().timestamp()
+    expiration = payload.get('exp', 0)    # type: ignore
+    if now + min_lifetime > expiration:
+        METRICS.counter('token_cache.expired').inc()
+        return None
+    METRICS.counter('token_cache.hit').inc()
+    return value
+def _token_cache_set(key: str, value: str) -> None:
+    """Store a token in the cache."""
+    REGION.set(key, value)
+def request_token(audience: str, scope: str, use_cache: bool = True) -> Optional[str]:
+    """Request a token from the provider.
+    Return ``None`` if the configuration was not loaded properly or the request
+    was unsuccessful.
+    """
+    if not all([OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_PROVIDER_ENDPOINT]):
+        if OIDC_CONFIGURATION_RUN or not __load_oidc_configuration():
+            return None
+    key = hashlib.md5(f'audience={audience};scope={scope}'.encode()).hexdigest()
+    if use_cache and (token := _token_cache_get(key)):
+        return token
+    try:
+        response = requests.post(url=OIDC_PROVIDER_ENDPOINT,
+                                 auth=(OIDC_CLIENT_ID, OIDC_CLIENT_SECRET),
+                                 data={'grant_type': 'client_credentials',
+                                       'audience': audience,
+                                       'scope': scope})
+        response.raise_for_status()
+        payload = response.json()
+        token = payload['access_token']
+    except Exception:
+        logging.debug('Failed to procure a token', exc_info=True)
+        return None
+    if use_cache:
+        _token_cache_set(key, token)
+    return token
 def __get_rucio_oidc_clients(keytimeout: int = 43200) -> tuple[dict, dict]:
     """
     Creates a Rucio OIDC Client instances per Identity Provider (IdP)
@@ -125,6 +205,11 @@ def __get_rucio_oidc_clients(keytimeout: int = 43200) -> tuple[dict, dict]:
 # global variables to represent the IdP clients
 OIDC_CLIENTS = {}
 OIDC_ADMIN_CLIENTS = {}
+# New-style token support.
+OIDC_CLIENT_ID = ''
+OIDC_CLIENT_SECRET = ''
+OIDC_PROVIDER_ENDPOINT = ''
+OIDC_CONFIGURATION_RUN = False
 def __initialize_oidc_clients() -> None:
@@ -143,8 +228,40 @@ def __initialize_oidc_clients() -> None:
         pass
-# try loading OIDC clients uppon module import
-__initialize_oidc_clients()
+def __load_oidc_configuration() -> bool:
+    """Load the configuration for the new-style token support."""
+    global OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_PROVIDER_ENDPOINT, OIDC_CONFIGURATION_RUN
+    OIDC_CONFIGURATION_RUN = True
+    if not IDPSECRETS:
+        logging.error('Configuration option "idpsecrets" in section "oidc" is not set')
+        return False
+    if not ADMIN_ISSUER_ID:
+        logging.error('Configuration option "admin_issuer" in section "oidc" is not set')
+        return False
+    try:
+        with open(IDPSECRETS) as f:
+            data = json.load(f)
+            OIDC_CLIENT_ID = data[ADMIN_ISSUER_ID]['client_id']
+            OIDC_CLIENT_SECRET = data[ADMIN_ISSUER_ID]['client_secret']
+            issuer = data[ADMIN_ISSUER_ID]['issuer']
+    except Exception:
+        logging.error('Failed to parse configuration file "%s"', IDPSECRETS,
+                      exc_info=True)
+        return False
+    try:
+        oidc_discover_url = urljoin(issuer, '.well-known/openid-configuration')
+        response = requests.get(oidc_discover_url)
+        response.raise_for_status()
+        payload = response.json()
+        OIDC_PROVIDER_ENDPOINT = payload['token_endpoint']
+    except (requests.HTTPError, requests.JSONDecodeError, KeyError):
+        logging.error('Failed to discover token endpoint', exc_info=True)
+        return False
+    return True
 def __get_init_oidc_client(token_object: models.Token = None, token_type: str = None, **kwargs) -> dict[Any, Any]:
@@ -189,11 +306,11 @@ def __get_init_oidc_client(token_object: models.Token = None, token_type: str =
             token = ''
             if not token_type:
                 token_type = kwargs.get('token_type', None)
-            if token_type == 'subject_token':
+            if token_type == 'subject_token':  # noqa: S105
                 token = token_object.token
                 # do not remove - even though None, oic expects this key to exist
                 auth_args["redirect_uri"] = None
-            if token_type == 'refresh_token':
+            if token_type == 'refresh_token':  # noqa: S105
                 token = token_object.refresh_token
                 # do not remove - even though None, oic expects this key to exist
                 auth_args["redirect_uri"] = None
@@ -219,7 +336,7 @@ def __get_init_oidc_client(token_object: models.Token = None, token_type: str =
             if not redirect_url:
                 redirect_to = kwargs.get("redirect_to", "auth/oidc_token")
                 redirect_urls = [u for u in client_secret["redirect_uris"] if redirect_to in u]
-                redirect_url = random.choice(redirect_urls)
+                redirect_url = choice(redirect_urls)
             if not redirect_url:
                 raise CannotAuthenticate("Could not pick any redirect URL(s) from the ones defined "
                                          + "in Rucio OIDC Client configuration file.")  # NOQA: W503
@@ -275,7 +392,7 @@ def get_auth_oidc(account: str, *, session: "Session", **kwargs) -> str:
               OR a redirection url to be used in user's browser for authentication.
     """
     # TO-DO - implement a check if that account already has a valid
-    # token withthe required scope and audience and return such token !
+    # token with the required scope and audience and return such token !
     auth_scope = kwargs.get('auth_scope', EXPECTED_OIDC_SCOPE)
     if not auth_scope:
         auth_scope = EXPECTED_OIDC_SCOPE
@@ -360,7 +477,12 @@ def get_auth_oidc(account: str, *, session: "Session", **kwargs) -> str:
 @transactional_session
-def get_token_oidc(auth_query_string: str, ip: str = None, *, session: "Session"):
+def get_token_oidc(
+    auth_query_string: str,
+    ip: Optional[str] = None,
+    *,
+    session: "Session"
+) -> Optional[dict[str, Optional[Union[str, bool]]]]:
     """
     After Rucio User got redirected to Rucio /auth/oidc_token (or /auth/oidc_code)
     REST endpoints with authz code and session state encoded within the URL.
@@ -651,8 +773,8 @@ def get_token_for_account_operation(account: str, req_audience: str = None, req_
         # supported by Rucio server (have OIDC admin client registered as well)
         # that is why we take the issuer of the account identity that has an active/valid token
         # and look for admin account identity which has this issuer assigned
-        # requestor should always have at least one active subject token unless it is root
-        # this is why we first discover if the requestor is root or not
+        # requester should always have at least one active subject token unless it is root
+        # this is why we first discover if the requester is root or not
         get_token_for_adminacc = False
         admin_identity = None
         admin_issuer = None
@@ -662,10 +784,10 @@ def get_token_for_account_operation(account: str, req_audience: str = None, req_
         preferred_issuer = None
         for token in account_tokens:
             preferred_issuer = token.identity.split(", ")[1].split("=")[1]
-        # loop through all OIDC identities registerd for the account of the requestor
+        # loop through all OIDC identities registered for the account of the requester
         for identity in identities:
             issuer = identity.split(", ")[1].split("=")[1]
-            # compare the account of the requestor with the account of the admin
+            # compare the account of the requester with the account of the admin
             if account == admin_iss_acc_idt_dict[issuer][0]:
                 # take first matching case which means root is requesting OIDC authentication
                 admin_identity = admin_iss_acc_idt_dict[issuer][1]
@@ -765,7 +887,7 @@ def get_token_for_account_operation(account: str, req_audience: str = None, req_
                     subject_token = token
             # if not proceed with token exchange
             if not subject_token:
-                subject_token = random.choice(account_tokens)
+                subject_token = choice(account_tokens)
             exchanged_token = __exchange_token_oidc(subject_token,
                                                     scope=req_scope,
                                                     audience=req_audience,
@@ -813,7 +935,7 @@ def __exchange_token_oidc(subject_token_object: models.Token, *, session: "Sessi
     if not grant_type:
         grant_type = EXCHANGE_GRANT_TYPE
     try:
-        oidc_dict = __get_init_oidc_client(token_object=subject_token_object, token_type="subject_token")
+        oidc_dict = __get_init_oidc_client(token_object=subject_token_object, token_type="subject_token")  # noqa: S106
         oidc_client = oidc_dict['client']
         args = {"subject_token": subject_token_object.token,
                 "scope": jwt_row_dict['authz_scope'],
@@ -891,7 +1013,7 @@ def __change_refresh_state(token: str, refresh: bool = False, *, session: "Sessi
 @transactional_session
-def refresh_cli_auth_token(token_string: str, account: str, *, session: "Session"):
+def refresh_cli_auth_token(token_string: str, account: str, *, session: "Session") -> Optional[tuple[str, int]]:
     """
     Checks if there is active refresh token and if so returns
     either active token with expiration timestamp or requests a new
@@ -1057,7 +1179,7 @@ def __refresh_token_oidc(token_object: models.Token, *, session: "Session"):
         if datetime.utcnow() - extra_dict['refresh_start'] > timedelta(hours=extra_dict['refresh_lifetime']):
             __change_refresh_state(token_object.token, refresh=False, session=session)
             return None
-        oidc_dict = __get_init_oidc_client(token_object=token_object, token_type="refresh_token")
+        oidc_dict = __get_init_oidc_client(token_object=token_object, token_type="refresh_token")  # noqa: S106
         oidc_client = oidc_dict['client']
         # getting a new refreshed set of tokens
         state = oidc_dict['state']
@@ -1169,7 +1291,7 @@ def __get_keyvalues_from_claims(token: str, keys=None):
         for key in keys:
             value = ''
             if key in claims:
-                value = val_to_space_sep_str(claims[key])
+                value = val_to_space_sep_str(claims[key])  # type: ignore
             resdict[key] = value
         return resdict
     except Exception as error:
@@ -1293,7 +1415,7 @@ def validate_jwt(json_web_token: str, *, session: "Session") -> dict[str, Any]:
         # try to get it from IdP introspection endpoint
         # TO-BE-REMOVED - once all IdPs support scope and audience in token claims !!!
         if not token_dict['authz_scope'] or not token_dict['audience']:
-            clprocess = subprocess.Popen(['curl', '-s', '-L', '-u', '%s:%s'
+            clprocess = subprocess.Popen(['curl', '-s', '-L', '-u', '%s:%s'  # noqa: S607
                                           % (oidc_client.client_id, oidc_client.client_secret),
                                           '-d', 'token=%s' % (json_web_token),
                                           oidc_client.introspection_endpoint],

rucio/core/permission/__init__.py CHANGED Viewed

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 # Copyright European Organization for Nuclear Research (CERN) since 2012
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,15 +15,18 @@
 import importlib
 from configparser import NoOptionError, NoSectionError
 from os import environ
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Any
 from rucio.common import config, exception
 from rucio.common.utils import check_policy_package_version
 if TYPE_CHECKING:
     from typing import Optional
     from sqlalchemy.orm import Session
+    from rucio.common.types import InternalAccount
 # dictionary of permission modules for each VO
 permission_modules = {}
@@ -66,13 +68,15 @@ if not multivo:
     try:
         module = importlib.import_module(POLICY)
+    except ModuleNotFoundError:
+        raise exception.PolicyPackageNotFound(POLICY)
     except ImportError:
-        raise exception.PolicyPackageNotFound('Module ' + POLICY + ' not found')
+        raise exception.ErrorLoadingPolicyPackage(POLICY)
     permission_modules["def"] = module
-def load_permission_for_vo(vo):
+def load_permission_for_vo(vo: str) -> None:
     GENERIC_FALLBACK = 'generic_multi_vo'
     if config.config_has_section('policy'):
         try:
@@ -95,13 +99,21 @@ def load_permission_for_vo(vo):
     try:
         module = importlib.import_module(POLICY)
+    except ModuleNotFoundError:
+        raise exception.PolicyPackageNotFound(POLICY)
     except ImportError:
-        raise exception.PolicyPackageNotFound('Module ' + POLICY + ' not found')
+        raise exception.ErrorLoadingPolicyPackage(POLICY)
     permission_modules[vo] = module
-def has_permission(issuer, action, kwargs, *, session: "Optional[Session]" = None):
+def has_permission(
+        issuer: "InternalAccount",
+        action: str,
+        kwargs: dict[str, Any],
+        *,
+        session: "Optional[Session]" = None
+) -> bool:
     if issuer.vo not in permission_modules:
         load_permission_for_vo(issuer.vo)
     return permission_modules[issuer.vo].has_permission(issuer, action, kwargs, session=session)

rucio 32.8.6__py3-none-any.whl → 35.8.0__py3-none-any.whl

Potentially problematic release.

rucio 32.8.6py3-none-any.whl → 35.8.0py3-none-any.whl