PyPI - rucio - Versions diffs - 32.8.6__py3-none-any.whl → 35.8.0__py3-none-any.whl - Mend

rucio 32.8.6py3-none-any.whl → 35.8.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rucio might be problematic. Click here for more details.

Files changed (502) hide show

rucio/__init__.py +0 -1
rucio/alembicrevision.py +1 -2
rucio/client/__init__.py +0 -1
rucio/client/accountclient.py +45 -25
rucio/client/accountlimitclient.py +37 -9
rucio/client/baseclient.py +199 -154
rucio/client/client.py +2 -3
rucio/client/configclient.py +19 -6
rucio/client/credentialclient.py +9 -4
rucio/client/didclient.py +238 -63
rucio/client/diracclient.py +13 -5
rucio/client/downloadclient.py +162 -51
rucio/client/exportclient.py +4 -4
rucio/client/fileclient.py +3 -4
rucio/client/importclient.py +4 -4
rucio/client/lifetimeclient.py +21 -5
rucio/client/lockclient.py +18 -8
rucio/client/{metaclient.py → metaconventionsclient.py} +18 -15
rucio/client/pingclient.py +0 -1
rucio/client/replicaclient.py +15 -5
rucio/client/requestclient.py +35 -19
rucio/client/rseclient.py +133 -51
rucio/client/ruleclient.py +29 -22
rucio/client/scopeclient.py +8 -6
rucio/client/subscriptionclient.py +47 -35
rucio/client/touchclient.py +8 -4
rucio/client/uploadclient.py +166 -82
rucio/common/__init__.py +0 -1
rucio/common/cache.py +4 -4
rucio/common/config.py +52 -47
rucio/common/constants.py +69 -2
rucio/common/constraints.py +0 -1
rucio/common/didtype.py +24 -22
rucio/common/dumper/__init__.py +70 -41
rucio/common/dumper/consistency.py +26 -22
rucio/common/dumper/data_models.py +16 -23
rucio/common/dumper/path_parsing.py +0 -1
rucio/common/exception.py +281 -222
rucio/common/extra.py +0 -1
rucio/common/logging.py +54 -38
rucio/common/pcache.py +122 -101
rucio/common/plugins.py +153 -0
rucio/common/policy.py +4 -4
rucio/common/schema/__init__.py +17 -10
rucio/common/schema/atlas.py +7 -5
rucio/common/schema/belleii.py +7 -5
rucio/common/schema/domatpc.py +7 -5
rucio/common/schema/escape.py +7 -5
rucio/common/schema/generic.py +8 -6
rucio/common/schema/generic_multi_vo.py +7 -5
rucio/common/schema/icecube.py +7 -5
rucio/common/stomp_utils.py +0 -1
rucio/common/stopwatch.py +0 -1
rucio/common/test_rucio_server.py +2 -2
rucio/common/types.py +262 -17
rucio/common/utils.py +743 -451
rucio/core/__init__.py +0 -1
rucio/core/account.py +99 -29
rucio/core/account_counter.py +89 -24
rucio/core/account_limit.py +90 -24
rucio/core/authentication.py +86 -29
rucio/core/config.py +108 -38
rucio/core/credential.py +14 -7
rucio/core/did.py +680 -782
rucio/core/did_meta_plugins/__init__.py +8 -6
rucio/core/did_meta_plugins/did_column_meta.py +17 -12
rucio/core/did_meta_plugins/did_meta_plugin_interface.py +60 -11
rucio/core/did_meta_plugins/filter_engine.py +90 -50
rucio/core/did_meta_plugins/json_meta.py +41 -16
rucio/core/did_meta_plugins/mongo_meta.py +25 -8
rucio/core/did_meta_plugins/postgres_meta.py +3 -4
rucio/core/dirac.py +46 -17
rucio/core/distance.py +66 -43
rucio/core/exporter.py +5 -5
rucio/core/heartbeat.py +181 -81
rucio/core/identity.py +22 -12
rucio/core/importer.py +23 -12
rucio/core/lifetime_exception.py +32 -32
rucio/core/lock.py +244 -142
rucio/core/message.py +79 -38
rucio/core/{meta.py → meta_conventions.py} +57 -44
rucio/core/monitor.py +19 -13
rucio/core/naming_convention.py +68 -27
rucio/core/nongrid_trace.py +17 -5
rucio/core/oidc.py +151 -29
rucio/core/permission/__init__.py +18 -6
rucio/core/permission/atlas.py +50 -35
rucio/core/permission/belleii.py +6 -5
rucio/core/permission/escape.py +8 -6
rucio/core/permission/generic.py +82 -80
rucio/core/permission/generic_multi_vo.py +9 -7
rucio/core/quarantined_replica.py +91 -58
rucio/core/replica.py +1303 -772
rucio/core/replica_sorter.py +10 -12
rucio/core/request.py +1133 -285
rucio/core/rse.py +142 -102
rucio/core/rse_counter.py +49 -18
rucio/core/rse_expression_parser.py +6 -7
rucio/core/rse_selector.py +41 -16
rucio/core/rule.py +1538 -474
rucio/core/rule_grouping.py +213 -68
rucio/core/scope.py +50 -22
rucio/core/subscription.py +92 -44
rucio/core/topology.py +66 -24
rucio/core/trace.py +42 -28
rucio/core/transfer.py +543 -259
rucio/core/vo.py +36 -18
rucio/core/volatile_replica.py +59 -32
rucio/daemons/__init__.py +0 -1
rucio/daemons/abacus/__init__.py +0 -1
rucio/daemons/abacus/account.py +29 -19
rucio/daemons/abacus/collection_replica.py +21 -10
rucio/daemons/abacus/rse.py +22 -12
rucio/daemons/atropos/__init__.py +0 -1
rucio/daemons/atropos/atropos.py +1 -2
rucio/daemons/auditor/__init__.py +56 -28
rucio/daemons/auditor/hdfs.py +17 -6
rucio/daemons/auditor/srmdumps.py +116 -45
rucio/daemons/automatix/__init__.py +0 -1
rucio/daemons/automatix/automatix.py +30 -18
rucio/daemons/badreplicas/__init__.py +0 -1
rucio/daemons/badreplicas/minos.py +29 -18
rucio/daemons/badreplicas/minos_temporary_expiration.py +5 -7
rucio/daemons/badreplicas/necromancer.py +9 -13
rucio/daemons/bb8/__init__.py +0 -1
rucio/daemons/bb8/bb8.py +10 -13
rucio/daemons/bb8/common.py +151 -154
rucio/daemons/bb8/nuclei_background_rebalance.py +15 -9
rucio/daemons/bb8/t2_background_rebalance.py +15 -8
rucio/daemons/c3po/__init__.py +0 -1
rucio/daemons/c3po/algorithms/__init__.py +0 -1
rucio/daemons/c3po/algorithms/simple.py +8 -5
rucio/daemons/c3po/algorithms/t2_free_space.py +10 -7
rucio/daemons/c3po/algorithms/t2_free_space_only_pop.py +10 -7
rucio/daemons/c3po/algorithms/t2_free_space_only_pop_with_network.py +30 -15
rucio/daemons/c3po/c3po.py +81 -52
rucio/daemons/c3po/collectors/__init__.py +0 -1
rucio/daemons/c3po/collectors/agis.py +17 -17
rucio/daemons/c3po/collectors/free_space.py +32 -13
rucio/daemons/c3po/collectors/jedi_did.py +14 -5
rucio/daemons/c3po/collectors/mock_did.py +11 -6
rucio/daemons/c3po/collectors/network_metrics.py +12 -4
rucio/daemons/c3po/collectors/workload.py +21 -19
rucio/daemons/c3po/utils/__init__.py +0 -1
rucio/daemons/c3po/utils/dataset_cache.py +15 -5
rucio/daemons/c3po/utils/expiring_dataset_cache.py +16 -5
rucio/daemons/c3po/utils/expiring_list.py +6 -7
rucio/daemons/c3po/utils/popularity.py +5 -2
rucio/daemons/c3po/utils/timeseries.py +25 -12
rucio/daemons/cache/__init__.py +0 -1
rucio/daemons/cache/consumer.py +21 -15
rucio/daemons/common.py +42 -18
rucio/daemons/conveyor/__init__.py +0 -1
rucio/daemons/conveyor/common.py +69 -37
rucio/daemons/conveyor/finisher.py +83 -46
rucio/daemons/conveyor/poller.py +101 -69
rucio/daemons/conveyor/preparer.py +35 -28
rucio/daemons/conveyor/receiver.py +64 -21
rucio/daemons/conveyor/stager.py +33 -28
rucio/daemons/conveyor/submitter.py +71 -47
rucio/daemons/conveyor/throttler.py +99 -35
rucio/daemons/follower/__init__.py +0 -1
rucio/daemons/follower/follower.py +12 -8
rucio/daemons/hermes/__init__.py +0 -1
rucio/daemons/hermes/hermes.py +57 -21
rucio/daemons/judge/__init__.py +0 -1
rucio/daemons/judge/cleaner.py +27 -17
rucio/daemons/judge/evaluator.py +31 -18
rucio/daemons/judge/injector.py +31 -23
rucio/daemons/judge/repairer.py +28 -18
rucio/daemons/oauthmanager/__init__.py +0 -1
rucio/daemons/oauthmanager/oauthmanager.py +7 -8
rucio/daemons/reaper/__init__.py +0 -1
rucio/daemons/reaper/dark_reaper.py +15 -9
rucio/daemons/reaper/reaper.py +109 -67
rucio/daemons/replicarecoverer/__init__.py +0 -1
rucio/daemons/replicarecoverer/suspicious_replica_recoverer.py +255 -116
rucio/{api → daemons/rsedecommissioner}/__init__.py +0 -1
rucio/daemons/rsedecommissioner/config.py +81 -0
rucio/daemons/rsedecommissioner/profiles/__init__.py +24 -0
rucio/daemons/rsedecommissioner/profiles/atlas.py +60 -0
rucio/daemons/rsedecommissioner/profiles/generic.py +451 -0
rucio/daemons/rsedecommissioner/profiles/types.py +92 -0
rucio/daemons/rsedecommissioner/rse_decommissioner.py +280 -0
rucio/daemons/storage/__init__.py +0 -1
rucio/daemons/storage/consistency/__init__.py +0 -1
rucio/daemons/storage/consistency/actions.py +152 -59
rucio/daemons/tracer/__init__.py +0 -1
rucio/daemons/tracer/kronos.py +47 -24
rucio/daemons/transmogrifier/__init__.py +0 -1
rucio/daemons/transmogrifier/transmogrifier.py +35 -26
rucio/daemons/undertaker/__init__.py +0 -1
rucio/daemons/undertaker/undertaker.py +10 -10
rucio/db/__init__.py +0 -1
rucio/db/sqla/__init__.py +16 -2
rucio/db/sqla/constants.py +10 -1
rucio/db/sqla/migrate_repo/__init__.py +0 -1
rucio/db/sqla/migrate_repo/env.py +0 -1
rucio/db/sqla/migrate_repo/versions/01eaf73ab656_add_new_rule_notification_state_progress.py +0 -1
rucio/db/sqla/migrate_repo/versions/0437a40dbfd1_add_eol_at_in_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/0f1adb7a599a_create_transfer_hops_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/102efcf145f4_added_stuck_at_column_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/13d4f70c66a9_introduce_transfer_limits.py +1 -3
rucio/db/sqla/migrate_repo/versions/140fef722e91_cleanup_distances_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/14ec5aeb64cf_add_request_external_host.py +0 -3
rucio/db/sqla/migrate_repo/versions/156fb5b5a14_add_request_type_to_requests_idx.py +1 -4
rucio/db/sqla/migrate_repo/versions/1677d4d803c8_split_rse_availability_into_multiple.py +0 -1
rucio/db/sqla/migrate_repo/versions/16a0aca82e12_create_index_on_table_replicas_path.py +0 -2
rucio/db/sqla/migrate_repo/versions/1803333ac20f_adding_provenance_and_phys_group.py +0 -1
rucio/db/sqla/migrate_repo/versions/1a29d6a9504c_add_didtype_chck_to_requests.py +0 -1
rucio/db/sqla/migrate_repo/versions/1a80adff031a_create_index_on_rules_hist_recent.py +0 -2
rucio/db/sqla/migrate_repo/versions/1c45d9730ca6_increase_identity_length.py +0 -1
rucio/db/sqla/migrate_repo/versions/1d1215494e95_add_quarantined_replicas_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/1d96f484df21_asynchronous_rules_and_rule_approval.py +0 -1
rucio/db/sqla/migrate_repo/versions/1f46c5f240ac_add_bytes_column_to_bad_replicas.py +0 -3
rucio/db/sqla/migrate_repo/versions/1fc15ab60d43_add_message_history_table.py +0 -1
rucio/db/sqla/migrate_repo/versions/2190e703eb6e_move_rse_settings_to_rse_attributes.py +1 -2
rucio/db/sqla/migrate_repo/versions/21d6b9dc9961_add_mismatch_scheme_state_to_requests.py +0 -1
rucio/db/sqla/migrate_repo/versions/22cf51430c78_add_availability_column_to_table_rses.py +0 -3
rucio/db/sqla/migrate_repo/versions/22d887e4ec0a_create_sources_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/25821a8a45a3_remove_unique_constraint_on_requests.py +1 -4
rucio/db/sqla/migrate_repo/versions/25fc855625cf_added_unique_constraint_to_rules.py +0 -2
rucio/db/sqla/migrate_repo/versions/269fee20dee9_add_repair_cnt_to_locks.py +0 -3
rucio/db/sqla/migrate_repo/versions/271a46ea6244_add_ignore_availability_column_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/277b5fbb41d3_switch_heartbeats_executable.py +1 -2
rucio/db/sqla/migrate_repo/versions/27e3a68927fb_remove_replicas_tombstone_and_replicas_.py +0 -1
rucio/db/sqla/migrate_repo/versions/2854cd9e168_added_rule_id_column.py +0 -1
rucio/db/sqla/migrate_repo/versions/295289b5a800_processed_by_and__at_in_requests.py +0 -2
rucio/db/sqla/migrate_repo/versions/2962ece31cf4_add_nbaccesses_column_in_the_did_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/2af3291ec4c_added_replicas_history_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/2b69addda658_add_columns_for_third_party_copy_read_.py +0 -2
rucio/db/sqla/migrate_repo/versions/2b8e7bcb4783_add_config_table.py +1 -4
rucio/db/sqla/migrate_repo/versions/2ba5229cb54c_add_submitted_at_to_requests_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/2cbee484dcf9_added_column_volume_to_rse_transfer_.py +1 -4
rucio/db/sqla/migrate_repo/versions/2edee4a83846_add_source_to_requests_and_requests_.py +0 -1
rucio/db/sqla/migrate_repo/versions/2eef46be23d4_change_tokens_pk.py +1 -3
rucio/db/sqla/migrate_repo/versions/2f648fc909f3_index_in_rule_history_on_scope_name.py +0 -2
rucio/db/sqla/migrate_repo/versions/3082b8cef557_add_naming_convention_table_and_closed_.py +1 -3
rucio/db/sqla/migrate_repo/versions/30fa38b6434e_add_index_on_service_column_in_the_message_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/3152492b110b_added_staging_area_column.py +1 -2
rucio/db/sqla/migrate_repo/versions/32c7d2783f7e_create_bad_replicas_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/3345511706b8_replicas_table_pk_definition_is_in_.py +1 -3
rucio/db/sqla/migrate_repo/versions/35ef10d1e11b_change_index_on_table_requests.py +0 -2
rucio/db/sqla/migrate_repo/versions/379a19b5332d_create_rse_limits_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/384b96aa0f60_created_rule_history_tables.py +2 -3
rucio/db/sqla/migrate_repo/versions/3ac1660a1a72_extend_distance_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/3ad36e2268b0_create_collection_replicas_updates_table.py +1 -4
rucio/db/sqla/migrate_repo/versions/3c9df354071b_extend_waiting_request_state.py +0 -1
rucio/db/sqla/migrate_repo/versions/3d9813fab443_add_a_new_state_lost_in_badfilesstatus.py +0 -1
rucio/db/sqla/migrate_repo/versions/40ad39ce3160_add_transferred_at_to_requests_table.py +0 -3
rucio/db/sqla/migrate_repo/versions/4207be2fd914_add_notification_column_to_rules.py +0 -1
rucio/db/sqla/migrate_repo/versions/42db2617c364_create_index_on_requests_external_id.py +0 -2
rucio/db/sqla/migrate_repo/versions/436827b13f82_added_column_activity_to_table_requests.py +0 -3
rucio/db/sqla/migrate_repo/versions/44278720f774_update_requests_typ_sta_upd_idx_index.py +0 -2
rucio/db/sqla/migrate_repo/versions/45378a1e76a8_create_collection_replica_table.py +2 -4
rucio/db/sqla/migrate_repo/versions/469d262be19_removing_created_at_index.py +0 -2
rucio/db/sqla/migrate_repo/versions/4783c1f49cb4_create_distance_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/49a21b4d4357_create_index_on_table_tokens.py +1 -4
rucio/db/sqla/migrate_repo/versions/4a2cbedda8b9_add_source_replica_expression_column_to_.py +0 -3
rucio/db/sqla/migrate_repo/versions/4a7182d9578b_added_bytes_length_accessed_at_columns.py +0 -3
rucio/db/sqla/migrate_repo/versions/4bab9edd01fc_create_index_on_requests_rule_id.py +0 -2
rucio/db/sqla/migrate_repo/versions/4c3a4acfe006_new_attr_account_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/4cf0a2e127d4_adding_transient_metadata.py +0 -3
rucio/db/sqla/migrate_repo/versions/4df2c5ddabc0_remove_temporary_dids.py +55 -0
rucio/db/sqla/migrate_repo/versions/50280c53117c_add_qos_class_to_rse.py +0 -2
rucio/db/sqla/migrate_repo/versions/52153819589c_add_rse_id_to_replicas_table.py +0 -2
rucio/db/sqla/migrate_repo/versions/52fd9f4916fa_added_activity_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/53b479c3cb0f_fix_did_meta_table_missing_updated_at_.py +0 -3
rucio/db/sqla/migrate_repo/versions/5673b4b6e843_add_wfms_metadata_to_rule_tables.py +0 -3
rucio/db/sqla/migrate_repo/versions/575767d9f89_added_source_history_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/58bff7008037_add_started_at_to_requests.py +0 -3
rucio/db/sqla/migrate_repo/versions/58c8b78301ab_rename_callback_to_message.py +1 -3
rucio/db/sqla/migrate_repo/versions/5f139f77382a_added_child_rule_id_column.py +1 -3
rucio/db/sqla/migrate_repo/versions/688ef1840840_adding_did_meta_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/6e572a9bfbf3_add_new_split_container_column_to_rules.py +0 -3
rucio/db/sqla/migrate_repo/versions/70587619328_add_comment_column_for_subscriptions.py +0 -3
rucio/db/sqla/migrate_repo/versions/739064d31565_remove_history_table_pks.py +1 -2
rucio/db/sqla/migrate_repo/versions/7541902bf173_add_didsfollowed_and_followevents_table.py +2 -4
rucio/db/sqla/migrate_repo/versions/7ec22226cdbf_new_replica_state_for_temporary_.py +0 -1
rucio/db/sqla/migrate_repo/versions/810a41685bc1_added_columns_rse_transfer_limits.py +1 -4
rucio/db/sqla/migrate_repo/versions/83f991c63a93_correct_rse_expression_length.py +0 -2
rucio/db/sqla/migrate_repo/versions/8523998e2e76_increase_size_of_extended_attributes_.py +0 -3
rucio/db/sqla/migrate_repo/versions/8ea9122275b1_adding_missing_function_based_indices.py +1 -2
rucio/db/sqla/migrate_repo/versions/90f47792bb76_add_clob_payload_to_messages.py +0 -3
rucio/db/sqla/migrate_repo/versions/914b8f02df38_new_table_for_lifetime_model_exceptions.py +1 -3
rucio/db/sqla/migrate_repo/versions/94a5961ddbf2_add_estimator_columns.py +0 -3
rucio/db/sqla/migrate_repo/versions/9a1b149a2044_add_saml_identity_type.py +0 -1
rucio/db/sqla/migrate_repo/versions/9a45bc4ea66d_add_vp_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/9eb936a81eb1_true_is_true.py +0 -2
rucio/db/sqla/migrate_repo/versions/a08fa8de1545_transfer_stats_table.py +55 -0
rucio/db/sqla/migrate_repo/versions/a118956323f8_added_vo_table_and_vo_col_to_rse.py +1 -3
rucio/db/sqla/migrate_repo/versions/a193a275255c_add_status_column_in_messages.py +0 -2
rucio/db/sqla/migrate_repo/versions/a5f6f6e928a7_1_7_0.py +1 -4
rucio/db/sqla/migrate_repo/versions/a616581ee47_added_columns_to_table_requests.py +0 -1
rucio/db/sqla/migrate_repo/versions/a6eb23955c28_state_idx_non_functional.py +0 -1
rucio/db/sqla/migrate_repo/versions/a74275a1ad30_added_global_quota_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/a93e4e47bda_heartbeats.py +1 -4
rucio/db/sqla/migrate_repo/versions/ae2a56fcc89_added_comment_column_to_rules.py +0 -1
rucio/db/sqla/migrate_repo/versions/b0070f3695c8_add_deletedidmeta_table.py +57 -0
rucio/db/sqla/migrate_repo/versions/b4293a99f344_added_column_identity_to_table_tokens.py +0 -3
rucio/db/sqla/migrate_repo/versions/b5493606bbf5_fix_primary_key_for_subscription_history.py +41 -0
rucio/db/sqla/migrate_repo/versions/b7d287de34fd_removal_of_replicastate_source.py +1 -2
rucio/db/sqla/migrate_repo/versions/b818052fa670_add_index_to_quarantined_replicas.py +1 -3
rucio/db/sqla/migrate_repo/versions/b8caac94d7f0_add_comments_column_for_subscriptions_.py +0 -3
rucio/db/sqla/migrate_repo/versions/b96a1c7e1cc4_new_bad_pfns_table_and_bad_replicas_.py +1 -5
rucio/db/sqla/migrate_repo/versions/bb695f45c04_extend_request_state.py +1 -3
rucio/db/sqla/migrate_repo/versions/bc68e9946deb_add_staging_timestamps_to_request.py +0 -3
rucio/db/sqla/migrate_repo/versions/bf3baa1c1474_correct_pk_and_idx_for_history_tables.py +1 -3
rucio/db/sqla/migrate_repo/versions/c0937668555f_add_qos_policy_map_table.py +1 -2
rucio/db/sqla/migrate_repo/versions/c129ccdb2d5_add_lumiblocknr_to_dids.py +0 -3
rucio/db/sqla/migrate_repo/versions/ccdbcd48206e_add_did_type_column_index_on_did_meta_.py +1 -4
rucio/db/sqla/migrate_repo/versions/cebad904c4dd_new_payload_column_for_heartbeats.py +1 -2
rucio/db/sqla/migrate_repo/versions/d1189a09c6e0_oauth2_0_and_jwt_feature_support_adding_.py +1 -4
rucio/db/sqla/migrate_repo/versions/d23453595260_extend_request_state_for_preparer.py +1 -3
rucio/db/sqla/migrate_repo/versions/d6dceb1de2d_added_purge_column_to_rules.py +1 -4
rucio/db/sqla/migrate_repo/versions/d6e2c3b2cf26_remove_third_party_copy_column_from_rse.py +0 -2
rucio/db/sqla/migrate_repo/versions/d91002c5841_new_account_limits_table.py +1 -3
rucio/db/sqla/migrate_repo/versions/e138c364ebd0_extending_columns_for_filter_and_.py +0 -3
rucio/db/sqla/migrate_repo/versions/e59300c8b179_support_for_archive.py +1 -3
rucio/db/sqla/migrate_repo/versions/f1b14a8c2ac1_postgres_use_check_constraints.py +0 -1
rucio/db/sqla/migrate_repo/versions/f41ffe206f37_oracle_global_temporary_tables.py +1 -2
rucio/db/sqla/migrate_repo/versions/f85a2962b021_adding_transfertool_column_to_requests_.py +1 -3
rucio/db/sqla/migrate_repo/versions/fa7a7d78b602_increase_refresh_token_size.py +0 -2
rucio/db/sqla/migrate_repo/versions/fb28a95fe288_add_replicas_rse_id_tombstone_idx.py +0 -1
rucio/db/sqla/migrate_repo/versions/fe1a65b176c9_set_third_party_copy_read_and_write_.py +1 -2
rucio/db/sqla/migrate_repo/versions/fe8ea2fa9788_added_third_party_copy_column_to_rse_.py +0 -3
rucio/db/sqla/models.py +122 -216
rucio/db/sqla/sautils.py +12 -5
rucio/db/sqla/session.py +71 -43
rucio/db/sqla/types.py +3 -4
rucio/db/sqla/util.py +91 -69
rucio/gateway/__init__.py +13 -0
rucio/{api → gateway}/account.py +119 -46
rucio/{api → gateway}/account_limit.py +12 -13
rucio/{api → gateway}/authentication.py +106 -33
rucio/{api → gateway}/config.py +12 -13
rucio/{api → gateway}/credential.py +15 -4
rucio/{api → gateway}/did.py +384 -140
rucio/{api → gateway}/dirac.py +16 -6
rucio/{api → gateway}/exporter.py +3 -4
rucio/{api → gateway}/heartbeat.py +17 -5
rucio/{api → gateway}/identity.py +63 -19
rucio/{api → gateway}/importer.py +3 -4
rucio/{api → gateway}/lifetime_exception.py +35 -10
rucio/{api → gateway}/lock.py +34 -12
rucio/{api/meta.py → gateway/meta_conventions.py} +18 -16
rucio/{api → gateway}/permission.py +4 -5
rucio/{api → gateway}/quarantined_replica.py +13 -4
rucio/{api → gateway}/replica.py +12 -11
rucio/{api → gateway}/request.py +129 -28
rucio/{api → gateway}/rse.py +11 -12
rucio/{api → gateway}/rule.py +117 -35
rucio/{api → gateway}/scope.py +24 -14
rucio/{api → gateway}/subscription.py +65 -43
rucio/{api → gateway}/vo.py +17 -7
rucio/rse/__init__.py +3 -4
rucio/rse/protocols/__init__.py +0 -1
rucio/rse/protocols/bittorrent.py +184 -0
rucio/rse/protocols/cache.py +1 -2
rucio/rse/protocols/dummy.py +1 -2
rucio/rse/protocols/gfal.py +12 -10
rucio/rse/protocols/globus.py +7 -7
rucio/rse/protocols/gsiftp.py +2 -3
rucio/rse/protocols/http_cache.py +1 -2
rucio/rse/protocols/mock.py +1 -2
rucio/rse/protocols/ngarc.py +1 -2
rucio/rse/protocols/posix.py +12 -13
rucio/rse/protocols/protocol.py +116 -52
rucio/rse/protocols/rclone.py +6 -7
rucio/rse/protocols/rfio.py +4 -5
rucio/rse/protocols/srm.py +9 -10
rucio/rse/protocols/ssh.py +8 -9
rucio/rse/protocols/storm.py +2 -3
rucio/rse/protocols/webdav.py +17 -14
rucio/rse/protocols/xrootd.py +23 -17
rucio/rse/rsemanager.py +19 -7
rucio/tests/__init__.py +0 -1
rucio/tests/common.py +43 -17
rucio/tests/common_server.py +3 -3
rucio/transfertool/__init__.py +0 -1
rucio/transfertool/bittorrent.py +199 -0
rucio/transfertool/bittorrent_driver.py +52 -0
rucio/transfertool/bittorrent_driver_qbittorrent.py +133 -0
rucio/transfertool/fts3.py +250 -138
rucio/transfertool/fts3_plugins.py +152 -0
rucio/transfertool/globus.py +9 -8
rucio/transfertool/globus_library.py +1 -2
rucio/transfertool/mock.py +21 -12
rucio/transfertool/transfertool.py +33 -24
rucio/vcsversion.py +4 -4
rucio/version.py +5 -13
rucio/web/__init__.py +0 -1
rucio/web/rest/__init__.py +0 -1
rucio/web/rest/flaskapi/__init__.py +0 -1
rucio/web/rest/flaskapi/authenticated_bp.py +0 -1
rucio/web/rest/flaskapi/v1/__init__.py +0 -1
rucio/web/rest/flaskapi/v1/accountlimits.py +15 -13
rucio/web/rest/flaskapi/v1/accounts.py +49 -48
rucio/web/rest/flaskapi/v1/archives.py +12 -10
rucio/web/rest/flaskapi/v1/auth.py +146 -144
rucio/web/rest/flaskapi/v1/common.py +82 -41
rucio/web/rest/flaskapi/v1/config.py +5 -6
rucio/web/rest/flaskapi/v1/credentials.py +7 -8
rucio/web/rest/flaskapi/v1/dids.py +158 -28
rucio/web/rest/flaskapi/v1/dirac.py +8 -8
rucio/web/rest/flaskapi/v1/export.py +3 -5
rucio/web/rest/flaskapi/v1/heartbeats.py +3 -5
rucio/web/rest/flaskapi/v1/identities.py +3 -5
rucio/web/rest/flaskapi/v1/import.py +3 -4
rucio/web/rest/flaskapi/v1/lifetime_exceptions.py +6 -9
rucio/web/rest/flaskapi/v1/locks.py +2 -4
rucio/web/rest/flaskapi/v1/main.py +10 -2
rucio/web/rest/flaskapi/v1/{meta.py → meta_conventions.py} +26 -11
rucio/web/rest/flaskapi/v1/metrics.py +1 -2
rucio/web/rest/flaskapi/v1/nongrid_traces.py +4 -4
rucio/web/rest/flaskapi/v1/ping.py +6 -7
rucio/web/rest/flaskapi/v1/redirect.py +8 -9
rucio/web/rest/flaskapi/v1/replicas.py +43 -19
rucio/web/rest/flaskapi/v1/requests.py +178 -21
rucio/web/rest/flaskapi/v1/rses.py +61 -26
rucio/web/rest/flaskapi/v1/rules.py +48 -18
rucio/web/rest/flaskapi/v1/scopes.py +3 -5
rucio/web/rest/flaskapi/v1/subscriptions.py +22 -18
rucio/web/rest/flaskapi/v1/traces.py +4 -4
rucio/web/rest/flaskapi/v1/types.py +20 -0
rucio/web/rest/flaskapi/v1/vos.py +3 -5
rucio/web/rest/main.py +0 -1
rucio/web/rest/metrics.py +0 -1
rucio/web/rest/ping.py +27 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/ldap.cfg.template +1 -1
rucio-35.8.0.data/data/rucio/requirements.server.txt +268 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/tools/bootstrap.py +3 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/tools/merge_rucio_configs.py +2 -5
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/tools/reset_database.py +3 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio +87 -85
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-abacus-account +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-abacus-collection-replica +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-abacus-rse +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-admin +45 -32
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-atropos +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-auditor +13 -7
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-automatix +1 -2
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-bb8 +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-c3po +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-cache-client +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-cache-consumer +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-finisher +1 -2
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-poller +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-preparer +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-receiver +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-stager +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-submitter +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-conveyor-throttler +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-dark-reaper +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-dumper +11 -10
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-follower +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-hermes +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-cleaner +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-evaluator +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-injector +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-judge-repairer +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-kronos +1 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-minos +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-minos-temporary-expiration +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-necromancer +1 -2
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-oauth-manager +2 -3
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-reaper +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-replica-recoverer +6 -7
rucio-35.8.0.data/scripts/rucio-rse-decommissioner +66 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-storage-consistency-actions +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-transmogrifier +0 -1
{rucio-32.8.6.data → rucio-35.8.0.data}/scripts/rucio-undertaker +1 -2
rucio-35.8.0.dist-info/METADATA +72 -0
rucio-35.8.0.dist-info/RECORD +493 -0
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/WHEEL +1 -1
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/licenses/AUTHORS.rst +3 -0
rucio/api/temporary_did.py +0 -49
rucio/common/schema/cms.py +0 -478
rucio/common/schema/lsst.py +0 -423
rucio/core/permission/cms.py +0 -1166
rucio/core/temporary_did.py +0 -188
rucio/daemons/reaper/light_reaper.py +0 -255
rucio/web/rest/flaskapi/v1/tmp_dids.py +0 -115
rucio-32.8.6.data/data/rucio/requirements.txt +0 -55
rucio-32.8.6.data/scripts/rucio-light-reaper +0 -53
rucio-32.8.6.dist-info/METADATA +0 -83
rucio-32.8.6.dist-info/RECORD +0 -481
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/alembic.ini.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/alembic_offline.ini.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/globus-config.yml.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_approval_request.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_approved_admin.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_approved_user.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_denied_admin.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_denied_user.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/mail_templates/rule_ok_notification.tmpl +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rse-accounts.cfg.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rucio.cfg.atlas.client.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rucio.cfg.template +0 -0
{rucio-32.8.6.data → rucio-35.8.0.data}/data/rucio/etc/rucio_multi_vo.cfg.template +0 -0
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/licenses/LICENSE +0 -0
{rucio-32.8.6.dist-info → rucio-35.8.0.dist-info}/top_level.txt +0 -0

rucio/web/rest/flaskapi/v1/auth.py CHANGED Viewed

@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 # Copyright European Organization for Nuclear Research (CERN) since 2012
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,36 +12,44 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-import base64
 import json
 import logging
 import time
 from typing import TYPE_CHECKING
 from urllib.parse import urlparse
-from flask import Flask, Blueprint, request, Response, redirect, render_template
+from flask import Blueprint, Flask, Response, redirect, render_template, request
 from werkzeug.datastructures import Headers
-from rucio.api.authentication import get_auth_token_user_pass, get_auth_token_gss, get_auth_token_x509, \
-    get_auth_token_ssh, get_ssh_challenge_token, validate_auth_token, get_auth_oidc, redirect_auth_oidc, \
-    get_token_oidc, refresh_cli_auth_token, get_auth_token_saml
-from rucio.api.identity import list_accounts_for_identity, get_default_account, verify_identity
 from rucio.common.config import config_get
-from rucio.common.exception import AccessDenied, IdentityError, IdentityNotFound, CannotAuthenticate, CannotAuthorize
+from rucio.common.exception import AccessDenied, CannotAuthenticate, CannotAuthorize, IdentityError, IdentityNotFound
 from rucio.common.extra import import_extras
 from rucio.common.utils import date_to_str
 from rucio.core.authentication import strip_x509_proxy_attributes
-from rucio.web.rest.flaskapi.v1.common import check_accept_header_wrapper_flask, error_headers, \
-    extract_vo, generate_http_error_flask, ErrorHandlingMethodView
+from rucio.gateway.authentication import (
+    get_auth_oidc,
+    get_auth_token_gss,
+    get_auth_token_saml,
+    get_auth_token_ssh,
+    get_auth_token_user_pass,
+    get_auth_token_x509,
+    get_ssh_challenge_token,
+    get_token_oidc,
+    redirect_auth_oidc,
+    refresh_cli_auth_token,
+    validate_auth_token,
+)
+from rucio.web.rest.flaskapi.v1.common import ErrorHandlingMethodView, check_accept_header_wrapper_flask, error_headers, extract_vo, generate_http_error_flask, get_account_from_verified_identity
 if TYPE_CHECKING:
-    from typing import Optional
-    from rucio.web.rest.flaskapi.v1.common import HeadersType
+    from flask.typing import ResponseReturnValue
 EXTRA_MODULES = import_extras(['onelogin'])
 if EXTRA_MODULES['onelogin']:
     from onelogin.saml2.auth import OneLogin_Saml2_Auth  # pylint: disable=import-error
     from rucio.web.ui.flask.common.utils import prepare_saml_request
@@ -51,16 +58,16 @@ class UserPass(ErrorHandlingMethodView):
     Authenticate a Rucio account temporarily via username and password.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
-        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
+        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')  # type: ignore (value could be None)
+        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')  # type: ignore (value could be None)
         headers['Access-Control-Allow-Methods'] = '*'
         headers['Access-Control-Allow-Credentials'] = 'true'
         headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token, X-Rucio-Auth-Token-Expires, X-Rucio-Auth-Account, X-Rucio-Auth-Accounts'
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: UserPass Allow cross-site scripting
@@ -96,7 +103,7 @@ class UserPass(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: UserPass
@@ -178,48 +185,49 @@ class UserPass(ErrorHandlingMethodView):
         headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
         headers.add('Cache-Control', 'post-check=0, pre-check=0')
         headers['Pragma'] = 'no-cache'
         vo = extract_vo(request.headers)
         account = request.headers.get('X-Rucio-Account', default=None)
         username = request.headers.get('X-Rucio-Username', default=None)
         password = request.headers.get('X-Rucio-Password', default=None)
         appid = request.headers.get('X-Rucio-AppID', default='unknown')
         ip = request.headers.get('X-Forwarded-For', default=request.remote_addr)
         if not username or not password:
             return generate_http_error_flask(401, CannotAuthenticate.__name__, 'Cannot authenticate without passing all required arguments', headers=headers)
+        accounts: list[str] = []
         if not account:
-            accounts = list_accounts_for_identity(identity_key=username, id_type='USERPASS')
-            if accounts is None or len(accounts) == 0:
-                try:
-                    verify_identity(identity_key=username, id_type='USERPASS', password=password)
-                except IdentityNotFound:
-                    return generate_http_error_flask(401, IdentityNotFound.__name__, 'Cannot authenticate. Username/Password pair does not exist.', headers=headers)
-                except IdentityError:
-                    return generate_http_error_flask(401, IdentityError.__name__, 'Cannot authenticate. The identity does not exist.', headers=headers)
-                return generate_http_error_flask(401, CannotAuthenticate.__name__, 'Cannot authenticate with provided username or password. Identity is not mapped to any accounts.', headers=headers)
-            if len(accounts) > 1:
-                try:
-                    account = get_default_account(identity_key=username, id_type='USERPASS')
-                except IdentityError:
-                    headers['X-Rucio-Auth-Accounts'] = ','.join(accounts)
-                    return json.dumps(accounts), 206, headers
-            else:
-                account = accounts[0]
+            try:
+                accounts = get_account_from_verified_identity(identity_key=username, id_type='USERPASS', password=password)
+            except IdentityNotFound:
+                return generate_http_error_flask(401, IdentityNotFound.__name__, 'Cannot authenticate. Username/Password pair does not exist.', headers=headers)
+            except IdentityError:
+                return generate_http_error_flask(401, IdentityError.__name__, 'Cannot authenticate. The identity does not exist.', headers=headers)
+        else:
+            accounts = [account]
+        if len(accounts) > 1:
+            account_names: list[str] = []
+            for account in accounts:
+                if isinstance(account, str):
+                    account_names.append(account)
+                else:
+                    account_names.append(account.external)
+            headers['X-Rucio-Auth-Accounts'] = ','.join(accounts)
+            return json.dumps(account_names), 206, headers
+        account = accounts[0]
         account_name = account if isinstance(account, str) else account.external
         try:
             result = get_auth_token_user_pass(account_name, username, password, appid, ip, vo=vo)
+            if not result:
+                return generate_http_error_flask(401, CannotAuthenticate.__name__, f'Cannot authenticate to account {account} with given credentials', headers=headers)
+            headers['X-Rucio-Auth-Account'] = account_name
+            headers['X-Rucio-Auth-Token'] = result['token']
+            headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])  # type: ignore (value could be None)
+            return '', 200, headers
         except AccessDenied:
             return generate_http_error_flask(401, CannotAuthenticate.__name__, f'Cannot authenticate to account {account} with given credentials', headers=headers)
-        if not result:
-            return generate_http_error_flask(401, CannotAuthenticate.__name__, f'Cannot authenticate to account {account} with given credentials', headers=headers)
-        headers['X-Rucio-Auth-Account'] = account_name
-        headers['X-Rucio-Auth-Token'] = result['token']
-        headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])
-        return '', 200, headers
 class OIDC(ErrorHandlingMethodView):
     """
@@ -227,15 +235,15 @@ class OIDC(ErrorHandlingMethodView):
     nonce, Rucio OIDC Client ID with the correct issuers authentication endpoint).
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
-        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
+        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')  # type: ignore (value could be None)
+        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')  # type: ignore (value could be None)
         headers['Access-Control-Allow-Methods'] = '*'
         headers['Access-Control-Allow-Credentials'] = 'true'
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: OIDC Allow cross-site scripting
@@ -267,7 +275,7 @@ class OIDC(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: OIDC
@@ -374,15 +382,15 @@ class RedirectOIDC(ErrorHandlingMethodView):
     an Identity Provider (XDC IAM as of June 2019).
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))
-        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
+        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))  # type: ignore (value could be None)
+        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))  # type: ignore (value could be None)
         headers.set('Access-Control-Allow-Methods', '*')
         headers.set('Access-Control-Allow-Credentials', 'true')
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: RedirectOIDC Allow cross-site scripting
@@ -413,7 +421,7 @@ class RedirectOIDC(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream', 'text/html'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: RedirectOIDC
@@ -489,15 +497,15 @@ class CodeOIDC(ErrorHandlingMethodView):
     operation is confirmed waiting for the Rucio client to get the token automatically.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))
-        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
+        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))  # type: ignore (value could be None)
+        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))  # type: ignore (value could be None)
         headers.set('Access-Control-Allow-Methods', '*')
         headers.set('Access-Control-Allow-Credentials', 'true')
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: CodeOIDC Allow cross-site scripting
@@ -528,7 +536,7 @@ class CodeOIDC(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream', 'text/html'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: CodeOIDC
@@ -586,15 +594,15 @@ class TokenOIDC(ErrorHandlingMethodView):
     received from an Identity Provider.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))
-        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
+        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))  # type: ignore (value could be None)
+        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))  # type: ignore (value could be None)
         headers.set('Access-Control-Allow-Methods', '*')
         headers.set('Access-Control-Allow-Credentials', 'true')
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: TokenOIDC Allow cross-site scripting
@@ -625,7 +633,7 @@ class TokenOIDC(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: TokenOIDC
@@ -671,7 +679,7 @@ class TokenOIDC(ErrorHandlingMethodView):
             return generate_http_error_flask(401, CannotAuthorize.__name__, 'Cannot authorize token request.', headers=headers)
         if 'token' in result and 'webhome' not in result:
             headers.set('X-Rucio-Auth-Token', result['token']['token'])
-            headers.set('X-Rucio-Auth-Token-Expires', date_to_str(result['token']['expires_at']))
+            headers.set('X-Rucio-Auth-Token-Expires', date_to_str(result['token']['expires_at']))  # type: ignore (value could be None)
             return '', 200, headers
         elif 'webhome' in result:
             webhome = result['webhome']
@@ -700,16 +708,16 @@ class RefreshOIDC(ErrorHandlingMethodView):
     is a result of a previous refresh happening in the last 10 min, the same token will be returned.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))
-        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
+        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))  # type: ignore (value could be None)
+        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))  # type: ignore (value could be None)
         headers.set('Access-Control-Allow-Methods', '*')
         headers.set('Access-Control-Allow-Credentials', 'true')
         headers.set('Access-Control-Expose-Headers', 'X-Rucio-Auth-Token')
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: RefreshOIDC Allow cross-site scripting
@@ -744,7 +752,7 @@ class RefreshOIDC(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: RefreshOIDC
@@ -809,16 +817,16 @@ class GSS(ErrorHandlingMethodView):
     Authenticate a Rucio account temporarily via a GSS token.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
-        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
+        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')  # type: ignore (value could be None)
+        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')  # type: ignore (value could be None)
         headers['Access-Control-Allow-Methods'] = '*'
         headers['Access-Control-Allow-Credentials'] = 'true'
         headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token'
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: GSS Allow cross-site scripting
@@ -853,7 +861,7 @@ class GSS(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: GSS
@@ -927,7 +935,7 @@ class GSS(ErrorHandlingMethodView):
             )
         headers['X-Rucio-Auth-Token'] = result['token']
-        headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])
+        headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])  # type: ignore (value could be None)
         return '', 200, headers
@@ -936,16 +944,16 @@ class x509(ErrorHandlingMethodView):
     Authenticate a Rucio account temporarily via an x509 certificate.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
-        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
+        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')  # type: ignore (value could be None)
+        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')  # type: ignore (value could be None)
         headers['Access-Control-Allow-Methods'] = '*'
         headers['Access-Control-Allow-Credentials'] = 'true'
         headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token, X-Rucio-Auth-Token-Expires, X-Rucio-Auth-Account, X-Rucio-Auth-Accounts'
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: x509 Allow cross-site scripting
@@ -980,7 +988,7 @@ class x509(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: x509
@@ -1048,39 +1056,45 @@ class x509(ErrorHandlingMethodView):
         ip = request.headers.get('X-Forwarded-For', default=request.remote_addr)
         return_multiple_accounts = request.headers.get('X-Rucio-Allow-Return-Multiple-Accounts', default=None)
+        accounts: list[str] = []
+        if not account:
+            try:
+                accounts = get_account_from_verified_identity(identity_key=dn, id_type='X509')
+            except IdentityError as e:
+                return generate_http_error_flask(401, IdentityError.__name__, str(e), headers=headers)
+        else:
+            accounts = [account]
+        if len(accounts) > 1:
+            if return_multiple_accounts is None or return_multiple_accounts.lower() != 'true':
+                return generate_http_error_flask(401, CannotAuthenticate.__name__, 'Multiple accounts associated with the provided identity', headers=headers)
+            account_names: list[str] = []
+            for account in accounts:
+                if isinstance(account, str):
+                    account_names.append(account)
+                else:
+                    account_names.append(account.external)
+            headers['X-Rucio-Auth-Accounts'] = ','.join(accounts)
+            return json.dumps(account_names), 206, headers
+        account = accounts[0]
+        account_name = account if isinstance(account, str) else account.external
         result = None
         try:
-            result = get_auth_token_x509(account, dn, appid, ip, vo=vo)
+            result = get_auth_token_x509(account_name, dn, appid, ip, vo=vo)
         except AccessDenied:
             return generate_http_error_flask(
                 status_code=401,
                 exc=CannotAuthenticate.__name__,
-                exc_msg=f'Cannot authenticate to account {account} with given credentials',
+                exc_msg=f'Cannot authenticate to account {account_name} with given credentials',
+                headers=headers
+            )
+        except IdentityError as e:
+            return generate_http_error_flask(
+                status_code=401,
+                exc=CannotAuthenticate.__name__,
+                exc_msg=str(e),
                 headers=headers
             )
-        except IdentityError:
-            if not return_multiple_accounts:
-                return generate_http_error_flask(
-                    status_code=401,
-                    exc=CannotAuthenticate.__name__,
-                    exc_msg=f'No default account set for {dn}',
-                    headers=headers
-                )
-            accounts = list_accounts_for_identity(identity_key=dn, id_type='X509')
-            if len(accounts) == 1:
-                account = accounts[0]
-                account_name = account if isinstance(account, str) else account.external
-                result = get_auth_token_x509(account_name, dn, appid, ip, vo=vo)
-            elif len(accounts) > 1:
-                headers['X-Rucio-Auth-Accounts'] = ','.join(accounts)
-                return json.dumps(accounts), 206, headers
-            else:
-                return generate_http_error_flask(
-                    status_code=401,
-                    exc=CannotAuthenticate.__name__,
-                    exc_msg=f'No account set for {dn}',
-                    headers=headers
-                )
         if not result:
             return generate_http_error_flask(
@@ -1090,7 +1104,7 @@ class x509(ErrorHandlingMethodView):
                 headers=headers
             )
         headers['X-Rucio-Auth-Token'] = result['token']
-        headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])
+        headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])  # type: ignore (value could be None)
         headers['X-Rucio-Auth-Account'] = account
         return '', 200, headers
@@ -1100,16 +1114,16 @@ class SSH(ErrorHandlingMethodView):
     Authenticate a Rucio account temporarily via SSH key exchange.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
-        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
+        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')  # type: ignore (value could be None)
+        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')  # type: ignore (value could be None)
         headers['Access-Control-Allow-Methods'] = '*'
         headers['Access-Control-Allow-Credentials'] = 'true'
         headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token'
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: SSH Allow cross-site scripting
@@ -1144,7 +1158,7 @@ class SSH(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: SSH
@@ -1198,18 +1212,6 @@ class SSH(ErrorHandlingMethodView):
         appid = request.headers.get('X-Rucio-AppID', default='unknown')
         ip = request.headers.get('X-Forwarded-For', default=request.remote_addr)
-        # decode the signature which must come in base64 encoded
-        try:
-            signature += '=' * ((4 - len(signature) % 4) % 4)  # adding required padding
-            signature = base64.b64decode(signature)
-        except TypeError:
-            return generate_http_error_flask(
-                status_code=401,
-                exc=CannotAuthenticate.__name__,
-                exc_msg=f'Cannot authenticate to account {account} with malformed signature',
-                headers=headers
-            )
         try:
             result = get_auth_token_ssh(account, signature, appid, ip, vo=vo)
         except AccessDenied:
@@ -1229,7 +1231,7 @@ class SSH(ErrorHandlingMethodView):
             )
         headers['X-Rucio-Auth-Token'] = result['token']
-        headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])
+        headers['X-Rucio-Auth-Token-Expires'] = date_to_str(result['expires_at'])  # type: ignore (value could be None)
         return '', 200, headers
@@ -1238,16 +1240,16 @@ class SSHChallengeToken(ErrorHandlingMethodView):
     Request a challenge token for SSH authentication
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
-        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
+        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')  # type: ignore (value could be None)
+        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')  # type: ignore (value could be None)
         headers['Access-Control-Allow-Methods'] = '*'
         headers['Access-Control-Allow-Credentials'] = 'true'
         headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token'
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: SSHChallengeToken Allow cross-site scripting
@@ -1282,7 +1284,7 @@ class SSHChallengeToken(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: SSHChallengeToken
@@ -1341,7 +1343,7 @@ class SSHChallengeToken(ErrorHandlingMethodView):
             )
         headers['X-Rucio-SSH-Challenge-Token'] = result['token']
-        headers['X-Rucio-SSH-Challenge-Token-Expires'] = date_to_str(result['expires_at'])
+        headers['X-Rucio-SSH-Challenge-Token-Expires'] = date_to_str(result['expires_at'])  # type: ignore (value could be None)
         return '', 200, headers
@@ -1350,16 +1352,16 @@ class SAML(ErrorHandlingMethodView):
     Authenticate a Rucio account temporarily via CERN SSO.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))
-        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))
+        headers.set('Access-Control-Allow-Origin', request.environ.get('HTTP_ORIGIN'))  # type: ignore (value could be None)
+        headers.set('Access-Control-Allow-Headers', request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'))  # type: ignore (value could be None)
         headers.set('Access-Control-Allow-Methods', '*')
         headers.set('Access-Control-Allow-Credentials', 'true')
         headers.set('Access-Control-Expose-Headers', 'X-Rucio-Auth-Token')
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: SAML Allow cross-site scripting
@@ -1394,7 +1396,7 @@ class SAML(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: SAML
@@ -1470,7 +1472,7 @@ class SAML(ErrorHandlingMethodView):
                 )
             headers.set('X-Rucio-Auth-Token', result['token'])
-            headers.set('X-Rucio-Auth-Token-Expires', date_to_str(result['expires_at']))
+            headers.set('X-Rucio-Auth-Token-Expires', date_to_str(result['expires_at']))  # type: ignore (value could be None)
             return '', 200, headers
         # Path to the SAML config folder
@@ -1482,7 +1484,7 @@ class SAML(ErrorHandlingMethodView):
         headers.set('X-Rucio-SAML-Auth-URL', auth.login())
         return '', 200, headers
-    def post(self):
+    def post(self) -> 'ResponseReturnValue':
         """
         ---
         summary: Post a SAML request
@@ -1517,16 +1519,16 @@ class Validate(ErrorHandlingMethodView):
     Validate a Rucio Auth Token.
     """
-    def get_headers(self) -> "Optional[HeadersType]":
+    def get_headers(self) -> Headers:
         headers = Headers()
-        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')
-        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
+        headers['Access-Control-Allow-Origin'] = request.environ.get('HTTP_ORIGIN')  # type: ignore (value could be None)
+        headers['Access-Control-Allow-Headers'] = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')  # type: ignore (value could be None)
         headers['Access-Control-Allow-Methods'] = '*'
         headers['Access-Control-Allow-Credentials'] = 'true'
         headers['Access-Control-Expose-Headers'] = 'X-Rucio-Auth-Token'
         return headers
-    def options(self):
+    def options(self) -> 'ResponseReturnValue':
         """
         ---
         summary: Validate Allow cross-site scripting
@@ -1561,7 +1563,7 @@ class Validate(ErrorHandlingMethodView):
         return '', 200, self.get_headers()
     @check_accept_header_wrapper_flask(['application/octet-stream'])
-    def get(self):
+    def get(self) -> 'ResponseReturnValue':
         """
         ---
         summary: Validate
@@ -1602,7 +1604,7 @@ class Validate(ErrorHandlingMethodView):
         return str(result), 200, headers
-def blueprint():
+def blueprint() -> Blueprint:
     bp = Blueprint('auth', __name__, url_prefix='/auth')
     user_pass_view = UserPass.as_view('user_pass')
@@ -1635,7 +1637,7 @@ def blueprint():
     return bp
-def make_doc():
+def make_doc() -> Flask:
     """ Only used for sphinx documentation """
     doc_app = Flask(__name__)
     doc_app.register_blueprint(blueprint())

rucio 32.8.6__py3-none-any.whl → 35.8.0__py3-none-any.whl

Potentially problematic release.

rucio 32.8.6py3-none-any.whl → 35.8.0py3-none-any.whl