rucio 32.8.6__py3-none-any.whl

rucio/api/rule.py

@@ -0,0 +1,335 @@
+# -*- coding: utf-8 -*-
+# Copyright European Organization for Nuclear Research (CERN) since 2012
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import Any, TYPE_CHECKING
+
+from rucio.api.permission import has_permission
+from rucio.common.config import config_get_bool
+from rucio.common.exception import AccessDenied
+from rucio.common.schema import validate_schema
+from rucio.common.types import InternalAccount, InternalScope
+from rucio.common.utils import api_update_return_dict
+from rucio.core import rule
+from rucio.db.sqla.session import read_session, stream_session, transactional_session
+
+if TYPE_CHECKING:
+    from sqlalchemy.orm import Session
+
+
+@read_session
+def is_multi_vo(*, session: "Session"):
+    """
+    Check whether this instance is configured for multi-VO
+    returns: Boolean True if running in multi-VO
+    """
+    return config_get_bool('common', 'multi_vo', raise_exception=False, default=False, session=session)
+
+
+@transactional_session
+def add_replication_rule(dids, copies, rse_expression, weight, lifetime, grouping, account, locked, subscription_id, source_replica_expression,
+                         activity, notify, purge_replicas, ignore_availability, comment, ask_approval, asynchronous, delay_injection, priority,
+                         split_container, meta, issuer, vo='def', *, session: "Session"):
+    """
+    Adds a replication rule.
+
+    :param dids:                       The data identifier set.
+    :param copies:                     The number of replicas.
+    :param rse_expression:             Boolean string expression to give the list of RSEs.
+    :param weight:                     If the weighting option of the replication rule is used, the choice of RSEs takes their weight into account.
+    :param lifetime:                   The lifetime of the replication rules (in seconds).
+    :param grouping:                   ALL -  All files will be replicated to the same RSE.
+                                       DATASET - All files in the same dataset will be replicated to the same RSE.
+                                       NONE - Files will be completely spread over all allowed RSEs without any grouping considerations at all.
+    :param account:                    The account owning the rule.
+    :param locked:                     If the rule is locked, it cannot be deleted.
+    :param subscription_id:            The subscription_id, if the rule is created by a subscription.
+    :param source_replica_expression:  Only use replicas from this RSE as sources.
+    :param activity:                   Activity to be passed on to the conveyor.
+    :param notify:                     Notification setting of the rule.
+    :purge purge_replicas:             The purge setting to delete replicas immediately after rule deletion.
+    :param ignore_availability:        Option to ignore the availability of RSEs.
+    :param comment:                    Comment about the rule.
+    :param ask_approval:               Ask for approval of this rule.
+    :param asynchronous:               Create rule asynchronously by judge-injector.
+    :param priority:                   Priority of the transfers.
+    :param split_container:            Should a container rule be split into individual dataset rules.
+    :param meta:                       WFMS metadata as a dictionary.
+    :param issuer:                     The issuing account of this operation.
+    :param vo:                         The VO to act on.
+    :param session:                    The database session in use.
+    :returns:                          List of created replication rules.
+    """
+    if account is None:
+        account = issuer
+
+    if activity is None:
+        activity = 'User Subscriptions'
+
+    kwargs = {'dids': dids, 'copies': copies, 'rse_expression': rse_expression, 'weight': weight, 'lifetime': lifetime,
+              'grouping': grouping, 'account': account, 'locked': locked, 'subscription_id': subscription_id,
+              'source_replica_expression': source_replica_expression, 'notify': notify, 'activity': activity,
+              'purge_replicas': purge_replicas, 'ignore_availability': ignore_availability, 'comment': comment,
+              'ask_approval': ask_approval, 'asynchronous': asynchronous, 'delay_injection': delay_injection, 'priority': priority,
+              'split_container': split_container, 'meta': meta}
+
+    validate_schema(name='rule', obj=kwargs, vo=vo)
+
+    if not has_permission(issuer=issuer, vo=vo, action='add_rule', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not add replication rule' % (issuer))
+
+    account = InternalAccount(account, vo=vo)
+    for d in dids:
+        d['scope'] = InternalScope(d['scope'], vo=vo)
+
+    return rule.add_rule(account=account,
+                         dids=dids,
+                         copies=copies,
+                         rse_expression=rse_expression,
+                         grouping=grouping,
+                         weight=weight,
+                         lifetime=lifetime,
+                         locked=locked,
+                         subscription_id=subscription_id,
+                         source_replica_expression=source_replica_expression,
+                         activity=activity,
+                         notify=notify,
+                         purge_replicas=purge_replicas,
+                         ignore_availability=ignore_availability,
+                         comment=comment,
+                         ask_approval=ask_approval,
+                         asynchronous=asynchronous,
+                         delay_injection=delay_injection,
+                         priority=priority,
+                         split_container=split_container,
+                         meta=meta,
+                         session=session)
+
+
+@read_session
+def get_replication_rule(rule_id, issuer, vo='def', *, session: "Session"):
+    """
+    Get replication rule by it's id.
+
+    :param rule_id: The rule_id to get.
+    :param issuer: The issuing account of this operation.
+    :param vo: The VO of the issuer.
+    :param session: The database session in use.
+    """
+    kwargs = {'rule_id': rule_id}
+    if is_multi_vo(session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer))
+    result = rule.get_rule(rule_id, session=session)
+    return api_update_return_dict(result, session=session)
+
+
+@stream_session
+def list_replication_rules(filters={}, vo='def', *, session: "Session"):
+    """
+    Lists replication rules based on a filter.
+
+    :param filters: dictionary of attributes by which the results should be filtered.
+    :param vo: The VO to act on.
+    :param session: The database session in use.
+    """
+    # If filters is empty, create a new dict to avoid overwriting the function's default
+    if not filters:
+        filters = {}
+
+    if 'scope' in filters:
+        scope = filters['scope']
+    else:
+        scope = '*'
+    filters['scope'] = InternalScope(scope=scope, vo=vo)
+
+    if 'account' in filters:
+        account = filters['account']
+    else:
+        account = '*'
+    filters['account'] = InternalAccount(account=account, vo=vo)
+
+    rules = rule.list_rules(filters, session=session)
+    for r in rules:
+        yield api_update_return_dict(r, session=session)
+
+
+@read_session
+def list_replication_rule_history(rule_id, issuer, vo='def', *, session: "Session"):
+    """
+    Lists replication rule history..
+
+    :param rule_id: The rule_id to list.
+    :param issuer: The issuing account of this operation.
+    :param vo: The VO of the issuer.
+    :param session: The database session in use.
+    """
+    kwargs = {'rule_id': rule_id}
+    if is_multi_vo(session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer))
+    return rule.list_rule_history(rule_id, session=session)
+
+
+@stream_session
+def list_replication_rule_full_history(scope, name, vo='def', *, session: "Session"):
+    """
+    List the rule history of a DID.
+
+    :param scope: The scope of the DID.
+    :param name: The name of the DID.
+    :param vo: The VO to act on.
+    :param session: The database session in use.
+    """
+    scope = InternalScope(scope, vo=vo)
+    rules = rule.list_rule_full_history(scope, name, session=session)
+    for r in rules:
+        yield api_update_return_dict(r, session=session)
+
+
+@stream_session
+def list_associated_replication_rules_for_file(scope, name, vo='def', *, session: "Session"):
+    """
+    Lists associated replication rules by file.
+
+    :param scope: Scope of the file..
+    :param name:  Name of the file.
+    :param vo: The VO to act on.
+    :param session: The database session in use.
+    """
+    scope = InternalScope(scope, vo=vo)
+    rules = rule.list_associated_rules_for_file(scope=scope, name=name, session=session)
+    for r in rules:
+        yield api_update_return_dict(r, session=session)
+
+
+@transactional_session
+def delete_replication_rule(rule_id, purge_replicas, issuer, vo='def', *, session: "Session"):
+    """
+    Deletes a replication rule and all associated locks.
+
+    :param rule_id:        The id of the rule to be deleted
+    :param purge_replicas: Purge the replicas immediately
+    :param issuer:         The issuing account of this operation
+    :param vo:             The VO to act on.
+    :param session:        The database session in use.
+    :raises:               RuleNotFound, AccessDenied
+    """
+    kwargs = {'rule_id': rule_id, 'purge_replicas': purge_replicas}
+    if is_multi_vo(session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer))
+    if not has_permission(issuer=issuer, vo=vo, action='del_rule', kwargs=kwargs):
+        raise AccessDenied('Account %s can not remove this replication rule.' % (issuer))
+    rule.delete_rule(rule_id=rule_id, purge_replicas=purge_replicas, soft=True, session=session)
+
+
+@transactional_session
+def update_replication_rule(rule_id: str, options: dict[str, Any], issuer: str, vo: str = 'def', *, session: "Session"):
+    """
+    Update lock state of a replication rule.
+
+    :param rule_id:     The rule_id to lock.
+    :param options:     Options dictionary.
+    :param issuer:      The issuing account of this operation
+    :param vo:          The VO to act on.
+    :param session:     The database session in use.
+    :raises:            RuleNotFound if no Rule can be found.
+    """
+    kwargs = {'rule_id': rule_id, 'options': options}
+    if is_multi_vo(session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer))
+    if 'approve' in options:
+        if not has_permission(issuer=issuer, vo=vo, action='approve_rule', kwargs=kwargs, session=session):
+            raise AccessDenied('Account %s can not approve/deny this replication rule.' % (issuer))
+
+        issuer_ia = InternalAccount(issuer, vo=vo)
+        if options['approve']:
+            rule.approve_rule(rule_id=rule_id, approver=issuer_ia, session=session)
+        else:
+            rule.deny_rule(rule_id=rule_id, approver=issuer_ia, reason=options.get('comment', None), session=session)
+    else:
+        if not has_permission(issuer=issuer, vo=vo, action='update_rule', kwargs=kwargs, session=session):
+            raise AccessDenied('Account %s can not update this replication rule.' % (issuer))
+        if 'account' in options:
+            options['account'] = InternalAccount(options['account'], vo=vo)
+        rule.update_rule(rule_id=rule_id, options=options, session=session)
+
+
+@transactional_session
+def reduce_replication_rule(rule_id, copies, exclude_expression, issuer, vo='def', *, session: "Session"):
+    """
+    Reduce the number of copies for a rule by atomically replacing the rule.
+
+    :param rule_id:             Rule to be reduced.
+    :param copies:              Number of copies of the new rule.
+    :param exclude_expression:  RSE Expression of RSEs to exclude.
+    :param issuer:              The issuing account of this operation
+    :param vo:                  The VO to act on.
+    :param session:             The database session in use.
+    :raises:                    RuleReplaceFailed, RuleNotFound
+    """
+    kwargs = {'rule_id': rule_id, 'copies': copies, 'exclude_expression': exclude_expression}
+    if is_multi_vo(session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer))
+    if not has_permission(issuer=issuer, vo=vo, action='reduce_rule', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not reduce this replication rule.' % (issuer))
+
+    return rule.reduce_rule(rule_id=rule_id, copies=copies, exclude_expression=exclude_expression, session=session)
+
+
+@read_session
+def examine_replication_rule(rule_id, issuer, vo='def', *, session: "Session"):
+    """
+    Examine a replication rule.
+
+    :param rule_id: The rule_id to get.
+    :param issuer: The issuing account of this operation.
+    :param vo: The VO of the issuer.
+    :param session: The database session in use.
+    """
+    kwargs = {'rule_id': rule_id}
+    if is_multi_vo(session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer))
+    result = rule.examine_rule(rule_id, session=session)
+    result = api_update_return_dict(result, session=session)
+    if 'transfers' in result:
+        result['transfers'] = [api_update_return_dict(t, session=session) for t in result['transfers']]
+    return result
+
+
+@transactional_session
+def move_replication_rule(rule_id, rse_expression, override, issuer, vo='def', *, session: "Session"):
+    """
+    Move a replication rule to another RSE and, once done, delete the original one.
+
+    :param rule_id:                    Rule to be moved.
+    :param rse_expression:             RSE expression of the new rule.
+    :param override:                   Configurations to update for the new rule.
+    :param session:                    The DB Session.
+    :param vo:                         The VO to act on.
+    :raises:                           RuleNotFound, RuleReplaceFailed, InvalidRSEExpression, AccessDenied
+    """
+    override = override.copy()
+    if 'account' in override:
+        override['account'] = InternalAccount(override['account'], vo=vo)
+    kwargs = {
+        'rule_id': rule_id,
+        'rse_expression': rse_expression,
+        'override': override,
+    }
+
+    if is_multi_vo(session=session) and not has_permission(issuer=issuer, vo=vo, action='access_rule_vo', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not access rules at other VOs.' % (issuer))
+    if not has_permission(issuer=issuer, vo=vo, action='move_rule', kwargs=kwargs, session=session):
+        raise AccessDenied('Account %s can not move this replication rule.' % (issuer))
+
+    return rule.move_rule(**kwargs, session=session)

rucio/api/scope.py

@@ -0,0 +1,89 @@
+# -*- coding: utf-8 -*-
+# Copyright European Organization for Nuclear Research (CERN) since 2012
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import TYPE_CHECKING
+
+import rucio.api.permission
+import rucio.common.exception
+from rucio.common.schema import validate_schema
+from rucio.common.types import InternalAccount, InternalScope
+from rucio.core import scope as core_scope
+from rucio.db.sqla.session import read_session, transactional_session
+
+if TYPE_CHECKING:
+    from sqlalchemy.orm import Session
+
+
+@read_session
+def list_scopes(filter_={}, vo='def', *, session: "Session"):
+    """
+    Lists all scopes.
+
+    :param filter_: Dictionary of attributes by which the input data should be filtered
+    :param vo: The VO to act on.
+    :param session: The database session in use.
+
+    :returns: A list containing all scopes.
+    """
+    # If filter is empty, create a new dict to avoid overwriting the function's default
+    if not filter_:
+        filter_ = {}
+
+    if 'scope' in filter_:
+        filter_['scope'] = InternalScope(scope=filter_['scope'], vo=vo)
+    else:
+        filter_['scope'] = InternalScope(scope='*', vo=vo)
+    return [scope.external for scope in core_scope.list_scopes(filter_=filter_, session=session)]
+
+
+@transactional_session
+def add_scope(scope, account, issuer, vo='def', *, session: "Session"):
+    """
+    Creates a scope for an account.
+
+    :param account: The account name.
+    :param scope: The scope identifier.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :param session: The database session in use.
+    """
+
+    validate_schema(name='scope', obj=scope, vo=vo)
+
+    kwargs = {'scope': scope, 'account': account}
+    if not rucio.api.permission.has_permission(issuer=issuer, vo=vo, action='add_scope', kwargs=kwargs, session=session):
+        raise rucio.common.exception.AccessDenied('Account %s can not add scope' % (issuer))
+
+    scope = InternalScope(scope, vo=vo)
+    account = InternalAccount(account, vo=vo)
+
+    core_scope.add_scope(scope, account, session=session)
+
+
+@read_session
+def get_scopes(account, vo='def', *, session: "Session"):
+    """
+    Gets a list of all scopes for an account.
+
+    :param account: The account name.
+    :param vo: The VO to act on.
+    :param session: The database session in use.
+
+    :returns: A list containing the names of all scopes for this account.
+    """
+
+    account = InternalAccount(account, vo=vo)
+
+    return [scope.external for scope in core_scope.get_scopes(account, session=session)]

rucio/api/subscription.py

@@ -0,0 +1,255 @@
+# -*- coding: utf-8 -*-
+# Copyright European Organization for Nuclear Research (CERN) since 2012
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from collections import namedtuple
+from json import dumps, loads
+from typing import TYPE_CHECKING
+
+from rucio.api.permission import has_permission
+from rucio.common.exception import InvalidObject, AccessDenied
+from rucio.common.schema import validate_schema
+from rucio.common.types import InternalAccount, InternalScope
+from rucio.core import subscription
+from rucio.db.sqla.session import read_session, stream_session, transactional_session
+
+if TYPE_CHECKING:
+    from sqlalchemy.orm import Session
+
+
+SubscriptionRuleState = namedtuple('SubscriptionRuleState', ['account', 'name', 'state', 'count'])
+
+
+@transactional_session
+def add_subscription(name, account, filter_, replication_rules, comments, lifetime, retroactive, dry_run, priority=None, issuer=None, vo='def', *, session: "Session"):
+    """
+    Adds a new subscription which will be verified against every new added file and dataset
+
+    :param account: Account identifier
+    :type account:  String
+    :param name: Name of the subscription
+    :type:  String
+    :param filter_: Dictionary of attributes by which the input data should be filtered
+                   **Example**: ``{'dsn': 'data11_hi*.express_express.*,data11_hi*physics_MinBiasOverlay*', 'account': 'tzero'}``
+    :type filter_:  Dict
+    :param replication_rules: Replication rules to be set : Dictionary with keys copies, rse_expression, weight, rse_expression
+    :type replication_rules:  Dict
+    :param comments: Comments for the subscription
+    :type comments:  String
+    :param lifetime: Subscription's lifetime (seconds); False if subscription has no lifetime
+    :type lifetime:  Integer or False
+    :param retroactive: Flag to know if the subscription should be applied on previous data
+    :type retroactive:  Boolean
+    :param dry_run: Just print the subscriptions actions without actually executing them (Useful if retroactive flag is set)
+    :type dry_run:  Boolean
+    :param priority: The priority of the subscription
+    :type priority: Integer
+    :param issuer:  The account issuing this operation.
+    :type issuer:  String
+    :param vo: The VO to act on.
+    :type vo: String
+    :param session: The database session in use.
+    :returns: subscription_id
+    :rtype:   String
+    """
+    if not has_permission(issuer=issuer, vo=vo, action='add_subscription', kwargs={'account': account}, session=session):
+        raise AccessDenied('Account %s can not add subscription' % (issuer))
+    try:
+        if filter_:
+            if not isinstance(filter_, dict):
+                raise TypeError('filter should be a dict')
+            validate_schema(name='subscription_filter', obj=filter_, vo=vo)
+        if replication_rules:
+            if not isinstance(replication_rules, list):
+                raise TypeError('replication_rules should be a list')
+            else:
+                for rule in replication_rules:
+                    validate_schema(name='activity', obj=rule.get('activity', 'default'), vo=vo)
+        else:
+            raise InvalidObject('You must specify a rule')
+    except ValueError as error:
+        raise TypeError(error)
+
+    account = InternalAccount(account, vo=vo)
+
+    keys = ['scope', 'account']
+    types = [InternalScope, InternalAccount]
+    for _key, _type in zip(keys, types):
+        if _key in filter_:
+            if isinstance(filter_[_key], list):
+                filter_[_key] = [_type(val, vo=vo).internal for val in filter_[_key]]
+            else:
+                filter_[_key] = _type(filter_[_key], vo=vo).internal
+
+    return subscription.add_subscription(name=name, account=account, filter_=dumps(filter_), replication_rules=dumps(replication_rules),
+                                         comments=comments, lifetime=lifetime, retroactive=retroactive, dry_run=dry_run, priority=priority,
+                                         session=session)
+
+
+@transactional_session
+def update_subscription(name, account, metadata=None, issuer=None, vo='def', *, session: "Session"):
+    """
+    Updates a subscription
+
+    :param name: Name of the subscription
+    :type:  String
+    :param account: Account identifier
+    :type account:  String
+    :param metadata: Dictionary of metadata to update. Supported keys : filter, replication_rules, comments, lifetime, retroactive, dry_run, priority, last_processed
+    :type metadata:  Dict
+    :param issuer: The account issuing this operation.
+    :type issuer: String
+    :param vo: The VO to act on.
+    :type vo: String
+    :param session: The database session in use.
+    :raises: SubscriptionNotFound if subscription is not found
+    """
+    if not has_permission(issuer=issuer, vo=vo, action='update_subscription', kwargs={'account': account}, session=session):
+        raise AccessDenied('Account %s can not update subscription' % (issuer))
+    try:
+        if not isinstance(metadata, dict):
+            raise TypeError('metadata should be a dict')
+        if 'filter' in metadata and metadata['filter']:
+            if not isinstance(metadata['filter'], dict):
+                raise TypeError('filter should be a dict')
+            validate_schema(name='subscription_filter', obj=metadata['filter'], vo=vo)
+        if 'replication_rules' in metadata and metadata['replication_rules']:
+            if not isinstance(metadata['replication_rules'], list):
+                raise TypeError('replication_rules should be a list')
+            else:
+                for rule in metadata['replication_rules']:
+                    validate_schema(name='activity', obj=rule.get('activity', 'default'), vo=vo)
+    except ValueError as error:
+        raise TypeError(error)
+
+    account = InternalAccount(account, vo=vo)
+
+    if 'filter' in metadata and metadata['filter'] is not None:
+        filter_ = metadata['filter']
+        keys = ['scope', 'account']
+        types = [InternalScope, InternalAccount]
+
+        for _key, _type in zip(keys, types):
+            if _key in filter_ and filter_[_key] is not None:
+                if isinstance(filter_[_key], list):
+                    filter_[_key] = [_type(val, vo=vo).internal for val in filter_[_key]]
+                else:
+                    filter_[_key] = _type(filter_[_key], vo=vo).internal
+
+    return subscription.update_subscription(name=name, account=account, metadata=metadata, session=session)
+
+
+@stream_session
+def list_subscriptions(name=None, account=None, state=None, vo='def', *, session: "Session"):
+    """
+    Returns a dictionary with the subscription information :
+    Examples: ``{'status': 'INACTIVE/ACTIVE/BROKEN', 'last_modified_date': ...}``
+
+    :param name: Name of the subscription
+    :type:  String
+    :param account: Account identifier
+    :type account:  String
+    :param state: Filter for subscription state
+    :type state: String
+    :param vo: The VO to act on.
+    :type vo: String
+    :param session: The database session in use.
+    :returns: Dictionary containing subscription parameter
+    :rtype:   Dict
+    :raises: exception.NotFound if subscription is not found
+    """
+
+    if account:
+        account = InternalAccount(account, vo=vo)
+    else:
+        account = InternalAccount('*', vo=vo)
+
+    subs = subscription.list_subscriptions(name, account, state, session=session)
+
+    for sub in subs:
+        sub['account'] = sub['account'].external
+
+        if 'filter' in sub:
+            fil = loads(sub['filter'])
+            if 'account' in fil:
+                fil['account'] = [InternalAccount(acc, fromExternal=False).external for acc in fil['account']]
+            if 'scope' in fil:
+                fil['scope'] = [InternalScope(sco, fromExternal=False).external for sco in fil['scope']]
+            sub['filter'] = dumps(fil)
+
+        yield sub
+
+
+@stream_session
+def list_subscription_rule_states(name=None, account=None, vo='def', *, session: "Session"):
+    """Returns a list of with the number of rules per state for a subscription.
+
+    :param name: Name of the subscription
+    :param account: Account identifier
+    :param vo: The VO to act on.
+    :param session: The database session in use.
+    :returns: Sequence with SubscriptionRuleState named tuples (account, name, state, count)
+    """
+    if account is not None:
+        account = InternalAccount(account, vo=vo)
+    else:
+        account = InternalAccount('*', vo=vo)
+    subs = subscription.list_subscription_rule_states(name, account, session=session)
+    for sub in subs:
+        # sub is an immutable Row so return new named tuple with edited entries
+        d = sub._asdict()
+        d['account'] = d['account'].external
+        yield SubscriptionRuleState(**d)
+
+
+@transactional_session
+def delete_subscription(subscription_id, vo='def', *, session: "Session"):
+    """
+    Deletes a subscription
+
+    :param subscription_id: Subscription identifier
+    :param vo: The VO of the user issuing command
+    :param session: The database session in use.
+    :type subscription_id:  String
+    """
+
+    raise NotImplementedError
+
+
+@read_session
+def get_subscription_by_id(subscription_id, vo='def', *, session: "Session"):
+    """
+    Get a specific subscription by id.
+
+    :param subscription_id: The subscription_id to select.
+    :param vo: The VO of the user issuing command.
+    :param session: The database session in use.
+
+    :raises: SubscriptionNotFound if no Subscription can be found.
+    """
+    sub = subscription.get_subscription_by_id(subscription_id, session=session)
+    if sub['account'].vo != vo:
+        raise AccessDenied('Unable to get subscription')
+
+    sub['account'] = sub['account'].external
+
+    if 'filter' in sub:
+        fil = loads(sub['filter'])
+        if 'account' in fil:
+            fil['account'] = [InternalAccount(acc, fromExternal=False).external for acc in fil['account']]
+        if 'scope' in fil:
+            fil['scope'] = [InternalScope(sco, fromExternal=False).external for sco in fil['scope']]
+        sub['filter'] = dumps(fil)
+
+    return sub