PyPI - rucio - Versions diffs - 37.2.0__tar.gz → 37.3.0__tar.gz - Mend

rucio 37.2.0tar.gz → 37.3.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rucio might be problematic. Click here for more details.

Files changed (589) hide show

{rucio-37.2.0 → rucio-37.3.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: rucio
-Version: 37.2.0
+Version: 37.3.0
 Summary: Rucio Package
 Home-page: https://rucio.cern.ch/
 Author: Rucio

{rucio-37.2.0 → rucio-37.3.0}/lib/rucio/common/plugins.py RENAMED Viewed

@@ -156,7 +156,7 @@ class PolicyPackageAlgorithms:
             # import from utils here to avoid circular import
             env_name = 'RUCIO_POLICY_PACKAGE' + ('' if not vo else '_' + vo.upper())
-            package = getattr(os.environ, env_name, "")
+            package = os.getenv(env_name, "")
             if not package:
                 package = str(config.config_get('policy', 'package' + ('' if not vo else '-' + vo)))

{rucio-37.2.0 → rucio-37.3.0}/lib/rucio/core/did.py RENAMED Viewed

@@ -15,7 +15,6 @@
 import logging
 import random
 from datetime import datetime, timedelta
-from enum import Enum
 from hashlib import md5
 from re import match
 from typing import TYPE_CHECKING, Any, Literal, Optional, Union
@@ -1349,7 +1348,7 @@ def list_new_dids(
             select_stmt = select_stmt.where(
                 models.DataIdentifier.did_type == DIDType[did_type]
             )
-        elif isinstance(did_type, Enum):
+        elif isinstance(did_type, DIDType):
             select_stmt = select_stmt.where(
                 models.DataIdentifier.did_type == did_type
             )
@@ -2297,7 +2296,7 @@ def set_status(
 @read_session
 def list_dids(
     scope: "InternalScope",
-    filters: "Mapping[Any, Any]",
+    filters: "Iterable[dict[Any, Any]]",
     did_type: Literal['all', 'collection', 'dataset', 'container', 'file'] = 'collection',
     ignore_case: bool = False,
     limit: Optional[int] = None,

{rucio-37.2.0 → rucio-37.3.0}/lib/rucio/core/replica.py RENAMED Viewed

@@ -243,7 +243,7 @@ def __exist_replicas(
 @read_session
 def list_bad_replicas_status(
-    state: BadFilesStatus = BadFilesStatus.BAD,
+    state: Optional[BadFilesStatus] = BadFilesStatus.BAD,
     rse_id: Optional[str] = None,
     younger_than: Optional[datetime] = None,
     older_than: Optional[datetime] = None,

{rucio-37.2.0 → rucio-37.3.0}/lib/rucio/db/sqla/util.py RENAMED Viewed

@@ -337,7 +337,7 @@ def list_oracle_global_temp_tables(session: "Session") -> list[str]:
         global_temp_tables = [
             str(t[0]).upper()
             for t in session.execute(
-                text('SELECT UPPER(table_name) '
+                text("SELECT /*+ OPT_PARAM('OPTIMIZER_FEATURES_ENABLE', '11.2.0.4') */ UPPER(table_name) "
                      'FROM all_tables '
                      'WHERE OWNER = :owner AND IOT_NAME IS NULL AND DURATION IS NOT NULL'),
                 dict(owner=models.BASE.metadata.schema.upper())

{rucio-37.2.0 → rucio-37.3.0}/lib/rucio/gateway/authentication.py RENAMED Viewed

@@ -12,27 +12,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-from typing import TYPE_CHECKING, Any, Optional, Union
+from typing import Any, Optional
 from rucio.common import exception
 from rucio.common.types import InternalAccount, TokenDict
 from rucio.common.utils import gateway_update_return_dict
 from rucio.core import authentication, identity, oidc
-from rucio.db.sqla.constants import IdentityType
-from rucio.db.sqla.session import transactional_session
+from rucio.db.sqla.constants import DatabaseOperationType, IdentityType
+from rucio.db.sqla.session import db_session
 from rucio.gateway import permission
-if TYPE_CHECKING:
-    from sqlalchemy.orm import Session
-@transactional_session
 def refresh_cli_auth_token(
     token_string: str,
     account: str,
     vo: str = 'def',
-    *,
-    session: "Session"
 ) -> Optional[tuple[str, int]]:
     """
     Checks if there is active refresh token and if so returns
@@ -40,20 +34,18 @@ def refresh_cli_auth_token(
     refresh and returns new access token.
     :param token_string: token string
     :param account: Rucio account for which token refresh should be considered
-    :param session: The database session in use.
     :return: tuple of (access token, expiration epoch), None otherswise
     """
     internal_account = InternalAccount(account, vo=vo)
-    return oidc.refresh_cli_auth_token(token_string, internal_account, session=session)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        return oidc.refresh_cli_auth_token(token_string, internal_account, session=session)
-@transactional_session
 def redirect_auth_oidc(
     authn_code: str,
     fetchtoken: bool = False,
-    *,
-    session: "Session"
 ) -> Optional[str]:
     """
     Finds the Authentication URL in the Rucio DB oauth_requests table
@@ -63,21 +55,18 @@ def redirect_auth_oidc(
                       authorization securely to IdP via Rucio Auth server through a browser.
     :param fetchtoken: If True, valid token temporarily saved in the oauth_requests table
                        will be returned. If False, redirection URL is returned.
-    :param session: The database session in use.
     :returns: result of the query (authorization URL or a
               token if a user asks with the correct code) or None.
               Exception thrown in case of an unexpected crash.
     """
-    return authentication.redirect_auth_oidc(authn_code, fetchtoken, session=session)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        return authentication.redirect_auth_oidc(authn_code, fetchtoken, session=session)
-@transactional_session
 def get_auth_oidc(
     account: str,
     vo: str = 'def',
-    *,
-    session: "Session",
     **kwargs
 ) -> str:
     """
@@ -107,7 +96,6 @@ def get_auth_oidc(
     :param refresh_lifetime: specifies how long the OAuth daemon should
                              be refreshing this token. Default is 96 hours.
     :param ip: IP address of the client as a string.
-    :param session: The database session in use.
     :returns: User & Rucio OIDC Client specific Authorization or Redirection URL as a string
               OR a redirection url to be used in user's browser for authentication.
@@ -115,16 +103,14 @@ def get_auth_oidc(
     # no permission layer for the moment !
     internal_account = InternalAccount(account, vo=vo)
-    return oidc.get_auth_oidc(internal_account, session=session, **kwargs)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        return oidc.get_auth_oidc(internal_account, session=session, **kwargs)
-@transactional_session
 def get_token_oidc(
     auth_query_string: str,
     ip: Optional[str] = None,
-    *,
-    session: "Session"
-) -> Optional[dict[str, Optional[Union[str, bool]]]]:
+) -> Optional[dict[str, Any]]:
     """
     After Rucio User got redirected to Rucio /auth/oidc_token (or /auth/oidc_code)
     REST endpoints with authz code and session state encoded within the URL.
@@ -132,17 +118,16 @@ def get_token_oidc(
     :param auth_query_string: IdP redirection URL query string (AuthZ code & user session state).
     :param ip: IP address of the client as a string.
-    :param session: The database session in use.
     :returns: One of the following tuples: ("fetchcode", <code>); ("token", <token>);
               ("polling", True); The result depends on the authentication strategy being used
               (no auto, auto, polling).
     """
     # no permission layer for the moment !
-    return oidc.get_token_oidc(auth_query_string, ip, session=session)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        return oidc.get_token_oidc(auth_query_string, ip, session=session)
-@transactional_session
 def get_auth_token_user_pass(
     account: str,
     username: str,
@@ -150,8 +135,6 @@ def get_auth_token_user_pass(
     appid: str,
     ip: Optional[str] = None,
     vo: str = 'def',
-    *,
-    session: "Session"
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via username and password.
@@ -164,30 +147,27 @@ def get_auth_token_user_pass(
     :param appid: The application identifier as a string.
     :param ip: IP address of the client as a string.
     :param vo: The VO to act on.
-    :param session: The database session in use.
     :returns: A dict with token and expires_at entries.
     """
     kwargs = {'account': account, 'username': username, 'password': password}
-    auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_user_pass', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (username, account, auth_result.message))
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_user_pass', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (username, account, auth_result.message))
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
-    return authentication.get_auth_token_user_pass(internal_account, username, password, appid, ip, session=session)
+        return authentication.get_auth_token_user_pass(internal_account, username, password, appid, ip, session=session)
-@transactional_session
 def get_auth_token_gss(
     account: str,
     gsscred: str,
     appid: str,
     ip: Optional[str] = None,
     vo: str = 'def',
-    *,
-    session: "Session"
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via a GSS token.
@@ -199,30 +179,27 @@ def get_auth_token_gss(
     :param appid: The application identifier as a string.
     :param ip: IP address of the client as a string.
     :param vo: The VO to act on.
-    :param session: The database session in use.
     :returns: A dict with token and expires_at entries.
     """
     kwargs = {'account': account, 'gsscred': gsscred}
-    auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_gss', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (gsscred, account, auth_result.message))
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_gss', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (gsscred, account, auth_result.message))
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
-    return authentication.get_auth_token_gss(internal_account, gsscred, appid, ip, session=session)
+        return authentication.get_auth_token_gss(internal_account, gsscred, appid, ip, session=session)
-@transactional_session
 def get_auth_token_x509(
     account: Optional[str],
     dn: str,
     appid: str,
     ip: Optional[str] = None,
     vo: str = 'def',
-    *,
-    session: "Session"
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via an x509 certificate.
@@ -234,7 +211,6 @@ def get_auth_token_x509(
     :param appid: The application identifier as a string.
     :param ip: IP address of the client as a string.
     :param vo: The VO to act on.
-    :param session: The database session in use.
     :returns: A dict with token and expires_at entries.
     """
@@ -243,24 +219,23 @@ def get_auth_token_x509(
         account = identity.get_default_account(dn, IdentityType.X509).external
     kwargs = {'account': account, 'dn': dn}
-    auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_x509', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (dn, account, auth_result.message))
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_x509', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (dn, account, auth_result.message))
+        internal_account = InternalAccount(account, vo=vo)
-    return authentication.get_auth_token_x509(internal_account, dn, appid, ip, session=session)
+        return authentication.get_auth_token_x509(internal_account, dn, appid, ip, session=session)
-@transactional_session
 def get_auth_token_ssh(
     account: str,
     signature: str,
     appid: str,
     ip: Optional[str] = None,
     vo: str = 'def',
-    *,
-    session: "Session"
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via SSH key exchange.
@@ -272,29 +247,27 @@ def get_auth_token_ssh(
     :param appid: The application identifier as a string.
     :param ip: IP address of the client as a string.
     :param vo: The VO to act on.
-    :param session: The database session in use.
     :returns: A dict with token and expires_at entries.
     """
     kwargs = {'account': account, 'signature': signature}
-    auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_ssh', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise exception.AccessDenied('User with provided signature can not log to account %s. %s' % (account, auth_result.message))
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_ssh', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('User with provided signature can not log to account %s. %s' % (account, auth_result.message))
+        internal_account = InternalAccount(account, vo=vo)
-    return authentication.get_auth_token_ssh(internal_account, signature, appid, ip, session=session)
+        return authentication.get_auth_token_ssh(internal_account, signature, appid, ip, session=session)
-@transactional_session
 def get_ssh_challenge_token(
     account: str,
     appid: str,
     ip: Optional[str] = None,
     vo: str = 'def',
-    *,
-    session: "Session"
 ) -> Optional[TokenDict]:
     """
     Get a challenge token for subsequent SSH public key authentication.
@@ -305,30 +278,28 @@ def get_ssh_challenge_token(
     :param appid: The application identifier as a string.
     :param ip: IP address of the client as a string.
     :param vo: The VO to act on.
-    :param session: The database session in use.
     :returns: A dict with token and expires_at entries.
     """
     kwargs = {'account': account}
-    auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_ssh', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise exception.AccessDenied('User can not get challenge token for account %s. %s' % (account, auth_result.message))
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_ssh', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('User can not get challenge token for account %s. %s' % (account, auth_result.message))
+        internal_account = InternalAccount(account, vo=vo)
-    return authentication.get_ssh_challenge_token(internal_account, appid, ip, session=session)
+        return authentication.get_ssh_challenge_token(internal_account, appid, ip, session=session)
-@transactional_session
 def get_auth_token_saml(
     account: str,
     saml_nameid: str,
     appid: str,
     ip: Optional[str] = None,
     vo: str = 'def',
-    *,
-    session: "Session"
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via SSO.
@@ -339,26 +310,24 @@ def get_auth_token_saml(
     :param saml_nameid: NameId returned in SAML response as a string.
     :param appid: The application identifier as a string.
     :param ip: IP address of the client as a string.
-    :param session: The database session in use.
     :returns: A dict with token and expires_at entries.
     """
     kwargs = {'account': account, 'saml_nameid': saml_nameid}
-    auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_saml', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (saml_nameid, account, auth_result.message))
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=account, vo=vo, action='get_auth_token_saml', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('User with identity %s can not log to account %s. %s' % (saml_nameid, account, auth_result.message))
+        internal_account = InternalAccount(account, vo=vo)
-    return authentication.get_auth_token_saml(internal_account, saml_nameid, appid, ip, session=session)
+        return authentication.get_auth_token_saml(internal_account, saml_nameid, appid, ip, session=session)
-@transactional_session
 def validate_auth_token(
     token: str,
-    *,
-    session: "Session"
 ) -> dict[str, Any]:
     """
     Validate an authentication token.
@@ -374,8 +343,9 @@ def validate_auth_token(
                            vo: <vo> }
     """
-    auth = authentication.validate_auth_token(token, session=session)
-    vo = auth['account'].vo
-    auth = gateway_update_return_dict(auth, session=session)
-    auth['vo'] = vo
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth = authentication.validate_auth_token(token, session=session)
+        vo = auth['account'].vo
+        auth = gateway_update_return_dict(auth, session=session)
+        auth['vo'] = vo
     return auth

rucio-37.3.0/lib/rucio/gateway/config.py ADDED Viewed

@@ -0,0 +1,215 @@
+# Copyright European Organization for Nuclear Research (CERN) since 2012
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from typing import Any
+from rucio.common import exception
+from rucio.common.config import convert_to_any_type
+from rucio.core import config
+from rucio.db.sqla.constants import DatabaseOperationType
+from rucio.db.sqla.session import db_session
+from rucio.gateway import permission
+"""
+ConfigParser compatible interface.
+- File handling methods unnecessary.
+- Convenience methods getint/getfloat/getboolean are superseded by auto-coercing get.
+"""
+def sections(issuer: str, vo: str = 'def') -> list[str]:
+    """
+    Return a list of the sections available.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: ['section_name', ...]
+    """
+    kwargs = {'issuer': issuer}
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_sections', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot retrieve sections. %s' % (issuer, auth_result.message))
+        return config.sections(session=session)
+def add_section(section: str, issuer: str, vo: str = 'def') -> None:
+    """
+    Add a section to the configuration.
+    :param section: The name of the section.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    """
+    kwargs = {'issuer': issuer, 'section': section}
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_add_section', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot add section %s. %s' % (issuer, section, auth_result.message))
+        return config.add_section(section, session=session)
+def has_section(section: str, issuer: str, vo: str = 'def') -> bool:
+    """
+    Indicates whether the named section is present in the configuration.
+    :param section: The name of the section.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: True/False
+    """
+    kwargs = {'issuer': issuer, 'section': section}
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_has_section', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot check existence of section %s. %s' % (issuer, section, auth_result.message))
+        return config.has_section(section, session=session)
+def options(section: str, issuer: str, vo: str = 'def') -> list[str]:
+    """
+    Returns a list of options available in the specified section.
+    :param section: The name of the section.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: ['option', ...]
+    """
+    kwargs = {'issuer': issuer, 'section': section}
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_options', kwargs=kwargs, session=session)
+        if auth_result.allowed:
+            raise exception.AccessDenied('%s cannot retrieve options from section %s. %s' % (issuer, section, auth_result.message))
+        return config.options(section, session=session)
+def has_option(section: str, option: str, issuer: str, vo: str = 'def') -> bool:
+    """
+    Check if the given section exists and contains the given option.
+    :param section: The name of the section.
+    :param option: The name of the option.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: True/False
+    """
+    kwargs = {'issuer': issuer, 'section': section, 'option': option}
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_has_option', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot check existence of option %s from section %s. %s' % (issuer, option, section, auth_result.message))
+        return config.has_option(section, option, session=session)
+def get(section: str, option: str, issuer: str, vo: str = 'def') -> Any:
+    """
+    Get an option value for the named section. Value can be auto-coerced to int, float, and bool; string otherwise.
+    Caveat emptor: Strings, regardless the case, matching 'on'/off', 'true'/'false', 'yes'/'no' are converted to bool.
+                   0/1 are converted to int, and not to bool.
+    :param section: The name of the section.
+    :param option: The name of the option.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: The auto-coerced value.
+    """
+    kwargs = {'issuer': issuer, 'section': section, 'option': option}
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_get', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot retrieve option %s from section %s. %s' % (issuer, option, section, auth_result.message))
+        return config.get(section, option, session=session, convert_type_fnc=convert_to_any_type)
+def items(section: str, issuer: str, vo: str = 'def') -> list[tuple[str, Any]]:
+    """
+    Return a list of (option, value) pairs for each option in the given section. Values are auto-coerced as in get().
+    :param section: The name of the section.
+    :param value: The content of the value.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: [('option', auto-coerced value), ...]
+    """
+    kwargs = {'issuer': issuer, 'section': section}
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_items', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot retrieve options and values from section %s. %s' % (issuer, section, auth_result.message))
+        return config.items(section, session=session, convert_type_fnc=convert_to_any_type)
+def set(section: str, option: str, value: Any, issuer: str, vo: str = 'def') -> None:
+    """
+    Set the given option to the specified value.
+    :param section: The name of the section.
+    :param option: The name of the option.
+    :param value: The content of the value.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    """
+    kwargs = {'issuer': issuer, 'section': section, 'option': option, 'value': value}
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_set', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot set option %s to %s in section %s. %s' % (issuer, option, value, section, auth_result.message))
+        return config.set(section, option, value, session=session)
+def remove_section(section: str, issuer: str, vo: str = 'def') -> bool:
+    """
+    Remove the specified option from the specified section.
+    :param section: The name of the section.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: True/False.
+    """
+    kwargs = {'issuer': issuer, 'section': section}
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_remove_section', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot remove section %s. %s' % (issuer, section, auth_result.message))
+        return config.remove_section(section, session=session)
+def remove_option(section: str, option: str, issuer: str, vo: str = 'def') -> bool:
+    """
+    Remove the specified section from the configuration.
+    :param section: The name of the section.
+    :param option: The name of the option.
+    :param issuer: The issuer account.
+    :param vo: The VO to act on.
+    :returns: True/False
+    """
+    kwargs = {'issuer': issuer, 'section': section, 'option': option}
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='config_remove_option', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise exception.AccessDenied('%s cannot remove option %s from section %s. %s' % (issuer, option, section, auth_result.message))
+        return config.remove_option(section, option, session=session)

rucio 37.2.0__tar.gz → 37.3.0__tar.gz

Potentially problematic release.

rucio 37.2.0tar.gz → 37.3.0tar.gz