rucio 37.5.0__py3-none-any.whl → 37.7.0__py3-none-any.whl

rucio/gateway/account_limit.py

@@ -12,48 +12,41 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from typing import TYPE_CHECKING, Any, Optional, Union
+from typing import Any, Optional, Union
 
 import rucio.common.exception
 import rucio.gateway.permission
+from rucio.common.constants import DEFAULT_VO
 from rucio.common.types import InternalAccount, RSEResolvedGlobalAccountLimitDict
 from rucio.common.utils import gateway_update_return_dict
 from rucio.core import account_limit as account_limit_core
 from rucio.core.account import account_exists
 from rucio.core.rse import get_rse_id, get_rse_name
-from rucio.db.sqla.session import read_session, transactional_session
+from rucio.db.sqla.constants import DatabaseOperationType
+from rucio.db.sqla.session import db_session
 
-if TYPE_CHECKING:
-    from sqlalchemy.orm import Session
 
-
-@read_session
 def get_rse_account_usage(
     rse: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> list[dict[str, Any]]:
     """
     Returns the account limit and usage for all for all accounts on a RSE.
 
     :param rse:      The RSE name.
     :param vo:       The VO to act on.
-    :param session:  The database session in use.
     :return:         List of dictionaries.
     """
-    rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+    with db_session(DatabaseOperationType.READ) as session:
+        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
 
-    return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_rse_account_usage(rse_id=rse_id, session=session)]
+        return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_rse_account_usage(rse_id=rse_id, session=session)]
 
 
-@read_session
 def get_local_account_limit(
         account: str,
         rse: Optional[str] = None,
-        vo: str = 'def',
-        *,
-        session: "Session"
+        vo: str = DEFAULT_VO,
 ) -> dict[str, Union[int, float, None]]:
     """
     Lists the limitation names/values for the specified account name.
@@ -65,30 +58,27 @@ def get_local_account_limit(
     :param account: The account name.
     :param rse: The RSE name (optional).
     :param vo: The VO to act on.
-    :param session: The database session in use.
 
     :returns: A dictionary of account limits with RSE names as keys and limits as values.
     """
 
     internal_account = InternalAccount(account, vo=vo)
 
-    if rse:
-        # Single RSE lookup
-        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
-        return {rse: account_limit_core.get_local_account_limit(account=internal_account, rse_ids=rse_id, session=session)}
-    else:
-        # Fetch all RSE limits
-        limits = account_limit_core.get_local_account_limit(account=internal_account, rse_ids=None, session=session)
-        return {get_rse_name(rse_id=rse_id, session=session): limit for rse_id, limit in limits.items()}
+    with db_session(DatabaseOperationType.READ) as session:
+        if rse:
+            # Single RSE lookup
+            rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+            return {rse: account_limit_core.get_local_account_limit(account=internal_account, rse_ids=rse_id, session=session)}
+        else:
+            # Fetch all RSE limits
+            limits = account_limit_core.get_local_account_limit(account=internal_account, rse_ids=None, session=session)
+            return {get_rse_name(rse_id=rse_id, session=session): limit for rse_id, limit in limits.items()}
 
 
-@read_session
 def get_global_account_limit(
         account: str,
         rse_expression: Optional[str] = None,
-        vo: str = 'def',
-        *,
-        session: "Session"
+        vo: str = DEFAULT_VO,
 ) -> Union[dict[str, RSEResolvedGlobalAccountLimitDict], dict[str, dict[str, RSEResolvedGlobalAccountLimitDict]]]:
     """
     Lists the global account limitation names/values for the specified account.
@@ -100,7 +90,6 @@ def get_global_account_limit(
     :param account:         The account name.
     :param rse_expression:  The RSE expression (optional; if not provided, all limits will be fetched).
     :param vo:              The VO to act on.
-    :param session:         The database session in use.
 
     :returns:
         - If `rse_expression` is provided: `{rse_expression: {...}}`
@@ -109,23 +98,21 @@ def get_global_account_limit(
 
     internal_account = InternalAccount(account, vo=vo)
 
-    if rse_expression:
-        return {rse_expression: account_limit_core.get_global_account_limit(
-            account=internal_account, rse_expression=rse_expression, session=session
-        )}
+    with db_session(DatabaseOperationType.READ) as session:
+        if rse_expression:
+            return {rse_expression: account_limit_core.get_global_account_limit(
+                account=internal_account, rse_expression=rse_expression, session=session
+            )}
 
-    return account_limit_core.get_global_account_limit(account=internal_account, session=session)
+        return account_limit_core.get_global_account_limit(account=internal_account, session=session)
 
 
-@transactional_session
 def set_local_account_limit(
     account: str,
     rse: str,
     bytes_: int,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Set an account limit.
@@ -135,32 +122,29 @@ def set_local_account_limit(
     :param bytes_:   The limit in bytes.
     :param issuer:  The issuer account_core.
     :param vo:      The VO to act on.
-    :param session: The database session in use.
     """
-    rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
 
-    kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id, 'bytes': bytes_}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_local_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
+        kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id, 'bytes': bytes_}
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_local_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    account_limit_core.set_local_account_limit(account=internal_account, rse_id=rse_id, bytes_=bytes_, session=session)
+        account_limit_core.set_local_account_limit(account=internal_account, rse_id=rse_id, bytes_=bytes_, session=session)
 
 
-@transactional_session
 def set_global_account_limit(
     account: str,
     rse_expression: str,
     bytes_: int,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Set a global account limit.
@@ -170,30 +154,27 @@ def set_global_account_limit(
     :param bytes_:           The limit in bytes.
     :param issuer:          The issuer account_core.
     :param vo:              The VO to act on.
-    :param session:         The database session in use.
     """
 
     kwargs = {'account': account, 'rse_expression': rse_expression, 'bytes': bytes_}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_global_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_global_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    account_limit_core.set_global_account_limit(account=internal_account, rse_expression=rse_expression, bytes_=bytes_, session=session)
+        account_limit_core.set_global_account_limit(account=internal_account, rse_expression=rse_expression, bytes_=bytes_, session=session)
 
 
-@transactional_session
 def delete_local_account_limit(
     account: str,
     rse: str,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> bool:
     """
     Delete an account limit.
@@ -202,33 +183,30 @@ def delete_local_account_limit(
     :param rse:     The rse name.
     :param issuer:  The issuer account_core.
     :param vo:      The VO to act on.
-    :param session: The database session in use.
 
     :returns: True if successful; False otherwise.
     """
 
-    rse_id = get_rse_id(rse=rse, vo=vo, session=session)
-    kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_local_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not delete account limits. %s' % (issuer, auth_result.message))
+    with db_session(DatabaseOperationType.WRITE) as session:
+        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+        kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_local_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not delete account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return account_limit_core.delete_local_account_limit(account=internal_account, rse_id=rse_id, session=session)
+        return account_limit_core.delete_local_account_limit(account=internal_account, rse_id=rse_id, session=session)
 
 
-@transactional_session
 def delete_global_account_limit(
     account: str,
     rse_expression: str,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> bool:
     """
     Delete a global account limit..
@@ -237,32 +215,30 @@ def delete_global_account_limit(
     :param rse_expression: The rse expression.
     :param issuer:         The issuer account_core.
     :param vo:             The VO to act on.
-    :param session:        The database session in use.
 
     :returns: True if successful; False otherwise.
     """
 
     kwargs = {'account': account, 'rse_expression': rse_expression}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_global_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not delete global account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_global_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not delete global account limits. %s' % (issuer, auth_result.message))
+
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return account_limit_core.delete_global_account_limit(account=internal_account, rse_expression=rse_expression, session=session)
+        return account_limit_core.delete_global_account_limit(account=internal_account, rse_expression=rse_expression, session=session)
 
 
-@read_session
 def get_local_account_usage(
     account: str,
-    rse: str,
+    rse: Optional[str],
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> list[dict[str, Any]]:
     """
     Get the account usage and connect it with (if available) the account limits of the account.
@@ -271,36 +247,33 @@ def get_local_account_usage(
     :param rse:      The rse to read (If none, get all).
     :param issuer:   The issuer account.
     :param vo:       The VO to act on.
-    :param session:  The database session in use.
 
     :returns:        List of dicts {'rse_id', 'rse', 'bytes', 'files', 'bytes_limit', 'bytes_remaining'}
     """
 
     rse_id = None
 
-    if rse:
-        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
-    kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_local_account_usage', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not list account usage. %s' % (issuer, auth_result.message))
+    with db_session(DatabaseOperationType.READ) as session:
+        if rse:
+            rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+        kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_local_account_usage', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not list account usage. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_local_account_usage(account=internal_account, rse_id=rse_id, session=session)]
+        return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_local_account_usage(account=internal_account, rse_id=rse_id, session=session)]
 
 
-@read_session
 def get_global_account_usage(
     account: str,
-    rse_expression: str,
+    rse_expression: Optional[str],
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> list[dict[str, Any]]:
     """
     Get the account usage and connect it with (if available) the account limits of the account.
@@ -309,19 +282,20 @@ def get_global_account_usage(
     :param rse_expression:  The rse expression to read (If none, get all).
     :param issuer:          The issuer account.
     :param vo:              The VO to act on.
-    :param session:         The database session in use.
 
     :returns:               List of dicts {'rse_id', 'rse', 'bytes', 'files', 'bytes_limit', 'bytes_remaining'}
     """
 
     kwargs = {'account': account, 'rse_expression': rse_expression}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_global_account_usage', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not list global account usage. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_global_account_usage', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not list global account usage. %s' % (issuer, auth_result.message))
+
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_global_account_usage(account=internal_account, rse_expression=rse_expression, session=session)]
+        return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_global_account_usage(account=internal_account, rse_expression=rse_expression, session=session)]

rucio/gateway/authentication.py

@@ -15,6 +15,7 @@
 from typing import Any, Optional
 
 from rucio.common import exception
+from rucio.common.constants import DEFAULT_VO
 from rucio.common.types import InternalAccount, TokenDict
 from rucio.common.utils import gateway_update_return_dict
 from rucio.core import authentication, identity, oidc
@@ -26,7 +27,7 @@ from rucio.gateway import permission
 def refresh_cli_auth_token(
     token_string: str,
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[tuple[str, int]]:
     """
     Checks if there is active refresh token and if so returns
@@ -66,7 +67,7 @@ def redirect_auth_oidc(
 
 def get_auth_oidc(
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
     **kwargs
 ) -> str:
     """
@@ -134,7 +135,7 @@ def get_auth_token_user_pass(
     password: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via username and password.
@@ -167,7 +168,7 @@ def get_auth_token_gss(
     gsscred: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via a GSS token.
@@ -199,7 +200,7 @@ def get_auth_token_x509(
     dn: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via an x509 certificate.
@@ -235,7 +236,7 @@ def get_auth_token_ssh(
     signature: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via SSH key exchange.
@@ -267,7 +268,7 @@ def get_ssh_challenge_token(
     account: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Get a challenge token for subsequent SSH public key authentication.
@@ -299,7 +300,7 @@ def get_auth_token_saml(
     saml_nameid: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via SSO.

rucio/gateway/config.py

@@ -16,6 +16,7 @@ from typing import Any
 
 from rucio.common import exception
 from rucio.common.config import convert_to_any_type
+from rucio.common.constants import DEFAULT_VO
 from rucio.core import config
 from rucio.db.sqla.constants import DatabaseOperationType
 from rucio.db.sqla.session import db_session
@@ -29,7 +30,7 @@ ConfigParser compatible interface.
 """
 
 
-def sections(issuer: str, vo: str = 'def') -> list[str]:
+def sections(issuer: str, vo: str = DEFAULT_VO) -> list[str]:
     """
     Return a list of the sections available.
 
@@ -46,7 +47,7 @@ def sections(issuer: str, vo: str = 'def') -> list[str]:
         return config.sections(session=session)
 
 
-def add_section(section: str, issuer: str, vo: str = 'def') -> None:
+def add_section(section: str, issuer: str, vo: str = DEFAULT_VO) -> None:
     """
     Add a section to the configuration.
 
@@ -63,7 +64,7 @@ def add_section(section: str, issuer: str, vo: str = 'def') -> None:
         return config.add_section(section, session=session)
 
 
-def has_section(section: str, issuer: str, vo: str = 'def') -> bool:
+def has_section(section: str, issuer: str, vo: str = DEFAULT_VO) -> bool:
     """
     Indicates whether the named section is present in the configuration.
 
@@ -81,7 +82,7 @@ def has_section(section: str, issuer: str, vo: str = 'def') -> bool:
         return config.has_section(section, session=session)
 
 
-def options(section: str, issuer: str, vo: str = 'def') -> list[str]:
+def options(section: str, issuer: str, vo: str = DEFAULT_VO) -> list[str]:
     """
     Returns a list of options available in the specified section.
 
@@ -99,7 +100,7 @@ def options(section: str, issuer: str, vo: str = 'def') -> list[str]:
         return config.options(section, session=session)
 
 
-def has_option(section: str, option: str, issuer: str, vo: str = 'def') -> bool:
+def has_option(section: str, option: str, issuer: str, vo: str = DEFAULT_VO) -> bool:
     """
     Check if the given section exists and contains the given option.
 
@@ -118,7 +119,7 @@ def has_option(section: str, option: str, issuer: str, vo: str = 'def') -> bool:
         return config.has_option(section, option, session=session)
 
 
-def get(section: str, option: str, issuer: str, vo: str = 'def') -> Any:
+def get(section: str, option: str, issuer: str, vo: str = DEFAULT_VO) -> Any:
     """
     Get an option value for the named section. Value can be auto-coerced to int, float, and bool; string otherwise.
 
@@ -140,7 +141,7 @@ def get(section: str, option: str, issuer: str, vo: str = 'def') -> Any:
         return config.get(section, option, session=session, convert_type_fnc=convert_to_any_type)
 
 
-def items(section: str, issuer: str, vo: str = 'def') -> list[tuple[str, Any]]:
+def items(section: str, issuer: str, vo: str = DEFAULT_VO) -> list[tuple[str, Any]]:
     """
     Return a list of (option, value) pairs for each option in the given section. Values are auto-coerced as in get().
 
@@ -159,7 +160,7 @@ def items(section: str, issuer: str, vo: str = 'def') -> list[tuple[str, Any]]:
         return config.items(section, session=session, convert_type_fnc=convert_to_any_type)
 
 
-def set(section: str, option: str, value: Any, issuer: str, vo: str = 'def') -> None:
+def set(section: str, option: str, value: Any, issuer: str, vo: str = DEFAULT_VO) -> None:
     """
     Set the given option to the specified value.
 
@@ -178,7 +179,7 @@ def set(section: str, option: str, value: Any, issuer: str, vo: str = 'def') ->
         return config.set(section, option, value, session=session)
 
 
-def remove_section(section: str, issuer: str, vo: str = 'def') -> bool:
+def remove_section(section: str, issuer: str, vo: str = DEFAULT_VO) -> bool:
     """
     Remove the specified option from the specified section.
 
@@ -196,7 +197,7 @@ def remove_section(section: str, issuer: str, vo: str = 'def') -> bool:
         return config.remove_section(section, session=session)
 
 
-def remove_option(section: str, option: str, issuer: str, vo: str = 'def') -> bool:
+def remove_option(section: str, option: str, issuer: str, vo: str = DEFAULT_VO) -> bool:
     """
     Remove the specified section from the configuration.
 

rucio/gateway/credential.py

@@ -15,6 +15,7 @@
 from typing import TYPE_CHECKING
 
 from rucio.common import exception
+from rucio.common.constants import DEFAULT_VO
 from rucio.core import credential
 from rucio.core.rse import get_rse_id
 from rucio.db.sqla.constants import DatabaseOperationType
@@ -32,7 +33,7 @@ def get_signed_url(
     operation: 'RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS_LITERAL',
     url: str,
     lifetime: int,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> str:
     """
     Get a signed URL for a particular service and operation.