rucio 37.6.0__py3-none-any.whl → 37.7.1__py3-none-any.whl

rucio/gateway/account.py

@@ -17,6 +17,7 @@ from typing import TYPE_CHECKING, Any, Optional
 import rucio.common.exception
 import rucio.core.identity
 import rucio.gateway.permission
+from rucio.common.constants import DEFAULT_VO
 from rucio.common.schema import validate_schema
 from rucio.common.types import InternalAccount
 from rucio.common.utils import gateway_update_return_dict
@@ -37,7 +38,7 @@ def add_account(
     type_: str,
     email: str,
     issuer: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Creates an account with the provided account name, contact information, etc.
@@ -68,7 +69,7 @@ def add_account(
 def del_account(
     account: str,
     issuer: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Disables an account with the provided account name.
@@ -91,7 +92,7 @@ def del_account(
 
 def get_account_info(
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> "Account":
     """
     Returns the info like the statistics information associated to an account_core.
@@ -115,7 +116,7 @@ def update_account(
     key: str,
     value: Any,
     issuer: str = 'root',
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> None:
     """ Update a property of an account_core.
 
@@ -138,7 +139,7 @@ def update_account(
         return account_core.update_account(internal_account, key, value, session=session)
 
 
-def list_accounts(filter_: Optional[dict[str, Any]] = None, vo: str = 'def') -> 'Iterator[dict[str, Any]]':
+def list_accounts(filter_: Optional[dict[str, Any]] = None, vo: str = DEFAULT_VO) -> 'Iterator[dict[str, Any]]':
     """
     Lists all the Rucio account names.
 
@@ -164,7 +165,7 @@ def list_accounts(filter_: Optional[dict[str, Any]] = None, vo: str = 'def') ->
 
 def account_exists(
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> bool:
     """
     Checks to see if account exists. This procedure does not check it's status.
@@ -183,7 +184,7 @@ def account_exists(
 
 def list_identities(
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> list["IdentityDict"]:
     """
     List all identities on an account_core.
@@ -201,7 +202,7 @@ def list_identities(
 
 def list_account_attributes(
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> list["AccountAttributesDict"]:
     """
     Returns all the attributes for the given account.
@@ -222,7 +223,7 @@ def add_account_attribute(
     value: Any,
     account: str,
     issuer: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Add an attribute to an account.
@@ -252,7 +253,7 @@ def del_account_attribute(
     key: str,
     account: str,
     issuer: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Delete an attribute to an account.
@@ -278,7 +279,7 @@ def get_usage(
     rse: str,
     account: str,
     issuer: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> "UsageDict":
     """
     Returns current values of the specified counter, or raises CounterNotFound if the counter does not exist.
@@ -301,7 +302,7 @@ def get_usage_history(
     rse: str,
     account: str,
     issuer: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> list["UsageDict"]:
     """
     Returns historical values of the specified counter, or raises CounterNotFound if the counter does not exist.

rucio/gateway/account_limit.py

@@ -12,48 +12,41 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from typing import TYPE_CHECKING, Any, Optional, Union
+from typing import Any, Optional, Union
 
 import rucio.common.exception
 import rucio.gateway.permission
+from rucio.common.constants import DEFAULT_VO
 from rucio.common.types import InternalAccount, RSEResolvedGlobalAccountLimitDict
 from rucio.common.utils import gateway_update_return_dict
 from rucio.core import account_limit as account_limit_core
 from rucio.core.account import account_exists
 from rucio.core.rse import get_rse_id, get_rse_name
-from rucio.db.sqla.session import read_session, transactional_session
+from rucio.db.sqla.constants import DatabaseOperationType
+from rucio.db.sqla.session import db_session
 
-if TYPE_CHECKING:
-    from sqlalchemy.orm import Session
 
-
-@read_session
 def get_rse_account_usage(
     rse: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> list[dict[str, Any]]:
     """
     Returns the account limit and usage for all for all accounts on a RSE.
 
     :param rse:      The RSE name.
     :param vo:       The VO to act on.
-    :param session:  The database session in use.
     :return:         List of dictionaries.
     """
-    rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+    with db_session(DatabaseOperationType.READ) as session:
+        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
 
-    return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_rse_account_usage(rse_id=rse_id, session=session)]
+        return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_rse_account_usage(rse_id=rse_id, session=session)]
 
 
-@read_session
 def get_local_account_limit(
         account: str,
         rse: Optional[str] = None,
-        vo: str = 'def',
-        *,
-        session: "Session"
+        vo: str = DEFAULT_VO,
 ) -> dict[str, Union[int, float, None]]:
     """
     Lists the limitation names/values for the specified account name.
@@ -65,30 +58,27 @@ def get_local_account_limit(
     :param account: The account name.
     :param rse: The RSE name (optional).
     :param vo: The VO to act on.
-    :param session: The database session in use.
 
     :returns: A dictionary of account limits with RSE names as keys and limits as values.
     """
 
     internal_account = InternalAccount(account, vo=vo)
 
-    if rse:
-        # Single RSE lookup
-        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
-        return {rse: account_limit_core.get_local_account_limit(account=internal_account, rse_ids=rse_id, session=session)}
-    else:
-        # Fetch all RSE limits
-        limits = account_limit_core.get_local_account_limit(account=internal_account, rse_ids=None, session=session)
-        return {get_rse_name(rse_id=rse_id, session=session): limit for rse_id, limit in limits.items()}
+    with db_session(DatabaseOperationType.READ) as session:
+        if rse:
+            # Single RSE lookup
+            rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+            return {rse: account_limit_core.get_local_account_limit(account=internal_account, rse_ids=rse_id, session=session)}
+        else:
+            # Fetch all RSE limits
+            limits = account_limit_core.get_local_account_limit(account=internal_account, rse_ids=None, session=session)
+            return {get_rse_name(rse_id=rse_id, session=session): limit for rse_id, limit in limits.items()}
 
 
-@read_session
 def get_global_account_limit(
         account: str,
         rse_expression: Optional[str] = None,
-        vo: str = 'def',
-        *,
-        session: "Session"
+        vo: str = DEFAULT_VO,
 ) -> Union[dict[str, RSEResolvedGlobalAccountLimitDict], dict[str, dict[str, RSEResolvedGlobalAccountLimitDict]]]:
     """
     Lists the global account limitation names/values for the specified account.
@@ -100,7 +90,6 @@ def get_global_account_limit(
     :param account:         The account name.
     :param rse_expression:  The RSE expression (optional; if not provided, all limits will be fetched).
     :param vo:              The VO to act on.
-    :param session:         The database session in use.
 
     :returns:
         - If `rse_expression` is provided: `{rse_expression: {...}}`
@@ -109,23 +98,21 @@ def get_global_account_limit(
 
     internal_account = InternalAccount(account, vo=vo)
 
-    if rse_expression:
-        return {rse_expression: account_limit_core.get_global_account_limit(
-            account=internal_account, rse_expression=rse_expression, session=session
-        )}
+    with db_session(DatabaseOperationType.READ) as session:
+        if rse_expression:
+            return {rse_expression: account_limit_core.get_global_account_limit(
+                account=internal_account, rse_expression=rse_expression, session=session
+            )}
 
-    return account_limit_core.get_global_account_limit(account=internal_account, session=session)
+        return account_limit_core.get_global_account_limit(account=internal_account, session=session)
 
 
-@transactional_session
 def set_local_account_limit(
     account: str,
     rse: str,
     bytes_: int,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Set an account limit.
@@ -135,32 +122,29 @@ def set_local_account_limit(
     :param bytes_:   The limit in bytes.
     :param issuer:  The issuer account_core.
     :param vo:      The VO to act on.
-    :param session: The database session in use.
     """
-    rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
 
-    kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id, 'bytes': bytes_}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_local_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
+        kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id, 'bytes': bytes_}
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_local_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    account_limit_core.set_local_account_limit(account=internal_account, rse_id=rse_id, bytes_=bytes_, session=session)
+        account_limit_core.set_local_account_limit(account=internal_account, rse_id=rse_id, bytes_=bytes_, session=session)
 
 
-@transactional_session
 def set_global_account_limit(
     account: str,
     rse_expression: str,
     bytes_: int,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> None:
     """
     Set a global account limit.
@@ -170,30 +154,27 @@ def set_global_account_limit(
     :param bytes_:           The limit in bytes.
     :param issuer:          The issuer account_core.
     :param vo:              The VO to act on.
-    :param session:         The database session in use.
     """
 
     kwargs = {'account': account, 'rse_expression': rse_expression, 'bytes': bytes_}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_global_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='set_global_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not set account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    account_limit_core.set_global_account_limit(account=internal_account, rse_expression=rse_expression, bytes_=bytes_, session=session)
+        account_limit_core.set_global_account_limit(account=internal_account, rse_expression=rse_expression, bytes_=bytes_, session=session)
 
 
-@transactional_session
 def delete_local_account_limit(
     account: str,
     rse: str,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> bool:
     """
     Delete an account limit.
@@ -202,33 +183,30 @@ def delete_local_account_limit(
     :param rse:     The rse name.
     :param issuer:  The issuer account_core.
     :param vo:      The VO to act on.
-    :param session: The database session in use.
 
     :returns: True if successful; False otherwise.
     """
 
-    rse_id = get_rse_id(rse=rse, vo=vo, session=session)
-    kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_local_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not delete account limits. %s' % (issuer, auth_result.message))
+    with db_session(DatabaseOperationType.WRITE) as session:
+        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+        kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_local_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not delete account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return account_limit_core.delete_local_account_limit(account=internal_account, rse_id=rse_id, session=session)
+        return account_limit_core.delete_local_account_limit(account=internal_account, rse_id=rse_id, session=session)
 
 
-@transactional_session
 def delete_global_account_limit(
     account: str,
     rse_expression: str,
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> bool:
     """
     Delete a global account limit..
@@ -237,32 +215,30 @@ def delete_global_account_limit(
     :param rse_expression: The rse expression.
     :param issuer:         The issuer account_core.
     :param vo:             The VO to act on.
-    :param session:        The database session in use.
 
     :returns: True if successful; False otherwise.
     """
 
     kwargs = {'account': account, 'rse_expression': rse_expression}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_global_account_limit', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not delete global account limits. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='delete_global_account_limit', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not delete global account limits. %s' % (issuer, auth_result.message))
+
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return account_limit_core.delete_global_account_limit(account=internal_account, rse_expression=rse_expression, session=session)
+        return account_limit_core.delete_global_account_limit(account=internal_account, rse_expression=rse_expression, session=session)
 
 
-@read_session
 def get_local_account_usage(
     account: str,
-    rse: str,
+    rse: Optional[str],
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> list[dict[str, Any]]:
     """
     Get the account usage and connect it with (if available) the account limits of the account.
@@ -271,36 +247,33 @@ def get_local_account_usage(
     :param rse:      The rse to read (If none, get all).
     :param issuer:   The issuer account.
     :param vo:       The VO to act on.
-    :param session:  The database session in use.
 
     :returns:        List of dicts {'rse_id', 'rse', 'bytes', 'files', 'bytes_limit', 'bytes_remaining'}
     """
 
     rse_id = None
 
-    if rse:
-        rse_id = get_rse_id(rse=rse, vo=vo, session=session)
-    kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_local_account_usage', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not list account usage. %s' % (issuer, auth_result.message))
+    with db_session(DatabaseOperationType.READ) as session:
+        if rse:
+            rse_id = get_rse_id(rse=rse, vo=vo, session=session)
+        kwargs = {'account': account, 'rse': rse, 'rse_id': rse_id}
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_local_account_usage', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not list account usage. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_local_account_usage(account=internal_account, rse_id=rse_id, session=session)]
+        return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_local_account_usage(account=internal_account, rse_id=rse_id, session=session)]
 
 
-@read_session
 def get_global_account_usage(
     account: str,
-    rse_expression: str,
+    rse_expression: Optional[str],
     issuer: str,
-    vo: str = 'def',
-    *,
-    session: "Session"
+    vo: str = DEFAULT_VO,
 ) -> list[dict[str, Any]]:
     """
     Get the account usage and connect it with (if available) the account limits of the account.
@@ -309,19 +282,20 @@ def get_global_account_usage(
     :param rse_expression:  The rse expression to read (If none, get all).
     :param issuer:          The issuer account.
     :param vo:              The VO to act on.
-    :param session:         The database session in use.
 
     :returns:               List of dicts {'rse_id', 'rse', 'bytes', 'files', 'bytes_limit', 'bytes_remaining'}
     """
 
     kwargs = {'account': account, 'rse_expression': rse_expression}
-    auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_global_account_usage', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise rucio.common.exception.AccessDenied('Account %s can not list global account usage. %s' % (issuer, auth_result.message))
 
-    internal_account = InternalAccount(account, vo=vo)
+    with db_session(DatabaseOperationType.READ) as session:
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='get_global_account_usage', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise rucio.common.exception.AccessDenied('Account %s can not list global account usage. %s' % (issuer, auth_result.message))
+
+        internal_account = InternalAccount(account, vo=vo)
 
-    if not account_exists(account=internal_account, session=session):
-        raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
+        if not account_exists(account=internal_account, session=session):
+            raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (internal_account))
 
-    return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_global_account_usage(account=internal_account, rse_expression=rse_expression, session=session)]
+        return [gateway_update_return_dict(d, session=session) for d in account_limit_core.get_global_account_usage(account=internal_account, rse_expression=rse_expression, session=session)]

rucio/gateway/authentication.py

@@ -15,6 +15,7 @@
 from typing import Any, Optional
 
 from rucio.common import exception
+from rucio.common.constants import DEFAULT_VO
 from rucio.common.types import InternalAccount, TokenDict
 from rucio.common.utils import gateway_update_return_dict
 from rucio.core import authentication, identity, oidc
@@ -26,7 +27,7 @@ from rucio.gateway import permission
 def refresh_cli_auth_token(
     token_string: str,
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[tuple[str, int]]:
     """
     Checks if there is active refresh token and if so returns
@@ -66,7 +67,7 @@ def redirect_auth_oidc(
 
 def get_auth_oidc(
     account: str,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
     **kwargs
 ) -> str:
     """
@@ -134,7 +135,7 @@ def get_auth_token_user_pass(
     password: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via username and password.
@@ -167,7 +168,7 @@ def get_auth_token_gss(
     gsscred: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via a GSS token.
@@ -199,7 +200,7 @@ def get_auth_token_x509(
     dn: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via an x509 certificate.
@@ -235,7 +236,7 @@ def get_auth_token_ssh(
     signature: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via SSH key exchange.
@@ -267,7 +268,7 @@ def get_ssh_challenge_token(
     account: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Get a challenge token for subsequent SSH public key authentication.
@@ -299,7 +300,7 @@ def get_auth_token_saml(
     saml_nameid: str,
     appid: str,
     ip: Optional[str] = None,
-    vo: str = 'def',
+    vo: str = DEFAULT_VO,
 ) -> Optional[TokenDict]:
     """
     Authenticate a Rucio account temporarily via SSO.