rucio 38.3.0__py3-none-any.whl → 38.4.0__py3-none-any.whl

rucio/client/subscriptionclient.py

@@ -18,6 +18,7 @@ from typing import TYPE_CHECKING, Any, Literal, Optional, Union
 from requests.status_codes import codes
 
 from rucio.client.baseclient import BaseClient, choice
+from rucio.common.constants import HTTPMethod
 from rucio.common.utils import build_url
 
 if TYPE_CHECKING:
@@ -78,7 +79,7 @@ class SubscriptionClient(BaseClient):
             raise TypeError('replication_rules should be a list')
         data = dumps({'options': {'filter': filter_, 'replication_rules': replication_rules, 'comments': comments,
                                   'lifetime': lifetime, 'retroactive': retroactive, 'dry_run': dry_run, 'priority': priority}})
-        result = self._send_request(url, type_='POST', data=data)
+        result = self._send_request(url, method=HTTPMethod.POST, data=data)
         if result.status_code == codes.created:   # pylint: disable=no-member
             return result.text
         else:
@@ -120,7 +121,7 @@ class SubscriptionClient(BaseClient):
         else:
             path += '/'
         url = build_url(choice(self.list_hosts), path=path)
-        result = self._send_request(url, type_='GET')
+        result = self._send_request(url, method=HTTPMethod.GET)
         if result.status_code == codes.ok:   # pylint: disable=no-member
             return self._load_json_data(result)
         if result.status_code == codes.not_found:
@@ -173,7 +174,7 @@ class SubscriptionClient(BaseClient):
             raise TypeError('replication_rules should be a list')
         data = dumps({'options': {'filter': filter_, 'replication_rules': replication_rules, 'comments': comments,
                                   'lifetime': lifetime, 'retroactive': retroactive, 'dry_run': dry_run, 'priority': priority}})
-        result = self._send_request(url, type_='PUT', data=data)
+        result = self._send_request(url, method=HTTPMethod.PUT, data=data)
         if result.status_code == codes.created:   # pylint: disable=no-member
             return True
         else:
@@ -203,7 +204,7 @@ class SubscriptionClient(BaseClient):
         path = self.SUB_BASEURL + '/' + account + '/' + name  # type: ignore
         url = build_url(choice(self.list_hosts), path=path)
         data = dumps({'options': {'state': 'I'}})
-        result = self._send_request(url, type_='PUT', data=data)
+        result = self._send_request(url, method=HTTPMethod.PUT, data=data)
         if result.status_code == codes.created:   # pylint: disable=no-member
             return True
         else:
@@ -228,7 +229,7 @@ class SubscriptionClient(BaseClient):
 
         path = '/'.join([self.SUB_BASEURL, account, name, 'rules'])
         url = build_url(choice(self.list_hosts), path=path)
-        result = self._send_request(url, type_='GET')
+        result = self._send_request(url, method=HTTPMethod.GET)
         if result.status_code == codes.ok:   # pylint: disable=no-member
             return self._load_json_data(result)
         else:

rucio/common/constants.py

@@ -13,6 +13,7 @@
 # limitations under the License.
 
 import enum
+import sys
 from collections import namedtuple
 from typing import Literal, get_args
 
@@ -224,3 +225,20 @@ OPENDATA_DID_STATE_LITERAL_LIST = list(get_args(OPENDATA_DID_STATE_LITERAL))
 
 POLICY_ALGORITHM_TYPES_LITERAL = Literal['non_deterministic_pfn', 'scope', 'lfn2pfn', 'pfn2lfn', 'fts3_tape_metadata_plugins', 'fts3_plugins_init', 'auto_approve']
 POLICY_ALGORITHM_TYPES = list(get_args(POLICY_ALGORITHM_TYPES_LITERAL))
+
+# https://github.com/rucio/rucio/issues/7958
+# When Python 3.11 is the minimum supported version, we can use the standard library enum and remove this logic
+if sys.version_info >= (3, 11):
+    from http import HTTPMethod
+else:
+    @enum.unique
+    class HTTPMethod(str, enum.Enum):
+        """HTTP verbs used in Rucio requests."""
+
+        HEAD = "HEAD"
+        OPTIONS = "OPTIONS"
+        PATCH = "PATCH"
+        GET = "GET"
+        POST = "POST"
+        PUT = "PUT"
+        DELETE = "DELETE"

rucio/common/exception.py

@@ -1271,3 +1271,23 @@ class InvalidPolicyPackageAlgorithmType(RucioException):
         super(InvalidPolicyPackageAlgorithmType, self).__init__(*args)
         self._message = f"Invalid policy package algorithm type '{param}'."
         self.error_code = 120
+
+
+class InvalidAccountType(RucioException):
+    """
+    Thrown when an account is created with an invalid type
+    """
+    def __init__(self, *args):
+        super(InvalidAccountType, self).__init__(*args)
+        self._message = "Cannot create an account with an invalid type."
+        self.error_code = 121
+
+class OpenDataDuplicateDOI(OpenDataError):
+    """
+    Throws when a data identifier with the same DOI already exists in the open data catalog.
+    """
+
+    def __init__(self, doi: str, *args):
+        super(OpenDataDuplicateDOI, self).__init__(*args)
+        self._message = f"Data identifier with the same DOI ({doi}) already exists in the open data catalog."
+        self.error_code = 122

rucio/common/plugins.py

@@ -77,7 +77,7 @@ class PolicyPackageAlgorithms:
     """
     _ALGORITHMS: dict[POLICY_ALGORITHM_TYPES_LITERAL, dict[str, 'Callable[..., Any]']] = {}
     _loaded_policy_modules = False
-    _default_algorithms: dict[str, 'Callable[..., Any]'] = {}
+    _default_algorithms: dict[str, Optional['Callable[..., Any]']] = {}
 
     def __init__(self) -> None:
         if not self._loaded_policy_modules:
@@ -105,17 +105,23 @@ class PolicyPackageAlgorithms:
                 vo = ''
             package = cls._get_policy_package_name(vo)
         except (NoOptionError, NoSectionError):
+            cls._default_algorithms[type_for_vo] = default_algorithm
             return default_algorithm
 
         module_name = package + "." + algorithm_type
+        LOGGER.info('Attempting to find algorithm %s in default location %s...' % (algorithm_type, module_name))
         try:
             module = importlib.import_module(module_name)
 
             if hasattr(module, algorithm_type):
                 default_algorithm = getattr(module, algorithm_type)
-                cls._default_algorithms[type_for_vo] = default_algorithm
+        except ModuleNotFoundError:
+            LOGGER.info('Algorithm %s not found in default location %s' % (algorithm_type, module_name))
         except ImportError:
-            LOGGER.info('Policy algorithm module %s could not be loaded' % module_name)
+            LOGGER.info('Algorithm %s found in default location %s, but could not be loaded' % (algorithm_type, module_name))
+        # if the default algorithm is not present, this will store None and we will
+        # not attempt to load the same algorithm again
+        cls._default_algorithms[type_for_vo] = default_algorithm
         return default_algorithm
 
     @classmethod
@@ -212,10 +218,6 @@ class PolicyPackageAlgorithms:
             if hasattr(module, 'get_algorithms'):
                 all_algorithms = module.get_algorithms()
 
-                # for backward compatibility, rename 'surl' to 'non_deterministic_pfn' here
-                if 'surl' in all_algorithms:
-                    all_algorithms['non_deterministic_pfn'] = all_algorithms['surl']
-
                 # check that the names are correctly prefixed for multi-VO
                 if vo:
                     for _, algorithms in all_algorithms.items():

rucio/core/credential.py

@@ -27,7 +27,7 @@ from google.oauth2.service_account import Credentials
 
 from rucio.common.cache import MemcacheRegion
 from rucio.common.config import config_get, get_rse_credentials
-from rucio.common.constants import RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS, RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS_LITERAL, SUPPORTED_SIGN_URL_SERVICES, SUPPORTED_SIGN_URL_SERVICES_LITERAL, RseAttr
+from rucio.common.constants import RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS, RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS_LITERAL, SUPPORTED_SIGN_URL_SERVICES, SUPPORTED_SIGN_URL_SERVICES_LITERAL, HTTPMethod, RseAttr
 from rucio.common.exception import UnsupportedOperation
 from rucio.core.monitor import MetricManager
 from rucio.core.rse import get_rse_attribute
@@ -51,7 +51,7 @@ def get_signed_url(
     The signed URL will be valid for 1 hour but can be overridden.
 
     :param rse_id: The ID of the RSE that the URL points to.
-    :param service: The service to authorise, either 'gcs', 's3' or 'swift'.
+    :param service: The service to authorize, either 'gcs', 's3' or 'swift'.
     :param operation: The operation to sign, either 'read', 'write', or 'delete'.
     :param url: The URL to sign.
     :param lifetime: Lifetime of the signed URL in seconds.
@@ -69,6 +69,8 @@ def get_signed_url(
     if url is None or url == '':
         raise UnsupportedOperation('URL must not be empty')
 
+    operations_map = {'read': HTTPMethod.GET.value, 'write': HTTPMethod.PUT.value, 'delete': HTTPMethod.DELETE.value}
+
     if lifetime:
         if not isinstance(lifetime, int):
             try:
@@ -88,25 +90,21 @@ def get_signed_url(
         if lifetime is None:
             lifetime = 0
         else:
-            # GCS is timezone-sensitive, don't use UTC
-            # has to be converted to Unixtime
+            # GCS is timezone-sensitive, don't use UTC. Has to be converted to Unix time
             lifetime_datetime = datetime.datetime.now() + datetime.timedelta(seconds=lifetime)
             lifetime = int(time.mktime(lifetime_datetime.timetuple()))
 
         # sign the path only
         path = components.path
 
-        # Map operations
-        operations = {'read': 'GET', 'write': 'PUT', 'delete': 'DELETE'}
-
-        # assemble message to sign
-        to_sign = "%s\n\n\n%s\n%s" % (operations[operation], lifetime, path)
+        # assemble a message to sign
+        to_sign = "%s\n\n\n%s\n%s" % (operations_map[operation], lifetime, path)
 
         # create URL-capable signature
         # first character is always a '=', remove it
         signature = urlencode({'': base64.b64encode(CREDS_GCS.sign_bytes(to_sign))})[1:]
 
-        # assemble final signed URL
+        # assemble the final signed URL
         signed_url = (
             f'https://{host}{path}'
             f'?GoogleAccessId={CREDS_GCS.service_account_email}'
@@ -127,18 +125,18 @@ def get_signed_url(
         # split URL to get hostname, bucket and key
         components = urlparse(url)
         host = components.netloc
-        pathcomponents = components.path.split('/')
+        path_components = components.path.split('/')
         if s3_url_style == "path":
-            if len(pathcomponents) < 3:
+            if len(path_components) < 3:
                 raise UnsupportedOperation('Not a valid Path-Style S3 URL')
-            bucket = pathcomponents[1]
-            key = '/'.join(pathcomponents[2:])
+            bucket = path_components[1]
+            key = '/'.join(path_components[2:])
         elif s3_url_style == "host":
-            hostcomponents = host.split('.')
-            bucket = hostcomponents[0]
-            if len(pathcomponents) < 2:
+            host_components = host.split('.')
+            bucket = host_components[0]
+            if len(path_components) < 2:
                 raise UnsupportedOperation('Not a valid Host-Style S3 URL')
-            key = '/'.join(pathcomponents[1:])
+            key = '/'.join(path_components[1:])
         else:
             raise UnsupportedOperation('Not a valid RSE S3 URL style (allowed values: path|host)')
 
@@ -185,7 +183,7 @@ def get_signed_url(
                 s3op, Params={'Bucket': bucket, 'Key': key}, ExpiresIn=lifetime)
 
     else:  # service == 'swift'
-        # split URL to get hostname and path
+        # split URL to get the hostname and path
         components = urlparse(url)
         host = components.netloc
 
@@ -194,7 +192,7 @@ def get_signed_url(
         if colon >= 0:
             host = host[:colon]
 
-        # use RSE ID to look up key
+        # use RSE ID to look up the key
         cred_name = rse_id
 
         # look up tempurl signing key
@@ -205,12 +203,7 @@ def get_signed_url(
             REGION.set('swift-%s' % cred_name, cred)
         tempurl_key = cred['tempurl_key']
 
-        if operation == 'read':
-            swiftop = 'GET'
-        elif operation == 'write':
-            swiftop = 'PUT'
-        else:
-            swiftop = 'DELETE'
+        swiftop = operations_map[operation]
 
         expires = int(time.time() + lifetime)  # type: ignore (lifetime could be None)
 

rucio/core/did.py

@@ -724,7 +724,7 @@ def __add_collections_to_container(
     for row in session.execute(stmt):
 
         if row.did_scope is None:
-            raise exception.DataIdentifierNotFound("Data identifier '%(scope)s:%(name)s' not found" % row)
+            raise exception.DataIdentifierNotFound(f"Data identifier '{row.scope}:{row.name}' not found")
 
         if row.did_type == DIDType.FILE:
             raise exception.UnsupportedOperation("Adding a file (%s:%s) to a container (%s:%s) is forbidden" % (row.scope, row.name, parent_did.scope, parent_did.name))

rucio/core/opendata.py

@@ -21,10 +21,14 @@ from sqlalchemy.exc import DataError, IntegrityError
 from sqlalchemy.sql.expression import bindparam, select
 
 from rucio.common import exception
+from rucio.common.config import config_get, config_get_bool, config_get_int
+from rucio.common.constants import DEFAULT_VO
 from rucio.common.exception import OpenDataError, OpenDataInvalidStateUpdate
+from rucio.common.types import InternalAccount
 from rucio.core.did import list_files
 from rucio.core.monitor import MetricManager
 from rucio.core.replica import list_replicas
+from rucio.core.rule import add_rule
 from rucio.db.sqla import models
 from rucio.db.sqla.constants import DIDType, OpenDataDIDState
 
@@ -300,6 +304,7 @@ def get_opendata_did(
         include_files: bool = True,
         include_metadata: bool = False,
         include_doi: bool = True,
+        include_rule: bool = True,
         session: "Session",
 ) -> dict[str, Any]:
     """
@@ -312,10 +317,11 @@ def get_opendata_did(
         include_files: If True, include a list of associated files. Defaults to True.
         include_metadata: If True, include extended metadata. Defaults to False.
         include_doi: If True, include DOI (Digital Object Identifier) information. Defaults to True.
+        include_rule: If True, include the Opendata replication rule. Defaults to True.
         session: SQLAlchemy session to use for the query.
 
     Returns:
-        A dictionary containing metadata about the specified DID.
+        A dictionary containing info about the specified DID which include "scope", "name", "state", "meta" (if requested), etc.
     """
 
     query = select(
@@ -345,6 +351,8 @@ def get_opendata_did(
         result["doi"] = get_opendata_doi(scope=scope, name=name, session=session)
     if include_metadata:
         result["meta"] = get_opendata_meta(scope=scope, name=name, session=session)
+    if include_rule:
+        result["rule"] = _fetch_opendata_rule(scope=scope, name=name, session=session)
     if include_files:
         opendata_files = get_opendata_did_files(scope=scope, name=name, session=session)
         result["files"] = opendata_files
@@ -508,7 +516,7 @@ def update_opendata_did(
         meta: Optional[Union[dict, str]] = None,
         doi: Optional[str] = None,
         session: "Session",
-) -> None:
+) -> dict[str, Any]:
     """
     Update an existing Opendata DID in the catalog.
 
@@ -520,6 +528,9 @@ def update_opendata_did(
         doi: DOI to associate with the DID. Must be a valid DOI string (e.g., "10.1234/foo.bar").
         session: SQLAlchemy session to use for the operation.
 
+    Returns:
+        A dictionary containing the scope and name of the DID and details of the updates performed. (e.g., new/old state, new/old DOI, etc.)
+
     Raises:
         InputValidationError: If none of 'state', 'meta', or 'doi' are provided, or if the provided data is invalid.
         OpenDataDataIdentifierNotFound: If the Opendata DID does not exist.
@@ -533,14 +544,18 @@ def update_opendata_did(
     if not _check_opendata_did_exists(scope=scope, name=name, session=session):
         raise exception.OpenDataDataIdentifierNotFound(f"OpenData DID '{scope}:{name}' not found.")
 
+    result = {}
+
     if state is not None:
-        update_opendata_state(scope=scope, name=name, state=state, session=session)
+        result |= update_opendata_state(scope=scope, name=name, state=state, session=session)
 
     if meta is not None:
-        update_opendata_meta(scope=scope, name=name, meta=meta, session=session)
+        result |= update_opendata_meta(scope=scope, name=name, meta=meta, session=session)
 
     if doi is not None:
-        update_opendata_doi(scope=scope, name=name, doi=doi, session=session)
+        result |= update_opendata_doi(scope=scope, name=name, doi=doi, session=session)
+
+    return result
 
 
 def update_opendata_meta(
@@ -549,7 +564,7 @@ def update_opendata_meta(
         name: str,
         meta: Union[dict, str],
         session: "Session",
-) -> None:
+) -> dict[str, Any]:
     """
     Update the metadata associated with an Opendata DID.
 
@@ -559,6 +574,9 @@ def update_opendata_meta(
         meta: Metadata to update for the DID. Must be a valid JSON object or string.
         session: SQLAlchemy session to use for the operation.
 
+    Returns:
+        A dictionary containing the scope, name, and updated metadata of the Opendata DID.
+
     Raises:
         InputValidationError: If 'meta' is not a dictionary or a valid JSON string.
         OpenDataDataIdentifierNotFound: If the Opendata DID does not exist.
@@ -598,6 +616,93 @@ def update_opendata_meta(
     except DataError as error:
         raise exception.InputValidationError(f"Invalid data: {error}")
 
+    return {"scope": scope, "name": name, "meta_new": meta}
+
+
+def _fetch_opendata_rule(scope: "InternalScope",
+                         name: str,
+                         session: "Session"
+                         ) -> Optional[str]:
+    """
+    Retrieves the replication rule ID associated with an Opendata DID, if it exists.
+    The rule is searched for in the rules table by matching the scope, name, account (root), rse_expression,
+    and copies (1) based on the configuration used for creating the rule.
+
+    Parameters:
+        scope: The scope under which the Opendata DID is registered.
+        name: The name of the Opendata DID.
+        session: SQLAlchemy session to use for the query.
+    Returns:
+        The replication rule ID if it exists, otherwise None.
+    """
+
+    rule_rse_expression = config_get("opendata", "rule_rse_expression", raise_exception=False, default=None)
+    if not rule_rse_expression:
+        return None
+
+    rule_account = config_get("opendata", "rule_account", raise_exception=False, default="root")
+    rule_vo = config_get("opendata", "rule_vo", raise_exception=False, default=DEFAULT_VO)
+    rule_copies = config_get_int("opendata", "rule_copies", raise_exception=False, default=1)
+
+    return session.execute(
+        select(models.ReplicationRule.id).where(
+            and_(
+                models.ReplicationRule.scope == scope,
+                models.ReplicationRule.name == name,
+                models.ReplicationRule.account == InternalAccount(account=rule_account, vo=rule_vo),
+                models.ReplicationRule.rse_expression == rule_rse_expression,
+                models.ReplicationRule.copies == rule_copies,
+            )
+        )
+    ).scalar()
+
+
+def _add_opendata_rule(
+        scope: "InternalScope",
+        name: str,
+        session: "Session"
+) -> str:
+    """
+    Create a replication rule for an Opendata DID.
+    The rule is created with parameters defined in the configuration file under the [opendata] section.
+
+    Parameters:
+        scope: The scope under which the Opendata DID is registered.
+        name: The name of the Opendata DID.
+        session: SQLAlchemy session to use for the operation.
+    Returns:
+        The ID of the created replication rule.
+    Raises:
+        ValueError: If there is an error during the rule creation process.
+    """
+
+    rule_asynchronous = config_get_bool("opendata", "rule_asynchronous", raise_exception=False, default=False)
+    rule_activity = config_get("opendata", "rule_activity", raise_exception=False, default=None)
+    rule_rse_expression = config_get("opendata", "rule_rse_expression", raise_exception=True)
+    rule_account = config_get("opendata", "rule_account", raise_exception=False, default="root")
+    rule_vo = config_get("opendata", "rule_vo", raise_exception=False, default=DEFAULT_VO)
+    rule_copies = config_get_int("opendata", "rule_copies", raise_exception=False, default=1)
+
+    add_rule_result = add_rule(
+        dids=[{"scope": scope, "name": name}],
+        # We need an account, perhaps we should pass the issuer argument around like in other methods with account
+        account=InternalAccount(account=rule_account, vo=rule_vo),
+        copies=rule_copies,
+        rse_expression=rule_rse_expression,
+        grouping="DATASET",
+        weight=None,
+        lifetime=None,
+        locked=False,
+        subscription_id=None,
+        activity=rule_activity,
+        asynchronous=rule_asynchronous,
+        session=session,
+    )
+    if len(add_rule_result) != 1:
+        raise ValueError(f"Error adding Open Data rule: {add_rule_result}")
+
+    return add_rule_result[0]
+
 
 def update_opendata_state(
         *,
@@ -605,9 +710,10 @@ def update_opendata_state(
         name: str,
         state: OpenDataDIDState,
         session: "Session",
-) -> None:
+) -> dict[str, Any]:
     """
     Update the state of an Opendata DID.
+    If the new state is PUBLIC, a replication rule may be created based on configuration.
 
     Parameters:
         scope: The scope under which the Opendata DID is registered.
@@ -615,6 +721,9 @@ def update_opendata_state(
         state: The new state to set for the Opendata DID.
         session: SQLAlchemy session to use for the operation.
 
+    Returns:
+        A dictionary with the scope and name of the DID and the rule id if a rule was created and the old and new state.
+
     Raises:
         InputValidationError: If the provided state is not a valid OpenDataDIDState.
         OpenDataDataIdentifierNotFound: If the Opendata DID does not exist.
@@ -676,15 +785,30 @@ def update_opendata_state(
         if state_before == OpenDataDIDState.DRAFT:
             raise OpenDataInvalidStateUpdate("Cannot set state to SUSPENDED from DRAFT. First set it to PUBLIC.")
 
+    output = {"scope": scope, "name": name, "state_old": state_before, "state_new": state}
+
     try:
         result = session.execute(update_query)
 
         if result.rowcount == 0:
             raise ValueError(f"Error updating Opendata state for DID '{scope}:{name}'.")
 
+        if state == OpenDataDIDState.PUBLIC:
+            rule_enable = config_get_bool("opendata", "rule_enable", raise_exception=False, default=False)
+            if rule_enable:
+                rule_id = _fetch_opendata_rule(scope=scope, name=name, session=session)
+                if rule_id:
+                    output["rule"] = rule_id
+                    output["comments"] = "Replication rule already exists"
+                else:
+                    output["rule"] = _add_opendata_rule(scope=scope, name=name, session=session)
+                    output["comments"] = "Replication rule created"
+
     except DataError as error:
         raise exception.InputValidationError(f"Invalid data: {error}")
 
+    return output
+
 
 def update_opendata_doi(
         *,
@@ -692,7 +816,7 @@ def update_opendata_doi(
         name: str,
         doi: str,
         session: "Session",
-) -> None:
+) -> dict[str, Any]:
     """
     Update the DOI (Digital Object Identifier) associated with an Opendata DID.
 
@@ -702,6 +826,9 @@ def update_opendata_doi(
         doi: The new DOI to associate with the Opendata DID. Must be a valid DOI string.
         session: SQLAlchemy session to use for the operation.
 
+    Returns:
+        A dictionary containing the scope, name, new DOI, and previous DOI of the Opendata DID.
+
     Raises:
         InputValidationError: If the provided DOI is not a valid string or does not match the expected format.
         OpenDataDataIdentifierNotFound: If the Opendata DID does not exist.
@@ -740,5 +867,20 @@ def update_opendata_doi(
         if result.rowcount == 0:
             raise ValueError(f"Error updating Opendata DOI for DID '{scope}:{name}'.")
 
+    except IntegrityError as error:
+        msg = str(error)
+
+        if (
+                search(r'ORA-00001: unique constraint \([^)]+\) violated', msg)
+                or search(r'UNIQUE constraint failed: dids_opendata_doi\.doi', msg)
+                or search(r'1062.*Duplicate entry.*for key', msg)
+                or search(r'duplicate key value violates unique constraint', msg)
+                or search(r'columns?.*not unique', msg)
+        ):
+            raise exception.OpenDataDuplicateDOI(doi=doi)
+
+        raise exception.OpenDataError()
     except DataError as error:
         raise exception.InputValidationError(f"Invalid data: {error}")
+
+    return {"scope": scope, "name": name, "doi_new": doi, "doi_old": doi_before}

rucio/core/rule_grouping.py

@@ -690,7 +690,7 @@ def __repair_stuck_locks_with_none_grouping(datasetfiles, locks, replicas, sourc
                     associated_replica.lock_cnt = session.execute(stmt).scalar_one()
                     continue
                 # Check if this is a STUCK lock due to source_replica filtering
-                if source_rses:
+                if source_rses and not lock.repair_cnt:
                     associated_replica = [replica for replica in replicas[(file['scope'], file['name'])] if replica.rse_id == lock.rse_id][0]
                     # Check if there is an eligible source replica for this lock
                     if set(source_replicas.get((file['scope'], file['name']), [])).intersection(source_rses) and (selector_rse_dict.get(lock.rse_id, {}).get('availability_write', True) or rule.ignore_availability):
@@ -806,7 +806,7 @@ def __repair_stuck_locks_with_all_grouping(datasetfiles, locks, replicas, source
                     associated_replica.lock_cnt = session.execute(stmt).scalar_one()
                     continue
                 # Check if this is a STUCK lock due to source_replica filtering
-                if source_rses:
+                if source_rses and not lock.repair_cnt:
                     associated_replica = [replica for replica in replicas[(file['scope'], file['name'])] if replica.rse_id == lock.rse_id][0]
                     # Check if there is an eligible source replica for this lock
                     if set(source_replicas.get((file['scope'], file['name']), [])).intersection(source_rses) and (selector_rse_dict.get(lock.rse_id, {}).get('availability_write', True) or rule.ignore_availability):
@@ -891,7 +891,7 @@ def __repair_stuck_locks_with_dataset_grouping(datasetfiles, locks, replicas, so
                     associated_replica.lock_cnt = session.execute(stmt).scalar_one()
                     continue
                 # Check if this is a STUCK lock due to source_replica filtering
-                if source_rses:
+                if source_rses and not lock.repair_cnt:
                     associated_replica = [replica for replica in replicas[(file['scope'], file['name'])] if replica.rse_id == lock.rse_id][0]
                     # Check if there is an eligible source replica for this lock
                     if set(source_replicas.get((file['scope'], file['name']), [])).intersection(source_rses) and (selector_rse_dict.get(lock.rse_id, {}).get('availability_write', True) or rule.ignore_availability):

rucio/gateway/account.py

@@ -14,10 +14,9 @@
 
 from typing import TYPE_CHECKING, Any, Optional
 
-import rucio.common.exception
-import rucio.core.identity
 import rucio.gateway.permission
 from rucio.common.constants import DEFAULT_VO
+from rucio.common.exception import AccessDenied, InvalidAccountType
 from rucio.common.schema import validate_schema
 from rucio.common.types import InternalAccount
 from rucio.common.utils import gateway_update_return_dict
@@ -55,11 +54,13 @@ def add_account(
     validate_schema(name='account', obj=account, vo=vo)
 
     kwargs = {'account': account, 'type': type_}
+    if type_.upper() not in AccountType._member_names_:
+        raise InvalidAccountType(f"{type_} is an invalid account type. Choose from {AccountType._member_names_}")
 
     with db_session(DatabaseOperationType.WRITE) as session:
         auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='add_account', kwargs=kwargs, session=session)
         if not auth_result.allowed:
-            raise rucio.common.exception.AccessDenied('Account %s can not add account. %s' % (issuer, auth_result.message))
+            raise AccessDenied('Account %s can not add account. %s' % (issuer, auth_result.message))
 
         internal_account = InternalAccount(account, vo=vo)
 
@@ -83,7 +84,7 @@ def del_account(
     with db_session(DatabaseOperationType.WRITE) as session:
         auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='del_account', kwargs=kwargs, session=session)
         if not auth_result.allowed:
-            raise rucio.common.exception.AccessDenied('Account %s can not delete account. %s' % (issuer, auth_result.message))
+            raise AccessDenied('Account %s can not delete account. %s' % (issuer, auth_result.message))
 
         internal_account = InternalAccount(account, vo=vo)
 
@@ -132,7 +133,7 @@ def update_account(
     with db_session(DatabaseOperationType.WRITE) as session:
         auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='update_account', kwargs=kwargs, session=session)
         if not auth_result.allowed:
-            raise rucio.common.exception.AccessDenied('Account %s can not change %s  of the account. %s' % (issuer, key, auth_result.message))
+            raise AccessDenied('Account %s can not change %s  of the account. %s' % (issuer, key, auth_result.message))
 
         internal_account = InternalAccount(account, vo=vo)
 
@@ -242,7 +243,7 @@ def add_account_attribute(
     with db_session(DatabaseOperationType.WRITE) as session:
         auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='add_attribute', kwargs=kwargs, session=session)
         if not auth_result.allowed:
-            raise rucio.common.exception.AccessDenied('Account %s can not add attributes. %s' % (issuer, auth_result.message))
+            raise AccessDenied('Account %s can not add attributes. %s' % (issuer, auth_result.message))
 
         internal_account = InternalAccount(account, vo=vo)
 
@@ -268,7 +269,7 @@ def del_account_attribute(
     with db_session(DatabaseOperationType.WRITE) as session:
         auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='del_attribute', kwargs=kwargs, session=session)
         if not auth_result.allowed:
-            raise rucio.common.exception.AccessDenied('Account %s can not delete attribute. %s' % (issuer, auth_result.message))
+            raise AccessDenied('Account %s can not delete attribute. %s' % (issuer, auth_result.message))
 
         internal_account = InternalAccount(account, vo=vo)