rucio 38.3.0__py3-none-any.whl → 38.5.0__py3-none-any.whl

rucio/gateway/opendata.py

@@ -151,7 +151,7 @@ def update_opendata_did(
         meta: Optional[dict] = None,
         doi: Optional[str] = None,
         vo: str = DEFAULT_VO,
-) -> None:
+) -> dict[str, Any]:
     """
     Update an existing Opendata DID in the Opendata catalog.
 
@@ -164,7 +164,7 @@ def update_opendata_did(
         vo: The virtual organization.
 
     Returns:
-        None
+        A dictionary containing the scope and name of the DID and details of the updates performed. (e.g., new/old state, new/old DOI, etc.)
 
     Raises:
         ValueError: If meta is a string and cannot be parsed as valid JSON.

rucio/gateway/request.py

@@ -20,7 +20,7 @@ from typing import TYPE_CHECKING, Any, Optional
 
 from rucio.common import exception
 from rucio.common.constants import DEFAULT_VO, TransferLimitDirection
-from rucio.common.types import InternalAccount, InternalScope, RequestGatewayDict
+from rucio.common.types import InternalScope
 from rucio.common.utils import gateway_update_return_dict
 from rucio.core import request
 from rucio.core.rse import get_rse_id
@@ -31,122 +31,7 @@ from rucio.gateway import permission
 if TYPE_CHECKING:
     from collections.abc import Iterable, Iterator, Sequence
 
-    from rucio.db.sqla.constants import RequestState, RequestType
-
-
-def queue_requests(
-    requests: "Iterable[RequestGatewayDict]",
-    issuer: str,
-    vo: str = DEFAULT_VO,
-) -> list[dict[str, Any]]:
-    """
-    Submit transfer or deletion requests on destination RSEs for data identifiers.
-
-    :param requests: List of dictionaries containing 'scope', 'name', 'dest_rse_id', 'request_type', 'attributes'
-    :param issuer: Issuing account as a string.
-    :param vo: The VO to act on.
-    :returns: List of Request-IDs as 32 character hex strings
-    """
-
-    kwargs = {'requests': requests, 'issuer': issuer}
-    with db_session(DatabaseOperationType.WRITE) as session:
-        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='queue_requests', kwargs=kwargs, session=session)
-        if not auth_result.allowed:
-            raise exception.AccessDenied(f'{issuer} can not queue request. {auth_result.message}')
-
-        for req in requests:
-            req['scope'] = InternalScope(req['scope'], vo=vo)  # type: ignore (type reassignment)
-            if 'account' in req:
-                req['account'] = InternalAccount(req['account'], vo=vo)  # type: ignore (type reassignment)
-
-        new_requests = request.queue_requests(requests, session=session)
-        return [gateway_update_return_dict(r, session=session) for r in new_requests]
-
-
-def cancel_request(
-    request_id: str,
-    issuer: str,
-    account: str,
-    vo: str = DEFAULT_VO,
-) -> None:
-    """
-    Cancel a request.
-
-    :param request_id: Request Identifier as a 32 character hex string.
-    :param issuer: Issuing account as a string.
-    :param account: Account identifier as a string.
-    :param vo: The VO to act on.
-    """
-
-    kwargs = {'account': account, 'issuer': issuer, 'request_id': request_id}
-    with db_session(DatabaseOperationType.WRITE) as session:
-        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='cancel_request_', kwargs=kwargs, session=session)
-    if not auth_result.allowed:
-        raise exception.AccessDenied('%s cannot cancel request %s. %s' % (account, request_id, auth_result.message))
-
-    raise NotImplementedError
-
-
-def cancel_request_did(
-    scope: str,
-    name: str,
-    dest_rse: str,
-    request_type: str,
-    issuer: str,
-    account: str,
-    vo: str = DEFAULT_VO,
-) -> dict[str, Any]:
-    """
-    Cancel a request based on a DID and request type.
-
-    :param scope: Data identifier scope as a string.
-    :param name: Data identifier name as a string.
-    :param dest_rse: RSE name as a string.
-    :param request_type: Type of the request as a string.
-    :param issuer: Issuing account as a string.
-    :param account: Account identifier as a string.
-    :param vo: The VO to act on.
-    """
-
-    with db_session(DatabaseOperationType.WRITE) as session:
-        dest_rse_id = get_rse_id(rse=dest_rse, vo=vo, session=session)
-
-        kwargs = {'account': account, 'issuer': issuer}
-        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='cancel_request_did', kwargs=kwargs, session=session)
-        if not auth_result.allowed:
-            raise exception.AccessDenied(f'{account} cannot cancel {request_type} request for {scope}:{name}. {auth_result.message}')
-
-        internal_scope = InternalScope(scope, vo=vo)
-        return request.cancel_request_did(internal_scope, name, dest_rse_id, request_type, session=session)
-
-
-def get_next(
-    request_type: "RequestType",
-    state: "RequestState",
-    issuer: str,
-    account: str,
-    vo: str = DEFAULT_VO,
-) -> list[dict[str, Any]]:
-    """
-    Retrieve the next request matching the request type and state.
-
-    :param request_type: Type of the request as a string.
-    :param state: State of the request as a string.
-    :param issuer: Issuing account as a string.
-    :param account: Account identifier as a string.
-    :param vo: The VO to act on.
-    :returns: Request as a dictionary.
-    """
-
-    kwargs = {'account': account, 'issuer': issuer, 'request_type': request_type, 'state': state}
-
-    with db_session(DatabaseOperationType.WRITE) as session:
-        auth_result = permission.has_permission(issuer=issuer, vo=vo, action='get_next', kwargs=kwargs, session=session)
-        if not auth_result.allowed:
-            raise exception.AccessDenied(f'{account} cannot get the next request of type {request_type} in state {state}. {auth_result.message}')
-
-        reqs = request.get_and_mark_next(request_type, state, session=session)
-        return [gateway_update_return_dict(r, session=session) for r in reqs]
+    from rucio.db.sqla.constants import RequestState
 
 
 def get_request_by_did(

rucio/gateway/scope.py

@@ -12,19 +12,23 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from typing import Any, Optional
+from typing import TYPE_CHECKING, Any, Optional
 
 import rucio.gateway.permission
 from rucio.common.constants import DEFAULT_VO
 from rucio.common.exception import AccessDenied
 from rucio.common.schema import validate_schema
 from rucio.common.types import InternalAccount, InternalScope
+from rucio.common.utils import gateway_update_return_dict
 from rucio.core import scope as core_scope
 from rucio.db.sqla.constants import DatabaseOperationType
 from rucio.db.sqla.session import db_session
 
+if TYPE_CHECKING:
+    from collections.abc import Generator
 
-def list_scopes(filter_: Optional[dict[str, Any]] = None, vo: str = DEFAULT_VO) -> list[str]:
+
+def list_scopes(filter_: Optional[dict[str, Any]] = None, vo: str = DEFAULT_VO) -> 'Generator[dict[str, Any]]':
     """
     Lists all scopes.
 
@@ -42,7 +46,9 @@ def list_scopes(filter_: Optional[dict[str, Any]] = None, vo: str = DEFAULT_VO)
         filter_['scope'] = InternalScope(scope='*', vo=vo)
 
     with db_session(DatabaseOperationType.READ) as session:
-        return [scope.external for scope in core_scope.list_scopes(filter_=filter_, session=session)]
+        scopes = core_scope.list_scopes(filter_=filter_, session=session)
+        for scope in scopes:
+            yield gateway_update_return_dict(scope, session=session)
 
 
 def add_scope(
@@ -92,3 +98,29 @@ def get_scopes(
 
     with db_session(DatabaseOperationType.READ) as session:
         return [scope.external for scope in core_scope.get_scopes(internal_account, session=session)]
+
+
+def update_scope(
+        scope: str,
+        account: str,
+        issuer: str,
+        vo: str = DEFAULT_VO
+) -> None:
+    """
+    Change ownership of a scope
+
+    :param account: New owner for the scope
+    :param scope: Scope to change
+    param issuer: User making the request
+    :param vo: VO to act on
+
+    """
+    kwargs = {'scope': scope, 'account': account}
+    with db_session(DatabaseOperationType.WRITE) as session:
+        auth_result = rucio.gateway.permission.has_permission(issuer=issuer, vo=vo, action='update_scope', kwargs=kwargs, session=session)
+        if not auth_result.allowed:
+            raise AccessDenied('Account %s can not add scope. %s' % (issuer, auth_result.message))
+
+        internal_account = InternalAccount(account, vo=vo)
+        internal_scope = InternalScope(scope, vo=vo)
+        core_scope.update_scope(internal_scope, internal_account, session=session)

rucio/rse/protocols/webdav.py

@@ -25,6 +25,7 @@ from requests.adapters import HTTPAdapter
 from urllib3.poolmanager import PoolManager
 
 from rucio.common import exception
+from rucio.common.constants import HTTPMethod
 from rucio.rse.protocols import protocol
 
 
@@ -259,9 +260,11 @@ class Default(protocol.RSEProtocol):
         try:
             # use GET instead of HEAD for presigned urls
             if not using_presigned_urls:
-                result = self.session.request('HEAD', path, verify=False, timeout=self.timeout, cert=self.cert)
+                result = self.session.request(HTTPMethod.HEAD.value, path, verify=False, timeout=self.timeout,
+                                              cert=self.cert)
             else:
-                result = self.session.request('GET', path, verify=False, timeout=self.timeout, cert=self.cert)
+                result = self.session.request(HTTPMethod.GET.value, path, verify=False, timeout=self.timeout,
+                                              cert=self.cert)
             if result.status_code == 200:
                 return True
             elif result.status_code in [401, ]:

rucio/transfertool/fts3.py

@@ -76,7 +76,6 @@ BULK_QUERY_COUNTER = METRICS.counter(name='{host}.bulk_query.{state}',
 QUERY_DETAILS_COUNTER = METRICS.counter(name='{host}.query_details.{state}',
                                         documentation='Number of detailed status queries', labelnames=('state', 'host'))
 
-REWRITE_HTTPS_TO_DAVS = config_get_bool('transfers', 'rewrite_https_to_davs', default=False)
 VO_CERTS_PATH = config_get('conveyor', 'vo_certs_path', False, None)
 
 # https://fts3-docs.web.cern.ch/fts3-docs/docs/state_machine.html
@@ -1073,24 +1072,6 @@ class FTS3Transfertool(Transfertool):
             if not transfer_file['sources'] or transfer_file['sources'] == []:
                 raise Exception('No sources defined')
 
-            # TODO: remove the following logic in rucio 1.31
-            if REWRITE_HTTPS_TO_DAVS:
-                new_src_urls = []
-                new_dst_urls = []
-                for url in transfer_file['sources']:
-                    if url.startswith('https'):
-                        new_src_urls.append(':'.join(['davs'] + url.split(':')[1:]))
-                    else:
-                        new_src_urls.append(url)
-                for url in transfer_file['destinations']:
-                    if url.startswith('https'):
-                        new_dst_urls.append(':'.join(['davs'] + url.split(':')[1:]))
-                    else:
-                        new_dst_urls.append(url)
-
-                transfer_file['sources'] = new_src_urls
-                transfer_file['destinations'] = new_dst_urls
-
         transfer_id = None
         expected_transfer_id = None
         if self.deterministic_id:

rucio/vcsversion.py

@@ -4,8 +4,8 @@ This file is automatically generated; Do not edit it. :)
 '''
 VERSION_INFO = {
     'final': True,
-    'version': '38.3.0',
+    'version': '38.5.0',
     'branch_nick': 'release-38-LTS',
-    'revision_id': '5eebc4e67a544dcb2d689bd45260cb73fb10066a',
-    'revno': 14003
+    'revision_id': '430fd3dd8f4dc5103e1e932c9515421e1c515c3e',
+    'revno': 14073
 }

rucio/web/rest/flaskapi/v1/accountlimits.py

@@ -16,6 +16,7 @@ from typing import TYPE_CHECKING
 
 from flask import Flask, request
 
+from rucio.common.constants import HTTPMethod
 from rucio.common.exception import AccessDenied, AccountNotFound, RSENotFound
 from rucio.gateway.account_limit import delete_global_account_limit, delete_local_account_limit, set_global_account_limit, set_local_account_limit
 from rucio.web.rest.flaskapi.authenticated_bp import AuthenticatedBlueprint
@@ -219,11 +220,11 @@ def blueprint(with_doc: bool = False) -> AuthenticatedBlueprint:
     bp = AuthenticatedBlueprint('accountlimits', __name__, url_prefix='/accountlimits')
 
     local_account_limit_view = LocalAccountLimit.as_view('local_account_limit')
-    bp.add_url_rule('/local/<account>/<rse>', view_func=local_account_limit_view, methods=['post', 'delete'])
+    bp.add_url_rule('/local/<account>/<rse>', view_func=local_account_limit_view, methods=[HTTPMethod.POST.value, HTTPMethod.DELETE.value])
     if not with_doc:
-        bp.add_url_rule('/<account>/<rse>', view_func=local_account_limit_view, methods=['post', 'delete'])
+        bp.add_url_rule('/<account>/<rse>', view_func=local_account_limit_view, methods=[HTTPMethod.POST.value, HTTPMethod.DELETE.value])
     global_account_limit_view = GlobalAccountLimit.as_view('global_account_limit')
-    bp.add_url_rule('/global/<account>/<rse_expression>', view_func=global_account_limit_view, methods=['post', 'delete'])
+    bp.add_url_rule('/global/<account>/<rse_expression>', view_func=global_account_limit_view, methods=[HTTPMethod.POST.value, HTTPMethod.DELETE.value])
 
     bp.after_request(response_headers)
     return bp

rucio/web/rest/flaskapi/v1/accounts.py

@@ -18,7 +18,8 @@ from typing import TYPE_CHECKING, Any, Literal, Optional, Union
 
 from flask import Flask, Response, jsonify, redirect, request
 
-from rucio.common.exception import AccessDenied, AccountNotFound, CounterNotFound, Duplicate, IdentityError, InvalidObject, RSENotFound, RuleNotFound, ScopeNotFound
+from rucio.common.constants import HTTPMethod
+from rucio.common.exception import AccessDenied, AccountNotFound, CounterNotFound, Duplicate, IdentityError, InvalidAccountType, InvalidObject, RSENotFound, RuleNotFound, ScopeNotFound
 from rucio.common.utils import APIEncoder, render_json
 from rucio.gateway.account import add_account, add_account_attribute, del_account, del_account_attribute, get_account_info, get_usage_history, list_account_attributes, list_accounts, list_identities, update_account
 from rucio.gateway.account_limit import get_global_account_limit, get_global_account_usage, get_local_account_limit, get_local_account_usage
@@ -447,7 +448,7 @@ class AccountParameter(ErrorHandlingMethodView):
             return generate_http_error_flask(409, error)
         except AccessDenied as error:
             return generate_http_error_flask(401, error)
-        except InvalidObject as error:
+        except (InvalidObject, InvalidAccountType) as error:
             return generate_http_error_flask(400, error)
 
         return 'Created', 201
@@ -1047,44 +1048,44 @@ def blueprint(with_doc: bool = False) -> AuthenticatedBlueprint:
     bp = AuthenticatedBlueprint('accounts', __name__, url_prefix='/accounts')
 
     attributes_view = Attributes.as_view('attributes')
-    bp.add_url_rule('/<account>/attr/', view_func=attributes_view, methods=['get', ])
-    bp.add_url_rule('/<account>/attr/<key>', view_func=attributes_view, methods=['post', 'delete'])
+    bp.add_url_rule('/<account>/attr/', view_func=attributes_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/attr/<key>', view_func=attributes_view, methods=[HTTPMethod.POST.value, HTTPMethod.DELETE.value])
     scopes_view = Scopes.as_view('scopes')
-    bp.add_url_rule('/<account>/scopes/', view_func=scopes_view, methods=['get', ])
-    bp.add_url_rule('/<account>/scopes/<scope>', view_func=scopes_view, methods=['post', ])
+    bp.add_url_rule('/<account>/scopes/', view_func=scopes_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/scopes/<scope>', view_func=scopes_view, methods=[HTTPMethod.POST.value])
     local_account_limits_view = LocalAccountLimits.as_view('local_account_limit')
-    bp.add_url_rule('/<account>/limits/local', view_func=local_account_limits_view, methods=['get', ])
-    bp.add_url_rule('/<account>/limits', view_func=local_account_limits_view, methods=['get', ])
-    bp.add_url_rule('/<account>/limits/local/<rse>', view_func=local_account_limits_view, methods=['get', ])
-    bp.add_url_rule('/<account>/limits/<rse>', view_func=local_account_limits_view, methods=['get', ])
+    bp.add_url_rule('/<account>/limits/local', view_func=local_account_limits_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/limits', view_func=local_account_limits_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/limits/local/<rse>', view_func=local_account_limits_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/limits/<rse>', view_func=local_account_limits_view, methods=[HTTPMethod.GET.value])
     global_account_limits_view = GlobalAccountLimits.as_view('global_account_limit')
-    bp.add_url_rule('/<account>/limits/global', view_func=global_account_limits_view, methods=['get', ])
-    bp.add_url_rule('/<account>/limits/global/<rse_expression>', view_func=global_account_limits_view, methods=['get', ])
+    bp.add_url_rule('/<account>/limits/global', view_func=global_account_limits_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/limits/global/<rse_expression>', view_func=global_account_limits_view, methods=[HTTPMethod.GET.value])
     identities_view = Identities.as_view('identities')
-    bp.add_url_rule('/<account>/identities', view_func=identities_view, methods=['get', 'post', 'delete'])
+    bp.add_url_rule('/<account>/identities', view_func=identities_view, methods=[HTTPMethod.GET.value, HTTPMethod.POST.value, HTTPMethod.DELETE.value])
     rules_view = Rules.as_view('rules')
-    bp.add_url_rule('/<account>/rules', view_func=rules_view, methods=['get', ])
+    bp.add_url_rule('/<account>/rules', view_func=rules_view, methods=[HTTPMethod.GET.value])
     usagehistory_view = UsageHistory.as_view('usagehistory')
-    bp.add_url_rule('/<account>/usage/history/<rse>', view_func=usagehistory_view, methods=['get', ])
+    bp.add_url_rule('/<account>/usage/history/<rse>', view_func=usagehistory_view, methods=[HTTPMethod.GET.value])
     usage_view = LocalUsage.as_view('usage')
-    bp.add_url_rule('/<account>/usage/local', view_func=usage_view, methods=['get', ])
-    bp.add_url_rule('/<account>/usage', view_func=usage_view, methods=['get', ])
+    bp.add_url_rule('/<account>/usage/local', view_func=usage_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/usage', view_func=usage_view, methods=[HTTPMethod.GET.value])
     if not with_doc:
         # for backwards-compatibility
         # rule without trailing slash needs to be added before rule with trailing slash
-        bp.add_url_rule('/<account>/usage/', view_func=usage_view, methods=['get', ])
-    bp.add_url_rule('/<account>/usage/local/<rse>', view_func=usage_view, methods=['get', ])
-    bp.add_url_rule('/<account>/usage/<rse>', view_func=usage_view, methods=['get', ])
+        bp.add_url_rule('/<account>/usage/', view_func=usage_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/usage/local/<rse>', view_func=usage_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/usage/<rse>', view_func=usage_view, methods=[HTTPMethod.GET.value])
     global_usage_view = GlobalUsage.as_view('global_usage')
-    bp.add_url_rule('/<account>/usage/global', view_func=global_usage_view, methods=['get', ])
-    bp.add_url_rule('/<account>/usage/global/<rse_expression>', view_func=global_usage_view, methods=['get', ])
+    bp.add_url_rule('/<account>/usage/global', view_func=global_usage_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/<account>/usage/global/<rse_expression>', view_func=global_usage_view, methods=[HTTPMethod.GET.value])
     account_parameter_view = AccountParameter.as_view('account_parameter')
-    bp.add_url_rule('/<account>', view_func=account_parameter_view, methods=['get', 'put', 'post', 'delete'])
+    bp.add_url_rule('/<account>', view_func=account_parameter_view, methods=[HTTPMethod.GET.value, HTTPMethod.PUT.value, HTTPMethod.POST.value, HTTPMethod.DELETE.value])
     account_view = Account.as_view('account')
     if not with_doc:
         # rule without trailing slash needs to be added before rule with trailing slash
-        bp.add_url_rule('', view_func=account_view, methods=['get', ])
-    bp.add_url_rule('/', view_func=account_view, methods=['get', ])
+        bp.add_url_rule('', view_func=account_view, methods=[HTTPMethod.GET.value])
+    bp.add_url_rule('/', view_func=account_view, methods=[HTTPMethod.GET.value])
 
     bp.after_request(response_headers)
     return bp

rucio/web/rest/flaskapi/v1/archives.py

@@ -17,7 +17,7 @@ from typing import TYPE_CHECKING
 
 from flask import Flask, Response, request
 
-from rucio.common.constants import DEFAULT_VO
+from rucio.common.constants import DEFAULT_VO, HTTPMethod
 from rucio.gateway.did import list_archive_content
 from rucio.web.rest.flaskapi.authenticated_bp import AuthenticatedBlueprint
 from rucio.web.rest.flaskapi.v1.common import ErrorHandlingMethodView, check_accept_header_wrapper_flask, generate_http_error_flask, parse_scope_name, response_headers, try_stream
@@ -90,7 +90,7 @@ def blueprint() -> AuthenticatedBlueprint:
     bp = AuthenticatedBlueprint('archives', __name__, url_prefix='/archives')
 
     archive_view = Archive.as_view('archive')
-    bp.add_url_rule('/<path:scope_name>/files', view_func=archive_view, methods=['get', ])
+    bp.add_url_rule('/<path:scope_name>/files', view_func=archive_view, methods=[HTTPMethod.GET.value])
 
     bp.after_request(response_headers)
     return bp

rucio/web/rest/flaskapi/v1/auth.py

@@ -23,6 +23,7 @@ from jinja2.exceptions import TemplateNotFound
 from werkzeug.datastructures import Headers
 
 from rucio.common.config import config_get
+from rucio.common.constants import HTTPMethod
 from rucio.common.exception import AccessDenied, CannotAuthenticate, CannotAuthorize, ConfigurationError, IdentityError, IdentityNotFound, InvalidRequest
 from rucio.common.extra import import_extras
 from rucio.common.utils import date_to_str
@@ -1632,31 +1633,31 @@ def blueprint() -> Blueprint:
     bp = Blueprint('auth', __name__, url_prefix='/auth')
 
     user_pass_view = UserPass.as_view('user_pass')
-    bp.add_url_rule('/userpass', view_func=user_pass_view, methods=['get', 'options'])
+    bp.add_url_rule('/userpass', view_func=user_pass_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     gss_view = GSS.as_view('gss')
-    bp.add_url_rule('/gss', view_func=gss_view, methods=['get', 'options'])
+    bp.add_url_rule('/gss', view_func=gss_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     x509_view = x509.as_view('x509')
-    bp.add_url_rule('/x509', view_func=x509_view, methods=['get', 'options'])
-    bp.add_url_rule('/x509/webui', view_func=x509_view, methods=['get', 'options'])
-    bp.add_url_rule('/x509_proxy', view_func=x509_view, methods=['get', 'options'])
+    bp.add_url_rule('/x509', view_func=x509_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
+    bp.add_url_rule('/x509/webui', view_func=x509_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
+    bp.add_url_rule('/x509_proxy', view_func=x509_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     ssh_view = SSH.as_view('ssh')
-    bp.add_url_rule('/ssh', view_func=ssh_view, methods=['get', 'options'])
+    bp.add_url_rule('/ssh', view_func=ssh_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     ssh_challenge_token_view = SSHChallengeToken.as_view('ssh_challenge_token')
-    bp.add_url_rule('/ssh_challenge_token', view_func=ssh_challenge_token_view, methods=['get', 'options'])
+    bp.add_url_rule('/ssh_challenge_token', view_func=ssh_challenge_token_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     saml_view = SAML.as_view('saml')
-    bp.add_url_rule('/saml', view_func=saml_view, methods=['get', 'post', 'options'])
+    bp.add_url_rule('/saml', view_func=saml_view, methods=[HTTPMethod.GET.value, HTTPMethod.POST.value, HTTPMethod.OPTIONS.value])
     validate_view = Validate.as_view('validate')
-    bp.add_url_rule('/validate', view_func=validate_view, methods=['get', 'options'])
+    bp.add_url_rule('/validate', view_func=validate_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     oidc_view = OIDC.as_view('oidc_view')
-    bp.add_url_rule('/oidc', view_func=oidc_view, methods=['get', 'options'])
+    bp.add_url_rule('/oidc', view_func=oidc_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     token_oidc_view = TokenOIDC.as_view('token_oidc_view')
-    bp.add_url_rule('/oidc_token', view_func=token_oidc_view, methods=['get', 'options'])
+    bp.add_url_rule('/oidc_token', view_func=token_oidc_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     code_oidc_view = CodeOIDC.as_view('code_oidc_view')
-    bp.add_url_rule('/oidc_code', view_func=code_oidc_view, methods=['get', 'options'])
+    bp.add_url_rule('/oidc_code', view_func=code_oidc_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     redirect_oidc_view = RedirectOIDC.as_view('redirect_oidc_view')
-    bp.add_url_rule('/oidc_redirect', view_func=redirect_oidc_view, methods=['get', 'options'])
+    bp.add_url_rule('/oidc_redirect', view_func=redirect_oidc_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     refresh_oidc_view = RefreshOIDC.as_view('refresh_oidc_view')
-    bp.add_url_rule('/oidc_refresh', view_func=refresh_oidc_view, methods=['get', 'options'])
+    bp.add_url_rule('/oidc_refresh', view_func=refresh_oidc_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
 
     return bp
 

rucio/web/rest/flaskapi/v1/common.py

@@ -31,7 +31,7 @@ from werkzeug.exceptions import HTTPException
 from werkzeug.wrappers import Request, Response
 
 from rucio.common import config
-from rucio.common.constants import DEFAULT_VO
+from rucio.common.constants import DEFAULT_VO, HTTPMethod
 from rucio.common.exception import CannotAuthenticate, DatabaseException, IdentityError, RucioException, UnsupportedRequestedContentType
 from rucio.common.schema import get_schema_value
 from rucio.common.utils import generate_uuid, render_json
@@ -66,7 +66,7 @@ class CORSMiddleware:
     def __call__(self, environ: 'WSGIEnvironment', start_response: 'StartResponse') -> 'Iterable[bytes]':
         request: Request = Request(environ)
 
-        if request.environ.get('REQUEST_METHOD') == 'OPTIONS':
+        if request.environ.get('REQUEST_METHOD') == HTTPMethod.OPTIONS.value:
             try:
                 webui_urls = config.config_get_list('webui', 'urls')
             except (NoOptionError, NoSectionError, RuntimeError) as error:
@@ -145,7 +145,7 @@ class ErrorHandlingMethodView(MethodView):
 
 
 def request_auth_env() -> Optional['ResponseReturnValue']:
-    if flask.request.environ.get('REQUEST_METHOD') == 'OPTIONS':
+    if flask.request.environ.get('REQUEST_METHOD') == HTTPMethod.OPTIONS.value:
         return '', 200
 
     auth_token = flask.request.headers.get('X-Rucio-Auth-Token', default=None)
@@ -176,7 +176,7 @@ def response_headers(response: ResponseTypeVar) -> ResponseTypeVar:
     response.headers['Access-Control-Allow-Methods'] = '*'
     response.headers['Access-Control-Allow-Credentials'] = 'true'
 
-    if flask.request.environ.get('REQUEST_METHOD') == 'GET':
+    if flask.request.environ.get('REQUEST_METHOD') == HTTPMethod.GET.value:
         response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
         response.headers['Cache-Control'] = 'post-check=0, pre-check=0'
         response.headers['Pragma'] = 'no-cache'

rucio/web/rest/flaskapi/v1/config.py

@@ -17,6 +17,7 @@ from typing import TYPE_CHECKING
 from flask import Flask, jsonify
 from flask import request as request
 
+from rucio.common.constants import HTTPMethod
 from rucio.common.exception import AccessDenied, ConfigNotFound, ConfigurationError
 from rucio.gateway import config
 from rucio.web.rest.flaskapi.authenticated_bp import AuthenticatedBlueprint
@@ -323,13 +324,14 @@ def blueprint() -> AuthenticatedBlueprint:
     bp = AuthenticatedBlueprint('config', __name__, url_prefix='/config')
 
     option_set_view = OptionSet.as_view('option_set')
-    bp.add_url_rule('/<section>/<option>/<value>', view_func=option_set_view, methods=['put', ])
+    bp.add_url_rule('/<section>/<option>/<value>', view_func=option_set_view, methods=[HTTPMethod.PUT.value])
     option_get_del_view = OptionGetDel.as_view('option_get_del')
-    bp.add_url_rule('/<section>/<option>', view_func=option_get_del_view, methods=['get', 'delete'])
+    bp.add_url_rule('/<section>/<option>', view_func=option_get_del_view, methods=[HTTPMethod.GET.value, HTTPMethod.DELETE.value])
     section_view = Section.as_view('section')
-    bp.add_url_rule('/<section>', view_func=section_view, methods=['get', 'delete'])
+
+    bp.add_url_rule('/<section>', view_func=section_view, methods=[HTTPMethod.GET.value, HTTPMethod.DELETE.value])
     config_view = Config.as_view('config')
-    bp.add_url_rule('', view_func=config_view, methods=['get', 'post'])
+    bp.add_url_rule('', view_func=config_view, methods=[HTTPMethod.GET.value, HTTPMethod.POST.value])
 
     bp.after_request(response_headers)
     return bp

rucio/web/rest/flaskapi/v1/credentials.py

@@ -17,7 +17,7 @@ from typing import TYPE_CHECKING, cast
 from flask import Flask, request
 from werkzeug.datastructures import Headers
 
-from rucio.common.constants import RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS, RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS_LITERAL, SUPPORTED_SIGN_URL_SERVICES, SUPPORTED_SIGN_URL_SERVICES_LITERAL
+from rucio.common.constants import RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS, RSE_BASE_SUPPORTED_PROTOCOL_OPERATIONS_LITERAL, SUPPORTED_SIGN_URL_SERVICES, SUPPORTED_SIGN_URL_SERVICES_LITERAL, HTTPMethod
 from rucio.common.exception import CannotAuthenticate
 from rucio.gateway.credential import get_signed_url
 from rucio.web.rest.flaskapi.authenticated_bp import AuthenticatedBlueprint
@@ -203,10 +203,10 @@ def blueprint(with_doc=False):
     bp = AuthenticatedBlueprint('credentials', __name__, url_prefix='/credentials')
 
     signurl_view = SignURL.as_view('signurl')
-    bp.add_url_rule('/signurl', view_func=signurl_view, methods=['get', 'options'])
+    bp.add_url_rule('/signurl', view_func=signurl_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
     if not with_doc:
         # yes, /signur ~= '/signurl?$'
-        bp.add_url_rule('/signur', view_func=signurl_view, methods=['get', 'options'])
+        bp.add_url_rule('/signur', view_func=signurl_view, methods=[HTTPMethod.GET.value, HTTPMethod.OPTIONS.value])
 
     bp.after_request(response_headers)