Skip to content

Baseclient

Client class for callers of the Rucio system

Classes

BaseClient 

BaseClient(
    rucio_host=None,
    auth_host=None,
    account=None,
    ca_cert=None,
    auth_type=None,
    creds=None,
    timeout=600,
    user_agent="rucio-clients",
    vo=None,
    logger=LOG,
)

Main client class for accessing Rucio resources. Handles the authentication.

Constructor of the BaseClient.

PARAMETER DESCRIPTION
rucio_host

The address of the rucio server, if None it is read from the config file.

TYPE: Optional[str] DEFAULT: None

rucio_port

The port of the rucio server, if None it is read from the config file.
auth_host

The address of the rucio authentication server, if None it is read from the config file.

TYPE: Optional[str] DEFAULT: None

auth_port

The port of the rucio authentication server, if None it is read from the config file.
account

The account to authenticate to rucio.

TYPE: Optional[str] DEFAULT: None

use_ssl

Enable or disable ssl for commucation. Default is enabled.
ca_cert

The path to the rucio server certificate.

TYPE: Optional[str] DEFAULT: None

auth_type

The type of authentication (e.g.: 'userpass', 'kerberos' ...)

TYPE: Optional[str] DEFAULT: None

creds

Dictionary with credentials needed for authentication.

TYPE: Optional[dict[str, Any]] DEFAULT: None

user_agent

Indicates the client.

TYPE: Optional[str] DEFAULT: 'rucio-clients'

vo

The VO to authenticate into.

TYPE: Optional[str] DEFAULT: None

logger

Logger object to use. If None, use the default LOG created by the module

TYPE: Logger DEFAULT: LOG

Functions

__get_token_userpass 
__get_token_userpass()

Sends a request to get an auth token from the server and stores it as a class attribute. Uses username/password.

RETURNS DESCRIPTION
bool

True if the token was successfully received. False otherwise.
__refresh_token_oidc 
__refresh_token_oidc()

Checks if there is active refresh token and if so returns either active token with expiration timestamp or requests a new refresh and returns new access token with new expiration timestamp and saves these in the token directory.

RETURNS DESCRIPTION
bool

True if the token was successfully received. False otherwise.
__get_token_oidc 
__get_token_oidc()

First authenticates the user via a Identity Provider server (with user's username & password), by specifying oidc_scope, user agrees to share the relevant information with Rucio. If all proceeds well, an access token is requested from the Identity Provider. Access Tokens are not stored in Rucio DB. Refresh Tokens are granted only in case no valid access token exists in user's local storage, oidc_scope includes 'offline_access'. In such case, refresh token is stored in Rucio DB.

RETURNS DESCRIPTION
bool

True if the token was successfully received. False otherwise.
__get_token_x509 
__get_token_x509()

Sends a request to get an auth token from the server and stores it as a class attribute. Uses x509 authentication.

RETURNS DESCRIPTION
bool

True if the token was successfully received. False otherwise.
__get_token_ssh 
__get_token_ssh()

Sends a request to get an auth token from the server and stores it as a class attribute. Uses SSH key exchange authentication.

RETURNS DESCRIPTION
bool

True if the token was successfully received. False otherwise.
__get_token_gss 
__get_token_gss()

Sends a request to get an auth token from the server and stores it as a class attribute. Uses Kerberos authentication.

RETURNS DESCRIPTION
bool

True if the token was successfully received. False otherwise.
__get_token_saml 
__get_token_saml()

Sends a request to get an auth token from the server and stores it as a class attribute. Uses saml authentication.

RETURNS DESCRIPTION
bool

True if the token was successfully received. False otherwise.
__get_token 
__get_token()

Calls the corresponding method to receive an auth token depending on the auth type. To be used if a 401 - Unauthorized error is received.

__read_token 
__read_token()

Checks if a local token file exists and reads the token from it.

RETURNS DESCRIPTION
bool

True if a token could be read. False if no file exists.
__write_token 
__write_token()

Write the current auth_token to the local token file.

__authenticate 
__authenticate()

Main method for authentication. It first tries to read a locally saved token. If not available it requests a new one.

Functions

choice 

choice(hosts)

Select randomly a host

PARAMETER DESCRIPTION
hosts

Lost of hosts
RETURNS DESCRIPTION

A randomly selected host.