Baseclient

Client class for callers of the Rucio system

`BaseClient(rucio_host=None, auth_host=None, account=None, ca_cert=None, auth_type=None, creds=None, timeout=600, user_agent='rucio-clients', vo=None, logger=LOG)` ¶

Main client class for accessing Rucio resources. Handles the authentication.

Constructor of the BaseClient.

Parameters:

Name	Type	Description	Default
`rucio_host`	`Optional[str]`	The address of the rucio server, if None it is read from the config file.	`None`
`rucio_port`		The port of the rucio server, if None it is read from the config file.	required
`auth_host`	`Optional[str]`	The address of the rucio authentication server, if None it is read from the config file.	`None`
`auth_port`		The port of the rucio authentication server, if None it is read from the config file.	required
`account`	`Optional[str]`	The account to authenticate to rucio.	`None`
`use_ssl`		Enable or disable ssl for commucation. Default is enabled.	required
`ca_cert`	`Optional[str]`	The path to the rucio server certificate.	`None`
`auth_type`	`Optional[str]`	The type of authentication (e.g.: 'userpass', 'kerberos' ...)	`None`
`creds`	`Optional[dict[str, Any]]`	Dictionary with credentials needed for authentication.	`None`
`user_agent`	`Optional[str]`	Indicates the client.	`'rucio-clients'`
`vo`	`Optional[str]`	The VO to authenticate into.	`None`
`logger`	`Logger`	Logger object to use. If None, use the default LOG created by the module	`LOG`

`_get_exception(headers, status_code=None, data=None)` ¶

Helper method to parse an error string send by the server and transform it into the corresponding rucio exception.

Parameters:

Name	Type	Description	Default
`headers`	`dict[str, str]`	The http response header containing the Rucio exception details.	required
`status_code`	`Optional[int]`	The http status code.	`None`
`data`		The data with the ExceptionMessage.	`None`

Returns:

Type	Description
`tuple[type[RucioException], str]`	A rucio exception class and an error string.

`_load_json_data(response)` ¶

Helper method to correctly load json data based on the content type of the http response.

Parameters:

Name	Type	Description	Default
`response`	`Response`	the response received from the server.	required

`_back_off(retry_number, reason)` ¶

Sleep a certain amount of time which increases with the retry count

Parameters:

Name	Type	Description	Default
`retry_number`	`int`	the retry iteration	required
`reason`	`str`	the reason to backoff which will be shown to the user	required

`_send_request(url, headers=None, type_='GET', data=None, params=None, stream=False, get_token=False, cert=None, auth=None, verify=None)` ¶

Helper method to send requests to the rucio server. Gets a new token and retries if an unauthorized error is returned.

Parameters:

Name	Description	Default
`url`	the http url to use.	required
`headers`	additional http headers to send.	`None`
`type_`	the http request type to use.	`'GET'`
`data`	post data.	`None`
`params`	(optional) Dictionary or bytes to be sent in the url query string.	`None`
`get_token`	(optional) if it is called from a _get_token function.	`False`
`cert`	(optional) if String, path to the SSL client cert file (.pem). If Tuple, (cert, key) pair.	`None`
`auth`	(optional) auth tuple to enable Basic/Digest/Custom HTTP Auth.	`None`
`verify`	(optional) either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use.	`None`

Returns:

Type	Description
	the HTTP return body.

`__get_token_userpass()` ¶

Sends a request to get an auth token from the server and stores it as a class attribute. Uses username/password.

Returns:

Type	Description
`bool`	True if the token was successfully received. False otherwise.

`__refresh_token_oidc()` ¶

Checks if there is active refresh token and if so returns either active token with expiration timestamp or requests a new refresh and returns new access token with new expiration timestamp and saves these in the token directory.

Returns:

Type	Description
`bool`	True if the token was successfully received. False otherwise.

`__get_token_oidc()` ¶

First authenticates the user via a Identity Provider server (with user's username & password), by specifying oidc_scope, user agrees to share the relevant information with Rucio. If all proceeds well, an access token is requested from the Identity Provider. Access Tokens are not stored in Rucio DB. Refresh Tokens are granted only in case no valid access token exists in user's local storage, oidc_scope includes 'offline_access'. In such case, refresh token is stored in Rucio DB.

Returns:

Type	Description
`bool`	True if the token was successfully received. False otherwise.

`__get_token_x509()` ¶

Sends a request to get an auth token from the server and stores it as a class attribute. Uses x509 authentication.

Returns:

Type	Description
`bool`	True if the token was successfully received. False otherwise.

`__get_token_ssh()` ¶

Sends a request to get an auth token from the server and stores it as a class attribute. Uses SSH key exchange authentication.

Returns:

Type	Description
`bool`	True if the token was successfully received. False otherwise.

`__get_token_gss()` ¶

Sends a request to get an auth token from the server and stores it as a class attribute. Uses Kerberos authentication.

Returns:

Type	Description
`bool`	True if the token was successfully received. False otherwise.

`__get_token_saml()` ¶

Sends a request to get an auth token from the server and stores it as a class attribute. Uses saml authentication.

Returns:

Type	Description
`bool`	True if the token was successfully received. False otherwise.

`__get_token()` ¶

Calls the corresponding method to receive an auth token depending on the auth type. To be used if a 401 - Unauthorized error is received.

`__read_token()` ¶

Checks if a local token file exists and reads the token from it.

Returns:

Type	Description
`bool`	True if a token could be read. False if no file exists.

`__write_token()` ¶

Write the current auth_token to the local token file.

`__authenticate()` ¶

Main method for authentication. It first tries to read a locally saved token. If not available it requests a new one.

`choice(hosts)` ¶

Select randomly a host

Parameters:

Name	Type	Description	Default
`hosts`		Lost of hosts	required

Returns:

Type	Description
	A randomly selected host.

Baseclient

BaseClient(rucio_host=None, auth_host=None, account=None, ca_cert=None, auth_type=None, creds=None, timeout=600, user_agent='rucio-clients', vo=None, logger=LOG) ¶

_get_exception(headers, status_code=None, data=None) ¶

_load_json_data(response) ¶

_back_off(retry_number, reason) ¶

_send_request(url, headers=None, type_='GET', data=None, params=None, stream=False, get_token=False, cert=None, auth=None, verify=None) ¶

__get_token_userpass() ¶

__refresh_token_oidc() ¶

__get_token_oidc() ¶

__get_token_x509() ¶

__get_token_ssh() ¶

__get_token_gss() ¶

__get_token_saml() ¶

__get_token() ¶

__read_token() ¶

__write_token() ¶

__authenticate() ¶

choice(hosts) ¶

`BaseClient(rucio_host=None, auth_host=None, account=None, ca_cert=None, auth_type=None, creds=None, timeout=600, user_agent='rucio-clients', vo=None, logger=LOG)` ¶

`_get_exception(headers, status_code=None, data=None)` ¶

`_load_json_data(response)` ¶

`_back_off(retry_number, reason)` ¶

`_send_request(url, headers=None, type_='GET', data=None, params=None, stream=False, get_token=False, cert=None, auth=None, verify=None)` ¶

`__get_token_userpass()` ¶

`__refresh_token_oidc()` ¶

`__get_token_oidc()` ¶

`__get_token_x509()` ¶

`__get_token_ssh()` ¶

`__get_token_gss()` ¶

`__get_token_saml()` ¶

`__get_token()` ¶

`__read_token()` ¶

`__write_token()` ¶

`__authenticate()` ¶

`choice(hosts)` ¶