Baseclient
Client class for callers of the Rucio system
BaseClient(rucio_host=None, auth_host=None, account=None, ca_cert=None, auth_type=None, creds=None, timeout=600, user_agent='rucio-clients', vo=None, logger=LOG)
¶
Main client class for accessing Rucio resources. Handles the authentication.
Constructor of the BaseClient.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
rucio_host
|
Optional[str]
|
The address of the rucio server, if None it is read from the config file. |
None
|
rucio_port
|
The port of the rucio server, if None it is read from the config file. |
required | |
auth_host
|
Optional[str]
|
The address of the rucio authentication server, if None it is read from the config file. |
None
|
auth_port
|
The port of the rucio authentication server, if None it is read from the config file. |
required | |
account
|
Optional[str]
|
The account to authenticate to rucio. |
None
|
use_ssl
|
Enable or disable ssl for commucation. Default is enabled. |
required | |
ca_cert
|
Optional[str]
|
The path to the rucio server certificate. |
None
|
auth_type
|
Optional[str]
|
The type of authentication (e.g.: 'userpass', 'kerberos' ...) |
None
|
creds
|
Optional[dict[str, Any]]
|
Dictionary with credentials needed for authentication. |
None
|
user_agent
|
Optional[str]
|
Indicates the client. |
'rucio-clients'
|
vo
|
Optional[str]
|
The VO to authenticate into. |
None
|
logger
|
Logger
|
Logger object to use. If None, use the default LOG created by the module |
LOG
|
__get_token_userpass()
¶
Sends a request to get an auth token from the server and stores it as a class attribute. Uses username/password.
Returns:
| Type | Description |
|---|---|
bool
|
True if the token was successfully received. False otherwise. |
__refresh_token_OIDC()
¶
Checks if there is active refresh token and if so returns either active token with expiration timestamp or requests a new refresh and returns new access token with new expiration timestamp and saves these in the token directory.
Returns:
| Type | Description |
|---|---|
bool
|
True if the token was successfully received. False otherwise. |
__get_token_OIDC()
¶
First authenticates the user via a Identity Provider server (with user's username & password), by specifying oidc_scope, user agrees to share the relevant information with Rucio. If all proceeds well, an access token is requested from the Identity Provider. Access Tokens are not stored in Rucio DB. Refresh Tokens are granted only in case no valid access token exists in user's local storage, oidc_scope includes 'offline_access'. In such case, refresh token is stored in Rucio DB.
Returns:
| Type | Description |
|---|---|
bool
|
True if the token was successfully received. False otherwise. |
__get_token_x509()
¶
Sends a request to get an auth token from the server and stores it as a class attribute. Uses x509 authentication.
Returns:
| Type | Description |
|---|---|
bool
|
True if the token was successfully received. False otherwise. |
__get_token_ssh()
¶
Sends a request to get an auth token from the server and stores it as a class attribute. Uses SSH key exchange authentication.
Returns:
| Type | Description |
|---|---|
bool
|
True if the token was successfully received. False otherwise. |
__get_token_gss()
¶
Sends a request to get an auth token from the server and stores it as a class attribute. Uses Kerberos authentication.
Returns:
| Type | Description |
|---|---|
bool
|
True if the token was successfully received. False otherwise. |
__get_token_saml()
¶
Sends a request to get an auth token from the server and stores it as a class attribute. Uses saml authentication.
Returns:
| Type | Description |
|---|---|
bool
|
True if the token was successfully received. False otherwise. |
__get_token()
¶
Calls the corresponding method to receive an auth token depending on the auth type. To be used if a 401 - Unauthorized error is received.
__read_token()
¶
Checks if a local token file exists and reads the token from it.
Returns:
| Type | Description |
|---|---|
bool
|
True if a token could be read. False if no file exists. |
__write_token()
¶
Write the current auth_token to the local token file.
__authenticate()
¶
Main method for authentication. It first tries to read a locally saved token. If not available it requests a new one.
choice(hosts)
¶
Select randomly a host
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
hosts
|
Lost of hosts |
required |
Returns:
| Type | Description |
|---|---|
|
A randomly selected host. |