Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
args = argparser.parse_args()
# if args.all:
# print 'all'
# elif args.fraction is not None:
# print 'fraction'
# elif args.num is not None:
# print 'num'
session = get_session()
total_cnt = session.query(models.ReplicationRule).count()
print "There are currently %d replication rules registered in Rucio" % total_cnt
if session.bind.dialect.name != 'sqlite':
query = session.query(models.ReplicationRule).order_by('dbms_random.value')
else:
query = session.query(models.ReplicationRule).order_by('RANDOM()')
if args.fraction is not None:
print 'Reading up to %d rules (fraction=%f)' % (int(total_cnt * args.fraction), args.fraction)
if args.fraction > 1 or args.fraction <= 0:
raise ValueError('The fraction value must be between 0 and 1')
query = query.limit(int(total_cnt * args.fraction))
elif args.num is not None:
print 'Reading up to %d rules (num)' % args.num
if args.num <= 0:
raise ValueError('The num value must be bigger than 0')
query = query.limit(args.num)
elif args.all:
print 'Reading all rules'
def __get_admin_account_for_issuer(session=None):
""" Gets admin account for the IdP issuer
:returns : dictionary { 'issuer_1': (account, identity), ... }
"""
issuer_account_dict = {}
for issuer in OIDC_ADMIN_CLIENTS:
admin_identity = oidc_identity_string(OIDC_ADMIN_CLIENTS[issuer].client_id, issuer)
admin_account = session.query(models.IdentityAccountAssociation)\
.filter_by(identity_type=IdentityType.OIDC, identity=admin_identity).first()
issuer_account_dict[issuer] = (admin_account.account, admin_identity)
return issuer_account_dict
def import_accounts(accounts, session=None):
old_accounts = {account['account']: account for account in account_module.list_accounts(session=session)}
missing_accounts = [account for account in accounts if account['account'] not in old_accounts]
outdated_accounts = [account for account in accounts if account['account'] in old_accounts]
to_be_removed_accounts = [old_account for old_account in old_accounts if old_account not in [account['account'] for account in accounts]]
old_identities = identity_module.list_identities(session=session)
old_identity_account = session.query(models.IdentityAccountAssociation.identity, models.IdentityAccountAssociation.identity_type, models.IdentityAccountAssociation.account).all()
# add missing accounts
for account_dict in missing_accounts:
account = account_dict['account']
email = account_dict['email']
account_module.add_account(account=account, type=AccountType.USER, email=email, session=session)
identities = account_dict.get('identities', [])
if identities:
import_identities(identities, account, old_identities, old_identity_account, email, session=session)
# remove left over accounts
for account in to_be_removed_accounts:
if account.external != 'root':
account_module.del_account(account=account, session=session)
# update existing accounts
:param retroactive: Flag to know if the subscription should be applied on previous data
:type retroactive: Boolean
:param dry_run: Just print the subscriptions actions without actually executing them (Useful if retroactive flag is set)
:type dry_run: Boolean
:param priority: The priority of the subscription
:type priority: Integer
:param session: The database session in use.
:returns: The subscriptionid
"""
try:
keep_history = get('subscriptions', 'keep_history')
except ConfigNotFound:
keep_history = False
SubscriptionHistory = models.Subscription.__history_mapper__.class_
retroactive = bool(retroactive) # Force boolean type, necessary for strict SQL
state = SubscriptionState.ACTIVE
lifetime = None
if retroactive:
state = SubscriptionState.NEW
if lifetime:
lifetime = datetime.datetime.utcnow() + datetime.timedelta(days=lifetime)
new_subscription = models.Subscription(name=name,
filter=filter,
account=account,
replication_rules=replication_rules,
state=state,
lifetime=lifetime,
retroactive=retroactive,
policyid=priority, comments=comments)
if keep_history:
def add_naming_convention(scope, regexp, convention_type, session=None):
"""
add a naming convention for a given scope
:param scope: the name for the scope.
:param regexp: the regular expression to validate the name.
:param convention_type: the did_type on which the regexp should apply.
:param session: The database session in use.
"""
# validate the regular expression
try:
compile(regexp)
except error:
raise RucioException('Invalid regular expression %s!' % regexp)
new_convention = models.NamingConvention(scope=scope,
regexp=regexp,
convention_type=convention_type)
try:
new_convention.save(session=session)
except IntegrityError:
raise Duplicate('Naming convention already exists!')
except:
raise RucioException(str(format_exc()))
models.RSE.rse,
models.RSE.deterministic,
models.RSE.rse_type,
models.RSEFileAssociation.path,
sub_requests.c.retry_count,
models.Source.url,
models.Source.ranking,
models.Distance.ranking)\
.outerjoin(models.RSEFileAssociation, and_(sub_requests.c.scope == models.RSEFileAssociation.scope,
sub_requests.c.name == models.RSEFileAssociation.name,
models.RSEFileAssociation.state == ReplicaState.AVAILABLE,
sub_requests.c.dest_rse_id != models.RSEFileAssociation.rse_id))\
.with_hint(models.RSEFileAssociation, "+ index(replicas REPLICAS_PK)", 'oracle')\
.outerjoin(models.RSE, and_(models.RSE.id == models.RSEFileAssociation.rse_id,
models.RSE.deleted == false()))\
.outerjoin(models.Source, and_(sub_requests.c.id == models.Source.request_id,
models.RSE.id == models.Source.rse_id))\
.with_hint(models.Source, "+ index(sources SOURCES_PK)", 'oracle')\
.outerjoin(models.Distance, and_(sub_requests.c.dest_rse_id == models.Distance.dest_rse_id,
models.RSEFileAssociation.rse_id == models.Distance.src_rse_id))\
.with_hint(models.Distance, "+ index(distances DISTANCES_PK)", 'oracle')
if rses:
result = []
for item in query.all():
dest_rse_id = item[9]
if dest_rse_id in rses:
result.append(item)
return result
return query.all()
def add_dids_to_followed(dids, account, session=None):
"""
Bulk mark datasets as followed
:param dids: A list of dids.
:param account: The account owner.
:param session: The database session in use.
"""
try:
for did in dids:
# Get the did details corresponding to the scope and name passed.
did = session.query(models.DataIdentifier).filter_by(scope=did['scope'], name=did['name']).one()
# Add the queried to the followed table.
new_did_followed = models.DidsFollowed(scope=did.scope, name=did.name, account=account,
did_type=did.did_type)
new_did_followed.save(session=session, flush=False)
session.flush()
except IntegrityError as error:
raise exception.RucioException(error.args)
combined_attached_unattached_requests = session.query(func.coalesce(attachment_order_subquery.c.scope, models.Request.scope).label('scope'),
func.coalesce(attachment_order_subquery.c.name, models.Request.name).label('name'),
models.Request.bytes,
models.Request.requested_at)
elif dialect == 'oracle':
filtered_requests_subquery = session.query(models.Request.id.label('id'),
func.nvl(attachment_order_subquery.c.name, models.Request.name).label('dataset_name'),
func.nvl(attachment_order_subquery.c.scope, models.Request.scope).label('dataset_scope'))
combined_attached_unattached_requests = session.query(func.nvl(attachment_order_subquery.c.scope, models.Request.scope).label('scope'),
func.nvl(attachment_order_subquery.c.name, models.Request.name).label('name'),
models.Request.bytes,
models.Request.requested_at)
filtered_requests_subquery = filtered_requests_subquery.join(attachment_order_subquery, and_(models.Request.name == attachment_order_subquery.c.child_name,
models.Request.scope == attachment_order_subquery.c.child_scope,
attachment_order_subquery.c.order_of_attachment == 1), isouter=True)
combined_attached_unattached_requests = combined_attached_unattached_requests.join(attachment_order_subquery, and_(models.Request.name == attachment_order_subquery.c.child_name,
models.Request.scope == attachment_order_subquery.c.child_scope,
attachment_order_subquery.c.order_of_attachment == 1), isouter=True)
# depending if throttler is used for reading or writing
if filter_by_rse == 'source':
filtered_requests_subquery = filtered_requests_subquery.filter(models.Request.source_rse_id == rse_id)
combined_attached_unattached_requests = combined_attached_unattached_requests.filter(models.Request.source_rse_id == rse_id)
elif filter_by_rse == 'destination':
filtered_requests_subquery = filtered_requests_subquery.filter(models.Request.dest_rse_id == rse_id)
combined_attached_unattached_requests = combined_attached_unattached_requests.filter(models.Request.dest_rse_id == rse_id)
filtered_requests_subquery = filtered_requests_subquery.filter(models.Request.state == RequestState.WAITING).subquery()
def refresh_cli_auth_token(token_string, account, session=None):
"""
Checks if there is active refresh token and if so returns
either active token with expiration timestamp or requests a new
refresh and returns new access token.
:param token_string: token string
:param account: Rucio account for which token refresh should be considered
:return: tuple of (access token, expiration epoch), None otherswise
"""
try:
# only validated tokens are in the DB, check presence of token_string
account_token = session.query(models.Token) \
.filter(models.Token.token == token_string,
models.Token.account == account,
models.Token.expired_at > datetime.utcnow()) \
.with_for_update(skip_locked=True).first()
# if token does not exist in the DB, return None
if account_token is None:
return None
# protection (!) no further action should be made
# for token_string without refresh_token in the DB !
if account_token.refresh_token is None:
return None
# if the token exists, check if it was refreshed already, if not, refresh it
if account_token.refresh:
# protection (!) returning the same token if the token_string
# is a result of a refresh which happened in the last 5 min
datetime_min_ago = datetime.utcnow() - timedelta(seconds=300)
if account_token.updated_at > datetime_min_ago:
epoch_exp = int(floor((account_token.expired_at - datetime(1970, 1, 1)).total_seconds()))
:param rule: The rule object.
:param recent: Insert to recent table.
:param longterm: Insert to longterm table.
:param session: The Database session.
"""
if recent:
models.ReplicationRuleHistoryRecent(id=rule.id, subscription_id=rule.subscription_id, account=rule.account, scope=rule.scope, name=rule.name,
did_type=rule.did_type, state=rule.state, error=rule.error, rse_expression=rule.rse_expression, copies=rule.copies,
expires_at=rule.expires_at, weight=rule.weight, locked=rule.locked, locks_ok_cnt=rule.locks_ok_cnt,
locks_replicating_cnt=rule.locks_replicating_cnt, locks_stuck_cnt=rule.locks_stuck_cnt, source_replica_expression=rule.source_replica_expression,
activity=rule.activity, grouping=rule.grouping, notification=rule.notification, stuck_at=rule.stuck_at, purge_replicas=rule.purge_replicas,
ignore_availability=rule.ignore_availability, ignore_account_limit=rule.ignore_account_limit, comments=rule.comments, created_at=rule.created_at,
updated_at=rule.updated_at).save(session=session)
if longterm:
models.ReplicationRuleHistory(id=rule.id, subscription_id=rule.subscription_id, account=rule.account, scope=rule.scope, name=rule.name,
did_type=rule.did_type, state=rule.state, error=rule.error, rse_expression=rule.rse_expression, copies=rule.copies,
expires_at=rule.expires_at, weight=rule.weight, locked=rule.locked, locks_ok_cnt=rule.locks_ok_cnt,
locks_replicating_cnt=rule.locks_replicating_cnt, locks_stuck_cnt=rule.locks_stuck_cnt, source_replica_expression=rule.source_replica_expression,
activity=rule.activity, grouping=rule.grouping, notification=rule.notification, stuck_at=rule.stuck_at, purge_replicas=rule.purge_replicas,
ignore_availability=rule.ignore_availability, ignore_account_limit=rule.ignore_account_limit, comments=rule.comments, created_at=rule.created_at,
updated_at=rule.updated_at).save(session=session)