FedCloud client API references

fedcloudclient.checkin module

Implementation of "fedcloud token" commands for interactions with EGI Check-in and access tokens

fedcloudclient.checkin.check_token(oidc_token, verbose=False)[source]

Check validity of access token

Parameters:

  • verbose

  • oidc_token -- the token to check

Returns:

access token, or None on error

fedcloudclient.checkin.decode_token(oidc_access_token)[source]

Decoding access token to a dict :param oidc_access_token: :return: dict with token info

fedcloudclient.checkin.get_access_token(oidc_access_token, oidc_agent_account, mytoken, mytoken_server)[source]

Get access token Generates new access token from oidc-agent or mytoken

Check expiration time of access token Raise error if no valid token exists

Parameters:

  • oidc_access_token

  • oidc_agent_account

  • mytoken

  • mytoken_server

Returns:

access token

fedcloudclient.checkin.get_checkin_id(oidc_token)[source]

Get EGI Check-in ID from access token

Parameters:

oidc_token -- the token

Returns:

Check-in ID

fedcloudclient.checkin.get_token_from_mytoken_server(mytoken, mytoken_server, quiet=False)[source]

Get access token from mytoken server :param quiet: :param mytoken: :param mytoken_server: :return: access token, or None on error

fedcloudclient.checkin.get_token_from_oidc_agent(oidc_agent_account, quiet=False)[source]

Get access token from oidc-agent :param quiet: :param oidc_agent_account: account name in oidc-agent :return: access token, or None on error

fedcloudclient.checkin.oidc_discover(oidc_url)[source]

Discover OIDC endpoints

Parameters:

oidc_url -- CheckIn URL

Returns:

JSON object of OIDC configuration

fedcloudclient.checkin.print_error(message, quiet)[source]

Print error message to stderr if not quiet

fedcloudclient.checkin.token_list_vos(oidc_access_token)[source]

List VO memberships in EGI Check-in

Parameters:

oidc_access_token

Returns:

list of VO names

fedcloudclient.endpoint module

"fedcloud endpoint" commands are complementary part of the "fedcloud site" commands.

Instead of using site configurations defined in files saved in GitHub repository or local disk, the commands try to get site information directly from GOCDB (Grid Operations Configuration Management Database) https://goc.egi.eu/ or make probe test on sites

exception fedcloudclient.endpoint.TokenException[source]

Bases: Exception

Exception for Token related errors

fedcloudclient.endpoint.find_endpoint(service_type, production=True, monitored=True, site=None)[source]

Searching GOCDB for endpoints according to service types and status

Parameters:

  • service_type

  • production

  • monitored

  • site -- list of sites, None for searching all sites

Returns:

list of endpoints

fedcloudclient.endpoint.format_project_as_dict(site_name, project)[source]

Format project data as a dictionary

fedcloudclient.endpoint.format_project_as_list(site_name, project)[source]

Format project data as a list

fedcloudclient.endpoint.get_keystone_url(os_auth_url, path)[source]

Helper function for fixing Keystone URL

fedcloudclient.endpoint.get_projects_from_single_site(os_auth_url, unscoped_token)[source]

Get list of projects from unscoped token

fedcloudclient.endpoint.get_projects_from_sites(access_token, site)[source]

Get all projects from site(s) using access token, in the default output format (list)

fedcloudclient.endpoint.get_projects_from_sites_as_dict(access_token, site)[source]

Get all projects from site(s) using access token, as a dictionary

fedcloudclient.endpoint.get_projects_from_sites_as_list(access_token, site)[source]

Get all projects from site(s) using access token, as a list

fedcloudclient.endpoint.get_projects_from_sites_with_format(access_token, site, output_format_function)[source]

Get all projects from site(s) using access token

fedcloudclient.endpoint.get_scoped_token(os_auth_url, access_token, project_id)[source]

Get a scoped token, will try all protocols if needed

fedcloudclient.endpoint.get_sites()[source]

Get list of sites (using GOCDB instead of site configuration)

Returns:

list of site IDs

fedcloudclient.endpoint.get_unscoped_token(os_auth_url, access_token)[source]

Get an unscoped token, will try all protocols if needed

fedcloudclient.endpoint.retrieve_unscoped_token(os_auth_url, access_token, protocol='openid')[source]

Request an unscoped token

fedcloudclient.sites module

"fedcloud site" commands will read site configurations and manipulate with them. If the local site configurations exist at ~/.config/fedcloud/site-config/, fedcloud will read them from there, otherwise the commands will read from GitHub repository.

By default, fedcloud does not save anything on local disk, users have to save the site configuration to local disk explicitly via "fedcloud site save-config" command. The advantage of having local site configurations, beside faster loading, is to give users ability to make customizations, e.g. add additional VOs, remove sites they do not have access, and so on.

fedcloudclient.sites.delete_site_config(config_dir)[source]

Delete site configs to local directory specified in config_dir

Parameters:

config_dir -- path to directory containing site configuration

Returns:

None

fedcloudclient.sites.find_endpoint_and_project_id(site_name, vo)[source]

Return Keystone endpoint and project ID from site name and VO according to site configuration

Parameters:

  • site_name -- site ID in GOCDB

  • vo -- VO name or None to find site endpoint only

Returns:

endpoint, project_id, protocol if the VO has access to the site, otherwise None, None, None

fedcloudclient.sites.find_site_data(site_name)[source]

Return configuration of the correspondent site with site_name

Parameters:

site_name -- site ID in GOCDB

Returns:

configuration of site if found, otherwise None

fedcloudclient.sites.find_vo_from_project_id(site_name, project_id)[source]

Return the VO name form the project ID and site_name according to site configuration

Parameters:

  • site_name -- site ID in GOCDB

  • project_id -- project_id configured to support the VO

Returns:

vo if the VO is configured, otherwise None

fedcloudclient.sites.list_sites(vo=None)[source]

List all sites IDs in site configurations Optionally list all sites supporting a Virtual Organization

Returns:

list of site IDs

fedcloudclient.sites.read_default_site_config()[source]

Read default site configurations from GitHub Storing site configurations in a global variable that will be used by other functions

Returns:

None

fedcloudclient.sites.read_local_site_config(config_dir)[source]

Read site configurations from local directory specified in config_dir Storing site configurations in global variable, that will be used by other functions

Parameters:

config_dir -- path to directory containing site configuration

Returns:

None

fedcloudclient.sites.read_site_config()[source]

Read site configurations from local config dir if exist, otherwise from default GitHub location. Storing site configurations in global variable, that will be used by other functions. Call read_local_site_config() or read_default_site_config()

Returns:

None

fedcloudclient.sites.read_site_schema()[source]

Read schema.json for validating site configuration

Returns:

JSON object from schema.json

fedcloudclient.sites.safe_read_yaml_from_url(url, max_length)[source]

Safe reading from URL Check URL and size before reading

Parameters:

  • url

  • max_length

Returns:

data from URL

fedcloudclient.sites.save_site_config(config_dir)[source]

Save site configs to local directory specified in config_dir Overwrite local configs if exist

Parameters:

config_dir -- path to directory containing site configuration

Returns:

None

fedcloudclient.openstack module

Implementation of "fedcloud openstack" or "fedcloud openstack-int" for performing OpenStack commands on sites

fedcloudclient.openstack.check_openstack_client_installation()[source]

Check if openstack command-line client is installed and available via $PATH

Returns:

True if available

fedcloudclient.openstack.fedcloud_openstack(oidc_access_token, site, vo, openstack_command, json_output=True)[source]

Simplified version of fedcloud_openstack_full() using default EGI setting for identity provider and protocols Calls OpenStack CLI with default options for EGI Check-in

Parameters:

  • oidc_access_token -- Checkin access token. Passed to openstack client as --os-access-token

  • site -- site ID in GOCDB

  • vo -- VO name

  • openstack_command -- OpenStack command in tuple, e.g. ("image", "list", "--long")

  • json_output -- if result is JSON object or string. Default:True

Returns:

error code, result or error message

fedcloudclient.openstack.fedcloud_openstack_full(oidc_access_token, openstack_auth_protocol, openstack_auth_type, checkin_identity_provider, site, vo, openstack_command, json_output=True)[source]

Calling openstack client with full options specified, including support for other identity providers and protocols

Parameters:

  • oidc_access_token -- Checkin access token. Passed to openstack client as --os-access-token

  • openstack_auth_protocol -- Checkin protocol (openid, oidc). Passed to openstack client as --os-protocol

  • openstack_auth_type -- Checkin authentication type (v3oidcaccesstoken). Passed to openstack client as --os-auth-type

  • checkin_identity_provider -- Checkin identity provider in mapping (egi.eu). Passed to openstack client as --os-identity-provider

  • site -- site ID in GOCDB

  • vo -- VO name

  • openstack_command -- OpenStack command in tuple, e.g. ("image", "list", "--long")

  • json_output -- if result is JSON object or string. Default:True

Returns:

error code, result or error message

fedcloudclient.openstack.print_result(site, vo, command, exc_msg, error_code, result, json_output, ignore_missing_vo, first)[source]

Print output from an OpenStack command

Parameters:

  • site

  • vo

  • command

  • exc_msg

  • error_code

  • result

  • json_output

  • ignore_missing_vo

  • first

Returns:

fedcloudclient.cli module

Main CLI module