fedcloudclient API references

fedcloudclient.checkin module

Implementation of "fedcloud token" commands for interactions with EGI Check-in and access tokens

fedcloudclient.checkin.check_token(oidc_token, quiet=False, verbose=False, refresh_token=False)[source]

Check validity of access token

Parameters
  • oidc_token -- the token to check

  • refresh_token -- the provided token is refresh token

  • verbose -- If true, print additional info

  • quiet -- If true, print no error message

Returns

fedcloudclient.checkin.get_access_token(oidc_access_token, oidc_refresh_token, oidc_client_id, oidc_client_secret, oidc_url, oidc_agent_account)[source]

Get access token Generates new access token from oidc-agent or refresh token (if given), or use existing token

Check expiration time of access token Raise error if no valid token exists

Parameters
  • oidc_access_token --

  • oidc_refresh_token --

  • oidc_client_id --

  • oidc_client_secret --

  • oidc_url --

  • oidc_agent_account --

Returns

access token

fedcloudclient.checkin.get_token_from_oidc_agent(oidc_agent_account, quiet=False)[source]

Get access token from oidc-agent

Parameters
  • quiet -- If true, print no error message

  • oidc_agent_account -- account name in oidc-agent

Returns

access token, or None on error

fedcloudclient.checkin.oidc_discover(oidc_url)[source]

Discover OIDC endpoints

Parameters

oidc_url -- CheckIn URL

Returns

JSON object of OIDC configuration

fedcloudclient.checkin.print_error(message, quiet)[source]

Print error message to stderr if not quiet

fedcloudclient.checkin.refresh_access_token(oidc_client_id, oidc_client_secret, oidc_refresh_token, oidc_url, quiet=False)[source]

Retrieve access token in plain text (string)

Parameters
  • oidc_client_id --

  • oidc_client_secret --

  • oidc_refresh_token --

  • oidc_url --

  • quiet -- If true, print no error message

Returns

access token or None on error

fedcloudclient.checkin.token_list_vos(oidc_access_token, oidc_url)[source]

List VO memberships in EGI Check-in

Parameters
  • oidc_access_token --

  • oidc_url --

Returns

list of VO names

fedcloudclient.checkin.token_refresh(oidc_client_id, oidc_client_secret, oidc_refresh_token, oidc_url)[source]

Helper function for retrieving JSON object with access token

Parameters
  • oidc_client_id --

  • oidc_client_secret --

  • oidc_refresh_token --

  • oidc_url --

Returns

JSON object with access token

fedcloudclient.endpoint module

"fedcloud endpoint" commands are complementary part of the "fedcloud site" commands.

Instead of using site configurations defined in files saved in GitHub repository or local disk, the commands try to get site information directly from GOCDB (Grid Operations Configuration Management Database) https://goc.egi.eu/ or make probe test on sites

fedcloudclient.endpoint.find_endpoint(service_type, production=True, monitored=True, site=None)[source]

Searching GOCDB for endpoints according to service types and status

Parameters
  • service_type --

  • production --

  • monitored --

  • site -- list of sites, None for searching all sites

Returns

list of endpoints

fedcloudclient.endpoint.get_keystone_url(os_auth_url, path)[source]

Helper function for fixing Keystone URL

fedcloudclient.endpoint.get_projects(os_auth_url, unscoped_token)[source]

Get list of projects from unscoped token

fedcloudclient.endpoint.get_projects_from_sites(access_token, site)[source]

Get all projects from site(s) using access token

fedcloudclient.endpoint.get_projects_from_sites_dict(access_token, site)[source]

Get all projects as a dictionary from site(s) using access token

fedcloudclient.endpoint.get_scoped_token(os_auth_url, access_token, project_id)[source]

Get a scoped token, will try all protocols if needed

fedcloudclient.endpoint.get_sites()[source]

Get list of sites (using GOCDB instead of site configuration)

Returns

list of site IDs

fedcloudclient.endpoint.get_unscoped_token(os_auth_url, access_token)[source]

Get an unscoped token, will try all protocols if needed

fedcloudclient.endpoint.retrieve_unscoped_token(os_auth_url, access_token, protocol='openid')[source]

Request an unscoped token

fedcloudclient.sites module

"fedcloud site" commands will read site configurations and manipulate with them. If the local site configurations exist at ~/.config/fedcloud/site-config/, fedcloud will read them from there, otherwise the commands will read from GitHub repository.

By default, fedcloud does not save anything on local disk, users have to save the site configuration to local disk explicitly via "fedcloud site save-config" command. The advantage of having local site configurations, beside faster loading, is to give users ability to make customizations, e.g. add additional VOs, remove sites they do not have access, and so on.

fedcloudclient.sites.delete_site_config(config_dir)[source]

Delete site configs to local directory specified in config_dir

Parameters

config_dir -- path to directory containing site configuration

Returns

None

fedcloudclient.sites.find_endpoint_and_project_id(site_name, vo)[source]

Return Keystone endpoint and project ID from site name and VO according to site configuration

Parameters
  • site_name -- site ID in GOCDB

  • vo -- VO name or None to find site endpoint only

Returns

endpoint, project_id, protocol if the VO has access to the site, otherwise None, None, None

fedcloudclient.sites.find_site_data(site_name)[source]

Return configuration of the correspondent site with site_name

Parameters

site_name -- site ID in GOCDB

Returns

configuration of site if found, otherwise None

fedcloudclient.sites.list_sites()[source]

List of all sites IDs in site configurations

Returns

list of site IDs

fedcloudclient.sites.read_default_site_config()[source]

Read default site configurations from GitHub Storing site configurations in a global variable that will be used by other functions

Returns

None

fedcloudclient.sites.read_local_site_config(config_dir)[source]

Read site configurations from local directory specified in config_dir Storing site configurations in global variable, that will be used by other functions

Parameters

config_dir -- path to directory containing site configuration

Returns

None

fedcloudclient.sites.read_site_config()[source]

Read site configurations from local config dir if exist, otherwise from default GitHub location. Storing site configurations in global variable, that will be used by other functions. Call read_local_site_config() or read_default_site_config()

Returns

None

fedcloudclient.sites.read_site_schema()[source]

Read schema.json for validating site configuration

Returns

JSON object from schema.json

fedcloudclient.sites.safe_read_yaml_from_url(url, max_length)[source]

Safe reading from URL Check URL and size before reading

Parameters
  • url --

  • max_length --

Returns

data from URL

fedcloudclient.sites.save_site_config(config_dir)[source]

Save site configs to local directory specified in config_dir Overwrite local configs if exist

Parameters

config_dir -- path to directory containing site configuration

Returns

None

fedcloudclient.openstack module

Implementation of "fedcloud openstack" or "fedcloud openstack-int" for performing OpenStack commands on sites

fedcloudclient.openstack.check_openstack_client_installation()[source]

Check if openstack command-line client is installed and available via $PATH

Returns

True if available

fedcloudclient.openstack.fedcloud_openstack(oidc_access_token, site, vo, openstack_command, json_output=True)[source]

Simplified version of fedcloud_openstack_full() using default EGI setting for identity provider and protocols Calls OpenStack CLI with default options for EGI Check-in

Parameters
  • oidc_access_token -- Checkin access token. Passed to openstack client as --os-access-token

  • site -- site ID in GOCDB

  • vo -- VO name

  • openstack_command -- OpenStack command in tuple, e.g. ("image", "list", "--long")

  • json_output -- if result is JSON object or string. Default:True

Returns

error code, result or error message

fedcloudclient.openstack.fedcloud_openstack_full(oidc_access_token, openstack_auth_protocol, openstack_auth_type, checkin_identity_provider, site, vo, openstack_command, json_output=True)[source]

Calling openstack client with full options specified, including support for other identity providers and protocols

Parameters
  • oidc_access_token -- Checkin access token. Passed to openstack client as --os-access-token

  • openstack_auth_protocol -- Checkin protocol (openid, oidc). Passed to openstack client as --os-protocol

  • openstack_auth_type -- Checkin authentication type (v3oidcaccesstoken). Passed to openstack client as --os-auth-type

  • checkin_identity_provider -- Checkin identity provider in mapping (egi.eu). Passed to openstack client as --os-identity-provider

  • site -- site ID in GOCDB

  • vo -- VO name

  • openstack_command -- OpenStack command in tuple, e.g. ("image", "list", "--long")

  • json_output -- if result is JSON object or string. Default:True

Returns

error code, result or error message

fedcloudclient.openstack.print_result(site, vo, command, exc_msg, error_code, result, json_output, ignore_missing_vo, first)[source]

Print output from an OpenStack command

Parameters
  • site --

  • vo --

  • command --

  • exc_msg --

  • error_code --

  • result --

  • json_output --

  • ignore_missing_vo --

  • first --

Returns

fedcloudclient.cli module

Main CLI module