Credentialclient

Classes¶

CredentialClient ¶

CredentialClient(
    rucio_host=None,
    auth_host=None,
    account=None,
    ca_cert=None,
    auth_type=None,
    creds=None,
    timeout=600,
    user_agent="rucio-clients",
    vo=None,
    logger=LOG,
)

Client helper to request signed URLs from a Rucio server.

A CredentialClient used to obtain temporary signed URLs from the server. Those URLs allow direct access to objects on a storage service (currently Google Cloud Storage, Amazon S3 or OpenStack Swift) without further authentication. The signature embeds the permitted operation and its validity period, after which the link becomes unusable.

Functions¶

get_signed_url ¶

get_signed_url(rse, service, operation, url, lifetime=3600)

Request a pre-signed URL for a storage object operation.

This method contacts the Rucio server and asks it to cryptographically sign url so that it can be used for a single operation on the specified RSE. The signed link can then be handed to external tools or services to perform the action without additional authentication.

PARAMETER	DESCRIPTION
`rse`	The name of the RSE to which the URL refers. TYPE: `str`
`service`	Storage service identifier. Must be one of `"gcs"`, `"s3"` or `"swift"`. TYPE: `str`
`operation`	Allowed operation for the signed URL: `"read"`, `"write"` or `"delete"`. TYPE: `str`
`url`	The full URL that should be authorised. TYPE: `str`
`lifetime`	Time in seconds for which the signature remains valid. Defaults to `3600` (one hour). TYPE: `int` DEFAULT: `3600`

RETURNS	DESCRIPTION
`str`	The signed URL that can be used until the lifetime expires.

RAISES	DESCRIPTION
`RucioException`	If the server returns a status code other than `200 OK`.

Examples:

Example

Request a download link from the MOCK RSE for a file stored on Google Cloud Storage valid for ten minutes:

>>> from rucio.client.credentialclient import CredentialClient

>>> cc = CredentialClient()
>>> cc.get_signed_url(
...     rse="MOCK",
...     service="s3",
...     operation="read",
...     url="https://storage.googleapis.com/mybucket/data/file1.txt",
...     lifetime=600,
... )
"https://storage.googleapis.com/mybucket/data/file1.txt?GoogleAccessId=rucio-test@rucio-test.iam.gserviceaccount.com&Expires=1752535247&Signature=oevpuzk4icQhjw3mk2wq..."