Python API: Acces to iRODS data through tickets
97 views
Skip to first unread message
Christine Staiger
Oct 8, 2021, 3:58:15 AM10/8/21
to iRODS-Chat
Dear all,
we are currently investigating temporary access to data for the anonymous user. I stumbled over the tickets which do exactly what we need. Unfortunately I could only setup the data access under linux/icommands. Is there a way to also access data behind a ticket as the anonymous user with the python API?
Many thanks for your help and kind regards,
Christine Staiger
dmoore.renci
Oct 8, 2021, 9:50:06 AM10/8/21
to iRODS-Chat
hello Christine,
Here is useticket.py, an example of supplying an existing ticket for use with a session in the Python iRODS Client:
from __future__ import print_function
import os, sys, getopt
from irods.test.helpers import make_session
import irods.ticket
from irods.session import iRODSSession
with iRODSSession( user='anonymous',password='',zone='tempZone',port=1247,host='localhost') as ses:
import os, sys, getopt
from irods.test.helpers import make_session
import irods.ticket
from irods.session import iRODSSession
with iRODSSession( user='anonymous',password='',zone='tempZone',port=1247,host='localhost') as ses:
tck = irods.ticket.Ticket(ses, os.environ.get('TICKET'))
if tck is None:
print('Please supply ticket string as env variable TICKET',file=sys.stderr); exit(2)
tck.supply() # - activate the ticket
opts,args = getopt.getopt(sys.argv[1:],'rw:')
opt=dict(opts)
object_name = args[0]
if '-w' in opt:
dta = ses.data_objects.open(object_name,'r+') # append the -w value's content to the data object
dta.seek(0,2)
dta.write(opt['-w'].encode())
elif '-r' in opt:
dta = ses.data_objects.open(object_name,'r') # read and print out the data object
print(dta.read(99999).decode())
else:
print("must specify -r or -w.",file=sys.stderr); exit(3)
dta.close()
if tck is None:
print('Please supply ticket string as env variable TICKET',file=sys.stderr); exit(2)
tck.supply() # - activate the ticket
opts,args = getopt.getopt(sys.argv[1:],'rw:')
opt=dict(opts)
object_name = args[0]
if '-w' in opt:
dta = ses.data_objects.open(object_name,'r+') # append the -w value's content to the data object
dta.seek(0,2)
dta.write(opt['-w'].encode())
elif '-r' in opt:
dta = ses.data_objects.open(object_name,'r') # read and print out the data object
print(dta.read(99999).decode())
else:
print("must specify -r or -w.",file=sys.stderr); exit(3)
dta.close()
You can see this in action by 'PUT'ting a file as the rods admin and generating read and write tickets for it:
irods:~$ iput -f VERSION.json
irods@69059138e9ff:~$ iticket create write /tempZone/home/rods/VERSION.json
ticket:Vmlz2InpZsHoKgC
irods@69059138e9ff:~$ iticket create read /tempZone/home/rods/VERSION.json
ticket:T9IOm0RbmxAiI9y
ticket:Vmlz2InpZsHoKgC
irods@69059138e9ff:~$ iticket create read /tempZone/home/rods/VERSION.json
ticket:T9IOm0RbmxAiI9y
Then as a different user logged in as anonymous on iRODS :
anon@69059138e9ff:~$ TICKET=Vmlz2InpZsHoKgC python useticket.py -w 'SOME TEXT TO APPEND' /tempZone/home/rods/VERSION.json
anon@69059138e9ff:~$ TICKET=T9IOm0RbmxAiI9y python useticket.py -r /tempZone/home/rods/VERSION.json
{
"catalog_schema_version": 8,
"commit_id": "f615a350dc0b787e9140a61c501fdd7e765b40dc",
"configuration_schema_version": 3,
"installation_time": "2021-10-08T12:31:29.146408",
"irods_version": "4.2.10"
}
SOME TEXT TO APPEND
anon@69059138e9ff:~$ TICKET=T9IOm0RbmxAiI9y python useticket.py -r /tempZone/home/rods/VERSION.json
{
"catalog_schema_version": 8,
"commit_id": "f615a350dc0b787e9140a61c501fdd7e765b40dc",
"configuration_schema_version": 3,
"installation_time": "2021-10-08T12:31:29.146408",
"irods_version": "4.2.10"
}
SOME TEXT TO APPEND
So, as you can see, we've just used one ticket that grants WRITE access (here, an append) text to a data object and printed it out with a different ticket granting READ.
Using a ticket for the wrong purpose will raise an irods exception with code CAT_TICKET_INVALID.
thanks,
-- Daniel Moore - Applications ENgineer - iRODS Consortium
Christine Staiger
Oct 8, 2021, 11:18:57 AM10/8/21
to iRODS-Chat
Dear Daniel,
many thanks for you quick reply and help!
Kind regards,
Christine
Reply all
Reply to author
Forward
0 new messages