AuthManager

Module that holds DISET Authorization class for services

class DIRAC.Core.DISET.AuthManager.AuthManager(authSection)

Bases: object

Handle Service Authorization

KW_DN = 'DN'
KW_EXTRA_CREDENTIALS = 'extraCredentials'
KW_GROUP = 'group'
KW_HOSTS_GROUP = 'hosts'
KW_PROPERTIES = 'properties'
KW_USERNAME = 'username'
__init__(authSection)

Constructor

Parameters:authSection (string) – Section containing the authorization rules
authQuery(methodQuery, credDict, defaultProperties=False)

Check if the query is authorized for a credentials dictionary

Parameters:
  • methodQuery (string) – Method to test
  • credDict (dictionary) – dictionary containing credentials for test. The dictionary can contain the DN and selected group.
Returns:

Boolean result of test

forwardedCredentials(credDict)

Check whether the credentials are being forwarded by a valid source

Parameters:credDict (dictionary) – Credentials to ckeck
Returns:Boolean with the result
getHostNickName(credDict)

Discover the host nickname associated to the DN. The nickname will be included in the credentials dictionary.

Parameters:credDict (dictionary) – Credentials to ckeck
Returns:Boolean specifying whether the nickname was found
getUsername(credDict)

Discover the username associated to the DN. It will check if the selected group is valid. The username will be included in the credentials dictionary.

Parameters:credDict (dictionary) – Credentials to ckeck
Returns:Boolean specifying whether the username was found
getValidGroups(rawProperties)

Get valid groups as specified in the method authorization rules

Parameters:rawProperties (list) – all method properties
Returns:list of allowed groups or []
getValidPropertiesForMethod(method, defaultProperties=False)

Get all authorized groups for calling a method

Parameters:method (string) – Method to test
Returns:List containing the allowed groups
matchProperties(credDict, validProps, caseSensitive=False)

Return True if one or more properties are in the valid list of properties :type props: list :param props: List of properties to match :type validProps: list :param validProps: List of valid properties :return: Boolean specifying whether any property has matched the valid ones

unpackForwardedCredentials(credDict)

Extract the forwarded credentials

Parameters:credDict (dictionary) – Credentials to unpack