Module that holds DISET Authorization class for services

class DIRAC.Core.DISET.AuthManager.AuthManager(authSection)

Bases: object

Handle Service Authorization

KW_DN = 'DN'
KW_EXTRA_CREDENTIALS = 'extraCredentials'
KW_GROUP = 'group'
KW_HOSTS_GROUP = 'hosts'
KW_PROPERTIES = 'properties'
KW_USERNAME = 'username'


Parameters:authSection (string) – Section containing the authorization rules
authQuery(methodQuery, credDict, defaultProperties=False)

Check if the query is authorized for a credentials dictionary

  • methodQuery (string) – Method to test
  • credDict (dictionary) – dictionary containing credentials for test. The dictionary can contain the DN and selected group.

Boolean result of test


Check whether the credentials are being forwarded by a valid source

Parameters:credDict (dictionary) – Credentials to ckeck
Returns:Boolean with the result

Discover the host nickname associated to the DN. The nickname will be included in the credentials dictionary.

Parameters:credDict (dictionary) – Credentials to ckeck
Returns:Boolean specifying whether the nickname was found

Discover the username associated to the DN. It will check if the selected group is valid. The username will be included in the credentials dictionary.

Parameters:credDict (dictionary) – Credentials to check
Returns:Boolean specifying whether the username was found

Get valid groups as specified in the method authorization rules

Parameters:rawProperties (list) – all method properties
Returns:list of allowed groups or []
getValidPropertiesForMethod(method, defaultProperties=False)

Get all authorized groups for calling a method

Parameters:method (string) – Method to test
Returns:List containing the allowed groups

Discover if the user is in Suspended status

Parameters:credDict (dict) – Credentials to check
Returns:Boolean True if user is Suspended
matchProperties(credDict, validProps, caseSensitive=False)

Return True if one or more properties are in the valid list of properties

  • props (list) – List of properties to match
  • validProps (list) – List of valid properties

Boolean specifying whether any property has matched the valid ones


Extract the forwarded credentials

Parameters:credDict (dictionary) – Credentials to unpack