AuthManager¶
Module that holds DISET Authorization class for services
- class DIRAC.Core.DISET.AuthManager.AuthManager(authSection)¶
Bases:
object
Handle Service Authorization
- KW_DN = 'DN'¶
- KW_EXTRA_CREDENTIALS = 'extraCredentials'¶
- KW_GROUP = 'group'¶
- KW_HOSTS_GROUP = 'hosts'¶
- KW_PROPERTIES = 'properties'¶
- KW_USERNAME = 'username'¶
- __init__(authSection)¶
Constructor
- Parameters
authSection (string) – Section containing the authorization rules
- authQuery(methodQuery, credDict, defaultProperties=False)¶
Check if the query is authorized for a credentials dictionary
- Parameters
methodQuery (string) – Method to test
credDict (dictionary) – dictionary containing credentials for test. The dictionary can contain the DN and selected group.
- Returns
Boolean result of test
- forwardedCredentials(credDict)¶
Check whether the credentials are being forwarded by a valid source
- Parameters
credDict (dictionary) – Credentials to ckeck
- Returns
Boolean with the result
- getHostNickName(credDict)¶
Discover the host nickname associated to the DN. The nickname will be included in the credentials dictionary.
- Parameters
credDict (dictionary) – Credentials to ckeck
- Returns
Boolean specifying whether the nickname was found
- getUsername(credDict)¶
Discover the username associated to the DN. It will check if the selected group is valid. The username will be included in the credentials dictionary.
- Parameters
credDict (dictionary) – Credentials to check
- Returns
Boolean specifying whether the username was found
- getValidGroups(rawProperties)¶
Get valid groups as specified in the method authorization rules
- Parameters
rawProperties (list) – all method properties
- Returns
list of allowed groups or []
- getValidPropertiesForMethod(method, defaultProperties=False)¶
Get all authorized groups for calling a method
- Parameters
method (string) – Method to test
- Returns
List containing the allowed groups
- isUserSuspended(credDict)¶
Discover if the user is in Suspended status
- Parameters
credDict (dict) – Credentials to check
- Returns
Boolean True if user is Suspended
- matchProperties(credDict, validProps, caseSensitive=False)¶
Return True if one or more properties are in the valid list of properties
- unpackForwardedCredentials(credDict)¶
Extract the forwarded credentials
- Parameters
credDict (dictionary) – Credentials to unpack