AuthManager

Module that holds DISET Authorization class for services

class DIRAC.Core.DISET.AuthManager.AuthManager(authSection)

Bases: object

Handle Service Authorization

KW_DN = 'DN'

KW_EXTRA_CREDENTIALS = 'extraCredentials'

KW_GROUP = 'group'

KW_HOSTS_GROUP = 'hosts'

KW_PROPERTIES = 'properties'

KW_USERNAME = 'username'

__init__(authSection)

Constructor

Parameters: authSection (string) – Section containing the authorization rules

authQuery(methodQuery, credDict, defaultProperties=False)

Check if the query is authorized for a credentials dictionary

Parameters

methodQuery (string) – Method to test
credDict (dictionary) – dictionary containing credentials for test. The dictionary can contain the DN and selected group.

Returns

Boolean result of test

forwardedCredentials(credDict)

Check whether the credentials are being forwarded by a valid source

Parameters: credDict (dictionary) – Credentials to ckeck
Returns: Boolean with the result

getHostNickName(credDict)

Discover the host nickname associated to the DN. The nickname will be included in the credentials dictionary.

Parameters: credDict (dictionary) – Credentials to ckeck
Returns: Boolean specifying whether the nickname was found

getUsername(credDict)

Discover the username associated to the DN. It will check if the selected group is valid. The username will be included in the credentials dictionary.

Parameters: credDict (dictionary) – Credentials to check
Returns: Boolean specifying whether the username was found

getValidGroups(rawProperties)

Get valid groups as specified in the method authorization rules

Parameters: rawProperties (list) – all method properties
Returns: list of allowed groups or []

getValidPropertiesForMethod(method, defaultProperties=False)

Get all authorized groups for calling a method

Parameters: method (string) – Method to test
Returns: List containing the allowed groups

isUserSuspended(credDict)

Discover if the user is in Suspended status

Parameters: credDict (dict) – Credentials to check
Returns: Boolean True if user is Suspended

matchProperties(credDict, validProps, caseSensitive=False)

Return True if one or more properties are in the valid list of properties

Parameters

props (list) – List of properties to match
validProps (list) – List of valid properties

Returns

Boolean specifying whether any property has matched the valid ones

unpackForwardedCredentials(credDict)

Extract the forwarded credentials

Parameters: credDict (dictionary) – Credentials to unpack