AuthManager

Module that holds DISET Authorization class for services

class DIRAC.Core.DISET.AuthManager.AuthManager(authSection)

Bases: object

Handle Service Authorization

KW_DN = 'DN'
KW_EXTRA_CREDENTIALS = 'extraCredentials'
KW_GROUP = 'group'
KW_HOSTS_GROUP = 'hosts'
KW_PROPERTIES = 'properties'
KW_USERNAME = 'username'
__init__(authSection)

Constructor

Parameters:

authSection (string) – Section containing the authorization rules

authQuery(methodQuery, credDict, defaultProperties=False)

Check if the query is authorized for a credentials dictionary

Parameters:
  • methodQuery (string) – Method to test

  • credDict (dictionary) – dictionary containing credentials for test. The dictionary can contain the DN and selected group.

Returns:

Boolean result of test

forwardedCredentials(credDict)

Check whether the credentials are being forwarded by a valid source

Parameters:

credDict (dictionary) – Credentials to ckeck

Returns:

Boolean with the result

getHostNickName(credDict)

Discover the host nickname associated to the DN. The nickname will be included in the credentials dictionary.

Parameters:

credDict (dictionary) – Credentials to ckeck

Returns:

Boolean specifying whether the nickname was found

getUsername(credDict)

Discover the username associated to the DN. It will check if the selected group is valid. The username will be included in the credentials dictionary.

Parameters:

credDict (dictionary) – Credentials to check

Returns:

Boolean specifying whether the username was found

getValidGroups(rawProperties)

Get valid groups as specified in the method authorization rules

Parameters:

rawProperties (list) – all method properties

Returns:

list of allowed groups or []

getValidPropertiesForMethod(method, defaultProperties=False)

Get all authorized groups for calling a method

Parameters:

method (string) – Method to test

Returns:

List containing the allowed groups

isUserSuspended(credDict)

Discover if the user is in Suspended status

Parameters:

credDict (dict) – Credentials to check

Returns:

Boolean True if user is Suspended

matchProperties(credDict, validProps, caseSensitive=False)

Return True if one or more properties are in the valid list of properties

Parameters:
  • props (list) – List of properties to match

  • validProps (list) – List of valid properties

Returns:

Boolean specifying whether any property has matched the valid ones

unpackForwardedCredentials(credDict)

Extract the forwarded credentials

Parameters:

credDict (dictionary) – Credentials to unpack