AuthManager

Module that holds DISET Authorization class for services

class DIRAC.Core.DISET.AuthManager.AuthManager(authSection)

Bases: object

Handle Service Authorization

KW_DN = 'DN'

KW_EXTRA_CREDENTIALS = 'extraCredentials'

KW_GROUP = 'group'

KW_HOSTS_GROUP = 'hosts'

KW_PROPERTIES = 'properties'

KW_USERNAME = 'username'

__init__(authSection)

Constructor

Parameters:: authSection (string) – Section containing the authorization rules

authQuery(methodQuery, credDict, defaultProperties=False)

Check if the query is authorized for a credentials dictionary

Parameters:

methodQuery (string) – Method to test
credDict (dictionary) – dictionary containing credentials for test. The dictionary can contain the DN and selected group.

Returns:

Boolean result of test

forwardedCredentials(credDict)

Check whether the credentials are being forwarded by a valid source

Parameters:: credDict (dictionary) – Credentials to ckeck
Returns:: Boolean with the result

getHostNickName(credDict)

Discover the host nickname associated to the DN. The nickname will be included in the credentials dictionary.

Parameters:: credDict (dictionary) – Credentials to ckeck
Returns:: Boolean specifying whether the nickname was found

getUsername(credDict)

Discover the username associated to the DN. It will check if the selected group is valid. The username will be included in the credentials dictionary.

Parameters:: credDict (dictionary) – Credentials to check
Returns:: Boolean specifying whether the username was found

getValidGroups(rawProperties)

Get valid groups as specified in the method authorization rules

Parameters:: rawProperties (list) – all method properties
Returns:: list of allowed groups or []

getValidPropertiesForMethod(method, defaultProperties=False)

Get all authorized groups for calling a method

Parameters:: method (string) – Method to test
Returns:: List containing the allowed groups

isUserSuspended(credDict)

Discover if the user is in Suspended status

Parameters:: credDict (dict) – Credentials to check
Returns:: Boolean True if user is Suspended

matchProperties(credDict, validProps, caseSensitive=False)

Return True if one or more properties are in the valid list of properties

Parameters:

props (list) – List of properties to match
validProps (list) – List of valid properties

Returns:

Boolean specifying whether any property has matched the valid ones

unpackForwardedCredentials(credDict)

Extract the forwarded credentials

Parameters:: credDict (dictionary) – Credentials to unpack