AuthManager
Module that holds DISET Authorization class for services
- class DIRAC.Core.DISET.AuthManager.AuthManager(authSection)
Bases:
object
Handle Service Authorization
- KW_DN = 'DN'
- KW_EXTRA_CREDENTIALS = 'extraCredentials'
- KW_GROUP = 'group'
- KW_HOSTS_GROUP = 'hosts'
- KW_PROPERTIES = 'properties'
- KW_USERNAME = 'username'
- __init__(authSection)
Constructor
- Parameters:
authSection (string) – Section containing the authorization rules
- authQuery(methodQuery, credDict, defaultProperties=False)
Check if the query is authorized for a credentials dictionary
- Parameters:
methodQuery (string) – Method to test
credDict (dictionary) – dictionary containing credentials for test. The dictionary can contain the DN and selected group.
- Returns:
Boolean result of test
- forwardedCredentials(credDict)
Check whether the credentials are being forwarded by a valid source
- Parameters:
credDict (dictionary) – Credentials to ckeck
- Returns:
Boolean with the result
- getHostNickName(credDict)
Discover the host nickname associated to the DN. The nickname will be included in the credentials dictionary.
- Parameters:
credDict (dictionary) – Credentials to ckeck
- Returns:
Boolean specifying whether the nickname was found
- getUsername(credDict)
Discover the username associated to the DN. It will check if the selected group is valid. The username will be included in the credentials dictionary.
- Parameters:
credDict (dictionary) – Credentials to check
- Returns:
Boolean specifying whether the username was found
- getValidGroups(rawProperties)
Get valid groups as specified in the method authorization rules
- Parameters:
rawProperties (list) – all method properties
- Returns:
list of allowed groups or []
- getValidPropertiesForMethod(method, defaultProperties=False)
Get all authorized groups for calling a method
- Parameters:
method (string) – Method to test
- Returns:
List containing the allowed groups
- isUserSuspended(credDict)
Discover if the user is in Suspended status
- Parameters:
credDict (dict) – Credentials to check
- Returns:
Boolean True if user is Suspended
- matchProperties(credDict, validProps, caseSensitive=False)
Return True if one or more properties are in the valid list of properties
- unpackForwardedCredentials(credDict)
Extract the forwarded credentials
- Parameters:
credDict (dictionary) – Credentials to unpack