Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions
arcom.security.AuthPolicy Class Reference

List of all members.

Public Member Functions

def get_policy
def set_policy

Detailed Description

Definition at line 53 of file security.py.


Member Function Documentation

def arcom.security.AuthPolicy.get_policy (   self,
  format = 'ARCAuth' 
)

Definition at line 55 of file security.py.

00055 
00056     def get_policy(self, format  = 'ARCAuth'):
00057         if format not in ['ARCAuth', 'StorageAuth']:
00058             raise Exception, 'Unsupported format %s' % format
00059         if format == 'ARCAuth':
00060             result = []
00061             for identity, actions in self.items():
00062                 if identity == all_user:
00063                     subjects = ''
00064                 elif identity.startswith('VOMS:'):
00065                     subjects = ('    <Subjects>\n' +
00066                                 '      <Subject>\n' + 
00067                                 '         <Attribute AttributeId="%s" Type="string" Function="match">/VO=%s/</Attribute>\n' % (vomsattribute_type, identity[5:]) +
00068                                 '      </Subject>\n' +
00069                                 '    </Subjects>\n')
00070                 else:
00071                     subjects = ('    <Subjects>\n' +
00072                                 '      <Subject>\n' + 
00073                                 '        <Attribute AttributeId="%s" Type="string">%s</Attribute>\n' % (identity_type, identity) +
00074                                 '      </Subject>\n' +
00075                                 '    </Subjects>\n')
00076                 raw_actions = [a for a in actions if a[1:] in storage_actions]
00077                 actions = {}
00078                 actions[True] = [action[1:] for action in raw_actions if action[0] == '+']
00079                 actions[False] = [action[1:] for action in raw_actions if action[0] != '+']
00080                 for permit, action_list in actions.items():
00081                     if action_list:
00082                         result.append('  <Rule Effect="%s">\n' % (permit and 'Permit' or 'Deny') +
00083                         '    <Description>%s is %s to %s</Description>\n' % (identity, permit and 'allowed' or 'not allowed', ', '.join(action_list)) +
00084                         subjects +
00085                         '    <Actions>\n' + 
00086                         ''.join(['      <Action AttributeId="%s" Type="string">%s</Action>\n' % (storage_action_type, action) for action in action_list]) +
00087                         '    </Actions>\n' +
00088                         '  </Rule>\n')
00089             return '<Policy xmlns="http://www.nordugrid.org/schemas/policy-arc" CombiningAlg="Deny-Overrides">\n%s</Policy>\n' % ''.join(result)            
00090         if format == 'StorageAuth':
00091             return [(identity, ' '.join([a for a in actions if a[1:] in storage_actions])) for identity, actions in self.items()]
    

Here is the call graph for this function:

def arcom.security.AuthPolicy.set_policy (   self,
  policy,
  format = 'StorageAuth' 
)

Definition at line 92 of file security.py.

00092 
00093     def set_policy(self, policy, format = 'StorageAuth'):
00094         if format != 'StorageAuth':
00095             raise Exception, 'Unsupported format %s' % format
00096         self.clear()
00097         if format == 'StorageAuth':
00098             for identity, actionstring in policy:
00099                 self[identity] = actionstring.split()


The documentation for this class was generated from the following file: