def _runtime_search_cont(self, node_id, authz_response, callback, request,
possible_nodes, counter):
_log.debug(
"_runtime_search_cont:\n\tnode_id={}\n\tauthz_response={}\n\tcallback={}\n\trequest={}\n\tpossible_nodes={}\n\tcounter={}"
.format(node_id, authz_response, callback, request, possible_nodes,
counter))
if authz_response["decision"] == "permit":
valid = True
if authz_response.get("obligations", []):
# Look at obligations to check if authorization decision is valid right now.
if any(
isinstance(elem, list)
for elem in authz_response["obligations"]):
# If list of lists, True must be found in each list.
for plugin_list in authz_response["obligations"]:
if not check_authorization_plugin_list(plugin_list):
valid = False
break
else:
if not check_authorization_plugin_list(
authz_response["obligations"]):
valid = False
if valid:
callback(search_result=(node_id, authz_response))
return
counter += 1
if counter < len(possible_nodes):
# Continue searching
self._runtime_search_authorize(request, possible_nodes, callback,
counter)
return
else:
_log.info(
"Did not find any runtime where actor is allowed to execute")
callback(search_result=None)
def _runtime_search_cont(self, node_id, authz_response, callback, request,
possible_nodes, counter):
if authz_response["decision"] == "permit":
valid = True
if authz_response.get("obligations", []):
# Look at obligations to check if authorization decision is valid right now.
if any(
isinstance(elem, list)
for elem in authz_response["obligations"]):
# If list of lists, True must be found in each list.
for plugin_list in authz_response["obligations"]:
if not check_authorization_plugin_list(plugin_list):
valid = False
break
else:
if not check_authorization_plugin_list(
authz_response["obligations"]):
valid = False
if valid:
callback(search_result=(node_id, authz_response))
return
counter += 1
if counter < len(possible_nodes):
# Continue searching
self._runtime_search_authorize(request, possible_nodes, callback,
counter)
return
else:
callback(search_result=None)
def _runtime_search_cont(self, node_id, authz_response, callback, request, possible_nodes, counter):
_log.debug("_runtime_search_cont:\n\tnode_id={}\n\tauthz_response={}\n\tcallback={}\n\trequest={}\n\tpossible_nodes={}\n\tcounter={}".format(node_id, authz_response, callback, request, possible_nodes, counter))
if authz_response["decision"] == "permit":
valid = True
if authz_response.get("obligations", []):
# Look at obligations to check if authorization decision is valid right now.
if any(isinstance(elem, list) for elem in authz_response["obligations"]):
# If list of lists, True must be found in each list.
for plugin_list in authz_response["obligations"]:
if not check_authorization_plugin_list(plugin_list):
valid = False
break
else:
if not check_authorization_plugin_list(authz_response["obligations"]):
valid = False
if valid:
callback(search_result=(node_id, authz_response))
return
counter += 1
if counter < len(possible_nodes):
# Continue searching
self._runtime_search_authorize(request, possible_nodes, callback, counter)
return
else:
_log.info("Did not find any runtime where actor is allowed to execute")
callback(search_result=None)
def check_authorization_decision(self):
"""Check if authorization decision is still valid"""
if self.authorization_checks:
if any(isinstance(elem, list) for elem in self.authorization_checks):
# If list of lists, True must be found in each list.
for plugin_list in self.authorization_checks:
if not check_authorization_plugin_list(plugin_list):
return False
return True
else:
return check_authorization_plugin_list(self.authorization_checks)
return True
def check_authorization_decision(self):
"""Check if authorization decision is still valid"""
if self.authorization_checks:
if any(
isinstance(elem, list)
for elem in self.authorization_checks):
# If list of lists, True must be found in each list.
for plugin_list in self.authorization_checks:
if not check_authorization_plugin_list(plugin_list):
return False
return True
else:
return check_authorization_plugin_list(
self.authorization_checks)
return True
def _runtime_search_cont(self, node_id, authz_response, callback, request, possible_nodes, counter):
if authz_response["decision"] == "permit":
valid = True
if authz_response.get("obligations", []):
# Look at obligations to check if authorization decision is valid right now.
if any(isinstance(elem, list) for elem in authz_response["obligations"]):
# If list of lists, True must be found in each list.
for plugin_list in authz_response["obligations"]:
if not check_authorization_plugin_list(plugin_list):
valid = False
break
else:
if not check_authorization_plugin_list(authz_response["obligations"]):
valid = False
if valid:
callback(search_result=(node_id, authz_response))
return
counter += 1
if counter < len(possible_nodes):
# Continue searching
self._runtime_search_authorize(request, possible_nodes, callback, counter)
return
else:
callback(search_result=None)
