class Loggingv1Guard(ABACGuardBase):
def __init__(self):
ABACGuardBase.__init__(self)
# Set of argument checks indexed by method name
ARGUMENT_CHECK_FOR_METHOD = \
{
'log_event' : \
SimpleArgumentCheck({'message' : 'STRING',
'attributes' : 'ATTRIBUTE_SET'}),
'get_log_entries_by_author' : \
SimpleArgumentCheck({'user_id' : 'UID',
'num_hours' : 'POSITIVE'}),
'get_log_entries_for_context' : \
SimpleArgumentCheck({'context_type' : 'CONTEXT_TYPE',
'context_id' : 'UID',
'num_hours' : 'POSITIVE'}),
'get_log_entries_by_attributes' : \
None,
'get_attributes_for_log_entry' : \
None
}
INVOCATION_CHECK_FOR_METHOD = None
# Name of policies file
policies_filename = "/etc/geni-chapi/logging_policy.json"
# Thread to check whether the policies file has changed
policies_file_checker = None
# Lookup argument check per method (or None if none registered)
def get_argument_check(self, method):
if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method):
return self.ARGUMENT_CHECK_FOR_METHOD[method]
return None
# Lookup invocation check per method (or None if none registered)
def get_invocation_check(self, method):
# Initiate file check thread
if self.policies_file_checker == None:
self.policies_file_checker = \
PolicyFileChecker(self.policies_filename, 5, \
self, LOG_LOG_PREFIX)
self.policies_file_checker.start()
if self.INVOCATION_CHECK_FOR_METHOD == None:
policies = \
parse_method_policies(Loggingv1Guard.policies_filename)
self.INVOCATION_CHECK_FOR_METHOD = \
create_subject_invocation_checks(self, policies)
if self.INVOCATION_CHECK_FOR_METHOD.has_key(method):
return self.INVOCATION_CHECK_FOR_METHOD[method]
return None
class CSv1Guard(ABACGuardBase):
def __init__(self):
ABACGuardBase.__init__(self)
# Set of argument checks indexed by method name
ARGUMENT_CHECK_FOR_METHOD = \
{
'get_attributes' : None,
'get_permissions' : None
}
INVOCATION_CHECK_FOR_METHOD = None
# Name of policies file
policies_filename = "/etc/geni-chapi/credential_store_policy.json"
# Thread to check whether the policies file has changed
policies_file_checker = None
# Lookup argument check per method (or None if none registered)
def get_argument_check(self, method):
if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method):
return self.ARGUMENT_CHECK_FOR_METHOD[method]
return None
# Lookup invocation check per method (or None if none registered)
def get_invocation_check(self, method):
# Initiate file check thread
if self.policies_file_checker == None:
self.policies_file_checker = \
PolicyFileChecker(self.policies_filename, 5, \
self, CS_LOG_PREFIX)
self.policies_file_checker.start()
if self.INVOCATION_CHECK_FOR_METHOD == None:
policies = \
parse_method_policies(CSv1Guard.policies_filename)
self.INVOCATION_CHECK_FOR_METHOD = \
create_subject_invocation_checks(self, policies)
if self.INVOCATION_CHECK_FOR_METHOD.has_key(method):
return self.INVOCATION_CHECK_FOR_METHOD[method]
return None
class CSv1Guard(ABACGuardBase):
def __init__(self):
ABACGuardBase.__init__(self)
# Set of argument checks indexed by method name
ARGUMENT_CHECK_FOR_METHOD = \
{
'get_attributes' : None,
'get_permissions' : None
}
INVOCATION_CHECK_FOR_METHOD = None
# Name of policies file
policies_filename = "/etc/geni-chapi/credential_store_policy.json"
# Thread to check whether the policies file has changed
policies_file_checker = None
# Lookup argument check per method (or None if none registered)
def get_argument_check(self, method):
if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method):
return self.ARGUMENT_CHECK_FOR_METHOD[method]
return None
# Lookup invocation check per method (or None if none registered)
def get_invocation_check(self, method):
# Initiate file check thread
if self.policies_file_checker == None:
self.policies_file_checker = \
PolicyFileChecker(self.policies_filename, 5, \
self, CS_LOG_PREFIX)
self.policies_file_checker.start()
if self.INVOCATION_CHECK_FOR_METHOD == None:
policies = \
parse_method_policies(CSv1Guard.policies_filename)
self.INVOCATION_CHECK_FOR_METHOD = \
create_subject_invocation_checks(self, policies)
if self.INVOCATION_CHECK_FOR_METHOD.has_key(method):
return self.INVOCATION_CHECK_FOR_METHOD[method]
return None
class MAv1Guard(ABACGuardBase):
# Methods
# def get_version(self):
# def lookup_public_member_info(self, credentials, options):
# def lookup_private_member_info(self, credentials, options):
# def lookup_identifying_member_info(self, credentials, options):
# def update_member_info(self, member_urn, credentials, options):
# def create_key(self, member_urn, credentials, options):
# def delete_key(self, member_urn, key_id, credentials, options):
# def update_key(self, member_urn, key_id, credentials, options):
# def lookup_keys(self, credentials, options):
# def create_certificate(self, member_urn, credentials, options):
# Set of argument checks indexed by method name
ARGUMENT_CHECK_FOR_METHOD = \
{
'lookup_public_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.public_fields), \
select_fields(MA.optional_fields, \
MA.public_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_private_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.private_fields), \
select_fields(MA.optional_fields, \
MA.private_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_identifying_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.identifying_fields), \
select_fields(MA.optional_fields, \
MA.identifying_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_public_identifying_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.public_fields+MA.identifying_fields), \
select_fields(MA.optional_fields, \
MA.public_fields+MA.identifying_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_login_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.public_fields+MA.identifying_fields+MA.private_fields),
select_fields(MA.optional_fields,
MA.public_fields+MA.identifying_fields+MA.private_fields),
['_GENI_MEMBER_EPPN']),
'get_credentials' : SimpleArgumentCheck({'member_urn' : 'URN'}),
'update_member_info' : \
UpdateArgumentCheck({}, {}, {'member_urn' : "URN"}),
'create_key' : \
CreateArgumentCheck(select_fields(MA.standard_key_fields, \
MA.allowed_create_key_fields), \
select_fields(MA.optional_key_fields, \
MA.allowed_create_key_fields)),
'delete_key' : \
None,
'update_key' : \
UpdateArgumentCheck(select_fields(MA.standard_key_fields, \
MA.updatable_key_fields), \
select_fields(MA.optional_key_fields, \
MA.updatable_key_fields),
{'key_id' : 'STRING'}),
'lookup_keys' : \
LookupArgumentCheck(MA.standard_key_fields, \
MA.optional_key_fields),
'create_certificate' : \
None,
'create_member' : \
None, # Check is done in create_member itself
'list_clients' : None,
'list_authorized_clients' : None,
'authorize_client' : None,
'enable_user': None,
'add_member_privilege': None,
'revoke_member_privilege': None,
'add_member_attribute': SimpleArgumentCheck({'member_urn' : 'URN',
'name' : 'STRING',
'value' : 'STRING',
'self_asserted' : 'STRING'}),
'remove_member_attribute': SimpleArgumentCheck({'member_urn' : 'URN',
'name' : 'STRING',
'value' : 'STRING'
}),
}
# Set of invocation checks indexed by method name
INVOCATION_CHECK_FOR_METHOD = None
# Name of policies file
policies_filename = "/etc/geni-chapi/member_authority_policy.json"
# Thread to check whether the policies file has changed
policies_file_checker = None
# Lookup argument check per method (or None if none registered)
def get_argument_check(self, method):
if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method):
return self.ARGUMENT_CHECK_FOR_METHOD[method]
return None
# Lookup invocation check per method (or None if none registered)
def get_invocation_check(self, method):
# Initiate file check thread
if self.policies_file_checker == None:
self.policies_file_checker = \
PolicyFileChecker(self.policies_filename, 5, \
self, MA_LOG_PREFIX)
self.policies_file_checker.start()
if self.INVOCATION_CHECK_FOR_METHOD == None:
policies = \
parse_method_policies(self.policies_filename)
self.INVOCATION_CHECK_FOR_METHOD = \
create_subject_invocation_checks(self, policies)
if self.INVOCATION_CHECK_FOR_METHOD.has_key(method):
return self.INVOCATION_CHECK_FOR_METHOD[method]
return None
class SAv1Guard(ABACGuardBase):
# Methods
# def create_slice(self, credentials, options):
# def lookup_slices(self, credentials, options):
# def update_slice(self, slice_urn, credentials, options):
# def get_credentials(self, slice_urn, credentials, options):
# def modify_slice_membership(self, slice_urn,
# def lookup_slice_members(self, slice_urn, credentials, options):
# def lookup_slices_for_member(self, member_urn, credentials, options):
# def register_aggregate(self, slice_urn, aggregate_url, credentials, opts):
# def remove_aggregate(self, slice_urn, aggregate_url, credentials, opts):
# def lookup_slice_aggregates(self, slice_urn, credentials, options):
# def create_project(self, credentials, options):
# def lookup_projects(self, credentials, options):
# def update_project(self, project_urn, credentials, options):
# def modify_project_membership(self, project_urn,
# def lookup_project_members(self, project_urn, credentials, options):
# def lookup_projects_for_member(self, member_urn, credentials, options):
# Set of argument checks indexed by method name
ARGUMENT_CHECK_FOR_METHOD = \
{
# Argument checks for slice methods
'create_slice' : \
CreateArgumentCheck(SA.slice_mandatory_fields,\
SA.slice_supplemental_fields),
'update_slice' : \
UpdateArgumentCheck(SA.slice_mandatory_fields,\
SA.slice_supplemental_fields,
{'slice_urn' : "URN"}),
'lookup_slices' : \
LookupArgumentCheck(SA.slice_mandatory_fields,\
SA.slice_supplemental_fields),
'modify_slice_membership' : SimpleArgumentCheck({'slice_urn' : 'URN'}),
'lookup_slice_members' : SimpleArgumentCheck({'slice_urn' : 'URN'}),
'lookup_slices_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}),
'get_credentials' : SimpleArgumentCheck({'slice_urn' : 'URN'}),
# Argument checks for project methods
'create_project' : \
CreateArgumentCheck(SA.project_mandatory_fields,\
SA.project_supplemental_fields),
'update_project' : \
UpdateArgumentCheck(SA.project_mandatory_fields,
SA.project_supplemental_fields,
{'project_urn' : "URN"}),
'lookup_projects' : \
LookupArgumentCheckMatchOptional(SA.project_mandatory_fields,\
SA.project_supplemental_fields),
'modify_project_membership' : SimpleArgumentCheck({'project_urn' : 'URN'}),
'lookup_project_members' : SimpleArgumentCheck({'project_urn' : 'URN'}),
'lookup_projects_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}),
# Argument checks for sliver info aggregate methods
'create_sliver_info' : CreateArgumentCheck(SA.sliver_info_mandatory_fields,
SA.sliver_info_supplemental_fields),
'update_sliver_info' : UpdateArgumentCheck(SA.sliver_info_mandatory_fields,
SA.sliver_info_supplemental_fields,
{'sliver_urn' : "URN"}),
'delete_sliver_info' : SimpleArgumentCheck({'sliver_urn' : 'URN'}),
'lookup_sliver_info' : LookupArgumentCheckMatchOptional(SA.sliver_info_mandatory_fields,
SA.sliver_info_supplemental_fields),
# Argument checks for project request methods
# No options required (context_type, request_id, resolution_status, resolution_description arguments)
'create_request' : None,
# No options required (context_type, request_id, resolution_status, resolution_description arguments)
'resolve_pending_request' : None,
# No options required (context_type, context_id, status arguments)
'get_requests_for_context' : None,
# No options required (member_id, context_type, context_id, status arguments)
'get_requests_by_user' : None,
# No options required (member_id, context_type, context_id arguments)
'get_pending_requests_for_user' : None,
# No options required (member_id, context_type, context_id arguments)
'get_number_of_pending_requests_for_user' : None,
# No options required (request_id, context_type arguments)
'get_request_by_id' : None,
# No options required (role, project_id)
'invite_member' : None,
# No options required (invite_id, member_id)
'accept_invitation' : None
}
# Set of invocation checks indexed by method name
INVOCATION_CHECK_FOR_METHOD = None
# Name of policies file
policies_filename = "/etc/geni-chapi/slice_authority_policy.json"
# Thread to check whether the policies file has changed
policies_file_checker = None
# argument check per method (or None if none registered)
def get_argument_check(self, method):
if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method):
return self.ARGUMENT_CHECK_FOR_METHOD[method]
return None
# Lookup invocation check per method (or None if none registered)
def get_invocation_check(self, method):
# Initiate file check thread
if self.policies_file_checker == None:
self.policies_file_checker = \
PolicyFileChecker(self.policies_filename, 5, \
self, SA_LOG_PREFIX)
self.policies_file_checker.start()
if self.INVOCATION_CHECK_FOR_METHOD == None:
policies = \
parse_method_policies(self.policies_filename)
self.INVOCATION_CHECK_FOR_METHOD = \
create_subject_invocation_checks(policies)
if self.INVOCATION_CHECK_FOR_METHOD.has_key(method):
return self.INVOCATION_CHECK_FOR_METHOD[method]
return None
# Lookup row check per method (or None if none registered)
def get_row_check(self, method):
if self.ROW_CHECK_FOR_METHOD.has_key(method):
return self.ROW_CHECK_FOR_METHOD[method]
return None
class MAv1Guard(ABACGuardBase):
# Methods
# def get_version(self):
# def lookup_public_member_info(self, credentials, options):
# def lookup_private_member_info(self, credentials, options):
# def lookup_identifying_member_info(self, credentials, options):
# def update_member_info(self, member_urn, credentials, options):
# def create_key(self, member_urn, credentials, options):
# def delete_key(self, member_urn, key_id, credentials, options):
# def update_key(self, member_urn, key_id, credentials, options):
# def lookup_keys(self, credentials, options):
# def create_certificate(self, member_urn, credentials, options):
# Set of argument checks indexed by method name
ARGUMENT_CHECK_FOR_METHOD = \
{
'lookup_public_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.public_fields), \
select_fields(MA.optional_fields, \
MA.public_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_private_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.private_fields), \
select_fields(MA.optional_fields, \
MA.private_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_identifying_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.identifying_fields), \
select_fields(MA.optional_fields, \
MA.identifying_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_public_identifying_member_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.public_fields+MA.identifying_fields), \
select_fields(MA.optional_fields, \
MA.public_fields+MA.identifying_fields), \
select_fields(MA.standard_plus_optional, \
MA.match_fields)),
'lookup_login_info' : \
LookupArgumentCheck(select_fields(MA.standard_fields, \
MA.public_fields+MA.identifying_fields+MA.private_fields),
select_fields(MA.optional_fields,
MA.public_fields+MA.identifying_fields+MA.private_fields),
['_GENI_MEMBER_EPPN']),
'get_credentials' : SimpleArgumentCheck({'member_urn' : 'URN'}),
'update_member_info' : \
UpdateArgumentCheck({}, {}, {'member_urn' : "URN"}),
'create_key' : \
CreateArgumentCheck(select_fields(MA.standard_key_fields, \
MA.allowed_create_key_fields), \
select_fields(MA.optional_key_fields, \
MA.allowed_create_key_fields)),
'delete_key' : \
None,
'update_key' : \
UpdateArgumentCheck(select_fields(MA.standard_key_fields, \
MA.updatable_key_fields), \
select_fields(MA.optional_key_fields, \
MA.updatable_key_fields),
{'key_id' : 'STRING'}),
'lookup_keys' : \
LookupArgumentCheck(MA.standard_key_fields, \
MA.optional_key_fields),
'create_certificate' : \
None,
'create_member' : \
None, # Check is done in create_member itself
'list_clients' : None,
'list_authorized_clients' : None,
'authorize_client' : None,
'enable_user': None,
'add_member_privilege': None,
'revoke_member_privilege': None,
'add_member_attribute': SimpleArgumentCheck({'member_urn' : 'URN',
'name' : 'STRING',
'value' : 'STRING',
'self_asserted' : 'STRING'}),
'remove_member_attribute': SimpleArgumentCheck({'member_urn' : 'URN',
'name' : 'STRING',
'value' : 'STRING'
}),
}
# Set of invocation checks indexed by method name
INVOCATION_CHECK_FOR_METHOD = None
# Name of policies file
policies_filename = "/etc/geni-chapi/member_authority_policy.json"
# Thread to check whether the policies file has changed
policies_file_checker = None
# Lookup argument check per method (or None if none registered)
def get_argument_check(self, method):
if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method):
return self.ARGUMENT_CHECK_FOR_METHOD[method]
return None
# Lookup invocation check per method (or None if none registered)
def get_invocation_check(self, method):
# Initiate file check thread
if self.policies_file_checker == None:
self.policies_file_checker = \
PolicyFileChecker(self.policies_filename, 5, \
self, MA_LOG_PREFIX)
self.policies_file_checker.start()
if self.INVOCATION_CHECK_FOR_METHOD == None:
policies = \
parse_method_policies(self.policies_filename)
self.INVOCATION_CHECK_FOR_METHOD = \
create_subject_invocation_checks(self, policies)
if self.INVOCATION_CHECK_FOR_METHOD.has_key(method):
return self.INVOCATION_CHECK_FOR_METHOD[method]
return None
class SAv1Guard(ABACGuardBase):
# Methods
# def create_slice(self, credentials, options):
# def lookup_slices(self, credentials, options):
# def update_slice(self, slice_urn, credentials, options):
# def get_credentials(self, slice_urn, credentials, options):
# def modify_slice_membership(self, slice_urn,
# def lookup_slice_members(self, slice_urn, credentials, options):
# def lookup_slices_for_member(self, member_urn, credentials, options):
# def register_aggregate(self, slice_urn, aggregate_url, credentials, opts):
# def remove_aggregate(self, slice_urn, aggregate_url, credentials, opts):
# def lookup_slice_aggregates(self, slice_urn, credentials, options):
# def create_project(self, credentials, options):
# def lookup_projects(self, credentials, options):
# def update_project(self, project_urn, credentials, options):
# def modify_project_membership(self, project_urn,
# def lookup_project_members(self, project_urn, credentials, options):
# def lookup_projects_for_member(self, member_urn, credentials, options):
# Set of argument checks indexed by method name
ARGUMENT_CHECK_FOR_METHOD = \
{
# Argument checks for slice methods
'create_slice' : \
CreateArgumentCheck(SA.slice_mandatory_fields,\
SA.slice_supplemental_fields),
'update_slice' : \
UpdateArgumentCheck(SA.slice_mandatory_fields,\
SA.slice_supplemental_fields,
{'slice_urn' : "URN"}),
'lookup_slices' : \
LookupArgumentCheck(SA.slice_mandatory_fields,\
SA.slice_supplemental_fields),
'modify_slice_membership' : SimpleArgumentCheck({'slice_urn' : 'URN'}),
'lookup_slice_members' : SimpleArgumentCheck({'slice_urn' : 'URN'}),
'lookup_slices_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}),
'get_credentials' : SimpleArgumentCheck({'slice_urn' : 'URN'}),
# Argument checks for project methods
'create_project' : \
CreateArgumentCheck(SA.project_mandatory_fields,\
SA.project_supplemental_fields),
'update_project' : \
UpdateArgumentCheck(SA.project_mandatory_fields,
SA.project_supplemental_fields,
{'project_urn' : "URN"}),
'lookup_projects' : \
LookupArgumentCheckMatchOptional(SA.project_mandatory_fields,\
SA.project_supplemental_fields),
'modify_project_membership' : SimpleArgumentCheck({'project_urn' : 'URN'}),
'lookup_project_members' : SimpleArgumentCheck({'project_urn' : 'URN'}),
'lookup_projects_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}),
# Argument checks for sliver info aggregate methods
'create_sliver_info' : CreateArgumentCheck(SA.sliver_info_mandatory_fields,
SA.sliver_info_supplemental_fields),
'update_sliver_info' : UpdateArgumentCheck(SA.sliver_info_mandatory_fields,
SA.sliver_info_supplemental_fields,
{'sliver_urn' : "URN"}),
'delete_sliver_info' : SimpleArgumentCheck({'sliver_urn' : 'URN'}),
'lookup_sliver_info' : LookupArgumentCheckMatchOptional(SA.sliver_info_mandatory_fields,
SA.sliver_info_supplemental_fields),
# Argument checks for project request methods
# No options required (context_type, request_id, resolution_status, resolution_description arguments)
'create_request' : None,
# No options required (context_type, request_id, resolution_status, resolution_description arguments)
'resolve_pending_request' : None,
# No options required (context_type, context_id, status arguments)
'get_requests_for_context' : None,
# No options required (member_id, context_type, context_id, status arguments)
'get_requests_by_user' : None,
# No options required (member_id, context_type, context_id arguments)
'get_pending_requests_for_user' : None,
# No options required (member_id, context_type, context_id arguments)
'get_number_of_pending_requests_for_user' : None,
# No options required (request_id, context_type arguments)
'get_request_by_id' : None,
# No options required (role, project_id)
'invite_member' : None,
# No options required (invite_id, member_id)
'accept_invitation' : None
}
# Set of invocation checks indexed by method name
INVOCATION_CHECK_FOR_METHOD = None
# Name of policies file
policies_filename = "/etc/geni-chapi/slice_authority_policy.json"
# Thread to check whether the policies file has changed
policies_file_checker = None
# argument check per method (or None if none registered)
def get_argument_check(self, method):
if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method):
return self.ARGUMENT_CHECK_FOR_METHOD[method]
return None
# Lookup invocation check per method (or None if none registered)
def get_invocation_check(self, method):
# Initiate file check thread
if self.policies_file_checker == None:
self.policies_file_checker = \
PolicyFileChecker(self.policies_filename, 5, \
self, SA_LOG_PREFIX)
self.policies_file_checker.start()
if self.INVOCATION_CHECK_FOR_METHOD == None:
policies = \
parse_method_policies(self.policies_filename)
self.INVOCATION_CHECK_FOR_METHOD = \
create_subject_invocation_checks(self, policies)
if self.INVOCATION_CHECK_FOR_METHOD.has_key(method):
return self.INVOCATION_CHECK_FOR_METHOD[method]
return None
# Lookup row check per method (or None if none registered)
def get_row_check(self, method):
if self.ROW_CHECK_FOR_METHOD.has_key(method):
return self.ROW_CHECK_FOR_METHOD[method]
return None