class Loggingv1Guard(ABACGuardBase): def __init__(self): ABACGuardBase.__init__(self) # Set of argument checks indexed by method name ARGUMENT_CHECK_FOR_METHOD = \ { 'log_event' : \ SimpleArgumentCheck({'message' : 'STRING', 'attributes' : 'ATTRIBUTE_SET'}), 'get_log_entries_by_author' : \ SimpleArgumentCheck({'user_id' : 'UID', 'num_hours' : 'POSITIVE'}), 'get_log_entries_for_context' : \ SimpleArgumentCheck({'context_type' : 'CONTEXT_TYPE', 'context_id' : 'UID', 'num_hours' : 'POSITIVE'}), 'get_log_entries_by_attributes' : \ None, 'get_attributes_for_log_entry' : \ None } INVOCATION_CHECK_FOR_METHOD = None # Name of policies file policies_filename = "/etc/geni-chapi/logging_policy.json" # Thread to check whether the policies file has changed policies_file_checker = None # Lookup argument check per method (or None if none registered) def get_argument_check(self, method): if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method): return self.ARGUMENT_CHECK_FOR_METHOD[method] return None # Lookup invocation check per method (or None if none registered) def get_invocation_check(self, method): # Initiate file check thread if self.policies_file_checker == None: self.policies_file_checker = \ PolicyFileChecker(self.policies_filename, 5, \ self, LOG_LOG_PREFIX) self.policies_file_checker.start() if self.INVOCATION_CHECK_FOR_METHOD == None: policies = \ parse_method_policies(Loggingv1Guard.policies_filename) self.INVOCATION_CHECK_FOR_METHOD = \ create_subject_invocation_checks(self, policies) if self.INVOCATION_CHECK_FOR_METHOD.has_key(method): return self.INVOCATION_CHECK_FOR_METHOD[method] return None
class CSv1Guard(ABACGuardBase): def __init__(self): ABACGuardBase.__init__(self) # Set of argument checks indexed by method name ARGUMENT_CHECK_FOR_METHOD = \ { 'get_attributes' : None, 'get_permissions' : None } INVOCATION_CHECK_FOR_METHOD = None # Name of policies file policies_filename = "/etc/geni-chapi/credential_store_policy.json" # Thread to check whether the policies file has changed policies_file_checker = None # Lookup argument check per method (or None if none registered) def get_argument_check(self, method): if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method): return self.ARGUMENT_CHECK_FOR_METHOD[method] return None # Lookup invocation check per method (or None if none registered) def get_invocation_check(self, method): # Initiate file check thread if self.policies_file_checker == None: self.policies_file_checker = \ PolicyFileChecker(self.policies_filename, 5, \ self, CS_LOG_PREFIX) self.policies_file_checker.start() if self.INVOCATION_CHECK_FOR_METHOD == None: policies = \ parse_method_policies(CSv1Guard.policies_filename) self.INVOCATION_CHECK_FOR_METHOD = \ create_subject_invocation_checks(self, policies) if self.INVOCATION_CHECK_FOR_METHOD.has_key(method): return self.INVOCATION_CHECK_FOR_METHOD[method] return None
class MAv1Guard(ABACGuardBase): # Methods # def get_version(self): # def lookup_public_member_info(self, credentials, options): # def lookup_private_member_info(self, credentials, options): # def lookup_identifying_member_info(self, credentials, options): # def update_member_info(self, member_urn, credentials, options): # def create_key(self, member_urn, credentials, options): # def delete_key(self, member_urn, key_id, credentials, options): # def update_key(self, member_urn, key_id, credentials, options): # def lookup_keys(self, credentials, options): # def create_certificate(self, member_urn, credentials, options): # Set of argument checks indexed by method name ARGUMENT_CHECK_FOR_METHOD = \ { 'lookup_public_member_info' : \ LookupArgumentCheck(select_fields(MA.standard_fields, \ MA.public_fields), \ select_fields(MA.optional_fields, \ MA.public_fields), \ select_fields(MA.standard_plus_optional, \ MA.match_fields)), 'lookup_private_member_info' : \ LookupArgumentCheck(select_fields(MA.standard_fields, \ MA.private_fields), \ select_fields(MA.optional_fields, \ MA.private_fields), \ select_fields(MA.standard_plus_optional, \ MA.match_fields)), 'lookup_identifying_member_info' : \ LookupArgumentCheck(select_fields(MA.standard_fields, \ MA.identifying_fields), \ select_fields(MA.optional_fields, \ MA.identifying_fields), \ select_fields(MA.standard_plus_optional, \ MA.match_fields)), 'lookup_public_identifying_member_info' : \ LookupArgumentCheck(select_fields(MA.standard_fields, \ MA.public_fields+MA.identifying_fields), \ select_fields(MA.optional_fields, \ MA.public_fields+MA.identifying_fields), \ select_fields(MA.standard_plus_optional, \ MA.match_fields)), 'lookup_login_info' : \ LookupArgumentCheck(select_fields(MA.standard_fields, \ MA.public_fields+MA.identifying_fields+MA.private_fields), select_fields(MA.optional_fields, MA.public_fields+MA.identifying_fields+MA.private_fields), ['_GENI_MEMBER_EPPN']), 'get_credentials' : SimpleArgumentCheck({'member_urn' : 'URN'}), 'update_member_info' : \ UpdateArgumentCheck({}, {}, {'member_urn' : "URN"}), 'create_key' : \ CreateArgumentCheck(select_fields(MA.standard_key_fields, \ MA.allowed_create_key_fields), \ select_fields(MA.optional_key_fields, \ MA.allowed_create_key_fields)), 'delete_key' : \ None, 'update_key' : \ UpdateArgumentCheck(select_fields(MA.standard_key_fields, \ MA.updatable_key_fields), \ select_fields(MA.optional_key_fields, \ MA.updatable_key_fields), {'key_id' : 'STRING'}), 'lookup_keys' : \ LookupArgumentCheck(MA.standard_key_fields, \ MA.optional_key_fields), 'create_certificate' : \ None, 'create_member' : \ None, # Check is done in create_member itself 'list_clients' : None, 'list_authorized_clients' : None, 'authorize_client' : None, 'enable_user': None, 'add_member_privilege': None, 'revoke_member_privilege': None, 'add_member_attribute': SimpleArgumentCheck({'member_urn' : 'URN', 'name' : 'STRING', 'value' : 'STRING', 'self_asserted' : 'STRING'}), 'remove_member_attribute': SimpleArgumentCheck({'member_urn' : 'URN', 'name' : 'STRING', 'value' : 'STRING' }), } # Set of invocation checks indexed by method name INVOCATION_CHECK_FOR_METHOD = None # Name of policies file policies_filename = "/etc/geni-chapi/member_authority_policy.json" # Thread to check whether the policies file has changed policies_file_checker = None # Lookup argument check per method (or None if none registered) def get_argument_check(self, method): if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method): return self.ARGUMENT_CHECK_FOR_METHOD[method] return None # Lookup invocation check per method (or None if none registered) def get_invocation_check(self, method): # Initiate file check thread if self.policies_file_checker == None: self.policies_file_checker = \ PolicyFileChecker(self.policies_filename, 5, \ self, MA_LOG_PREFIX) self.policies_file_checker.start() if self.INVOCATION_CHECK_FOR_METHOD == None: policies = \ parse_method_policies(self.policies_filename) self.INVOCATION_CHECK_FOR_METHOD = \ create_subject_invocation_checks(self, policies) if self.INVOCATION_CHECK_FOR_METHOD.has_key(method): return self.INVOCATION_CHECK_FOR_METHOD[method] return None
class SAv1Guard(ABACGuardBase): # Methods # def create_slice(self, credentials, options): # def lookup_slices(self, credentials, options): # def update_slice(self, slice_urn, credentials, options): # def get_credentials(self, slice_urn, credentials, options): # def modify_slice_membership(self, slice_urn, # def lookup_slice_members(self, slice_urn, credentials, options): # def lookup_slices_for_member(self, member_urn, credentials, options): # def register_aggregate(self, slice_urn, aggregate_url, credentials, opts): # def remove_aggregate(self, slice_urn, aggregate_url, credentials, opts): # def lookup_slice_aggregates(self, slice_urn, credentials, options): # def create_project(self, credentials, options): # def lookup_projects(self, credentials, options): # def update_project(self, project_urn, credentials, options): # def modify_project_membership(self, project_urn, # def lookup_project_members(self, project_urn, credentials, options): # def lookup_projects_for_member(self, member_urn, credentials, options): # Set of argument checks indexed by method name ARGUMENT_CHECK_FOR_METHOD = \ { # Argument checks for slice methods 'create_slice' : \ CreateArgumentCheck(SA.slice_mandatory_fields,\ SA.slice_supplemental_fields), 'update_slice' : \ UpdateArgumentCheck(SA.slice_mandatory_fields,\ SA.slice_supplemental_fields, {'slice_urn' : "URN"}), 'lookup_slices' : \ LookupArgumentCheck(SA.slice_mandatory_fields,\ SA.slice_supplemental_fields), 'modify_slice_membership' : SimpleArgumentCheck({'slice_urn' : 'URN'}), 'lookup_slice_members' : SimpleArgumentCheck({'slice_urn' : 'URN'}), 'lookup_slices_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}), 'get_credentials' : SimpleArgumentCheck({'slice_urn' : 'URN'}), # Argument checks for project methods 'create_project' : \ CreateArgumentCheck(SA.project_mandatory_fields,\ SA.project_supplemental_fields), 'update_project' : \ UpdateArgumentCheck(SA.project_mandatory_fields, SA.project_supplemental_fields, {'project_urn' : "URN"}), 'lookup_projects' : \ LookupArgumentCheckMatchOptional(SA.project_mandatory_fields,\ SA.project_supplemental_fields), 'modify_project_membership' : SimpleArgumentCheck({'project_urn' : 'URN'}), 'lookup_project_members' : SimpleArgumentCheck({'project_urn' : 'URN'}), 'lookup_projects_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}), # Argument checks for sliver info aggregate methods 'create_sliver_info' : CreateArgumentCheck(SA.sliver_info_mandatory_fields, SA.sliver_info_supplemental_fields), 'update_sliver_info' : UpdateArgumentCheck(SA.sliver_info_mandatory_fields, SA.sliver_info_supplemental_fields, {'sliver_urn' : "URN"}), 'delete_sliver_info' : SimpleArgumentCheck({'sliver_urn' : 'URN'}), 'lookup_sliver_info' : LookupArgumentCheckMatchOptional(SA.sliver_info_mandatory_fields, SA.sliver_info_supplemental_fields), # Argument checks for project request methods # No options required (context_type, request_id, resolution_status, resolution_description arguments) 'create_request' : None, # No options required (context_type, request_id, resolution_status, resolution_description arguments) 'resolve_pending_request' : None, # No options required (context_type, context_id, status arguments) 'get_requests_for_context' : None, # No options required (member_id, context_type, context_id, status arguments) 'get_requests_by_user' : None, # No options required (member_id, context_type, context_id arguments) 'get_pending_requests_for_user' : None, # No options required (member_id, context_type, context_id arguments) 'get_number_of_pending_requests_for_user' : None, # No options required (request_id, context_type arguments) 'get_request_by_id' : None, # No options required (role, project_id) 'invite_member' : None, # No options required (invite_id, member_id) 'accept_invitation' : None } # Set of invocation checks indexed by method name INVOCATION_CHECK_FOR_METHOD = None # Name of policies file policies_filename = "/etc/geni-chapi/slice_authority_policy.json" # Thread to check whether the policies file has changed policies_file_checker = None # argument check per method (or None if none registered) def get_argument_check(self, method): if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method): return self.ARGUMENT_CHECK_FOR_METHOD[method] return None # Lookup invocation check per method (or None if none registered) def get_invocation_check(self, method): # Initiate file check thread if self.policies_file_checker == None: self.policies_file_checker = \ PolicyFileChecker(self.policies_filename, 5, \ self, SA_LOG_PREFIX) self.policies_file_checker.start() if self.INVOCATION_CHECK_FOR_METHOD == None: policies = \ parse_method_policies(self.policies_filename) self.INVOCATION_CHECK_FOR_METHOD = \ create_subject_invocation_checks(policies) if self.INVOCATION_CHECK_FOR_METHOD.has_key(method): return self.INVOCATION_CHECK_FOR_METHOD[method] return None # Lookup row check per method (or None if none registered) def get_row_check(self, method): if self.ROW_CHECK_FOR_METHOD.has_key(method): return self.ROW_CHECK_FOR_METHOD[method] return None
class SAv1Guard(ABACGuardBase): # Methods # def create_slice(self, credentials, options): # def lookup_slices(self, credentials, options): # def update_slice(self, slice_urn, credentials, options): # def get_credentials(self, slice_urn, credentials, options): # def modify_slice_membership(self, slice_urn, # def lookup_slice_members(self, slice_urn, credentials, options): # def lookup_slices_for_member(self, member_urn, credentials, options): # def register_aggregate(self, slice_urn, aggregate_url, credentials, opts): # def remove_aggregate(self, slice_urn, aggregate_url, credentials, opts): # def lookup_slice_aggregates(self, slice_urn, credentials, options): # def create_project(self, credentials, options): # def lookup_projects(self, credentials, options): # def update_project(self, project_urn, credentials, options): # def modify_project_membership(self, project_urn, # def lookup_project_members(self, project_urn, credentials, options): # def lookup_projects_for_member(self, member_urn, credentials, options): # Set of argument checks indexed by method name ARGUMENT_CHECK_FOR_METHOD = \ { # Argument checks for slice methods 'create_slice' : \ CreateArgumentCheck(SA.slice_mandatory_fields,\ SA.slice_supplemental_fields), 'update_slice' : \ UpdateArgumentCheck(SA.slice_mandatory_fields,\ SA.slice_supplemental_fields, {'slice_urn' : "URN"}), 'lookup_slices' : \ LookupArgumentCheck(SA.slice_mandatory_fields,\ SA.slice_supplemental_fields), 'modify_slice_membership' : SimpleArgumentCheck({'slice_urn' : 'URN'}), 'lookup_slice_members' : SimpleArgumentCheck({'slice_urn' : 'URN'}), 'lookup_slices_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}), 'get_credentials' : SimpleArgumentCheck({'slice_urn' : 'URN'}), # Argument checks for project methods 'create_project' : \ CreateArgumentCheck(SA.project_mandatory_fields,\ SA.project_supplemental_fields), 'update_project' : \ UpdateArgumentCheck(SA.project_mandatory_fields, SA.project_supplemental_fields, {'project_urn' : "URN"}), 'lookup_projects' : \ LookupArgumentCheckMatchOptional(SA.project_mandatory_fields,\ SA.project_supplemental_fields), 'modify_project_membership' : SimpleArgumentCheck({'project_urn' : 'URN'}), 'lookup_project_members' : SimpleArgumentCheck({'project_urn' : 'URN'}), 'lookup_projects_for_member' : SimpleArgumentCheck({'member_urn' : 'URN'}), # Argument checks for sliver info aggregate methods 'create_sliver_info' : CreateArgumentCheck(SA.sliver_info_mandatory_fields, SA.sliver_info_supplemental_fields), 'update_sliver_info' : UpdateArgumentCheck(SA.sliver_info_mandatory_fields, SA.sliver_info_supplemental_fields, {'sliver_urn' : "URN"}), 'delete_sliver_info' : SimpleArgumentCheck({'sliver_urn' : 'URN'}), 'lookup_sliver_info' : LookupArgumentCheckMatchOptional(SA.sliver_info_mandatory_fields, SA.sliver_info_supplemental_fields), # Argument checks for project request methods # No options required (context_type, request_id, resolution_status, resolution_description arguments) 'create_request' : None, # No options required (context_type, request_id, resolution_status, resolution_description arguments) 'resolve_pending_request' : None, # No options required (context_type, context_id, status arguments) 'get_requests_for_context' : None, # No options required (member_id, context_type, context_id, status arguments) 'get_requests_by_user' : None, # No options required (member_id, context_type, context_id arguments) 'get_pending_requests_for_user' : None, # No options required (member_id, context_type, context_id arguments) 'get_number_of_pending_requests_for_user' : None, # No options required (request_id, context_type arguments) 'get_request_by_id' : None, # No options required (role, project_id) 'invite_member' : None, # No options required (invite_id, member_id) 'accept_invitation' : None } # Set of invocation checks indexed by method name INVOCATION_CHECK_FOR_METHOD = None # Name of policies file policies_filename = "/etc/geni-chapi/slice_authority_policy.json" # Thread to check whether the policies file has changed policies_file_checker = None # argument check per method (or None if none registered) def get_argument_check(self, method): if self.ARGUMENT_CHECK_FOR_METHOD.has_key(method): return self.ARGUMENT_CHECK_FOR_METHOD[method] return None # Lookup invocation check per method (or None if none registered) def get_invocation_check(self, method): # Initiate file check thread if self.policies_file_checker == None: self.policies_file_checker = \ PolicyFileChecker(self.policies_filename, 5, \ self, SA_LOG_PREFIX) self.policies_file_checker.start() if self.INVOCATION_CHECK_FOR_METHOD == None: policies = \ parse_method_policies(self.policies_filename) self.INVOCATION_CHECK_FOR_METHOD = \ create_subject_invocation_checks(self, policies) if self.INVOCATION_CHECK_FOR_METHOD.has_key(method): return self.INVOCATION_CHECK_FOR_METHOD[method] return None # Lookup row check per method (or None if none registered) def get_row_check(self, method): if self.ROW_CHECK_FOR_METHOD.has_key(method): return self.ROW_CHECK_FOR_METHOD[method] return None