Changeset 6719

Timestamp:

11/03/10 09:29:21 (11 years ago)

Author:

pjkersha

Message:

Refactoring Attribute Authority to remove NDG Attribute Certificate and role mapping code.

Location:

TI12-security/trunk/NDGSecurity/python

Files:

• ndg_security_server/ndg/security/server/attributeauthority.py (modified) (10 diffs)
• ndg_security_test/ndg/security/test/unit/attributeauthority/test_attributeauthority.cfg (modified) (1 diff)
• ndg_security_test/ndg/security/test/unit/attributeauthority/test_attributeauthority.py (modified) (2 diffs)

TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/attributeauthority.py

@@ -59 +59 @@
 
 class AttributeAuthority(object):
-    """NDG Attribute Authority - service for allocation of user authorization
-    tokens - attribute certificates.
+    """NDG Attribute Authority - rewritten with a SAML 2.0 Attribute Query 
+    interface for Earth System Grid
     
     @type propertyDefaults: dict
     @cvar propertyDefaults: valid configuration property keywords
     
-    @type attributeInterfacePropertyDefaults: dict
-    @cvar attributeInterfacePropertyDefaults: valid configuration property 
+    @type ATTRIBUTE_INTERFACE_PROPERTY_DEFAULTS: dict
+    @cvar ATTRIBUTE_INTERFACE_PROPERTY_DEFAULTS: valid configuration property 
     keywords for the Attribute Interface plugin
     
@@ -77 +77 @@
     under DEFAULT_CONFIG_DIRNAME
     
-    @type ATTRIBUTE_INTERFACE_KEYNAME: basestring
-    @param ATTRIBUTE_INTERFACE_KEYNAME: attribute interface parameters key 
+    @type ATTRIBUTE_INTERFACE_OPTPREFIX: basestring
+    @param ATTRIBUTE_INTERFACE_OPTPREFIX: attribute interface parameters key 
     name - see initAttributeInterface for details
     """
 
-    # Code designed from NERC Data Grid Enterprise and Information Viewpoint
-    # documents.
-    #
-    # Also, draws from Neil Bennett's ACServer class used in the Java
-    # implementation of NDG Security
-
     DEFAULT_CONFIG_DIRNAME = "conf"
     DEFAULT_PROPERTY_FILENAME = "attributeAuthority.cfg"
-    ATTRIBUTE_INTERFACE_KEYNAME = 'attributeInterface'
+    
+    # Config file special parameters
+    HERE_OPTNAME = 'here'
+    PREFIX_OPTNAME = 'prefix'
+    
+    # Config file option names
+    ISSUER_NAME_OPTNAME = 'issuerName'
+    ASSERTION_LIFETIME_OPTNAME = 'assertionLifetime'
+    DN_SEPARATOR_OPTNAME = 'dnSeparator'
+    
+    ATTRIBUTE_INTERFACE_OPTPREFIX = 'attributeInterface'
+    ATTRIBUTE_INTERFACE_MOD_FILEPATH_OPTNAME = 'modFilePath'
+    ATTRIBUTE_INTERFACE_CLASSNAME_OPTNAME = 'className'
+    
     CONFIG_LIST_SEP_PAT = re.compile(',\s*')
     
-    attributeInterfacePropertyDefaults = {
-        'modFilePath':  '',
-        'className':    ''
+    
+    ATTRIBUTE_INTERFACE_PROPERTY_DEFAULTS = {
+        ATTRIBUTE_INTERFACE_MOD_FILEPATH_OPTNAME:  '',
+        ATTRIBUTE_INTERFACE_CLASSNAME_OPTNAME:    ''
     }
     
@@ -102 +110 @@
     # in the config
     propertyDefaults = { 
-        'issuerName':                   '',
-        'assertionLifetime':              -1,
-        'dnSeparator':                  '/',
-        ATTRIBUTE_INTERFACE_KEYNAME:    attributeInterfacePropertyDefaults
+        ISSUER_NAME_OPTNAME:            '',
+        ASSERTION_LIFETIME_OPTNAME:     -1,
+        DN_SEPARATOR_OPTNAME:           '/',
+        ATTRIBUTE_INTERFACE_OPTPREFIX:  ATTRIBUTE_INTERFACE_PROPERTY_DEFAULTS
     }
 
+    __slots__ = (
+        '__issuerName', 
+        '__assertionLifetime', 
+        '__dnSeparator',
+        '__propFilePath',
+        '__propFileSection',
+        '__propPrefix',
+        '__attributeInterfaceCfg'
+    )
+    
     def __init__(self):
         """Create new Attribute Authority instance"""
@@ -113 +131 @@
         
         # Initial config file property based attributes
-        for name, val in AttributeAuthority.propertyDefaults.items():
-            setattr(self, '_AttributeAuthority__%s' % name, val)
+        self.__issuerName = None
+        self.__assertionLifetime = None
+        self.__dnSeparator = None
         
         self.__propFilePath = None        
@@ -285 +304 @@
         
     @classmethod
-    def fromPropertyFile(cls, propFilePath=None, propFileSection='DEFAULT',
-                         propPrefix='attributeauthority.'):
+    def fromPropertyFile(cls, propFilePath=None, section='DEFAULT',
+                         prefix='attributeauthority.'):
         """Create new NDG Attribute Authority instance from the property file
         settings
@@ -294 +313 @@
         configuration parameters.  It defaults to $NDGSEC_AA_PROPFILEPATH or
         if not set, $NDGSEC_DIR/conf/attributeAuthority.cfg
-        @type propFileSection: basestring
-        @param propFileSection: section of properties file to read from.
+        @type section: basestring
+        @param section: section of properties file to read from.
         properties files
+        @type prefix: basestring
+        @param prefix: set a prefix for filtering attribute authority
+        property names - useful where properties are being parsed from a file
+        section containing parameter names for more than one application
+        """
+            
+        attributeAuthority = AttributeAuthority()
+        if section:
+            attributeAuthority.propFileSection = section
+            
+        if prefix:
+            attributeAuthority.propPrefix = prefix
+
+        # If path is None it will default to setting derived from environment
+        # variable - see setPropFilePath()
+        attributeAuthority.propFilePath = propFilePath
+                     
+        attributeAuthority.readProperties()
+        attributeAuthority.initialise()
+    
+        return attributeAuthority
+
+    @classmethod
+    def fromProperties(cls, prefix='attributeauthority.', **prop):
+        """Create new NDG Attribute Authority instance from input property
+        keywords
+
         @type propPrefix: basestring
         @param propPrefix: set a prefix for filtering attribute authority
         property names - useful where properties are being parsed from a file
         section containing parameter names for more than one application
-        @type bReadMapConfig: boolean
-        @param bReadMapConfig: by default the Map Configuration file is 
-        read.  Set this flag to False to override.
-        """
-            
+        """
         attributeAuthority = AttributeAuthority()
-        if propFileSection:
-            attributeAuthority.propFileSection = propFileSection
-            
-        if propPrefix:
-            attributeAuthority.propPrefix = propPrefix
-
-        attributeAuthority.propFilePath = propFilePath            
-        attributeAuthority.readProperties()
-        attributeAuthority.initialise()
-    
-        return attributeAuthority
-
-    @classmethod
-    def fromProperties(cls, propPrefix='attributeauthority.', **prop):
-        """Create new NDG Attribute Authority instance from input property
-        keywords
-
-        @type propPrefix: basestring
-        @param propPrefix: set a prefix for filtering attribute authority
-        property names - useful where properties are being parsed from a file
-        section containing parameter names for more than one application
-        """
-        attributeAuthority = AttributeAuthority()
-        if propPrefix:
-            attributeAuthority.propPrefix = propPrefix
+        if prefix:
+            attributeAuthority.propPrefix = prefix
                
         attributeAuthority.setProperties(**prop)
@@ -358 +377 @@
         # '+ 1' allows for the dot separator 
         lenAttributeInterfacePrefix = len(
-                            AttributeAuthority.ATTRIBUTE_INTERFACE_KEYNAME) + 1
+                        AttributeAuthority.ATTRIBUTE_INTERFACE_OPTPREFIX) + 1
         
         for name, val in prop.items():
@@ -364 +383 @@
                 name = name[lenPropPrefix:]
             
-            if name.startswith(AttributeAuthority.ATTRIBUTE_INTERFACE_KEYNAME):
+            if name.startswith(
+                            AttributeAuthority.ATTRIBUTE_INTERFACE_OPTPREFIX):
                 name = name[lenAttributeInterfacePrefix:]
                 self.attributeInterfaceCfg[name] = val
@@ -392 +412 @@
                           self.propFilePath)
             
-        defaultItems = {'here': os.path.dirname(self.propFilePath)}
+        defaultItems = {
+            AttributeAuthority.HERE_OPTNAME: os.path.dirname(self.propFilePath)
+        }
         
         cfg = CaseSensitiveConfigParser(defaults=defaultItems)
         cfg.read(self.propFilePath)
         
+        if cfg.has_option(self.propFileSection, 
+                          AttributeAuthority.PREFIX_OPTNAME):
+            self.propPrefix = cfg.get(self.propFileSection, 
+                                      AttributeAuthority.PREFIX_OPTNAME)
+            
         cfgItems = dict([(name, val) 
                          for name, val in cfg.items(self.propFileSection)
-                         if name != 'here'])
+                         if (name != AttributeAuthority.HERE_OPTNAME and 
+                             name != AttributeAuthority.PREFIX_OPTNAME)])
         self.setProperties(**cfgItems)
 
@@ -416 +444 @@
         modFilePath = classProperties.pop('modFilePath', None) 
                       
-        self.__attributeInterface = instantiateClass(modName,
-                                             className,
+        self.__attributeInterface = instantiateClass(className,
                                              moduleFilePath=modFilePath,
                                              objectType=AttributeInterface,

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthority/test_attributeauthority.cfg

@@ -8 +8 @@
 
 [DEFAULT]
-prefix='attribute-authority.'
+prefix=attribute-authority.
 attribute-authority.assertionLifetime = 3600
 attribute-authority.issuerName = /O=My Organisation/OU=Centre/CN=Attribute Authority 

TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthority/test_attributeauthority.py

@@ -29 +29 @@
     CaseSensitiveConfigParser)
 from ndg.security.server.attributeauthority import (AttributeAuthority, 
-    SQLAlchemyAttributeInterface, InvalidAttributeFormat)
+    SQLAlchemyAttributeInterface, InvalidAttributeFormat, AttributeInterface)
 
 from ndg.saml.saml2.core import (Response, Attribute, SAMLVersion, Subject, 
@@ -54 +54 @@
         self.assert_(aa.issuerName == cls.ISSUER_NAME)
         
-    def test02FromPropertis(self):
+    def test02FromProperties(self):
         
         # Casts from string to float
         assertionLifetime = "86400"
         issuerName = 'My issuer'
+        attributeInterfaceClassName = ('ndg.security.server.attributeauthority.'
+                                       'AttributeInterface')
+        
         aa = AttributeAuthority.fromProperties(issuerName=issuerName,
-                                            assertionLifetime=assertionLifetime)
+                    assertionLifetime=assertionLifetime,
+                    attributeInterface_className=attributeInterfaceClassName)
+        
         self.assert_(aa)
         self.assert_(aa.assertionLifetime == float(assertionLifetime))
         self.assert_(aa.issuerName == issuerName)
+        self.assert_(isinstance(aa.attributeInterface, AttributeInterface))