-
Notifications
You must be signed in to change notification settings - Fork 189
[v7r3][WIP] OAuth2/OIDC AuthN/AuthZ mechanism (Full version) #4650
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
Show all changes
105 commits
Select commit
Hold shift + click to select a range
fc51002
CS: use PM and AM cli caches in Registry
TaykYoku ab8ed4d
CS: modify methods in Resources and Utilities
TaykYoku 3e37bdf
CS: fix test
TaykYoku 16a75e2
CS: add rest api
TaykYoku f3a5fa1
Core: align with new Registry
TaykYoku 1b65282
Core: add DB version
TaykYoku 08c6939
Core: allow to delegate through delegateID in BaseClient
TaykYoku 5f75ca5
Core: modify AuthManager to use IDs, align with new Registry, fix test
TaykYoku 8b0143a
Core: research connectingCredentials in getRemoteCredentials
TaykYoku cfc9088
Core: use ID as IdP ID in TreadConfig
TaykYoku 1eb8396
Core: move WebApp cores to DIRAC
TaykYoku 8f38425
Core: add proxyPath option to VOMSService
TaykYoku 7bf1088
Core: add getDict method to DictCache
TaykYoku 7a5121f
Core: align with ProxyManager
TaykYoku fe988f2
Core: Shifter align with ProxyManager and Registry
TaykYoku fb5febf
DMS: use username/group to get proxy
TaykYoku d40ddab
DMS: use userDN/group or username/group to get proxy
TaykYoku ff2f18c
DMS: search DNs for user in group
TaykYoku e525ff6
DMS: use userDN/group or username/group to get proxy
TaykYoku 6f9dec0
docs: describe downloadablePersonalProxy parameter
TaykYoku f1fdbc1
docs
TaykYoku 3b94e39
FS: optimize, add check
TaykYoku 911f91a
FS: split proxy manager client
TaykYoku 7a8e65c
FS: modify ProxyDB
TaykYoku 10a17b0
FS: align with ProxyManager
TaykYoku 14fbdbc
FS: align with ProxyManager
TaykYoku 6655ecc
FS: align with ProxyManager
TaykYoku f717c56
FS: align with ProxyManager
TaykYoku 089943f
FS: align with ProxyManager
TaykYoku d298dd4
FS: modify ProxyManager
TaykYoku 5f88a9f
FS: add AuthManager service
TaykYoku 94ab7f3
FS: add spiners
TaykYoku 74eeb53
FS: add rest apis
TaykYoku 844fa7d
FS: add OAuth helper class
TaykYoku f849019
FS: align with ProxyManager
TaykYoku cbecf4e
RmS: align with ProxyManager, use username instead dn
TaykYoku 459204f
Resources: align with Registry, docs, fix test
TaykYoku be8d194
Resources: add OAuth2 resources
TaykYoku 94ecc2e
test: fix ProxyDB test
TaykYoku d81e973
fix tests
TaykYoku 42b3bc2
TS: align with Registry
TaykYoku 66e2ed5
WMS: add use PilotUser instead dn, align with proxyManager/Registry
TaykYoku d9b6c02
some fixes
TaykYoku e060199
some fixes
TaykYoku 3a8d740
some fixes
TaykYoku 2f0e7b0
some fixes
TaykYoku e82d322
in progress
TaykYoku e615e6a
in progress
TaykYoku 3db8952
in progress
TaykYoku 6e8baff
in progress
TaykYoku 46fcd95
in progress
TaykYoku db8aa7a
in progress
TaykYoku 58025a5
in progress
TaykYoku 9a7545c
in progress
TaykYoku c721f17
in progress
TaykYoku bd0204f
in progress
TaykYoku e061de2
in progress
TaykYoku f557276
in progress
TaykYoku 70a4577
in progress
TaykYoku 926d048
in progress
TaykYoku 80046cf
in progress
TaykYoku 745e788
in progress
TaykYoku ea1767c
in progress
TaykYoku 63152b6
in progress
TaykYoku 57a736a
in progress
TaykYoku d059ed3
in progress
TaykYoku 518a257
in progress
TaykYoku 6f3d653
in progress
TaykYoku 5e48d62
in progress
TaykYoku 7c2ed4f
in progress
TaykYoku 878ac86
in progress
TaykYoku a3581be
fix test
TaykYoku 816ef8c
fix test
TaykYoku 599811f
fix test
TaykYoku 03c1da3
fix test
TaykYoku 14ec25d
fix test
TaykYoku c32656a
fix test
TaykYoku 40a80e4
fix test
TaykYoku c0fd25e
fix test
TaykYoku 8db7d91
fix test use real user
TaykYoku a85779b
fix test
TaykYoku e0aff8e
fix test
TaykYoku ae186f2
fix test
TaykYoku 946108a
remove debugs
TaykYoku 2761f3a
remove debugs
TaykYoku 8e37390
debugs
TaykYoku 63ac450
debugs
TaykYoku 5fbd7a7
remove debugs
TaykYoku a90a59d
add docs
TaykYoku 5beea6c
add docs
TaykYoku 89a7e52
docs
TaykYoku 710c3d8
fix bugs
TaykYoku a52f020
docs
TaykYoku bf8747e
fix bugs
TaykYoku 33c1464
add number of connection error
TaykYoku b742934
CS/Registry: use deprecated, fix sort list
TaykYoku 60458e9
backward compatibility
TaykYoku c1b3f03
rename option, use Client
TaykYoku c69dbee
use createClient
TaykYoku 5454e63
escape params
TaykYoku ecddf74
docs
TaykYoku 0af7a1c
add license halo
TaykYoku 51e3e2f
fix metaclass
TaykYoku c7719c6
docs
TaykYoku edfffe3
docs
TaykYoku File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| """ HTTP API of the DIRAC configuration data, rewrite from the RESTDIRAC project | ||
| """ | ||
|
TaykYoku marked this conversation as resolved.
|
||
| import re | ||
| import json | ||
|
|
||
| from tornado import web, gen | ||
| from tornado.template import Template | ||
|
|
||
| from DIRAC import S_OK, S_ERROR, gConfig, gLogger | ||
| from DIRAC.ConfigurationSystem.Client.Helpers import Resources, Registry | ||
| from DIRAC.ConfigurationSystem.Client.ConfigurationData import gConfigurationData | ||
| from DIRAC.FrameworkSystem.Client.ProxyManagerClient import gProxyManager | ||
|
|
||
| from DIRAC.Core.Web.WebHandler import WebHandler, asyncGen, WErr | ||
|
|
||
| __RCSID__ = "$Id$" | ||
|
|
||
|
|
||
| class ConfigurationHandler(WebHandler): | ||
| OVERPATH = True | ||
| AUTH_PROPS = "all" | ||
| LOCATION = "/" | ||
|
|
||
| def initialize(self): | ||
| super(ConfigurationHandler, self).initialize() | ||
| self.args = {} | ||
| for arg in self.request.arguments: | ||
| if len(self.request.arguments[arg]) > 1: | ||
| self.args[arg] = self.request.arguments[arg] | ||
| else: | ||
| self.args[arg] = self.request.arguments[arg][0] or '' | ||
| return S_OK() | ||
|
|
||
| @asyncGen | ||
| def web_conf(self): | ||
| """ REST endpoint for configuration system: | ||
|
|
||
| **GET** /conf/<key>?<options> -- get configuration information | ||
|
|
||
| Options: | ||
| * *path* -- path in the configuration structure, by default it's "/". | ||
| * *version* -- the configuration version of the requester, if *version* is newer | ||
| than the one present on the server, an empty result will be returned | ||
|
|
||
| Response: | ||
| +-----------+---------------------------------------+------------------------+ | ||
| | *key* | Description | Type | | ||
| +-----------+---------------------------------------+------------------------+ | ||
| | dump | Current CFG() | encoded in json format | | ||
| +-----------+---------------------------------------+------------------------+ | ||
| | option | Option value | text | | ||
| +-----------+---------------------------------------+------------------------+ | ||
| | options | Options list in a section | encoded in json format | | ||
| +-----------+---------------------------------------+------------------------+ | ||
| | dict | Options with values in a section | encoded in json format | | ||
| +-----------+---------------------------------------+------------------------+ | ||
| | sections | Sections list in a section | text | | ||
| +-----------+---------------------------------------+------------------------+ | ||
| """ | ||
| self.log.notice('Request configuration information') | ||
| optns = self.overpath.strip('/').split('/') | ||
| path = self.args.get('path', '/') | ||
| if not optns or len(optns) > 1: | ||
| raise WErr(404, "You forgot to set attribute.") | ||
|
|
||
| result = S_ERROR('%s request unsuported' % optns[0]) | ||
| if 'version' in self.args and (self.args.get('version') or '0') >= gConfigurationData.getVersion(): | ||
| self.finish() | ||
| if optns[0] == 'dump': | ||
| remoteCFG = yield self.threadTask(gConfigurationData.getRemoteCFG) | ||
| result['Value'] = str(remoteCFG) | ||
| elif optns[0] == 'option': | ||
| result = yield self.threadTask(gConfig.getOption, path) | ||
| elif optns[0] == 'dict': | ||
| result = yield self.threadTask(gConfig.getOptionsDict, path) | ||
| elif optns[0] == 'options': | ||
| result = yield self.threadTask(gConfig.getOptions, path) | ||
| elif optns[0] == 'sections': | ||
| result = yield self.threadTask(gConfig.getSections, path) | ||
| elif optns[0] == 'getGroupsStatusByUsername': | ||
| result = yield self.threadTask(gProxyManager.getGroupsStatusByUsername, **self.args) | ||
| elif any([optns[0] == m and re.match('^[a-z][A-z]+', m) for m in dir(Registry)]) and self.isRegisteredUser(): | ||
| result = yield self.threadTask(getattr(Registry, optns[0]), **self.args) | ||
| else: | ||
| raise WErr(500, '%s request unsuported' % optns[0]) | ||
| # result = yield self.threadTask(getattr(Registry, optns[0]), **self.args) | ||
|
|
||
| if not result['OK']: | ||
| raise WErr(404, result['Message']) | ||
| self.finishJEncode(result['Value']) | ||
|
|
||
| @asyncGen | ||
| def post(self): | ||
| """ Post method | ||
| """ | ||
| pass | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| from __future__ import absolute_import | ||
| from __future__ import division | ||
| from __future__ import print_function | ||
| # $HeadURL$ | ||
| __RCSID__ = "$Id$" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.