source: TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py @ 7756

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py@7756
Revision 7756, 4.9 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • Property svn:executable set to *
  • Property svn:keywords set to Id
Line 
1#!/usr/bin/env python
2"""NDG Security Paster template classes
3
4NERC DataGrid Project
5"""
6__author__ = "P J Kershaw"
7__date__ = "20/10/2010"
8__copyright__ = "(C) 2010 Science and Technology Facilities Council"
9__license__ = "BSD - see top-level directory for LICENSE file"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = "$Id$"
12
13import os
14import socket
15import base64
16from paste.script.templates import Template, var, _skip_variables
17_hostTuple = socket.gethostbyaddr(socket.gethostname())
18try:
19    # Get first alias from list if present
20    _hostname = _hostTuple[1][0]
21except IndexError:
22    # ... or default to hostname
23    _hostname = _hostTuple[0]
24   
25vars = [
26    var('siteName', 
27        ('Full name for this site used by the Attribute Authority to describe '
28         'this site'),
29        default='NDG Partner Site'),
30    var('attributeAuthorityID', 
31        ('Unique identity by which this Attribute Authority will be known by '
32         'other trusted sites'),
33        default=_hostname)
34]
35
36class DefaultDeploymentTemplate(Template):
37    _template_dir = 'default_deployment'
38    summary = 'NERC DataGrid Security services deployment template'
39    vars = vars
40
41# Single Sign On Service not included in this template
42#    def write_files(self, command, output_dir, vars):
43#        '''Extend to enable substitutions for Single Sign On Service config
44#        file'''
45#        if output_dir.startswith('./'):
46#            outDir = output_dir.lstrip('./')
47#        else:
48#            outDir = output_dir
49#           
50#        vars['ssoConfigDir'] = os.path.join(os.getcwd(), outDir, 'sso')
51#        super(DefaultDeploymentTemplate, self).write_files(command,
52#                                                           output_dir,
53#                                                           vars)
54       
55class FullDeploymentTemplate(Template):
56    _template_dir = 'full_deployment'
57    summary = ('NERC DataGrid Security services full deployment template '
58               'including the Single Sign On Service')
59    vars = vars
60
61    def write_files(self, command, output_dir, vars):
62        '''Extend to enable substitutions for Single Sign On Service config
63        file'''
64        if output_dir.startswith('./'):
65            outDir = output_dir.lstrip('./')
66        else:
67            outDir = output_dir
68           
69        vars['installDir'] = os.path.join(os.getcwd(), outDir)
70        super(FullDeploymentTemplate, self).write_files(command, 
71                                                        output_dir, 
72                                                        vars)
73
74       
75class SecuredAppTemplate(Template):
76    _template_dir = 'full_deployment'
77    summary = (
78        'Template to secure an application with NERC DataGrid Security '
79        'authentication and authorisation filters')
80    vars = [
81        var('hostname', 
82            ('Virtual host name to mount services on'),
83            default=_hostname),
84
85        var('authkitCookieSecret', 
86            ('Cookie secret for AuthKit authentication middleware (if using a '
87             'separate SSL based OpenID Relying Party then this value MUST '
88             'agree with the one used for that ini file'),
89            default=base64.b64encode(os.urandom(32))[:32]),
90
91        var('beakerSessionSecret', 
92            ('Cookie secret for keeping security session state'),
93            default=base64.b64encode(os.urandom(32))[:32])
94    ]
95
96    def write_files(self, command, output_dir, vars):
97        '''Extend to enable substitutions for Single Sign On Service config
98        file'''
99        if output_dir.startswith('./'):
100            outDir = output_dir.lstrip('./')
101        else:
102            outDir = output_dir
103           
104        vars['installDir'] = os.path.join(os.getcwd(), outDir)
105        super(FullDeploymentTemplate, self).write_files(command, 
106                                                        output_dir, 
107                                                        vars)
108
109       
110from ndg.saml.saml2.core import Issuer
111
112class AuthorisationServiceTemplate(Template):
113    """Paster template for the authorisation service"""
114   
115    DEFAULT_MOUNT_POINT = '/AuthorisationService'
116    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost'
117    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT
118   
119    _template_dir = 'authorisationservice'
120    summary = (
121        'Template to create an NDG Security Authorisation Service')
122    vars = [
123        var('mountPoint', 
124            ('URI path to mount service i.e. https://myhost/<mountPoint>'),
125            default=DEFAULT_MOUNT_POINT),
126
127        var('issuerName', 
128            ('ID of this service used in SAML queries and responses'),
129            default=DEFAULT_ISSUER_NAME),
130
131        var('issuerFormat', 
132            ('Format of issuerName string; if using the default, ensure that '
133             'the issuerName value is a correctly formatted X.509 Subject '
134             'Name'),
135            default=DEFAULT_ISSUER_FORMAT)
136    ]
137
138     
Note: See TracBrowser for help on using the repository browser.