source: cows_wps/trunk/bin/create_policy_file.py @ 7524

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/cows_wps/trunk/bin/create_policy_file.py@7524
Revision 7524, 2.4 KB checked in by astephen, 9 years ago (diff)

WOrking on policy creator

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""
4create_policy_file.py
5=====================
6
7Reads the ``roles_info.ini`` configuration script and generates a policy file based
8on the rules defined in that script.
9
10Usage:
11======
12
13    bin/create_policy_file.py
14
15NOTE: policy file is currently written to standard out so you have to redirect it
16to and actual file.
17
18"""
19
20# Standard library imports
21import os
22
23# Local imports
24from cows_wps.utils.parse_roles_config import roles_info
25
26policy_skeleton = """<?xml version="1.0" encoding="UTF-8"?>
27<Policy PolicyId="CEDA Test WPS Authorisation Policy" xmlns="urn:ndg:security:authz:1.1:policy">
28    <Description>Restrict access for CEDA WPS security tests</Description>
29
30%(body)s
31
32</Policy>"""
33
34target_template = """
35    <Target>
36        <URIPattern>^/%(regex)s$</URIPattern>
37        <Attributes>
38            <Attribute>
39                <Name>%(role)s</Name>
40                <AttributeAuthorityURI>https://ceda.ac.uk/AttributeAuthority</AttributeAuthorityURI>
41            </Attribute>
42        </Attributes>
43    </Target>"""
44
45
46known_patterns = ("use:FilePath=/badc/(.+?)/data",
47                  "use:Dataset=(.+?)")
48
49
50def reverseMap(dct, rtype = "list"):
51    "Returns a list (sorted) or dict of tuples of (value, key) from dct)."
52    r = []
53
54    for k, v in dct.items():
55        r.append((v, k))
56
57    r.sort()
58
59    if rtype == "dict":
60        r = dict(r)
61
62    return r
63
64def compilePolicy():
65    "Reads ``roles_info.ini`` config file and generates policy from it."
66    role_map = roles_info["proc_role_map"]
67    roles = reverseMap(roles_info["roles"])
68    arg_map = reverseMap(roles_info["pattern_role_map"], rtype = "dict")
69
70    # Order the process ids
71    proc_ids = role_map.keys()
72    proc_ids.sort()
73
74    policies = ""
75
76    for proc_id in proc_ids:
77        pattern = role_map[proc_id]
78
79        if pattern.find("use:") == 0:
80            if pattern not in known_patterns:
81                raise Exception("Unrecognised pattern in 'roles_info.ini' file: '%s'." % pattern)
82
83            pattern_modified = pattern[4:].replace("=", ",")
84
85            for (role_number, role) in roles:
86
87                pol = target_template % {"regex": pattern_modified, "role": role}   
88                policies += pol
89
90        else:
91            pol = target_template % {"regex": pattern, "role": role}
92            policies += pol
93
94    xml = policy_skeleton % {"body": policies}
95    print xml
96
97    # Now do downloads
98    print "NOW DO DOWNLOADS"
99
100   
101
102if __name__ == "__main__":
103
104    compilePolicy()
Note: See TracBrowser for help on using the repository browser.