source: cows_wps/trunk/bin/create_policy_file.py @ 7535

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/cows_wps/trunk/bin/create_policy_file.py@7535
Revision 7535, 3.1 KB checked in by astephen, 11 years ago (diff)

Fixed to async argument handler working.

  • Property svn:executable set to *
Line 
1#!/usr/bin/env python
2
3"""
4create_policy_file.py
5=====================
6
7Reads the ``roles_info.ini`` configuration script and generates a policy file based
8on the rules defined in that script.
9
10Usage:
11======
12
13    bin/create_policy_file.py
14
15NOTE: policy file is currently written to standard out so you have to redirect it
16to and actual file.
17
18"""
19
20# Standard library imports
21import os
22
23# Local imports
24from cows_wps.utils.parse_roles_config import roles_info
25
26policy_skeleton = """<?xml version="1.0" encoding="UTF-8"?>
27<Policy PolicyId="CEDA Test WPS Authorisation Policy" xmlns="urn:ndg:security:authz:1.1:policy">
28    <Description>Restrict access for CEDA WPS security tests</Description>
29%(body)s
30
31</Policy>"""
32
33target_template = """
34    <Target>
35        <URIPattern>^/%(regex)s$</URIPattern>
36        <Attributes>
37            <Attribute>
38                <Name>%(role)s</Name>
39                <AttributeAuthorityURI>https://ceda.ac.uk/AttributeAuthority</AttributeAuthorityURI>
40            </Attribute>
41        </Attributes>
42    </Target>
43"""
44
45
46known_patterns = ("use:FilePath=/badc/(.+?)/data",
47                  "use:Dataset=(.+?)")
48
49
50def reverseMap(dct, rtype = "list"):
51    "Returns a list (sorted) or dict of tuples of (value, key) from dct)."
52    r = []
53
54    for k, v in dct.items():
55        r.append((v, k))
56
57    r.sort()
58
59    if rtype == "dict":
60        r = dict(r)
61
62    return r
63
64def compilePolicy():
65    "Reads ``roles_info.ini`` config file and generates policy from it."
66    roles = roles_info["roles"]
67    roles_reversed = reverseMap(roles)
68    role_map = roles_info["proc_role_map"]
69    arg_map = roles_info["pattern_role_map"]
70    arg_map_ordered_keys = arg_map.keys()
71    arg_map_ordered_keys.sort()
72
73    # Order the process ids
74    proc_ids = role_map.keys()
75    proc_ids.sort()
76
77    policies = ""
78
79    for proc_id in proc_ids:
80        pattern = role_map[proc_id]
81
82        if pattern.find("use:") == 0:
83            if pattern not in known_patterns:
84                raise Exception("Unrecognised pattern in 'roles_info.ini' file: '%s'." % pattern)
85
86            pattern_modified = pattern[4:].replace("=", ",")
87
88            for arg in arg_map_ordered_keys:
89               
90                role = arg_map[arg]
91                if role == "none": continue
92
93#                mapped_role = arg_map[role]
94                role_specific_pattern = pattern_modified.replace("(.+?)", arg)
95                proc_id_and_arg_pattern = ".*%s.*%s.*" % (proc_id, role_specific_pattern)
96
97                pol = target_template % {"regex": proc_id_and_arg_pattern, "role": role}   
98                policies += pol
99
100        else:
101
102            if pattern != "none":
103                pol = target_template % {"regex": ".*%s.*" % proc_id, "role": pattern}
104                policies += pol
105
106    # Now do download URLs based on numeric roles
107    for (rn, role) in roles_reversed:
108
109        if role == "none": continue
110
111        dl_pattern = "dl/%s/.*?/.*" % rn   
112        pol = target_template % {"regex": dl_pattern, "role": role} 
113        policies += pol
114
115    xml = policy_skeleton % {"body": policies}
116    print xml
117
118if __name__ == "__main__":
119
120    compilePolicy()
Note: See TracBrowser for help on using the repository browser.