本文整理匯總了Python中calvin.utilities.security.Security.authenticate_subject方法的典型用法代碼示例。如果您正苦於以下問題:Python Security.authenticate_subject方法的具體用法?Python Security.authenticate_subject怎麽用?Python Security.authenticate_subject使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類calvin.utilities.security.Security的用法示例。
在下文中一共展示了Security.authenticate_subject方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: _new_actor
# 需要導入模塊: from calvin.utilities.security import Security [as 別名]
# 或者: from calvin.utilities.security.Security import authenticate_subject [as 別名]
def _new_actor(self, actor_type, actor_id=None, credentials=None):
"""Return a 'bare' actor of actor_type, raises an exception on failure."""
if credentials is not None:
sec = Security(self.node)
sec.set_subject(credentials)
sec.authenticate_subject()
else:
sec = None
(found, is_primitive, class_) = ActorStore(security=sec).lookup(actor_type)
if not found:
# Here assume a primitive actor, now become shadow actor
_log.analyze(self.node.id, "+ NOT FOUND CREATE SHADOW ACTOR", {'class': class_})
found = True
is_primitive = True
class_ = ShadowActor
if not found or not is_primitive:
_log.error("Requested actor %s is not available" % (actor_type))
raise Exception("ERROR_NOT_FOUND")
try:
# Create a 'bare' instance of the actor
a = class_(actor_type, actor_id=actor_id)
except Exception as e:
_log.exception("")
_log.error("The actor %s(%s) can't be instantiated." % (actor_type, class_.__init__))
raise(e)
try:
a.set_credentials(credentials, security=sec)
a._calvinsys = self.node.calvinsys()
a.check_requirements()
except Exception as e:
_log.exception("Catched new from state")
_log.analyze(self.node.id, "+ FAILED REQS CREATE SHADOW ACTOR", {'class': class_})
a = ShadowActor(actor_type, actor_id=actor_id)
a.set_credentials(credentials, security=sec)
a._calvinsys = self.node.calvinsys()
return a示例2: compile
# 需要導入模塊: from calvin.utilities.security import Security [as 別名]
# 或者: from calvin.utilities.security.Security import authenticate_subject [as 別名]
def compile(source_text, filename='', content=None, credentials=None, verify=True, node=None):
# Steps taken:
# 1) Verify signature when credentials supplied
# 2) parser .calvin file -> IR. May produce syntax errors/warnings
# 3) checker IR -> IR. May produce syntax errors/warnings
# 4) analyzer IR -> app. Should not fail. Sets 'valid' property of IR to True/False
deployable = {'valid': False, 'actors': {}, 'connections': {}}
errors = [] #TODO: fill in something meaningful
warnings = []
if credentials:
_log.debug("Check credentials...")
sec = Security(node)
sec.set_subject(credentials)
if not sec.authenticate_subject():
_log.error("Check credentials...failed authentication")
# This error reason is detected in calvin control and gives proper REST response
errors.append({'reason': "401: UNAUTHORIZED", 'line': 0, 'col': 0})
return deployable, errors, warnings
if (not sec.verify_signature_content(content, "application") or not sec.check_security_policy()):
# Verification not OK if sign or cert not OK or if the signer is denied by security policies
print "\n IN DEPLOYER\n "
_log.error("Check credentials...failed application verification")
# This error reason is detected in calvin control and gives proper REST response
errors.append({'reason': "401: UNAUTHORIZED", 'line': None, 'col': None})
return deployable, errors, warnings
_log.debug("Parsing...")
ir, errors, warnings = calvin_parser(source_text, filename)
_log.debug("Parsed %s, %s, %s" % (ir, errors, warnings))
# If there were errors during parsing no IR will be generated
if not errors:
c_errors, c_warnings = check(ir, verify=verify)
errors.extend(c_errors)
warnings.extend(c_warnings)
deployable = generate_app_info(ir, verify=verify)
if errors:
deployable['valid'] = False
_log.debug("Compiled %s, %s, %s" % (deployable, errors, warnings))
return deployable, errors, warnings示例3: compile_script_check_security
# 需要導入模塊: from calvin.utilities.security import Security [as 別名]
# 或者: from calvin.utilities.security.Security import authenticate_subject [as 別名]
def compile_script_check_security(source_text, filename, cb, credentials=None, verify=True, node=None):
"""
Compile a script and return a tuple (deployable, errors, warnings).
'credentials' are optional security credentials(?)
'verify' is deprecated and will be removed
'node' is the runtime performing security check(?)
'cb' is a CalvinCB callback
N.B. If callback 'cb' is given, this method calls cb(deployable, errors, warnings) and returns None
N.B. If callback 'cb' is given, and method runs to completion, cb is called with additional parameter 'security' (?)
"""
def _exit_with_error(callback):
"""Helper method to generate a proper error"""
it = IssueTracker()
it.add_error("UNAUTHORIZED", info={'status':401})
callback({}, it)
def _handle_authentication_decision(source_text, appname, verify, authentication_decision, security, org_cb, content=None):
if not authentication_decision:
_log.error("Authentication failed")
# This error reason is detected in calvin control and gives proper REST response
_exit_with_error(org_cb)
verified, signer = security.verify_signature_content(content, "application")
if not verified:
# Verification not OK if sign or cert not OK.
_log.error("Failed application verification")
# This error reason is detected in calvin control and gives proper REST response
_exit_with_error(org_cb)
security.check_security_policy(
CalvinCB(_handle_policy_decision, source_text, appname, verify, security=security, org_cb=org_cb),
"application",
signer=signer
)
def _handle_policy_decision(source_text, appname, verify, access_decision, org_cb, security=None):
if not access_decision:
_log.error("Access denied")
# This error reason is detected in calvin control and gives proper REST response
_exit_with_error(org_cb)
deployable, issutracker = compile_script(source_text, appname)
org_cb(deployable, issutracker, security=security)
#
# Actual code for compile_script
#
appname = appname_from_filename(filename)
# FIXME: if node is None we bypass security even if enabled. Is that the intention?
if node is not None and security_enabled():
if credentials:
content = Security.verify_signature_get_files(filename, skip_file=True)
# content is ALWAYS a dict if skip_file is True
content['file'] = source_text
else:
content = None
# FIXME: If cb is None, we will return from this method with None instead of a tuple, failing silently
sec = Security(node)
sec.authenticate_subject(
credentials,
callback=CalvinCB(_handle_authentication_decision, source_text, appname, verify, security=sec, org_cb=cb, content=content)
)
return
#
# We get here if node is None, or security is disabled
#
# This used to be
# _handle_policy_decision(source_text, filename, verify, access_decision=True, security=None, org_cb=cb)
# but since _handle_policy_decision is called with access_decision=True, security=None only compile_script would be called
deployable, issuetracker = compile_script(source_text, appname)
cb(deployable, issuetracker, security=None)示例4: Actor
# 需要導入模塊: from calvin.utilities.security import Security [as 別名]
# 或者: from calvin.utilities.security.Security import authenticate_subject [as 別名]
#.........這裏部分代碼省略.........
self.authorization_plugins = None
self.inports = {p: actorport.InPort(p, self) for p in self.inport_names}
self.outports = {p: actorport.OutPort(p, self) for p in self.outport_names}
hooks = {
(Actor.STATUS.PENDING, Actor.STATUS.ENABLED): self.will_start,
(Actor.STATUS.ENABLED, Actor.STATUS.PENDING): self.will_stop,
}
self.fsm = Actor.FSM(Actor.STATUS, Actor.STATUS.LOADED, Actor.VALID_TRANSITIONS, hooks,
allow_invalid_transitions=allow_invalid_transitions,
disable_transition_checks=disable_transition_checks,
disable_state_checks=disable_state_checks)
self.metering.add_actor_info(self)
def set_credentials(self, credentials, security=None):
"""
Set the credentials the actor operates under.
This will trigger an authentication of the credentials.
Optionally an authenticated Security instance can be supplied,
to reduce the needed authentication processing.
"""
_log.debug("actor.py: set_credentials: %s" % credentials)
if credentials is None:
return
self.credentials = credentials
if security:
self.sec = security
else:
if self._calvinsys is not None:
self.sec = Security(self._calvinsys._node)
self.sec.set_subject(self.credentials)
self.sec.authenticate_subject()
def get_credentials(self):
_log.debug("actor.py: get_credentials: %s" % self.credentials)
return self.credentials
@verify_status([STATUS.LOADED])
def setup_complete(self):
self.fsm.transition_to(Actor.STATUS.READY)
def init(self):
raise Exception("Implementing 'init()' is mandatory.")
def will_start(self):
"""Override in actor subclass if actions need to be taken before starting."""
pass
def will_stop(self):
"""Override in actor subclass if actions need to be taken before stopping."""
pass
def will_migrate(self):
"""Override in actor subclass if actions need to be taken before migrating."""
pass
def did_migrate(self):
"""Override in actor subclass if actions need to be taken after migrating."""
pass
def will_end(self):
"""Override in actor subclass if actions need to be taken before destruction."""
pass