Access Policy module.

class arrowhead_client.security.access_policy.AccessPolicy

Abstract class for access policies.

abstract is_authorized(consumer_cert_str, auth_header, **kwargs)

Check if consumer is authorized to consume the provided service.

Return type

bool

Returns

True if authorized, False if not authorized or an error occurs.

Parameters

  • consumer_cert_str (str) –

  • auth_header (str) –

class arrowhead_client.security.access_policy.CertificateAccessPolicy

Access policy used when AccessPolicy.CERTIFICATE is specified.

is_authorized(consumer_cert_str, *args, **kwargs)

Check valid PEM certificate.

Parameters

consumer_cert_str (str) – PEM certificate string.

Return type

bool

Returns

True if given a valid PEM certificate, False otherwise.

class arrowhead_client.security.access_policy.TokenAccessPolicy(provided_service, provider_keyfile, auth_info)

Access policy used when AccessPolicy.TOKEN is specified.

Parameters

  • provided_service (Service) – Service instance.

  • provider_keyfile (str) – Provider keyfile path.

  • auth_info (str) – Public key of the Authorization system in the local cloud.

Return type

None

is_authorized(consumer_cert_str, auth_header, **kwargs)

Checks if given token is valid.

Parameters

  • consumer_cert_str (str) – PEM certificate string.

  • auth_header (str) – String of format 'Bearer <TOKEN>'.

Return type

bool

Returns

True if valid token, False if invalid token or error occurs.

class arrowhead_client.security.access_policy.UnrestrictedAccessPolicy

Access policy used when AccessPolicy.UNRESTRICTED is specified.

This access policy should only be used in development.

is_authorized(*args, **kwargs)

No checks, always returns True

Return type

bool

Returns

True

arrowhead_client.security.access_policy.get_access_policy(policy_name, provided_service, privatekey, **kwargs)

Factory function for access policies.

Parameters

  • policy_name (str) – Either TOKEN, CERTIFICATE, or UNRESTRICTED.

  • provided_service (Service) – Service instance.

  • privatekey (Any) – Provider keyfile path.

  • authorization_key – Authorization core system public key.

Return type

AccessPolicy

Returns

Initialized AccessPolicy instance.