Commit 593aeb2a authored by Cyril Rohr's avatar Cyril Rohr
Browse files

Added preliminary descriptions of the authorization, jobsets, statuses and oar services.

parent db478fd3
{
"contact": "cyril.rohr@irisa.fr",
"description": "Returns the access policy for a particular service accessed by a given user.",
"doc": "\/authorization\/doc",
"name": "Authorization",
"type": "service",
"uid": "authorization",
"uri": "\/authorization"
}
\ No newline at end of file
{
"description": "Manages the creation\/deletion and update of job sets.",
"doc": "\/jobsets\/doc",
"name": "Jobsets",
"policies": {
"DELETE": {
"admin_groups": "CT",
"authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
"user_must_be_owner": true
},
"GET": {
"admin_groups": "CT",
"authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
"user_must_be_owner": true
},
"POST": {
"admin_groups": "CT",
"authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
"user_must_be_owner": true
},
"PUT": {
"admin_groups": "CT",
"authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
"user_must_be_owner": true
}
},
"type": "service",
"uid": "jobsets",
"uri": "\/jobsets"
}
\ No newline at end of file
{
"contact": "bruno.bzeznik@imag.fr",
"description": null,
"doc": null,
"name": "OAR",
"type": "service",
"uid": "oar",
"uri": "\/oar-site"
}
\ No newline at end of file
{
"contact": "cyril.rohr@irisa.fr",
"description": "Returns the status of a given resource.",
"doc": "\/statuses\/doc",
"name": "Statuses",
"type": "service",
"uid": "statuses",
"uri": "\/statuses"
}
\ No newline at end of file
# TODO: services and their access policies
\ No newline at end of file
# +policies+ is a hash describing the policies for authorizing or refusing access to a particular operation on a specific service:
# * the key is the name of the operation (in the case of REST APIs, the operation should be one of the HTTP methods);
# * the value is a hash that must contain:
# - a comma separated list of +authorized_groups+ ("*" if no restriction),
# - a +user_must_be_owner+ boolean indicating if the user requesting the resource must also own it and,
# - a comma separated list of +admin_groups+, who will be able to access the resource even if they do not own it.
# No +policies+ means that the authorization decision is delegated to the API receiving the request.
service :authorization do
name "Authorization"
description "Returns the access policy for a particular service accessed by a given user."
doc "/authorization/doc"
uri "/authorization"
contact "cyril.rohr@irisa.fr"
end
service :jobsets do
name "Jobsets"
description "Manages the creation/deletion and update of job sets."
uri "/jobsets"
doc "/jobsets/doc"
policies( 'GET' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
'POST' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
'DELETE' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
'PUT' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true} )
end
service :statuses do
name "Statuses"
uri "/statuses"
doc "/statuses/doc"
contact "cyril.rohr@irisa.fr"
description "Returns the status of a given resource."
end
service :oar do
name "OAR"
uri "/oar-site"
doc
contact "bruno.bzeznik@imag.fr"
description
end
\ No newline at end of file
module G5K
SITES = %w{rennes grenoble bordeaux toulouse sophia orsay nancy lille lyon}
class Tree < Hash
attr_reader :contents, :path
def write(repository, &block)
......@@ -48,14 +50,14 @@ module G5K
end
end
class ReferenceGenerator
class ReferenceGenerator
attr_reader :data
def method_missing(method, *args)
@context.recursive_merge!(method.to_sym => args.first)
end
%w{site cluster environment node}.each do |method|
%w{site cluster environment node service}.each do |method|
define_method(method) do |uid, *options, &block|
key = method.pluralize.to_sym
uid = uid.to_s
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment