Added preliminary descriptions of the authorization, jobsets, statuses and oar services.

593aeb2a · Cyril Rohr · db478fd3 · 593aeb2a · 593aeb2a · 593aeb2a
Commit 593aeb2a authored 16 years ago by Cyril Rohr
--- a/data/grid5000/services/authorization.json
+++ b/data/grid5000/services/authorization.json
+{
+  "contact": "cyril.rohr@irisa.fr",
+  "description": "Returns the access policy for a particular service accessed by a given user.",
+  "doc": "\/authorization\/doc",
+  "name": "Authorization",
+  "type": "service",
+  "uid": "authorization",
+  "uri": "\/authorization"
+}
\ No newline at end of file
--- a/data/grid5000/services/jobsets.json
+++ b/data/grid5000/services/jobsets.json
+{
+  "description": "Manages the creation\/deletion and update of job sets.",
+  "doc": "\/jobsets\/doc",
+  "name": "Jobsets",
+  "policies": {
+    "DELETE": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    },
+    "GET": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    },
+    "POST": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    },
+    "PUT": {
+      "admin_groups": "CT",
+      "authorized_groups": "rennes,grenoble,bordeaux,toulouse,sophia,orsay,nancy,lille,lyon",
+      "user_must_be_owner": true
+    }
+  },
+  "type": "service",
+  "uid": "jobsets",
+  "uri": "\/jobsets"
+}
\ No newline at end of file
--- a/data/grid5000/services/oar.json
+++ b/data/grid5000/services/oar.json
+{
+  "contact": "bruno.bzeznik@imag.fr",
+  "description": null,
+  "doc": null,
+  "name": "OAR",
+  "type": "service",
+  "uid": "oar",
+  "uri": "\/oar-site"
+}
\ No newline at end of file
--- a/data/grid5000/services/statuses.json
+++ b/data/grid5000/services/statuses.json
+{
+  "contact": "cyril.rohr@irisa.fr",
+  "description": "Returns the status of a given resource.",
+  "doc": "\/statuses\/doc",
+  "name": "Statuses",
+  "type": "service",
+  "uid": "statuses",
+  "uri": "\/statuses"
+}
\ No newline at end of file
--- a/generators/input/services.rb
+++ b/generators/input/services.rb
-# TODO: services and their access policies
\ No newline at end of file
+# +policies+ is a hash describing the policies for authorizing or refusing access to a particular operation on a specific service:
+#   * the key is the name of the operation (in the case of REST APIs, the operation should be one of the HTTP methods);
+#   * the value is a hash that must contain:
+#     - a comma separated list of +authorized_groups+ ("*" if no restriction),
+#     - a +user_must_be_owner+ boolean indicating if the user requesting the resource must also own it and,
+#     - a comma separated list of +admin_groups+, who will be able to access the resource even if they do not own it.
+# No +policies+ means that the authorization decision is delegated to the API receiving the request.
+service :authorization do
+  name "Authorization"
+  description "Returns the access policy for a particular service accessed by a given user."
+  doc "/authorization/doc"
+  uri "/authorization"
+  contact "cyril.rohr@irisa.fr"
+end
+
+service :jobsets do
+  name "Jobsets"
+  description "Manages the creation/deletion and update of job sets."
+  uri "/jobsets"
+  doc "/jobsets/doc"
+  policies( 'GET' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
+            'POST' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
+            'DELETE' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true},
+            'PUT' => {:admin_groups => "CT", :authorized_groups => SITES.join(","), :user_must_be_owner => true}  )
+end
+
+service :statuses do
+  name "Statuses"
+  uri "/statuses"
+  doc "/statuses/doc"
+  contact "cyril.rohr@irisa.fr"
+  description "Returns the status of a given resource."
+end
+
+service :oar do
+  name "OAR"
+  uri "/oar-site"
+  doc
+  contact "bruno.bzeznik@imag.fr"
+  description
+end
\ No newline at end of file
--- a/generators/lib/g5k_generator.rb
+++ b/generators/lib/g5k_generator.rb
 module G5K
+  SITES = %w{rennes grenoble bordeaux toulouse sophia orsay nancy lille lyon}
+  
  class Tree < Hash
    attr_reader :contents, :path
    def write(repository, &block)
@@ -48,14 +50,14 @@ module G5K
    end
  end

-class ReferenceGenerator
+class ReferenceGenerator  
  attr_reader :data
  
  def method_missing(method, *args)
    @context.recursive_merge!(method.to_sym => args.first)
  end
  
-  %w{site cluster environment node}.each do |method|
+  %w{site cluster environment node service}.each do |method|
    define_method(method) do |uid, *options, &block|
      key = method.pluralize.to_sym
      uid = uid.to_s