Application Realms¶
ApplicationRealm¶
- class cfxdb.mrealm.ApplicationRealm(oid: Optional[UUID] = None, label: Optional[str] = None, description: Optional[str] = None, tags: Optional[List[str]] = None, name: Optional[str] = None, status: Optional[int] = None, workergroup_oid: Optional[UUID] = None, webcluster_oid: Optional[UUID] = None, datamarket_oid: Optional[UUID] = None, changed: Optional[datetime64] = None, owner_oid: Optional[UUID] = None, _unknown: Optional[Any] = None)[source]¶
Bases:
ConfigurationElement
Application realm database configuration object.
- Parameters
oid – Object ID of application realm
label – Optional user label of application realm
description – Optional user description of application realm
tags – Optional list of user tags on application realm
name – Name of application realm
status – Status of application realm.
workergroup_oid – When running, router cluster worker group this application realm is running on.
webcluster_oid – When running, the web cluster to serve as a frontend layer for the application realm.
datamarket_oid – When this application realm is to be federated with nodes paired to a different management realm (master node) or run by different operators.
changed – Timestamp when the application realm was last changed
owner_oid – Owning user (object ID)
- copy(other: ApplicationRealm, overwrite: bool = False)[source]¶
Copy over other object.
- Parameters
other – Other application realm to copy data from.
overwrite – Overwrite members already set.
- class cfxdb.mrealmschema.ApplicationRealms(slot=None, compress=None, marshal=None, unmarshal=None)[source]¶
Bases:
MapUuidCbor
Application realms defined for user application routing (
arealm_oid -> arealm
).
- class cfxdb.mrealmschema.IndexApplicationRealmByName(slot=None, compress=None)[source]¶
Bases:
MapStringUuid
Index of application realms by realm name (
arealm_name -> arealm_oid
).
- class cfxdb.mrealmschema.IndexApplicationRealmByWebCluster(slot=None, compress=None)[source]¶
Bases:
MapUuidStringUuid
Index of application realms by webclusters and realm names (
(webcluster_oid, arealm_name) -> arealm_oid
).
- class cfxdb.mrealm.ApplicationRealmRoleAssociation(arealm_oid: Optional[UUID] = None, role_oid: Optional[UUID] = None, _unknown=None)[source]¶
Bases:
object
Association of a role with an application realm.
- static parse(data)[source]¶
Parse generic host language object into an object of this class.
- Parameters
data (dict) – Generic host language object
- Returns
instance of
WebService
- class cfxdb.mrealmschema.ApplicationRealmRoleAssociations(slot=None, compress=None, marshal=None, unmarshal=None)[source]¶
Bases:
MapUuidUuidCbor
Association of a role with an application realm (
(arealm_oid, role_oid) -> arealm_role_association
).
Principal¶
- class cfxdb.mrealmschema.Principal(oid: Optional[UUID] = None, label: Optional[str] = None, description: Optional[str] = None, tags: Optional[List[str]] = None, modified: Optional[int] = None, arealm_oid: Optional[UUID] = None, authid: Optional[str] = None, role_oid: Optional[UUID] = None, authextra: Optional[dict] = None, _unknown=None)[source]¶
Bases:
ConfigurationElement
Principals created for use with WAMP authentication. A principal represents the identity an application client is authenticated to the application realm joined.
A principal must have at least one
cfxdb.mrealmschema.Credential
added. When an application client connects, it will offer anauthmethod
and request arealm
and (usually)authid
. When a matchingcfxdb.mrealmschema.Credential
is found, and authentication succeeds using that, the client will be authenticated under thecfxdb.mrealmschema.Principal
associated with the credential.Note
It is important to note that while the
realm
andauthid
requested by the client (and defined in the respectivecfxdb.mrealmschema.Credential
) will usually be identical to therealm
andauthid
actually assigned (as defined in thecfxdb.mrealmschema.Principal
associated with the credential), this is allowed to differ in general.- Parameters
oid – Object ID of principal
label – Optional user label of principal
description – Optional user description of principal
tags – Optional list of user tags on principal
modified – Timestamp when the principal was last modified
arealm_oid – ID of the application realm the authenticated principal will be joined to.
authid – WAMP authid of the principal, must be unique within the application realm at any moment in time.
role_oid – ID of the role the authenticated principal will be joined to the application realm.
authextra – Optional authextra information returned to the authenticating principal.
- class cfxdb.mrealmschema.Principals(slot=None, compress=None, marshal=None, unmarshal=None)[source]¶
Bases:
MapUuidCbor
Principals created for use with WAMP authentication (
principal_oid -> principal
).
- class cfxdb.mrealmschema.IndexPrincipalByName(slot=None, compress=None)[source]¶
Bases:
MapUuidStringUuid
Index of principals by application realms and principal names (
(arealm_oid, principal_name) -> principal_oid
).
Credential¶
- class cfxdb.mrealmschema.Credential(oid: Optional[UUID] = None, created: Optional[datetime64] = None, authmethod: Optional[str] = None, authid: Optional[str] = None, realm: Optional[str] = None, authconfig: Optional[dict] = None, principal_oid: Optional[UUID] = None, _unknown=None)[source]¶
Bases:
object
Credentials created for use with WAMP authentication.
- Parameters
oid – Object ID of this credential object
created – Timestamp when credential was created.
authmethod – WAMP authentication method offered by the authenticating client.
realm – WAMP realm requested by the authenticating client.
authid – WAMP authid announced by the authenticating client.
authconfig – Authentication method specific configuration.
principal_oid – ID of the principal this credential resolves to upon successful authentication.
- class cfxdb.mrealmschema.Credentials(slot=None, compress=None, marshal=None, unmarshal=None)[source]¶
Bases:
MapUuidCbor
Credentials created for use with WAMP authentication (
credential_oid -> credential
).
- class cfxdb.mrealmschema.IndexCredentialsByAuth(slot=None, compress=None)[source]¶
Bases:
MapStringStringStringUuid
Index of credentials by authentication method, realm name and authentication ID (
(authmethod, realm_name, authid) -> credential_oid
).
- class cfxdb.mrealmschema.IndexCredentialsByPrincipal(slot=None, compress=None)[source]¶
Bases:
MapUuidTimestampUuid
Index of credentials by principals and modification date (
(principal_oid, modified) -> credential_oid
).
Role¶
- class cfxdb.mrealm.Role(oid: Optional[UUID] = None, label: Optional[str] = None, description: Optional[str] = None, tags: Optional[List[str]] = None, name: Optional[str] = None, created: Optional[datetime64] = None, owner: Optional[UUID] = None, _unknown=None)[source]¶
Bases:
ConfigurationElement
Roles created for use with application-level authorization and permissions in application realms.
- Parameters
oid – Object ID of role
label – Optional user label of role
description – Optional user description of role
tags – Optional list of user tags on role
name – Name of role
created – Timestamp when the role was created
owner – Owning user (object ID)
- copy(other, overwrite=False)[source]¶
Copy over other object.
- Parameters
other (instance of
ManagementRealm
) – Other role to copy data from.- Returns
- static parse(data)[source]¶
Parse generic host language object into an object of this class.
- Parameters
data (dict) – Generic host language object
- Returns
instance of
ManagementRealm
- class cfxdb.mrealmschema.Roles(slot=None, compress=None, marshal=None, unmarshal=None)[source]¶
Bases:
MapUuidCbor
Roles created for use with application-level authorization and permissions in application realms (
role_oid -> role
).
- class cfxdb.mrealmschema.IndexRoleByName(slot=None, compress=None)[source]¶
Bases:
MapStringUuid
Index of roles by role names (
role_name -> role_oid
).
Permission¶
- class cfxdb.mrealm.Permission(oid: Optional[UUID] = None, label: Optional[str] = None, description: Optional[str] = None, tags: Optional[List[str]] = None, role_oid: Optional[UUID] = None, uri: Optional[str] = None, uri_check_level: Optional[int] = None, match: Optional[int] = None, allow_call: Optional[bool] = None, allow_register: Optional[bool] = None, allow_publish: Optional[bool] = None, allow_subscribe: Optional[bool] = None, disclose_caller: Optional[bool] = None, disclose_publisher: Optional[bool] = None, cache: Optional[bool] = None, created: Optional[datetime64] = None, owner: Optional[UUID] = None, _unknown=None)[source]¶
Bases:
ConfigurationElement
Role permission database object.
- Parameters
oid – Object ID of this permission object
label – Optional user label of permission
description – Optional user description of permission
tags – Optional list of user tags on permission
role_oid – Object ID of role this permission applies to.
uri – URI matched for permission.
created – Timestamp when the permission was created
owner – Owning user (object ID)
- copy(other, overwrite=False)[source]¶
Copy over other object.
- Parameters
other (instance of
ManagementRealm
) – Other permission to copy data from.- Returns
- static parse(data)[source]¶
Parse generic host language object into an object of this class.
- Parameters
data (dict) – Generic host language object
- Returns
instance of
ManagementRealm
- class cfxdb.mrealmschema.Permissions(slot=None, compress=None, marshal=None, unmarshal=None)[source]¶
Bases:
MapUuidCbor
Role permission database object (
permission_oid -> permission
).
- class cfxdb.mrealmschema.IndexPermissionByUri(slot=None, compress=None)[source]¶
Bases:
MapUuidStringUuid
Index of role permissions by roles and URIs (
(role_oid, uri) -> permission_oid
).