diff options
Diffstat (limited to 'macaroonbakery/bakery/_bakery.py')
-rw-r--r-- | macaroonbakery/bakery/_bakery.py | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/macaroonbakery/bakery/_bakery.py b/macaroonbakery/bakery/_bakery.py new file mode 100644 index 0000000..8fac9ce --- /dev/null +++ b/macaroonbakery/bakery/_bakery.py @@ -0,0 +1,72 @@ +# Copyright 2017 Canonical Ltd. +# Licensed under the LGPLv3, see LICENCE file for details. + +from ._authorizer import ClosedAuthorizer +from ._checker import Checker +import macaroonbakery.checkers as checkers +from ._oven import Oven + + +class Bakery(object): + '''Convenience class that contains both an Oven and a Checker. + ''' + def __init__(self, location=None, locator=None, ops_store=None, key=None, + identity_client=None, checker=None, root_key_store=None, + authorizer=ClosedAuthorizer()): + '''Returns a new Bakery instance which combines an Oven with a + Checker for the convenience of callers that wish to use both + together. + @param checker holds the checker used to check first party caveats. + If this is None, it will use checkers.Checker(None). + @param root_key_store holds the root key store to use. + If you need to use a different root key store for different operations, + you'll need to pass a root_key_store_for_ops value to Oven directly. + @param root_key_store If this is None, it will use MemoryKeyStore(). + Note that that is almost certain insufficient for production services + that are spread across multiple instances or that need + to persist keys across restarts. + @param locator is used to find out information on third parties when + adding third party caveats. If this is None, no non-local third + party caveats can be added. + @param key holds the private key of the oven. If this is None, + no third party caveats may be added. + @param identity_client holds the identity implementation to use for + authentication. If this is None, no authentication will be possible. + @param authorizer is used to check whether an authenticated user is + allowed to perform operations. If it is None, it will use + a ClosedAuthorizer. + The identity parameter passed to authorizer.allow will + always have been obtained from a call to + IdentityClient.declared_identity. + @param ops_store used to persistently store the association of + multi-op entities with their associated operations + when oven.macaroon is called with multiple operations. + @param location holds the location to use when creating new macaroons. + ''' + + if checker is None: + checker = checkers.Checker() + root_keystore_for_ops = None + if root_key_store is not None: + def root_keystore_for_ops(ops): + return root_key_store + + oven = Oven(key=key, + location=location, + locator=locator, + namespace=checker.namespace(), + root_keystore_for_ops=root_keystore_for_ops, + ops_store=ops_store) + self._oven = oven + + self._checker = Checker(checker=checker, authorizer=authorizer, + identity_client=identity_client, + macaroon_opstore=oven) + + @property + def oven(self): + return self._oven + + @property + def checker(self): + return self._checker |