Skip to content
Snippets Groups Projects
Commit 3c3da497 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

docstrings

parent 92642b77
Branches
No related tags found
1 merge request!4Cryptoless Tahoe-LAFS storage server plugin
......@@ -118,6 +118,15 @@ def add_arguments(schema, kwargs):
class RITokenAuthorizedStorageServer(RemoteInterface):
"""
An object which can store and retrieve shares, subject to token-based
authorization.
This is much the same as ``allmydata.interfaces.RIStorageServer`` but
several of its methods take an additional ``tokens`` parameter. Clients
are expected to supply suitable tokens and only after the tokens have been
validated is service provided.
"""
__remote_name__ = (
"RITokenAuthorizedStorageServer.tahoe.privatestorage.io"
)
......@@ -148,37 +157,86 @@ class RITokenAuthorizedStorageServer(RemoteInterface):
# attributes on self and it's hard to avoid that.
@attr.s(cmp=False)
class SecureAccessTokenAuthorizerStorageServer(Referenceable):
"""
A class which wraps an ``RIStorageServer`` to insert token validity checks
before allowing certain functionality.
"""
_original = attr.ib(validator=provides(RIStorageServer))
def _validate_tokens(self, tokens):
pass
"""
Check that all of the given tokens are valid.
:raise InvalidToken: If any token in ``tokens`` is not valid.
:return NoneType: If all of the tokens in ``tokens`` are valid.
:note: This is yet to be implemented so it always returns ``None``.
"""
return None
def remote_get_version(self):
"""
Pass through without token check to allow clients to learn about our
version and configuration in case it helps them decide how to behave.
"""
return self._original.remote_get_version()
def remote_allocate_buckets(self, tokens, *a, **kw):
"""
Pass through after a token check to ensure that clients can only allocate
storage for immutable shares if they present valid tokens.
"""
self._validate_tokens(tokens)
return self._original.remote_allocate_buckets(*a, **kw)
def remote_get_buckets(self, storage_index):
"""
Pass through without token check to let clients read immutable shares as
long as those shares exist.
"""
return self._original.remote_get_buckets(storage_index)
def remote_add_lease(self, tokens, *a, **kw):
"""
Pass through after a token check to ensure clients can only extend the
duration of share storage if they present valid tokens.
"""
self._validate_tokens(tokens)
return self._original.remote_add_lease(*a, **kw)
def remote_renew_lease(self, tokens, *a, **kw):
"""
Pass through after a token check to ensure clients can only extend the
duration of share storage if they present valid tokens.
"""
self._validate_tokens(tokens)
return self._original.remote_renew_lease(*a, **kw)
def remote_advise_corrupt_share(self, *a, **kw):
"""
Pass through without a token check to let clients inform us of possible
issues with the system without incurring any cost to themselves.
"""
return self._original.remote_advise_corrupt_share(*a, **kw)
def remote_slot_testv_and_readv_and_writev(self, tokens, *a, **kw):
"""
Pass through after a token check to ensure clients can only allocate
storage for mutable shares if they present valid tokens.
:note: This method can be used both to allocate storage and to rewrite
data in already-allocated storage. These cases may not be the
same from the perspective of token validation.
"""
self._validate_tokens(tokens)
return self._original.remote_slot_testv_and_readv_and_writev(*a, **kw)
def remote_slot_readv(self, *a, **kw):
"""
Pass through without a token check to let clients read mutable shares as
long as those shares exist.
"""
return self._original.remote_slot_readv(*a, **kw)
# I don't understand why this is required.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment