Changeset f77a256d1f481032d22a5052d21211d6cb913daa
- Timestamp:
- 01/11/12 16:02:07 (4 months ago)
- Author:
- Ted Faber <faber@…>
- Children:
- 6886c5a287706d5b43064ea4e5ff217aee2b0319
- Parents:
- ee950c2260d0e0d90dc0a6a4d78740b92459415b
- git-committer:
- Ted Faber <faber@isi.edu> / 2012-01-11T16:02:07Z-0800
- Message:
-
DETER plugin can act as users now
- Location:
- fedd
- Files:
-
Legend:
- Unmodified
- Added
- Removed
-
|
rf3898f7
|
rf77a256
|
|
| 71 | 71 | # All the local parsing functions get the unparsed remainder of the line |
| 72 | 72 | # (after the three-name and the attribute it maps to), the credential list to |
| 73 | | # add the new ABAC credential(s) that will be mapped into the loacl |
| | 73 | # add the new ABAC credential(s) that will be mapped into the local |
| 74 | 74 | # credentials, the fedid of this entity, a dict mapping the local credentials |
| 75 | 75 | # to ABAC credentials that are required to exercise those local rights and the |
| … |
… |
|
| 77 | 77 | def parse_emulab(l, creds, me, to_id, p, gp, gu, lr): |
| 78 | 78 | ''' |
| 79 | | Parse the emulab (project, allocation_user, access_user) format. Access |
| 80 | | users are deprecates and allocation users used for both. This fuction |
| 81 | | collapses them. |
| 82 | | ''' |
| 83 | | right_side_str = '\s*,\s*\(\s*%s\s*,\s*%s\s*,\s*%s\s*\)' % \ |
| 84 | | (proj_same_str, id_same_str,id_same_str) |
| | 79 | Parse the emulab (project, allocation_user, cert_file) format. |
| | 80 | ''' |
| | 81 | right_side_str = '\s*,\s*\(\s*%s\s*,\s*%s\s*,\s*(%s)\s*\)' % \ |
| | 82 | (proj_same_str, id_same_str,path_str) |
| 85 | 83 | |
| 86 | 84 | m = re.match(right_side_str, l) |
| 87 | 85 | if m: |
| 88 | | project, user = m.group(1,2) |
| | 86 | project, user, cert = m.group(1,2,3) |
| 89 | 87 | # Resolve "<same>"s in project and user |
| 90 | 88 | if project == '<same>': |
| … |
… |
|
| 114 | 112 | [attribute(p, x, lr) for x in (gp, gu) if x is not None]) |
| 115 | 113 | creds.add(c) |
| 116 | | if (project, user) in to_id: to_id[(project,user)].append(c) |
| 117 | | else: to_id[(project,user |
| | 114 | if (project, user,cert) in to_id: to_id[(project,user,cert)].append(c) |
| | 115 | else: to_id[(project,user,cert)] = [ c ] |
| 118 | 116 | else: |
| 119 | 117 | raise parse_error("Badly formatted local mapping: %s" % l) |
| … |
… |
|
| 320 | 318 | id_str = '[a-zA-Z][\w_-]*' |
| 321 | 319 | proj_str = '[a-zA-Z][\w_/-]*' |
| 322 | | path_str = '[a-zA-Z |
| | 320 | path_str = '[a-zA-Z0-9_/\.-]+' |
| 323 | 321 | id_any_str = '(%s|<any>)' % id_str |
| 324 | 322 | proj_any_str = '(%s|<any>)' % proj_str |
-
|
ree950c2
|
rf77a256
|
|
| 176 | 176 | def access_tuple(str): |
| 177 | 177 | """ |
| 178 | | Convert a string of the form (id, id) into an access_project. This is |
| 179 | | called by read_access to convert to local attributes. It returns |
| 180 | | a tuple of the form (project, user). |
| | 178 | Convert a string of the form (id, id, id) into an access_project. This |
| | 179 | is called by read_access to convert to local attributes. It returns a |
| | 180 | tuple of the form (project, user, certificate_file). |
| 181 | 181 | """ |
| 182 | 182 | |
| 183 | 183 | str = str.strip() |
| 184 | | if str.startswith('(') and str.endswith(')') and str.count(',') == 1: |
| | 184 | if str.startswith('(') and str.endswith(')') and str.count(',') == 2: |
| 185 | 185 | # The slice takes the parens off the string. |
| 186 | | proj, user |
| 187 | | return (proj.strip(), user.strip() |
| | 186 | proj, user, cert = str[1:-1].split(',') |
| | 187 | return (proj.strip(), user.strip(), cert.strip()) |
| 188 | 188 | else: |
| 189 | 189 | raise self.parse_error( |
| 190 | | 'Bad mapping (unbalanced parens or more than 1 comma)') |
| | 190 | 'Bad mapping (unbalanced parens or more than 2 commas)') |
| 191 | 191 | |
| 192 | 192 | # RequestAccess support routines |
| 193 | 193 | |
| 194 | | def save_project_state(self, aid, pname, uname, |
| | 194 | def save_project_state(self, aid, pname, uname, certf, owners): |
| 195 | 195 | """ |
| 196 | 196 | Save the project, user, and owners associated with this allocation. |
| … |
… |
|
| 201 | 201 | self.allocation[aid]['project'] = pname |
| 202 | 202 | self.allocation[aid]['user'] = uname |
| | 203 | self.allocation[aid]['cert'] = certf |
| 203 | 204 | self.allocation[aid]['owners'] = owners |
| 204 | 205 | self.write_state() |
| … |
… |
|
| 272 | 273 | aid = unicode(allocID) |
| 273 | 274 | |
| 274 | | pname, uname = self.save_project_state(aid, found[0], found[1], owners) |
| | 275 | pname, uname = self.save_project_state(aid, found[0], found[1], |
| | 276 | found[2], owners) |
| 275 | 277 | |
| 276 | 278 | services, svc_state = self.export_services(req.get('service',[]), |
| … |
… |
|
| 690 | 692 | if aid in self.allocation: |
| 691 | 693 | user = self.allocation[aid].get('user', None) |
| | 694 | cert = self.allocation[aid].get('cert', None) |
| 692 | 695 | self.allocation[aid]['experiment'] = ename |
| 693 | 696 | self.allocation[aid]['nonce'] = nonce_experiment |
| … |
… |
|
| 711 | 714 | "Can't find creation user for %s" %aid) |
| 712 | 715 | |
| 713 | | return (ename, proj, user, |
| | 716 | return (ename, proj, user, cert, pubkey_base, secretkey_base, alloc_log) |
| 714 | 717 | |
| 715 | 718 | def decorate_topology(self, info, t): |
| … |
… |
|
| 853 | 856 | try: |
| 854 | 857 | self.retrieve_software(topo, certfile, softdir) |
| 855 | | ename, proj, user, pubkey_base, secretkey_base, alloc_log = \ |
| 856 | | self.initialize_experiment_info(attrs, aid, |
| 857 | | certfile, tmpdir) |
| | 858 | ename, proj, user, xmlrpc_cert, pubkey_base, secretkey_base, \ |
| | 859 | alloc_log = self.initialize_experiment_info(attrs, aid, |
| | 860 | certfile, tmpdir) |
| 858 | 861 | |
| 859 | 862 | if '/' in proj: proj, gid = proj.split('/') |
| … |
… |
|
| 877 | 880 | starter = self.start_segment(keyfile=self.ssh_privkey_file, |
| 878 | 881 | debug=self.create_debug, log=alloc_log, boss=self.boss, |
| 879 | | ops=self.ops, cert=self.xmlrpc_cert) |
| | 882 | ops=self.ops, cert=xmlrpc_cert) |
| 880 | 883 | rv = starter(self, ename, proj, user, expfile, tmpdir, gid=gid) |
| 881 | 884 | except service_error, e: |
| … |
… |
|
| 918 | 921 | proj = self.allocation[aid].get('project', None) |
| 919 | 922 | user = self.allocation[aid].get('user', None) |
| | 923 | xmlrpc_cert = self.allocation[aid].get('cert', None) |
| 920 | 924 | ename = self.allocation[aid].get('experiment', None) |
| 921 | 925 | nonce = self.allocation[aid].get('nonce', False) |
| … |
… |
|
| 925 | 929 | ename = None |
| 926 | 930 | nonce = False |
| | 931 | xmlrpc_cert = None |
| 927 | 932 | self.state_lock.release() |
| 928 | 933 | |
| … |
… |
|
| 942 | 947 | stopper = self.stop_segment(keyfile=self.ssh_privkey_file, |
| 943 | 948 | debug=self.create_debug, boss=self.boss, ops=self.ops, |
| 944 | | cert=self.xmlrpc_cert) |
| | 949 | cert=xmlrpc_cert) |
| 945 | 950 | stopper(self, user, proj, ename, gid, nonce) |
| 946 | 951 | return { 'allocID': req['allocID'], 'proof': proof.to_dict() } |
| … |
… |
|
| 966 | 971 | proj = self.allocation[aid].get('project', None) |
| 967 | 972 | user = self.allocation[aid].get('user', None) |
| | 973 | xmlrpc_cert = self.allocation[aid].get('cert', None) |
| 968 | 974 | ename = self.allocation[aid].get('experiment', None) |
| 969 | 975 | else: |
| … |
… |
|
| 972 | 978 | ename = None |
| 973 | 979 | topo = None |
| | 980 | xmlrpc_cert = None |
| 974 | 981 | self.state_lock.release() |
| 975 | 982 | |
| … |
… |
|
| 989 | 996 | info = self.info_segment(keyfile=self.ssh_privkey_file, |
| 990 | 997 | debug=self.create_debug, boss=self.boss, ops=self.ops, |
| 991 | | cert=self.xmlrpc_cert) |
| | 998 | cert=xmlrpc_cert) |
| 992 | 999 | info(self, user, proj, ename) |
| 993 | 1000 | self.decorate_topology(info, topo) |
| … |
… |
|
| 1038 | 1045 | raise service_error(service_error.req, "no targets") |
| 1039 | 1046 | |
| | 1047 | self.state_lock.acquire() |
| 1040 | 1048 | if aid in self.allocation: |
| 1041 | 1049 | topo = self.allocation[aid].get('topo', None) |
| 1042 | 1050 | if topo: topo = topo.clone() |
| | 1051 | xmlrpc_cert = self.allocation[aid].get('cert', None) |
| 1043 | 1052 | else: |
| 1044 | 1053 | topo = None |
| | 1054 | xmlrpc_cert = None |
| | 1055 | self.state_lock.release() |
| 1045 | 1056 | |
| 1046 | 1057 | targets = copy.copy(targets) |
| … |
… |
|
| 1058 | 1069 | ops = self.operation_segment(keyfile=self.ssh_privkey_file, |
| 1059 | 1070 | debug=self.create_debug, boss=self.boss, ops=self.ops, |
| 1060 | | cert=self.xmlrpc_cert) |
| | 1071 | cert=xmlrpc_cert) |
| 1061 | 1072 | ops(self, op, ptargets, params, topo) |
| 1062 | 1073 | |
