Context Navigation

source: fedd/federation/deter_impl.py @ 1819839

Last change on this file since 1819839 was 1819839, checked in by Ted Faber <faber@…>, 11 years ago
Works with null swapin. Check connectivity next
Property mode set to `100644`
File size: 4.4 KB

Rev	Line
[19cc408]	1	#!/usr/local/bin/python
	2
[e2ff75d]	3	import sys
	4
[3c6dbec]	5	import emulab_access
[23dec62]	6	import dragon_access
[9c2e4e1]	7	import protogeni_access
[175b444]	8	import deter_internal_access
[6a50b78]	9	import benito_access
[1819839]	10	import desktop_access
[7888aee]	11	import skeleton_access
[175b444]	12
[ec4fb42]	13	from experiment_control import experiment_control_local
[5f6929a]	14	from ns2topdl import ns2topdl_local
[05191a6]	15	from util import read_simple_accessdb
[6bedbdba]	16	from deter import fedid
[19cc408]	17
[73ded03]	18	from authorizer import authorizer, abac_authorizer
[3f6bc5f]	19
[7454054]	20	class deter_impl:
[19cc408]	21	"""
	22	The implementation of access control based on mapping users to projects.
	23
	24	Users can be mapped to existing projects or have projects created
	25	dynamically. This implements both direct requests and proxies.
	26	"""
	27	# Used by the SOAP caller
[e77c86e]	28	soap_namespaces = ('http://www.isi.edu/fedd.wsdl',
	29	'http://www.isi.edu/fedd_internal.wsdl')
[19cc408]	30
[72ed6e4]	31	def __init__(self, config=None):
[19cc408]	32	"""
[ec4fb42]	33	Initializer. Uses the parsed configuration to create appropriate
	34	components.
[19cc408]	35	"""
[72ed6e4]	36	self.soap_services = { }
	37	self.xmlrpc_services = { }
[73ded03]	38	self.auth = None
[72ed6e4]	39
	40	if config:
	41	self.cert_file = config.get("globals", "cert_file");
	42	self.cert_pwd = config.get("globals", "cert_pwd");
	43	self.trusted_certs = config.get("globals", "trusted_certs");
[3c6dbec]	44	self.access_type = config.get("globals", "access_type", "emulab")
[73ded03]	45	self.auth_type = config.get("globals", "auth_type", "legacy")
	46
[e2ff75d]	47	for mp in config.get("globals", "module_path","").split(":"):
	48	sys.path.append(mp)
	49
[73ded03]	50	if self.auth_type == 'legacy':
	51	self.auth = authorizer()
	52	elif self.auth_type == 'abac':
	53	auth_url = config.get('globals', 'auth_url')
	54	if not auth_url:
	55	raise RuntimeError("auth_url required for ABAC " + \
	56	"authorization")
	57	if self.cert_file:
	58	me = fedid(file=self.cert_file)
	59	else:
	60	raise RuntimeError("ABAC authorization needs a " +\
	61	"certificate file")
	62	self.auth= abac_authorizer(url=auth_url,
	63	cert_file=self.cert_file, cert_pwd=self.cert_pwd,
	64	trusted_certs=self.trusted_certs, me=me)
	65	else:
	66	raise RuntimeError("Unknown authorizer type %s" % \
	67	self.auth_type)
[72ed6e4]	68
[05191a6]	69	access_db = config.get("globals", "accessdb")
	70
	71	if access_db:
	72	try:
	73	read_simple_accessdb(access_db, self.auth)
[d3c8759]	74	except EnvironmentError, e:
[0b4e272]	75	raise RuntimeError(
[05191a6]	76	"Error reading accessDB %s: %s" % (access_db, e))
[cc8d8e9]	77	except ValueError, e:
[0b4e272]	78	raise RuntimeError("%s" % e)
[05191a6]	79
[72ed6e4]	80	if config.has_section("access"):
[3c6dbec]	81	if self.access_type == "emulab":
	82	self.access = emulab_access.access(config, self.auth)
[23dec62]	83	elif self.access_type == "dragon":
	84	self.access = dragon_access.access(config, self.auth)
[9c2e4e1]	85	elif self.access_type == "protogeni":
	86	self.access = protogeni_access.access(config, self.auth)
[175b444]	87	elif self.access_type == "deter_internal":
	88	self.access = deter_internal_access.access(config,
	89	self.auth)
[25930db]	90	elif self.access_type == "benito":
[6a50b78]	91	self.access = benito_access.access(config, self.auth)
[1819839]	92	elif self.access_type == "desktop":
	93	self.access = desktop_access.access(config, self.auth)
[7888aee]	94	elif self.access_type == "skel":
	95	self.access = skeleton_access.access(config, self.auth)
[3c6dbec]	96	else:
[e2ff75d]	97	try:
	98	exec 'from %s import access as plugin_access' \
	99	% self.access_type
	100	self.access = plugin_access(config, self.auth)
	101	except ImportError, e:
	102	raise RuntimeError(
	103	"Unknown access_type: %s (import failed: %s)" \
	104	% (self.access_type, e))
[72ed6e4]	105	self.soap_services.update(self.access.soap_services)
	106	self.xmlrpc_services.update(self.access.xmlrpc_services)
[09b4dc4]	107	else:
	108	self.access = None
[72ed6e4]	109
	110	if config.has_section("experiment_control"):
[3f6bc5f]	111	self.experiment = \
[ec4fb42]	112	experiment_control_local(config, self.auth)
[5fffd82]	113	# Tell the experiment control where local access control is and
[5a6b75b]	114	# what testbeds it pertains to.
[c9318dc]	115	if getattr(self, 'access', None):
[5a6b75b]	116	for t in self.access.testbed:
	117	self.experiment.local_access[t] = self.access
[5fffd82]	118
[72ed6e4]	119	self.soap_services.update(self.experiment.soap_services)
	120	self.xmlrpc_services.update(self.experiment.xmlrpc_services)
[81a7f3f]	121	self.get_handler = self.experiment.get_handler
	122	else:
[39ee3cc]	123	if self.access and getattr(self.access, 'get_handler', None):
[dac2316]	124	self.get_handler = self.access.get_handler
	125	else:
	126	self.get_handler = None
[72ed6e4]	127
[5f6929a]	128	if config.has_section("ns2topdl"):
	129	self.ns2topdl = ns2topdl_local(config, self.auth)
	130	self.soap_services.update(self.ns2topdl.soap_services)
	131	self.xmlrpc_services.update(self.ns2topdl.xmlrpc_services)
[f4f4117]	132
[72ed6e4]	133	def new_feddservice(config):
[7454054]	134	return deter_impl(config)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: