| [19cc408] | 1 | #!/usr/local/bin/python |
|---|
| 2 | |
|---|
| [ec4fb42] | 3 | from access import access |
|---|
| 4 | from experiment_control import experiment_control_local |
|---|
| 5 | from split import split_local |
|---|
| [05191a6] | 6 | from util import read_simple_accessdb |
|---|
| [19cc408] | 7 | |
|---|
| [3f6bc5f] | 8 | from authorizer import authorizer |
|---|
| 9 | |
|---|
| [7454054] | 10 | class deter_impl: |
|---|
| [19cc408] | 11 | """ |
|---|
| 12 | The implementation of access control based on mapping users to projects. |
|---|
| 13 | |
|---|
| 14 | Users can be mapped to existing projects or have projects created |
|---|
| 15 | dynamically. This implements both direct requests and proxies. |
|---|
| 16 | """ |
|---|
| 17 | # Used by the SOAP caller |
|---|
| 18 | soap_namespaces = ('http://www.isi.edu/faber/fedd.wsdl', |
|---|
| 19 | 'http://www.isi.edu/faber/fedd_internal.wsdl') |
|---|
| 20 | |
|---|
| [72ed6e4] | 21 | def __init__(self, config=None): |
|---|
| [19cc408] | 22 | """ |
|---|
| [ec4fb42] | 23 | Initializer. Uses the parsed configuration to create appropriate |
|---|
| 24 | components. |
|---|
| [19cc408] | 25 | """ |
|---|
| [72ed6e4] | 26 | self.soap_services = { } |
|---|
| 27 | self.xmlrpc_services = { } |
|---|
| [3f6bc5f] | 28 | self.auth = authorizer() |
|---|
| [72ed6e4] | 29 | |
|---|
| 30 | if config: |
|---|
| 31 | self.cert_file = config.get("globals", "cert_file"); |
|---|
| 32 | self.cert_pwd = config.get("globals", "cert_pwd"); |
|---|
| 33 | self.trusted_certs = config.get("globals", "trusted_certs"); |
|---|
| 34 | |
|---|
| [05191a6] | 35 | access_db = config.get("globals", "accessdb") |
|---|
| 36 | |
|---|
| 37 | if access_db: |
|---|
| 38 | try: |
|---|
| 39 | read_simple_accessdb(access_db, self.auth) |
|---|
| 40 | except IOError, e: |
|---|
| 41 | raise service_error(service_error.internal, |
|---|
| 42 | "Error reading accessDB %s: %s" % (access_db, e)) |
|---|
| 43 | except ValueError: |
|---|
| 44 | raise service_error(service_error.internal, "%s" % e) |
|---|
| 45 | |
|---|
| [72ed6e4] | 46 | if config.has_section("access"): |
|---|
| [ec4fb42] | 47 | self.access = access(config, self.auth) |
|---|
| [72ed6e4] | 48 | self.soap_services.update(self.access.soap_services) |
|---|
| 49 | self.xmlrpc_services.update(self.access.xmlrpc_services) |
|---|
| 50 | |
|---|
| 51 | if config.has_section("experiment_control"): |
|---|
| [3f6bc5f] | 52 | self.experiment = \ |
|---|
| [ec4fb42] | 53 | experiment_control_local(config, self.auth) |
|---|
| [5fffd82] | 54 | # Tell the experiment control where local access control is and |
|---|
| [5a6b75b] | 55 | # what testbeds it pertains to. |
|---|
| [5fffd82] | 56 | if self.access: |
|---|
| [5a6b75b] | 57 | for t in self.access.testbed: |
|---|
| 58 | self.experiment.local_access[t] = self.access |
|---|
| [5fffd82] | 59 | |
|---|
| [72ed6e4] | 60 | self.soap_services.update(self.experiment.soap_services) |
|---|
| 61 | self.xmlrpc_services.update(self.experiment.xmlrpc_services) |
|---|
| 62 | |
|---|
| [f4f4117] | 63 | if config.has_section("splitter"): |
|---|
| [ec4fb42] | 64 | self.splitter = split_local(config, self.auth) |
|---|
| [f4f4117] | 65 | self.soap_services.update(self.splitter.soap_services) |
|---|
| 66 | self.xmlrpc_services.update(self.splitter.xmlrpc_services) |
|---|
| 67 | |
|---|
| [72ed6e4] | 68 | def new_feddservice(config): |
|---|
| [7454054] | 69 | return deter_impl(config) |
|---|
