source: fedd/federation/deter_impl.py @ c0a8738

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since c0a8738 was dac2316, checked in by Ted Faber <faber@…>, 15 years ago

allow access controllers to handle GET requests, too

  • Property mode set to 100644
File size: 3.4 KB
RevLine 
[19cc408]1#!/usr/local/bin/python
2
[3c6dbec]3import emulab_access
[23dec62]4import dragon_access
[ec4fb42]5from experiment_control import experiment_control_local
6from split import split_local
[05191a6]7from util import read_simple_accessdb
[73ded03]8from fedid import fedid
[19cc408]9
[73ded03]10from authorizer import authorizer, abac_authorizer
[3f6bc5f]11
[7454054]12class deter_impl:
[19cc408]13    """
14    The implementation of access control based on mapping users to projects.
15
16    Users can be mapped to existing projects or have projects created
17    dynamically.  This implements both direct requests and proxies.
18    """
19    # Used by the SOAP caller
20    soap_namespaces = ('http://www.isi.edu/faber/fedd.wsdl',
21            'http://www.isi.edu/faber/fedd_internal.wsdl')
22
[72ed6e4]23    def __init__(self, config=None):
[19cc408]24        """
[ec4fb42]25        Initializer.  Uses the parsed configuration to create appropriate
26        components.
[19cc408]27        """
[72ed6e4]28        self.soap_services = { }
29        self.xmlrpc_services = { }
[73ded03]30        self.auth = None
[72ed6e4]31
32        if config:
33            self.cert_file = config.get("globals", "cert_file");
34            self.cert_pwd = config.get("globals", "cert_pwd");
35            self.trusted_certs = config.get("globals", "trusted_certs");
[3c6dbec]36            self.access_type = config.get("globals", "access_type", "emulab")
[73ded03]37            self.auth_type = config.get("globals", "auth_type", "legacy")
38
39            if self.auth_type == 'legacy':
40                self.auth = authorizer()
41            elif self.auth_type == 'abac':
42                auth_url = config.get('globals', 'auth_url')
43                if not auth_url:
44                    raise RuntimeError("auth_url required for ABAC " + \
45                            "authorization")
46                if self.cert_file:
47                    me = fedid(file=self.cert_file)
48                else:
49                    raise RuntimeError("ABAC authorization needs a " +\
50                            "certificate file")
51                self.auth= abac_authorizer(url=auth_url, 
52                        cert_file=self.cert_file, cert_pwd=self.cert_pwd,
53                        trusted_certs=self.trusted_certs, me=me)
54            else:
55                raise RuntimeError("Unknown authorizer type %s" % \
56                        self.auth_type)
[72ed6e4]57
[05191a6]58            access_db = config.get("globals", "accessdb")
59
60            if access_db:
61                try:
62                    read_simple_accessdb(access_db, self.auth)
63                except IOError, e:
[0b4e272]64                    raise RuntimeError(
[05191a6]65                            "Error reading accessDB %s: %s" % (access_db, e))
[cc8d8e9]66                except ValueError, e:
[0b4e272]67                    raise RuntimeError("%s" % e)
[05191a6]68
[72ed6e4]69            if config.has_section("access"):
[3c6dbec]70                if self.access_type == "emulab":
71                    self.access = emulab_access.access(config, self.auth)
[23dec62]72                elif self.access_type == "dragon":
73                    self.access = dragon_access.access(config, self.auth)
[3c6dbec]74                else:
75                    raise RuntimeError("Unknown access_type: %s" % \
76                            self.access_type)
[72ed6e4]77                self.soap_services.update(self.access.soap_services) 
78                self.xmlrpc_services.update(self.access.xmlrpc_services) 
79
80            if config.has_section("experiment_control"):
[3f6bc5f]81                self.experiment = \
[ec4fb42]82                        experiment_control_local(config, self.auth)
[5fffd82]83                # Tell the experiment control where local access control is and
[5a6b75b]84                # what testbeds it pertains to.
[c9318dc]85                if getattr(self, 'access', None):
[5a6b75b]86                    for t in self.access.testbed:
87                        self.experiment.local_access[t] = self.access
[5fffd82]88
[72ed6e4]89                self.soap_services.update(self.experiment.soap_services) 
90                self.xmlrpc_services.update(self.experiment.xmlrpc_services) 
[81a7f3f]91                self.get_handler = self.experiment.get_handler
92            else:
[dac2316]93                if self.access and self.access.get_handler:
94                    self.get_handler = self.access.get_handler
95                else:
96                    self.get_handler = None
[72ed6e4]97
[f4f4117]98            if config.has_section("splitter"):
[ec4fb42]99                self.splitter = split_local(config, self.auth)
[f4f4117]100                self.soap_services.update(self.splitter.soap_services) 
101                self.xmlrpc_services.update(self.splitter.xmlrpc_services) 
102
[72ed6e4]103def new_feddservice(config):
[7454054]104    return deter_impl(config)
Note: See TracBrowser for help on using the repository browser.