source: fedd/federation/deter_impl.py @ eda00e1

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since eda00e1 was 5f6929a, checked in by Ted Faber <faber@…>, 15 years ago

Two changes at once

Remove master and export project from the create request and rename the splitter external interface into a translation interface. The export_project pseudo service is staring.

Also start removeing some deprecated fields.

  • Property mode set to 100644
File size: 3.6 KB
RevLine 
[19cc408]1#!/usr/local/bin/python
2
[3c6dbec]3import emulab_access
[23dec62]4import dragon_access
[9c2e4e1]5import protogeni_access
[ec4fb42]6from experiment_control import experiment_control_local
[5f6929a]7from ns2topdl import ns2topdl_local
[05191a6]8from util import read_simple_accessdb
[73ded03]9from fedid import fedid
[19cc408]10
[73ded03]11from authorizer import authorizer, abac_authorizer
[3f6bc5f]12
[7454054]13class deter_impl:
[19cc408]14    """
15    The implementation of access control based on mapping users to projects.
16
17    Users can be mapped to existing projects or have projects created
18    dynamically.  This implements both direct requests and proxies.
19    """
20    # Used by the SOAP caller
21    soap_namespaces = ('http://www.isi.edu/faber/fedd.wsdl',
22            'http://www.isi.edu/faber/fedd_internal.wsdl')
23
[72ed6e4]24    def __init__(self, config=None):
[19cc408]25        """
[ec4fb42]26        Initializer.  Uses the parsed configuration to create appropriate
27        components.
[19cc408]28        """
[72ed6e4]29        self.soap_services = { }
30        self.xmlrpc_services = { }
[73ded03]31        self.auth = None
[72ed6e4]32
33        if config:
34            self.cert_file = config.get("globals", "cert_file");
35            self.cert_pwd = config.get("globals", "cert_pwd");
36            self.trusted_certs = config.get("globals", "trusted_certs");
[3c6dbec]37            self.access_type = config.get("globals", "access_type", "emulab")
[73ded03]38            self.auth_type = config.get("globals", "auth_type", "legacy")
39
40            if self.auth_type == 'legacy':
41                self.auth = authorizer()
42            elif self.auth_type == 'abac':
43                auth_url = config.get('globals', 'auth_url')
44                if not auth_url:
45                    raise RuntimeError("auth_url required for ABAC " + \
46                            "authorization")
47                if self.cert_file:
48                    me = fedid(file=self.cert_file)
49                else:
50                    raise RuntimeError("ABAC authorization needs a " +\
51                            "certificate file")
52                self.auth= abac_authorizer(url=auth_url, 
53                        cert_file=self.cert_file, cert_pwd=self.cert_pwd,
54                        trusted_certs=self.trusted_certs, me=me)
55            else:
56                raise RuntimeError("Unknown authorizer type %s" % \
57                        self.auth_type)
[72ed6e4]58
[05191a6]59            access_db = config.get("globals", "accessdb")
60
61            if access_db:
62                try:
63                    read_simple_accessdb(access_db, self.auth)
64                except IOError, e:
[0b4e272]65                    raise RuntimeError(
[05191a6]66                            "Error reading accessDB %s: %s" % (access_db, e))
[cc8d8e9]67                except ValueError, e:
[0b4e272]68                    raise RuntimeError("%s" % e)
[05191a6]69
[72ed6e4]70            if config.has_section("access"):
[3c6dbec]71                if self.access_type == "emulab":
72                    self.access = emulab_access.access(config, self.auth)
[23dec62]73                elif self.access_type == "dragon":
74                    self.access = dragon_access.access(config, self.auth)
[9c2e4e1]75                elif self.access_type == "protogeni":
76                    self.access = protogeni_access.access(config, self.auth)
[3c6dbec]77                else:
78                    raise RuntimeError("Unknown access_type: %s" % \
79                            self.access_type)
[72ed6e4]80                self.soap_services.update(self.access.soap_services) 
81                self.xmlrpc_services.update(self.access.xmlrpc_services) 
[09b4dc4]82            else:
83                self.access = None
[72ed6e4]84
85            if config.has_section("experiment_control"):
[3f6bc5f]86                self.experiment = \
[ec4fb42]87                        experiment_control_local(config, self.auth)
[5fffd82]88                # Tell the experiment control where local access control is and
[5a6b75b]89                # what testbeds it pertains to.
[c9318dc]90                if getattr(self, 'access', None):
[5a6b75b]91                    for t in self.access.testbed:
92                        self.experiment.local_access[t] = self.access
[5fffd82]93
[72ed6e4]94                self.soap_services.update(self.experiment.soap_services) 
95                self.xmlrpc_services.update(self.experiment.xmlrpc_services) 
[81a7f3f]96                self.get_handler = self.experiment.get_handler
97            else:
[39ee3cc]98                if self.access and getattr(self.access, 'get_handler', None):
[dac2316]99                    self.get_handler = self.access.get_handler
100                else:
101                    self.get_handler = None
[72ed6e4]102
[5f6929a]103            if config.has_section("ns2topdl"):
104                self.ns2topdl = ns2topdl_local(config, self.auth)
105                self.soap_services.update(self.ns2topdl.soap_services) 
106                self.xmlrpc_services.update(self.ns2topdl.xmlrpc_services) 
[f4f4117]107
[72ed6e4]108def new_feddservice(config):
[7454054]109    return deter_impl(config)
Note: See TracBrowser for help on using the repository browser.