source: fedd/federation/deter_impl.py @ 5bf359d

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since 5bf359d was d3c8759, checked in by Ted Faber <faber@…>, 15 years ago

Wholesale change of IOError to EnvironmentError? for file operations. Lots of
uncaught EnvironmentErrors? were causing spurious error conditions, e.g. on disk
full.

  • Property mode set to 100644
File size: 3.7 KB
Line 
1#!/usr/local/bin/python
2
3import emulab_access
4import dragon_access
5import protogeni_access
6import deter_internal_access
7
8from experiment_control import experiment_control_local
9from ns2topdl import ns2topdl_local
10from util import read_simple_accessdb
11from fedid import fedid
12
13from authorizer import authorizer, abac_authorizer
14
15class deter_impl:
16    """
17    The implementation of access control based on mapping users to projects.
18
19    Users can be mapped to existing projects or have projects created
20    dynamically.  This implements both direct requests and proxies.
21    """
22    # Used by the SOAP caller
23    soap_namespaces = ('http://www.isi.edu/fedd.wsdl',
24            'http://www.isi.edu/fedd_internal.wsdl')
25
26    def __init__(self, config=None):
27        """
28        Initializer.  Uses the parsed configuration to create appropriate
29        components.
30        """
31        self.soap_services = { }
32        self.xmlrpc_services = { }
33        self.auth = None
34
35        if config:
36            self.cert_file = config.get("globals", "cert_file");
37            self.cert_pwd = config.get("globals", "cert_pwd");
38            self.trusted_certs = config.get("globals", "trusted_certs");
39            self.access_type = config.get("globals", "access_type", "emulab")
40            self.auth_type = config.get("globals", "auth_type", "legacy")
41
42            if self.auth_type == 'legacy':
43                self.auth = authorizer()
44            elif self.auth_type == 'abac':
45                auth_url = config.get('globals', 'auth_url')
46                if not auth_url:
47                    raise RuntimeError("auth_url required for ABAC " + \
48                            "authorization")
49                if self.cert_file:
50                    me = fedid(file=self.cert_file)
51                else:
52                    raise RuntimeError("ABAC authorization needs a " +\
53                            "certificate file")
54                self.auth= abac_authorizer(url=auth_url, 
55                        cert_file=self.cert_file, cert_pwd=self.cert_pwd,
56                        trusted_certs=self.trusted_certs, me=me)
57            else:
58                raise RuntimeError("Unknown authorizer type %s" % \
59                        self.auth_type)
60
61            access_db = config.get("globals", "accessdb")
62
63            if access_db:
64                try:
65                    read_simple_accessdb(access_db, self.auth)
66                except EnvironmentError, e:
67                    raise RuntimeError(
68                            "Error reading accessDB %s: %s" % (access_db, e))
69                except ValueError, e:
70                    raise RuntimeError("%s" % e)
71
72            if config.has_section("access"):
73                if self.access_type == "emulab":
74                    self.access = emulab_access.access(config, self.auth)
75                elif self.access_type == "dragon":
76                    self.access = dragon_access.access(config, self.auth)
77                elif self.access_type == "protogeni":
78                    self.access = protogeni_access.access(config, self.auth)
79                elif self.access_type == "deter_internal":
80                    self.access = deter_internal_access.access(config,
81                            self.auth)
82                else:
83                    raise RuntimeError("Unknown access_type: %s" % \
84                            self.access_type)
85                self.soap_services.update(self.access.soap_services) 
86                self.xmlrpc_services.update(self.access.xmlrpc_services) 
87            else:
88                self.access = None
89
90            if config.has_section("experiment_control"):
91                self.experiment = \
92                        experiment_control_local(config, self.auth)
93                # Tell the experiment control where local access control is and
94                # what testbeds it pertains to.
95                if getattr(self, 'access', None):
96                    for t in self.access.testbed:
97                        self.experiment.local_access[t] = self.access
98
99                self.soap_services.update(self.experiment.soap_services) 
100                self.xmlrpc_services.update(self.experiment.xmlrpc_services) 
101                self.get_handler = self.experiment.get_handler
102            else:
103                if self.access and getattr(self.access, 'get_handler', None):
104                    self.get_handler = self.access.get_handler
105                else:
106                    self.get_handler = None
107
108            if config.has_section("ns2topdl"):
109                self.ns2topdl = ns2topdl_local(config, self.auth)
110                self.soap_services.update(self.ns2topdl.soap_services) 
111                self.xmlrpc_services.update(self.ns2topdl.xmlrpc_services) 
112
113def new_feddservice(config):
114    return deter_impl(config)
Note: See TracBrowser for help on using the repository browser.