#!/usr/local/bin/python import sys import emulab_access import dragon_access import protogeni_access import deter_internal_access import benito_access import desktop_access import skeleton_access from experiment_control import experiment_control_local from ns2topdl import ns2topdl_local from util import read_simple_accessdb from deter import fedid from authorizer import authorizer, abac_authorizer class deter_impl: """ The implementation of access control based on mapping users to projects. Users can be mapped to existing projects or have projects created dynamically. This implements both direct requests and proxies. """ # Used by the SOAP caller soap_namespaces = ('http://www.isi.edu/fedd.wsdl', 'http://www.isi.edu/fedd_internal.wsdl') def __init__(self, config=None): """ Initializer. Uses the parsed configuration to create appropriate components. """ self.soap_services = { } self.xmlrpc_services = { } self.auth = None if config: self.cert_file = config.get("globals", "cert_file"); self.cert_pwd = config.get("globals", "cert_pwd"); self.trusted_certs = config.get("globals", "trusted_certs"); self.access_type = config.get("globals", "access_type", "emulab") self.auth_type = config.get("globals", "auth_type", "legacy") for mp in config.get("globals", "module_path","").split(":"): sys.path.append(mp) if self.auth_type == 'legacy': self.auth = authorizer() elif self.auth_type == 'abac': auth_url = config.get('globals', 'auth_url') if not auth_url: raise RuntimeError("auth_url required for ABAC " + \ "authorization") if self.cert_file: me = fedid(file=self.cert_file) else: raise RuntimeError("ABAC authorization needs a " +\ "certificate file") self.auth= abac_authorizer(url=auth_url, cert_file=self.cert_file, cert_pwd=self.cert_pwd, trusted_certs=self.trusted_certs, me=me) else: raise RuntimeError("Unknown authorizer type %s" % \ self.auth_type) access_db = config.get("globals", "accessdb") if access_db: try: read_simple_accessdb(access_db, self.auth) except EnvironmentError, e: raise RuntimeError( "Error reading accessDB %s: %s" % (access_db, e)) except ValueError, e: raise RuntimeError("%s" % e) if config.has_section("access"): if self.access_type == "emulab": self.access = emulab_access.access(config, self.auth) elif self.access_type == "dragon": self.access = dragon_access.access(config, self.auth) elif self.access_type == "protogeni": self.access = protogeni_access.access(config, self.auth) elif self.access_type == "deter_internal": self.access = deter_internal_access.access(config, self.auth) elif self.access_type == "benito": self.access = benito_access.access(config, self.auth) elif self.access_type == "desktop": self.access = desktop_access.access(config, self.auth) elif self.access_type == "skel": self.access = skeleton_access.access(config, self.auth) else: try: exec 'from %s import access as plugin_access' \ % self.access_type self.access = plugin_access(config, self.auth) except ImportError, e: raise RuntimeError( "Unknown access_type: %s (import failed: %s)" \ % (self.access_type, e)) self.soap_services.update(self.access.soap_services) self.xmlrpc_services.update(self.access.xmlrpc_services) else: self.access = None if config.has_section("experiment_control"): self.experiment = \ experiment_control_local(config, self.auth) # Tell the experiment control where local access control is and # what testbeds it pertains to. if getattr(self, 'access', None): for t in self.access.testbed: self.experiment.local_access[t] = self.access self.soap_services.update(self.experiment.soap_services) self.xmlrpc_services.update(self.experiment.xmlrpc_services) self.get_handler = self.experiment.get_handler else: if self.access and getattr(self.access, 'get_handler', None): self.get_handler = self.access.get_handler else: self.get_handler = None if config.has_section("ns2topdl"): self.ns2topdl = ns2topdl_local(config, self.auth) self.soap_services.update(self.ns2topdl.soap_services) self.xmlrpc_services.update(self.ns2topdl.xmlrpc_services) def new_feddservice(config): return deter_impl(config)