Context Navigation

source: fedd/federation/deter_impl.py @ dac2316

axis_examplecompt_changesinfo-opsversion-3.01version-3.02

Last change on this file since dac2316 was dac2316, checked in by Ted Faber <faber@…>, 14 years ago
allow access controllers to handle GET requests, too
Property mode set to `100644`
File size: 3.4 KB

Line
1	#!/usr/local/bin/python
2
3	import emulab_access
4	import dragon_access
5	from experiment_control import experiment_control_local
6	from split import split_local
7	from util import read_simple_accessdb
8	from fedid import fedid
9
10	from authorizer import authorizer, abac_authorizer
11
12	class deter_impl:
13	"""
14	The implementation of access control based on mapping users to projects.
15
16	Users can be mapped to existing projects or have projects created
17	dynamically. This implements both direct requests and proxies.
18	"""
19	# Used by the SOAP caller
20	soap_namespaces = ('http://www.isi.edu/faber/fedd.wsdl',
21	'http://www.isi.edu/faber/fedd_internal.wsdl')
22
23	def __init__(self, config=None):
24	"""
25	Initializer. Uses the parsed configuration to create appropriate
26	components.
27	"""
28	self.soap_services = { }
29	self.xmlrpc_services = { }
30	self.auth = None
31
32	if config:
33	self.cert_file = config.get("globals", "cert_file");
34	self.cert_pwd = config.get("globals", "cert_pwd");
35	self.trusted_certs = config.get("globals", "trusted_certs");
36	self.access_type = config.get("globals", "access_type", "emulab")
37	self.auth_type = config.get("globals", "auth_type", "legacy")
38
39	if self.auth_type == 'legacy':
40	self.auth = authorizer()
41	elif self.auth_type == 'abac':
42	auth_url = config.get('globals', 'auth_url')
43	if not auth_url:
44	raise RuntimeError("auth_url required for ABAC " + \
45	"authorization")
46	if self.cert_file:
47	me = fedid(file=self.cert_file)
48	else:
49	raise RuntimeError("ABAC authorization needs a " +\
50	"certificate file")
51	self.auth= abac_authorizer(url=auth_url,
52	cert_file=self.cert_file, cert_pwd=self.cert_pwd,
53	trusted_certs=self.trusted_certs, me=me)
54	else:
55	raise RuntimeError("Unknown authorizer type %s" % \
56	self.auth_type)
57
58	access_db = config.get("globals", "accessdb")
59
60	if access_db:
61	try:
62	read_simple_accessdb(access_db, self.auth)
63	except IOError, e:
64	raise RuntimeError(
65	"Error reading accessDB %s: %s" % (access_db, e))
66	except ValueError, e:
67	raise RuntimeError("%s" % e)
68
69	if config.has_section("access"):
70	if self.access_type == "emulab":
71	self.access = emulab_access.access(config, self.auth)
72	elif self.access_type == "dragon":
73	self.access = dragon_access.access(config, self.auth)
74	else:
75	raise RuntimeError("Unknown access_type: %s" % \
76	self.access_type)
77	self.soap_services.update(self.access.soap_services)
78	self.xmlrpc_services.update(self.access.xmlrpc_services)
79
80	if config.has_section("experiment_control"):
81	self.experiment = \
82	experiment_control_local(config, self.auth)
83	# Tell the experiment control where local access control is and
84	# what testbeds it pertains to.
85	if getattr(self, 'access', None):
86	for t in self.access.testbed:
87	self.experiment.local_access[t] = self.access
88
89	self.soap_services.update(self.experiment.soap_services)
90	self.xmlrpc_services.update(self.experiment.xmlrpc_services)
91	self.get_handler = self.experiment.get_handler
92	else:
93	if self.access and self.access.get_handler:
94	self.get_handler = self.access.get_handler
95	else:
96	self.get_handler = None
97
98	if config.has_section("splitter"):
99	self.splitter = split_local(config, self.auth)
100	self.soap_services.update(self.splitter.soap_services)
101	self.xmlrpc_services.update(self.splitter.xmlrpc_services)
102
103	def new_feddservice(config):
104	return deter_impl(config)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: