- Timestamp:
- Dec 2, 2008 3:49:25 PM (16 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
- Children:
- b0b9499
- Parents:
- 5a6b75b
- Location:
- fedd
- Files:
-
- 1 added
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/allocate_project.py
r5a6b75b r08329f4 10 10 from util import * 11 11 from fedid import fedid 12 from fixed_resource import read_key_db, read_project_db 12 from fixed_resource import read_key_db, read_project_db, read_user_db 13 13 from remote_service import xmlrpc_handler, soap_handler, service_caller 14 14 from service_error import service_error … … 56 56 self.rmproj = config.get('allocate', 'rmproj', 57 57 '/usr/testbed/sbin/rmproj') 58 self.rmuser = config.get('allocate', 'rmuser', 59 '/usr/testbed/sbin/rmuser') 60 self.newuser = config.get('allocate', 'newuser', 61 '/usr/testbed/sbin/newuser') 58 62 self.addpubkey = config.get('allocate', 'addpubkey', 59 63 '/usr/testbed/sbin/taddpubkey') … … 62 66 self.confirmkey = config.get('allocate', 'confirmkey', 63 67 '/usr/testbed/sbin/taddpubkey') 68 self.user_to_project=config.get("allocate", 'user_to_project', 69 '/usr/local/bin/user_to_project.py') 64 70 self.allocation_level = config.get("allocate", "allocation_level", 65 71 "none") … … 94 100 fixed_key_db = config.get("allocate", "fixed_keys", None) 95 101 fixed_project_db = config.get("allocate", "fixed_projects", None) 102 fixed_user_db = config.get("allocate", "fixed_users", None) 96 103 self.fixed_keys = set() 97 104 self.fixed_projects = set() 105 self.fixed_users = set() 98 106 99 107 # initialize the fixed resource sets 100 108 for db, rset, fcn in (\ 101 109 (fixed_key_db, self.fixed_keys, read_key_db), \ 102 (fixed_project_db, self.fixed_projects, read_project_db)): 110 (fixed_project_db, self.fixed_projects, read_project_db), 111 (fixed_user_db, self.fixed_users, read_user_db)): 103 112 if db: 104 113 try: … … 160 169 "permitted: check allocation level") 161 170 # tempfiles for the parameter files 162 uf, userfile = tempfile.mkstemp(prefix="usr", suffix=".xml", 171 cuf, create_userfile = tempfile.mkstemp(prefix="usr", suffix=".xml", 172 dir="/tmp") 173 suf, service_userfile = tempfile.mkstemp(prefix="usr", suffix=".xml", 163 174 dir="/tmp") 164 175 pf, projfile = tempfile.mkstemp(prefix="proj", suffix=".xml", … … 173 184 # Take the first user and ssh key 174 185 name = proj.get('name', None) or self.random_string("proj",4) 175 user = proj.get('user', None) 176 if user != None: 177 user = user[0] # User is a list, take the first entry 178 if not user.has_key("userID"): 179 uname = self.random_string("user", 3) 180 else: 181 uid = proj['userID'] 182 # XXX: fedid 183 uname = uid.get('localname', None) or \ 186 user = proj.get('user', []) 187 188 uname = { } 189 ssh = { } 190 for u in user: 191 role = u.get('role', None) 192 if not role: continue 193 if u.has_key('userID'): 194 uid = u['userID'] 195 uname[role] = uid.get('localname', None) or \ 184 196 uid.get('kerberosUsername', None) or \ 185 197 uid.get('uri', None) 186 if uname == None: 187 raise service_error(service_error.req, "No ID for user"); 188 189 access = user.get('access', None) 190 if access != None: 191 ssh = access[0].get('sshPubkey', None) 192 if ssh == None: 193 raise service_error(service_error.req, 194 "No ssh key for user"); 195 else: 196 raise service_error(service_error.req, 197 "No access information for project"); 198 199 # uname, name and ssh are set 200 user_fields = [ 201 ("name", "Federation User %s" % uname), 202 ("email", "%s-fed@isi.deterlab.net" % uname), 198 if uname[role] == None: 199 raise service_error(service_error.req, "No ID for user") 200 else: 201 uname[role] = self.random_string("user", 3) 202 203 access = u.get('access', None) 204 if access: 205 # XXX collect and call addpubkey later, for now use first one. 206 for a in access: 207 ssh[role] = a.get('sshPubkey', None) 208 if ssh: break 209 else: 210 raise service_error(service_error.req, 211 "No SSH key for user %s" % uname[role]) 212 else: 213 raise service_error(service_error.req, 214 "No access mechanisms for for user %s" % uname[role]) 215 216 if not (uname.has_key('experimentCreation') and \ 217 uname.has_key('serviceAccess')): 218 raise service_error(service_error.req, 219 "Must specify both user roles") 220 221 222 create_user_fields = [ 223 ("name", "Federation User %s" % uname['experimentCreation']), 224 ("email", "%s-fed@isi.deterlab.net" % \ 225 uname['experimentCreation']), 203 226 ("password", self.random_string("", 8)), 204 ("login", uname ),227 ("login", uname['experimentCreation']), 205 228 ("address", "4676 Admiralty"), 206 229 ("city", "Marina del Rey"), … … 211 234 ("title", "None"), 212 235 ("affiliation", "USC/ISI"), 213 ("pubkey", ssh) 236 ("pubkey", ssh['experimentCreation']) 237 ] 238 239 service_user_fields = [ 240 ("name", "Federation User %s" % uname['serviceAccess']), 241 ("email", "%s-fed@isi.deterlab.net" % uname['serviceAccess']), 242 ("password", self.random_string("", 8)), 243 ("login", uname['serviceAccess']), 244 ("address", "4676 Admiralty"), 245 ("city", "Marina del Rey"), 246 ("state", "CA"), 247 ("zip", "90292"), 248 ("country", "USA"), 249 ("phone", "310-448-9190"), 250 ("title", "None"), 251 ("affiliation", "USC/ISI"), 252 ("pubkey", ssh['serviceAccess']) 214 253 ] 215 254 … … 223 262 ("num_pcs", "100"), 224 263 ("linkedtous", "1"), 225 ("newuser_xml", userfile)264 ("newuser_xml", create_userfile) 226 265 ] 227 266 228 267 229 268 # Write out the files 230 self.write_attr_xml(uf, "user", user_fields) 269 self.write_attr_xml(cuf, "user", create_user_fields) 270 self.write_attr_xml(suf, "user", service_user_fields) 231 271 self.write_attr_xml(pf, "project", proj_fields) 232 272 … … 234 274 cmds = [ 235 275 (self.wap, self.newproj, projfile), 236 (self.wap, self.mkproj, name) 276 (self.wap, self.mkproj, name), 277 (self.wap, self.newuser, service_userfile), 278 (self.wap, self.user_to_project, uname['serviceAccess'], name), 237 279 ] 238 280 … … 260 302 "[%s] (%d)" % (cmd[1], rc)) 261 303 # Clean up tempfiles 262 os.unlink(userfile) 263 os.unlink(projfile) 304 #os.unlink(create_userfile) 305 #os.unlink(service_userfile) 306 #os.unlink(projfile) 264 307 rv = {\ 265 308 'project': {\ 266 309 'name': { 'localname': name }, 267 'user' : [ {\ 268 'userID': { 'localname' : uname }, 269 'access': [ { 'sshPubkey' : ssh } ], 270 } ]\ 310 'user' : [\ 311 {\ 312 'userID': { 'localname' : uname['experimentCreation'] }, 313 'access': [ {'sshPubkey': ssh['experimentCreation'] } ], 314 'role': 'experimentCreation', 315 }, \ 316 {\ 317 'userID': { 'localname' : uname['serviceAccess'] }, 318 'access': [ { 'sshPubkey' : ssh['serviceAccess'] } ], 319 'role': 'serviceAccess', 320 } \ 321 ]\ 271 322 }\ 272 323 } … … 370 421 raise service_error(service_error.req, "Badly formed request") 371 422 423 if pname and pname not in self.fixed_projects and \ 424 self.allocation_level >= self.dynamic_projects: 425 cmds.append((self.wap, self.rmproj, pname)) 426 372 427 for u in users: 373 428 try: … … 375 430 except KeyError: 376 431 raise service_error(service_error.req, "Badly formed user") 377 for sk in [ k['sshPubkey'] for k in u.get('access', []) \ 378 if k.has_key('sshPubkey')]: 379 if (name.rstrip(), sk.rstrip()) not in self.fixed_keys: 380 if self.allocation_level >= self.dynamic_keys: 381 cmds.append((self.wap, self.addpubkey, '-R', '-w', \ 382 '-u', name, '-k', sk)) 383 if pname and pname not in self.fixed_projects and \ 384 self.allocation_level >= self.dynamic_projects: 385 cmds.append((self.wap, self.rmproj, pname)) 432 if self.allocation_level >= self.dynamic_projects and \ 433 name not in self.fixed_users: 434 cmds.append((self.wap, self.rmuser, name)) 435 else: 436 for sk in [ k['sshPubkey'] for k in u.get('access', []) \ 437 if k.has_key('sshPubkey')]: 438 if (name.rstrip(), sk.rstrip()) not in self.fixed_keys: 439 if self.allocation_level >= self.dynamic_keys: 440 cmds.append((self.wap, self.addpubkey, '-R', '-w', \ 441 '-u', name, '-k', sk)) 386 442 387 443 # Run the commands -
fedd/federation/fixed_resource.py
r5a6b75b r08329f4 48 48 print >>f, "%s" % p 49 49 f.close() 50 51 read_user_db = read_project_db 52 write_user_db = write_project_db
Note: See TracChangeset
for help on using the changeset viewer.