Changeset 0a49bd7 for fedd/federation/dragon_access.py

Timestamp:

Jan 15, 2011 5:52:15 PM (14 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

aaf7f41

Parents:

ac15159 (diff), 944b746 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

git-author:

Ted Faber <faber@…> (01/15/11 17:51:40)

git-committer:

Ted Faber <faber@…> (01/15/11 17:52:15)

Message:

merge from current

File:

• fedd/federation/dragon_access.py (modified) (7 diffs)

fedd/federation/dragon_access.py

@@ -122 +122 @@
         else: raise self.parse_error("Repo should be in parens");
 
-    def RequestAccess(self, req, fid):
-        """
-        Handle the access request.
-
-        Parse out the fields and make the allocations or rejections if for us,
-        otherwise, assuming we're willing to proxy, proxy the request out.
-        """
-
-        # The dance to get into the request body
-        if req.has_key('RequestAccessRequestBody'):
-            req = req['RequestAccessRequestBody']
-        else:
-            raise service_error(service_error.req, "No request!?")
-
-        if req.has_key('destinationTestbed'):
-            dt = unpack_id(req['destinationTestbed'])
-
-        # Request for this fedd
-        found, match, owners = self.lookup_access(req, fid)
-        # keep track of what's been added
-        allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log)
-        aid = unicode(allocID)
-
-        self.state_lock.acquire()
-        self.state[aid] = { }
-        self.state[aid]['user'] = found
-        self.state[aid]['owners'] = owners
-        self.write_state()
-        self.state_lock.release()
-        self.auth.set_attribute(fid, allocID)
-        self.auth.set_attribute(allocID, allocID)
-        self.auth.save()
-
-        try:
-            f = open("%s/%s.pem" % (self.certdir, aid), "w")
-            print >>f, alloc_cert
-            f.close()
-        except EnvironmentError, e:
-            raise service_error(service_error.internal, 
-                    "Can't open %s/%s : %s" % (self.certdir, aid, e))
-        return { 'allocID': { 'fedid': allocID } }
-
-    def ReleaseAccess(self, req, fid):
-        # The dance to get into the request body
-        if req.has_key('ReleaseAccessRequestBody'):
-            req = req['ReleaseAccessRequestBody']
-        else:
-            raise service_error(service_error.req, "No request!?")
-
-        try:
-            if req['allocID'].has_key('localname'):
-                auth_attr = aid = req['allocID']['localname']
-            elif req['allocID'].has_key('fedid'):
-                aid = unicode(req['allocID']['fedid'])
-                auth_attr = req['allocID']['fedid']
-            else:
-                raise service_error(service_error.req,
-                        "Only localnames and fedids are understood")
-        except KeyError:
-            raise service_error(service_error.req, "Badly formed request")
-
-        self.log.debug("[access] deallocation requested for %s", aid)
-        if not self.auth.check_attribute(fid, auth_attr):
-            self.log.debug("[access] deallocation denied for %s", aid)
-            raise service_error(service_error.access, "Access Denied")
-
-        self.state_lock.acquire()
-        if self.state.has_key(aid):
-            self.log.debug("Found allocation for %s" %aid)
-            del self.state[aid]
-            self.write_state()
-            self.state_lock.release()
-            # And remove the access cert
-            cf = "%s/%s.pem" % (self.certdir, aid)
-            self.log.debug("Removing %s" % cf)
-            os.remove(cf)
-            return { 'allocID': req['allocID'] } 
-        else:
-            self.state_lock.release()
-            raise service_error(service_error.req, "No such allocation")
+    # RequestAccess and ReleaseAccess come from the base class
 
     def extract_parameters(self, top):
@@ -497 +418 @@
         return (repo, alloc_log)
 
-    def finalize_experiment(self, topo, vlan_no, gri, aid, alloc_id):
+    def finalize_experiment(self, topo, vlan_no, gri, aid, alloc_id, proof):
         """
         Place the relevant information in the global state block, and prepare
@@ -521 +442 @@
                     'topdldescription': rtopo.to_dict()
                     },
+                'proof': proof.to_dict(),
                 }
         retval = copy.deepcopy(self.state[aid]['started'])
@@ -541 +463 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
         else:
@@ -587 +511 @@
         if gri:
             return self.finalize_experiment(topo, vlan_no, gri, aid, 
-                    req['allocID'])
+                    req['allocID'], proof)
         elif err:
             raise service_error(service_error.federant,
@@ -605 +529 @@
         self.log.debug("Terminate request for %s" %aid)
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
 
@@ -628 +554 @@
         self.log.debug("Stop segment for GRI: %s" %gri)
         self.stop_segment(user, gri)
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }