Changeset 1d73342


Ignore:
Timestamp:
Dec 3, 2010 5:58:00 PM (9 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
63c6664
Parents:
faea607
Message:

Move non ABAC code out

Location:
fedd/federation
Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/experiment_control.py

    rfaea607 r1d73342  
    3131from synch_store import synch_store
    3232from experiment_partition import experiment_partition
     33from experiment_control_legacy import experiment_control_legacy
    3334from authorizer import abac_authorizer
    3435from thread_pool import thread_pool, pooled_thread
     
    7273    needs_portal = ('SMB', 'seer', 'tmcd', 'project_export', 'seer_master')
    7374
    74 class experiment_control_local:
     75class experiment_control_local(experiment_control_legacy):
    7576    """
    7677    Control of experiments that this system can directly access.
     
    535536    def gentopo(self, str):
    536537        """
    537         Generate the topology dtat structure from the splitter's XML
     538        Generate the topology data structure from the splitter's XML
    538539        representation of it.
    539540
     
    703704        else: return None
    704705
    705     def get_access(self, tb, nodes, tbparam, access_user, masters, tbmap):
    706         """
    707         Get access to testbed through fedd and set the parameters for that tb
    708         """
    709         def get_export_project(svcs):
    710             """
    711             Look through for the list of federated_service for this testbed
    712             objects for a project_export service, and extract the project
    713             parameter.
    714             """
    715 
    716             pe = [s for s in svcs if s.name=='project_export']
    717             if len(pe) == 1:
    718                 return pe[0].params.get('project', None)
    719             elif len(pe) == 0:
    720                 return None
    721             else:
    722                 raise service_error(service_error.req,
    723                         "More than one project export is not supported")
    724 
    725         uri = tbmap.get(testbed_base(tb), None)
    726         if not uri:
    727             raise service_error(service_error.server_config,
    728                     "Unknown testbed: %s" % tb)
    729 
    730         export_svcs = masters.get(tb,[])
    731         import_svcs = [ s for m in masters.values() \
    732                 for s in m \
    733                     if tb in s.importers ]
    734 
    735         export_project = get_export_project(export_svcs)
    736 
    737         # Tweak search order so that if there are entries in access_user that
    738         # have a project matching the export project, we try them first
    739         if export_project:
    740             access_sequence = [ (p, u) for p, u in access_user \
    741                     if p == export_project]
    742             access_sequence.extend([(p, u) for p, u in access_user \
    743                     if p != export_project])
    744         else:
    745             access_sequence = access_user
    746 
    747         for p, u in access_sequence:
    748             self.log.debug(("[get_access] Attempting access from (%s, %s) " + \
    749                     "to %s") %  ((p or "None"), u, uri))
    750 
    751             if p:
    752                 # Request with user and project specified
    753                 req = {\
    754                         'credential': [ "project: %s" % p, "user: %s"  % u],
    755                     }
    756             else:
    757                 # Request with only user specified
    758                 req = {\
    759                         'credential': [ 'user: %s' % u ],
    760                     }
    761 
    762             # Make the service request from the services we're importing and
    763             # exporting.  Keep track of the export request ids so we can
    764             # collect the resulting info from the access response.
    765             e_keys = { }
    766             if import_svcs or export_svcs:
    767                 req['service'] = [ ]
    768 
    769                 for i, s in enumerate(import_svcs):
    770                     idx = 'import%d' % i
    771                     sr = {'id': idx, 'name': s.name, 'visibility': 'import' }
    772                     if s.params:
    773                         sr['fedAttr'] = [ { 'attribute': k, 'value': v } \
    774                                 for k, v in s.params.items()]
    775                     req['service'].append(sr)
    776 
    777                 for i, s in enumerate(export_svcs):
    778                     idx = 'export%d' % i
    779                     e_keys[idx] = s
    780                     sr = {'id': idx, 'name': s.name, 'visibility': 'export' }
    781                     if s.params:
    782                         sr['fedAttr'] = [ { 'attribute': k, 'value': v }
    783                                 for k, v in s.params.items()]
    784                     req['service'].append(sr)
    785 
    786             # node resources if any
    787             if nodes != None and len(nodes) > 0:
    788                 rnodes = [ ]
    789                 for n in nodes:
    790                     rn = { }
    791                     image, hw, count = n.split(":")
    792                     if image: rn['image'] = [ image ]
    793                     if hw: rn['hardware'] = [ hw ]
    794                     if count and int(count) >0 : rn['count'] = int(count)
    795                     rnodes.append(rn)
    796                 req['resources']= { }
    797                 req['resources']['node'] = rnodes
    798 
    799             try:
    800                 if self.local_access.has_key(uri):
    801                     # Local access call
    802                     req = { 'RequestAccessRequestBody' : req }
    803                     r = self.local_access[uri].RequestAccess(req,
    804                             fedid(file=self.cert_file))
    805                     r = { 'RequestAccessResponseBody' : r }
    806                 else:
    807                     r = self.call_RequestAccess(uri, req,
    808                             self.cert_file, self.cert_pwd, self.trusted_certs)
    809             except service_error, e:
    810                 if e.code == service_error.access:
    811                     self.log.debug("[get_access] Access denied")
    812                     r = None
    813                     continue
    814                 else:
    815                     raise e
    816 
    817             if r.has_key('RequestAccessResponseBody'):
    818                 # Through to here we have a valid response, not a fault.
    819                 # Access denied is a fault, so something better or worse than
    820                 # access denied has happened.
    821                 r = r['RequestAccessResponseBody']
    822                 self.log.debug("[get_access] Access granted")
    823                 break
    824             else:
    825                 raise service_error(service_error.protocol,
    826                         "Bad proxy response")
    827        
    828         if not r:
    829             raise service_error(service_error.access,
    830                     "Access denied by %s (%s)" % (tb, uri))
    831 
    832         tbparam[tb] = {
    833                 "allocID" : r['allocID'],
    834                 "uri": uri,
    835                 }
    836 
    837         # Collect the responses corresponding to the services this testbed
    838         # exports.  These will be the service requests that we will include in
    839         # the start segment requests (with appropriate visibility values) to
    840         # import and export the segments.
    841         for s in r.get('service', []):
    842             id = s.get('id', None)
    843             if id and id in e_keys:
    844                 e_keys[id].reqs.append(s)
    845 
    846         # Add attributes to parameter space.  We don't allow attributes to
    847         # overlay any parameters already installed.
    848         for a in r.get('fedAttr', []):
    849             try:
    850                 if a['attribute'] and \
    851                         isinstance(a['attribute'], basestring)\
    852                         and not tbparam[tb].has_key(a['attribute'].lower()):
    853                     tbparam[tb][a['attribute'].lower()] = a['value']
    854             except KeyError:
    855                 self.log.error("Bad attribute in response: %s" % a)
    856706
    857707    def release_access(self, tb, aid, tbmap=None, uri=None, cert_file=None,
     
    13031153        return hosts, ips
    13041154
    1305     def get_access_to_testbeds(self, testbeds, access_user, allocated,
    1306             tbparams, masters, tbmap):
    1307         """
    1308         Request access to the various testbeds required for this instantiation
    1309         (passed in as testbeds).  User, access_user, expoert_project and master
    1310         are used to construct the correct requests.  Per-testbed parameters are
    1311         returned in tbparams.
    1312         """
    1313         for tb in testbeds:
    1314             self.get_access(tb, None, tbparams, access_user, masters, tbmap)
    1315             allocated[tb] = 1
    1316 
    1317     def get_abac_access_to_testbeds(self, testbeds, fid, allocated,
     1155    def get_access_to_testbeds(self, testbeds, fid, allocated,
    13181156            tbparam, masters, tbmap, expid=None, expcert=None):
    13191157        for tb in testbeds:
    1320             self.get_abac_access(tb, tbparam, fid, masters, tbmap, expid,
     1158            self.get_access(tb, tbparam, fid, masters, tbmap, expid,
    13211159                    expcert)
    13221160            allocated[tb] = 1
    13231161
    1324     def get_abac_access(self, tb, tbparam,fid, masters, tbmap, expid=None, expcert=None):
     1162    def get_access(self, tb, tbparam,fid, masters, tbmap, expid=None,
     1163            expcert=None):
    13251164        """
    13261165        Get access to testbed through fedd and set the parameters for that tb
     
    18201659
    18211660            if self.auth_type == 'legacy':
    1822                 self.get_access_to_testbeds(testbeds, access_user, allocated,
    1823                         tbparams, masters, tbmap)
     1661                self.get_legcay_access_to_testbeds(testbeds, access_user,
     1662                        allocated, tbparams, masters, tbmap)
    18241663            elif self.auth_type == 'abac':
    1825                 self.get_abac_access_to_testbeds(testbeds, fid, allocated,
     1664                self.get_access_to_testbeds(testbeds, fid, allocated,
    18261665                        tbparams, masters, tbmap, expid, expcert_file)
    18271666            else:
     
    18721711                #XXX: ABAC
    18731712                if self.auth_type =='legacy':
    1874                     self.get_access(tb, None, tbparams, access_user,
     1713                    self.get_legacy_access(tb, None, tbparams, access_user,
    18751714                            masters, tbmap)
    18761715                elif self.auth_type == 'abac':
    1877                     self.get_abac_access(tb, tbparams, fid, masters, tbmap,
     1716                    self.get_access(tb, tbparams, fid, masters, tbmap,
    18781717                            expid, expcert_file)
    18791718                else:
Note: See TracChangeset for help on using the changeset viewer.