Context Navigation

-                      rfaea607
+                      r1d73342
 from synch_store import synch_store
 from experiment_partition import experiment_partition
+from experiment_control_legacy import experiment_control_legacy
 from authorizer import abac_authorizer
 from thread_pool import thread_pool, pooled_thread
 …
     needs_portal = ('SMB', 'seer', 'tmcd', 'project_export', 'seer_master')
 class experiment_control_local:
+class experiment_control_local(experiment_control_legacy):
     """
     Control of experiments that this system can directly access.
 …
     def gentopo(self, str):
         """
         Generate the topology dtat structure from the splitter's XML
+        Generate the topology data structure from the splitter's XML
         representation of it.
 …
         else: return None
-    def get_access(self, tb, nodes, tbparam, access_user, masters, tbmap):
-        """
-        Get access to testbed through fedd and set the parameters for that tb
-        """
-        def get_export_project(svcs):
-            """
-            Look through for the list of federated_service for this testbed
-            objects for a project_export service, and extract the project
-            parameter.
-            """
-            pe = [s for s in svcs if s.name=='project_export']
-            if len(pe) == 1:
-                return pe[0].params.get('project', None)
-            elif len(pe) == 0:
-                return None
-            else:
-                raise service_error(service_error.req,
-                        "More than one project export is not supported")
-        uri = tbmap.get(testbed_base(tb), None)
-        if not uri:
-            raise service_error(service_error.server_config,
-                    "Unknown testbed: %s" % tb)
-        export_svcs = masters.get(tb,[])
-        import_svcs = [ s for m in masters.values() \
-                for s in m \
-                    if tb in s.importers ]
-        export_project = get_export_project(export_svcs)
-        # Tweak search order so that if there are entries in access_user that
-        # have a project matching the export project, we try them first
-        if export_project:
-            access_sequence = [ (p, u) for p, u in access_user \
-                    if p == export_project]
-            access_sequence.extend([(p, u) for p, u in access_user \
-                    if p != export_project])
-        else:
-            access_sequence = access_user
-        for p, u in access_sequence:
-            self.log.debug(("[get_access] Attempting access from (%s, %s) " + \
-                    "to %s") %  ((p or "None"), u, uri))
-            if p:
-                # Request with user and project specified
-                req = {\
-                        'credential': [ "project: %s" % p, "user: %s"  % u],
+                    }
-            else:
-                # Request with only user specified
-                req = {\
-                        'credential': [ 'user: %s' % u ],
+                    }
-            # Make the service request from the services we're importing and
-            # exporting.  Keep track of the export request ids so we can
-            # collect the resulting info from the access response.
-            e_keys = { }
-            if import_svcs or export_svcs:
-                req['service'] = [ ]
-                for i, s in enumerate(import_svcs):
-                    idx = 'import%d' % i
-                    sr = {'id': idx, 'name': s.name, 'visibility': 'import' }
-                    if s.params:
-                        sr['fedAttr'] = [ { 'attribute': k, 'value': v } \
-                                for k, v in s.params.items()]
-                    req['service'].append(sr)
-                for i, s in enumerate(export_svcs):
-                    idx = 'export%d' % i
-                    e_keys[idx] = s
-                    sr = {'id': idx, 'name': s.name, 'visibility': 'export' }
-                    if s.params:
-                        sr['fedAttr'] = [ { 'attribute': k, 'value': v }
-                                for k, v in s.params.items()]
-                    req['service'].append(sr)
-            # node resources if any
-            if nodes != None and len(nodes) > 0:
-                rnodes = [ ]
-                for n in nodes:
-                    rn = { }
-                    image, hw, count = n.split(":")
-                    if image: rn['image'] = [ image ]
-                    if hw: rn['hardware'] = [ hw ]
-                    if count and int(count) >0 : rn['count'] = int(count)
-                    rnodes.append(rn)
-                req['resources']= { }
-                req['resources']['node'] = rnodes
-            try:
-                if self.local_access.has_key(uri):
-                    # Local access call
-                    req = { 'RequestAccessRequestBody' : req }
-                    r = self.local_access[uri].RequestAccess(req,
-                            fedid(file=self.cert_file))
-                    r = { 'RequestAccessResponseBody' : r }
-                else:
-                    r = self.call_RequestAccess(uri, req,
-                            self.cert_file, self.cert_pwd, self.trusted_certs)
-            except service_error, e:
-                if e.code == service_error.access:
-                    self.log.debug("[get_access] Access denied")
-                    r = None
-                    continue
-                else:
-                    raise e
-            if r.has_key('RequestAccessResponseBody'):
-                # Through to here we have a valid response, not a fault.
-                # Access denied is a fault, so something better or worse than
-                # access denied has happened.
-                r = r['RequestAccessResponseBody']
-                self.log.debug("[get_access] Access granted")
-                break
-            else:
-                raise service_error(service_error.protocol,
-                        "Bad proxy response")
-        if not r:
-            raise service_error(service_error.access,
-                    "Access denied by %s (%s)" % (tb, uri))
-        tbparam[tb] = {
-                "allocID" : r['allocID'],
-                "uri": uri,
+                }
-        # Collect the responses corresponding to the services this testbed
-        # exports.  These will be the service requests that we will include in
-        # the start segment requests (with appropriate visibility values) to
-        # import and export the segments.
-        for s in r.get('service', []):
-            id = s.get('id', None)
-            if id and id in e_keys:
-                e_keys[id].reqs.append(s)
-        # Add attributes to parameter space.  We don't allow attributes to
-        # overlay any parameters already installed.
-        for a in r.get('fedAttr', []):
-            try:
-                if a['attribute'] and \
-                        isinstance(a['attribute'], basestring)\
-                        and not tbparam[tb].has_key(a['attribute'].lower()):
-                    tbparam[tb][a['attribute'].lower()] = a['value']
-            except KeyError:
-                self.log.error("Bad attribute in response: %s" % a)
     def release_access(self, tb, aid, tbmap=None, uri=None, cert_file=None,
 …
         return hosts, ips
+    def get_access_to_testbeds(self, testbeds, access_user, allocated,
+            tbparams, masters, tbmap):
+        """
+        Request access to the various testbeds required for this instantiation
+        (passed in as testbeds).  User, access_user, expoert_project and master
+        are used to construct the correct requests.  Per-testbed parameters are
+        returned in tbparams.
+        """
+        for tb in testbeds:
+            self.get_access(tb, None, tbparams, access_user, masters, tbmap)
+            allocated[tb] = 1
+    def get_abac_access_to_testbeds(self, testbeds, fid, allocated,
+    def get_access_to_testbeds(self, testbeds, fid, allocated,
             tbparam, masters, tbmap, expid=None, expcert=None):
         for tb in testbeds:
             self.get_abac_access(tb, tbparam, fid, masters, tbmap, expid,
+            self.get_access(tb, tbparam, fid, masters, tbmap, expid,
                     expcert)
             allocated[tb] = 1
+    def get_abac_access(self, tb, tbparam,fid, masters, tbmap, expid=None, expcert=None):
+    def get_access(self, tb, tbparam,fid, masters, tbmap, expid=None,
+            expcert=None):
         """
         Get access to testbed through fedd and set the parameters for that tb
 …
             if self.auth_type == 'legacy':
                 self.get_access_to_testbeds(testbeds, access_user, allocated,
                         tbparams, masters, tbmap)
+                self.get_legcay_access_to_testbeds(testbeds, access_user,
+                        allocated, tbparams, masters, tbmap)
             elif self.auth_type == 'abac':
                 self.get_abac_access_to_testbeds(testbeds, fid, allocated,
+                self.get_access_to_testbeds(testbeds, fid, allocated,
                         tbparams, masters, tbmap, expid, expcert_file)
             else:
 …
                 #XXX: ABAC
                 if self.auth_type =='legacy':
                     self.get_access(tb, None, tbparams, access_user,
+                    self.get_legacy_access(tb, None, tbparams, access_user,
                             masters, tbmap)
                 elif self.auth_type == 'abac':
                     self.get_abac_access(tb, tbparams, fid, masters, tbmap,
+                    self.get_access(tb, tbparams, fid, masters, tbmap,
                             expid, expcert_file)
                 else:

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1d73342

Legend:

fedd/federation/experiment_control.py

Download in other formats: