Changeset 1d73342 for fedd/federation
- Timestamp:
- Dec 3, 2010 5:58:00 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 63c6664
- Parents:
- faea607
- Location:
- fedd/federation
- Files:
-
- 1 added
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/experiment_control.py
rfaea607 r1d73342 31 31 from synch_store import synch_store 32 32 from experiment_partition import experiment_partition 33 from experiment_control_legacy import experiment_control_legacy 33 34 from authorizer import abac_authorizer 34 35 from thread_pool import thread_pool, pooled_thread … … 72 73 needs_portal = ('SMB', 'seer', 'tmcd', 'project_export', 'seer_master') 73 74 74 class experiment_control_local :75 class experiment_control_local(experiment_control_legacy): 75 76 """ 76 77 Control of experiments that this system can directly access. … … 535 536 def gentopo(self, str): 536 537 """ 537 Generate the topology d tatstructure from the splitter's XML538 Generate the topology data structure from the splitter's XML 538 539 representation of it. 539 540 … … 703 704 else: return None 704 705 705 def get_access(self, tb, nodes, tbparam, access_user, masters, tbmap):706 """707 Get access to testbed through fedd and set the parameters for that tb708 """709 def get_export_project(svcs):710 """711 Look through for the list of federated_service for this testbed712 objects for a project_export service, and extract the project713 parameter.714 """715 716 pe = [s for s in svcs if s.name=='project_export']717 if len(pe) == 1:718 return pe[0].params.get('project', None)719 elif len(pe) == 0:720 return None721 else:722 raise service_error(service_error.req,723 "More than one project export is not supported")724 725 uri = tbmap.get(testbed_base(tb), None)726 if not uri:727 raise service_error(service_error.server_config,728 "Unknown testbed: %s" % tb)729 730 export_svcs = masters.get(tb,[])731 import_svcs = [ s for m in masters.values() \732 for s in m \733 if tb in s.importers ]734 735 export_project = get_export_project(export_svcs)736 737 # Tweak search order so that if there are entries in access_user that738 # have a project matching the export project, we try them first739 if export_project:740 access_sequence = [ (p, u) for p, u in access_user \741 if p == export_project]742 access_sequence.extend([(p, u) for p, u in access_user \743 if p != export_project])744 else:745 access_sequence = access_user746 747 for p, u in access_sequence:748 self.log.debug(("[get_access] Attempting access from (%s, %s) " + \749 "to %s") % ((p or "None"), u, uri))750 751 if p:752 # Request with user and project specified753 req = {\754 'credential': [ "project: %s" % p, "user: %s" % u],755 }756 else:757 # Request with only user specified758 req = {\759 'credential': [ 'user: %s' % u ],760 }761 762 # Make the service request from the services we're importing and763 # exporting. Keep track of the export request ids so we can764 # collect the resulting info from the access response.765 e_keys = { }766 if import_svcs or export_svcs:767 req['service'] = [ ]768 769 for i, s in enumerate(import_svcs):770 idx = 'import%d' % i771 sr = {'id': idx, 'name': s.name, 'visibility': 'import' }772 if s.params:773 sr['fedAttr'] = [ { 'attribute': k, 'value': v } \774 for k, v in s.params.items()]775 req['service'].append(sr)776 777 for i, s in enumerate(export_svcs):778 idx = 'export%d' % i779 e_keys[idx] = s780 sr = {'id': idx, 'name': s.name, 'visibility': 'export' }781 if s.params:782 sr['fedAttr'] = [ { 'attribute': k, 'value': v }783 for k, v in s.params.items()]784 req['service'].append(sr)785 786 # node resources if any787 if nodes != None and len(nodes) > 0:788 rnodes = [ ]789 for n in nodes:790 rn = { }791 image, hw, count = n.split(":")792 if image: rn['image'] = [ image ]793 if hw: rn['hardware'] = [ hw ]794 if count and int(count) >0 : rn['count'] = int(count)795 rnodes.append(rn)796 req['resources']= { }797 req['resources']['node'] = rnodes798 799 try:800 if self.local_access.has_key(uri):801 # Local access call802 req = { 'RequestAccessRequestBody' : req }803 r = self.local_access[uri].RequestAccess(req,804 fedid(file=self.cert_file))805 r = { 'RequestAccessResponseBody' : r }806 else:807 r = self.call_RequestAccess(uri, req,808 self.cert_file, self.cert_pwd, self.trusted_certs)809 except service_error, e:810 if e.code == service_error.access:811 self.log.debug("[get_access] Access denied")812 r = None813 continue814 else:815 raise e816 817 if r.has_key('RequestAccessResponseBody'):818 # Through to here we have a valid response, not a fault.819 # Access denied is a fault, so something better or worse than820 # access denied has happened.821 r = r['RequestAccessResponseBody']822 self.log.debug("[get_access] Access granted")823 break824 else:825 raise service_error(service_error.protocol,826 "Bad proxy response")827 828 if not r:829 raise service_error(service_error.access,830 "Access denied by %s (%s)" % (tb, uri))831 832 tbparam[tb] = {833 "allocID" : r['allocID'],834 "uri": uri,835 }836 837 # Collect the responses corresponding to the services this testbed838 # exports. These will be the service requests that we will include in839 # the start segment requests (with appropriate visibility values) to840 # import and export the segments.841 for s in r.get('service', []):842 id = s.get('id', None)843 if id and id in e_keys:844 e_keys[id].reqs.append(s)845 846 # Add attributes to parameter space. We don't allow attributes to847 # overlay any parameters already installed.848 for a in r.get('fedAttr', []):849 try:850 if a['attribute'] and \851 isinstance(a['attribute'], basestring)\852 and not tbparam[tb].has_key(a['attribute'].lower()):853 tbparam[tb][a['attribute'].lower()] = a['value']854 except KeyError:855 self.log.error("Bad attribute in response: %s" % a)856 706 857 707 def release_access(self, tb, aid, tbmap=None, uri=None, cert_file=None, … … 1303 1153 return hosts, ips 1304 1154 1305 def get_access_to_testbeds(self, testbeds, access_user, allocated, 1306 tbparams, masters, tbmap): 1307 """ 1308 Request access to the various testbeds required for this instantiation 1309 (passed in as testbeds). User, access_user, expoert_project and master 1310 are used to construct the correct requests. Per-testbed parameters are 1311 returned in tbparams. 1312 """ 1313 for tb in testbeds: 1314 self.get_access(tb, None, tbparams, access_user, masters, tbmap) 1315 allocated[tb] = 1 1316 1317 def get_abac_access_to_testbeds(self, testbeds, fid, allocated, 1155 def get_access_to_testbeds(self, testbeds, fid, allocated, 1318 1156 tbparam, masters, tbmap, expid=None, expcert=None): 1319 1157 for tb in testbeds: 1320 self.get_a bac_access(tb, tbparam, fid, masters, tbmap, expid,1158 self.get_access(tb, tbparam, fid, masters, tbmap, expid, 1321 1159 expcert) 1322 1160 allocated[tb] = 1 1323 1161 1324 def get_abac_access(self, tb, tbparam,fid, masters, tbmap, expid=None, expcert=None): 1162 def get_access(self, tb, tbparam,fid, masters, tbmap, expid=None, 1163 expcert=None): 1325 1164 """ 1326 1165 Get access to testbed through fedd and set the parameters for that tb … … 1820 1659 1821 1660 if self.auth_type == 'legacy': 1822 self.get_ access_to_testbeds(testbeds, access_user, allocated,1823 tbparams, masters, tbmap)1661 self.get_legcay_access_to_testbeds(testbeds, access_user, 1662 allocated, tbparams, masters, tbmap) 1824 1663 elif self.auth_type == 'abac': 1825 self.get_a bac_access_to_testbeds(testbeds, fid, allocated,1664 self.get_access_to_testbeds(testbeds, fid, allocated, 1826 1665 tbparams, masters, tbmap, expid, expcert_file) 1827 1666 else: … … 1872 1711 #XXX: ABAC 1873 1712 if self.auth_type =='legacy': 1874 self.get_ access(tb, None, tbparams, access_user,1713 self.get_legacy_access(tb, None, tbparams, access_user, 1875 1714 masters, tbmap) 1876 1715 elif self.auth_type == 'abac': 1877 self.get_a bac_access(tb, tbparams, fid, masters, tbmap,1716 self.get_access(tb, tbparams, fid, masters, tbmap, 1878 1717 expid, expcert_file) 1879 1718 else:
Note: See TracChangeset
for help on using the changeset viewer.