Changeset 3bddd24 for fedd


Ignore:
Timestamp:
Dec 8, 2009 5:45:03 PM (15 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master, version-3.01, version-3.02
Children:
99eb8cf
Parents:
7d2814a
Message:

moving toward credentials, and away from emulab specifics

Location:
fedd/federation
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/emulab_access.py

    r7d2814a r3bddd24  
    6868        self.certdir = config.get("access","certdir")
    6969        self.ssh_privkey_file = config.get("access","ssh_privkey_file")
     70        self.ssh_pubkey_file = config.get("access","ssh_pubkey_file")
    7071        self.create_debug = config.getboolean("access", "create_debug")
    7172        self.cleanup = not config.getboolean("access", "leave_tmpfiles")
     
    365366        The fedid is needed to construct the request
    366367        """
     368        user_re = re.compile("user:\s(.*)")
     369        project_re = re.compile("project:\s(.*)")
     370
    367371        # Search keys
    368372        tb = None
     
    373377        ru = None
    374378
    375         if req.has_key('project'):
    376             p = req['project']
    377             if p.has_key('name'):
    378                 project = unpack_id(p['name'])
    379             user = self.get_users(p)
    380         else:
    381             user = self.get_users(req)
     379        user = [ user_re.findall(x)[0] for x in req.get('credential', []) \
     380                if user_re.match(x)]
     381        project = [ project_re.findall(x)[0] \
     382                for x in req.get('credential', []) \
     383                    if project_re.match(x)]
     384
     385        if len(project) == 1: project = project[0]
     386        elif len(project) == 0: project = None
     387        else:
     388            raise service_error(service_error.req,
     389                    "More than one project credential")
     390
    382391
    383392        user_fedids = [ u for u in user if isinstance(u, fedid)]
     
    553562                            "Access denied (nodetypes %s)" % \
    554563                            str(', ').join(inaccessible))
    555             # These collect the keys for the two roles into single sets, one
    556             # for creation and one for service.  The sets are a simple way to
    557             # eliminate duplicates
    558             create_ssh = set([ x['sshPubkey'] \
    559                     for x in req['createAccess'] \
    560                         if x.has_key('sshPubkey')])
    561 
    562             service_ssh = set([ x['sshPubkey'] \
    563                     for x in req['serviceAccess'] \
    564                         if x.has_key('sshPubkey')])
     564
     565            # These were passed around before, but now are hidden from users
     566            # and configurators alike, beyond a configuration file entry.
     567            create_ssh = [ self.ssh_pubkey_file ]
     568            service_ssh = [ self.ssh_pubkey_file ]
    565569
    566570            if len(create_ssh) > 0 and len(service_ssh) >0:
  • fedd/federation/experiment_control.py

    r7d2814a r3bddd24  
    762762                req = {\
    763763                        'destinationTestbed' : { 'uri' : uri },
    764                         'project': {
    765                             'name': {'localname': p},
    766                             'user': [ {'userID': { 'localname': u } } ],
    767                             },
    768                         'user':  user,
     764                        'credential': [ "project: %s" % p, "user: %s"  % u],
    769765                        'allocID' : { 'localname': 'test' },
    770                         'createAccess' : [ { 'sshPubkey' : self.ssh_pubkey } ],
    771                         'serviceAccess' : service_keys
    772766                    }
    773767            else:
     
    775769                req = {\
    776770                        'destinationTestbed' : { 'uri' : uri },
     771                        'credential': [ 'user: %s' % u ],
    777772                        'user':  [ {'userID': { 'localname': u } } ],
    778773                        'allocID' : { 'localname': 'test' },
    779                         'createAccess' : [ { 'sshPubkey' : self.ssh_pubkey } ],
    780                         'serviceAccess' : service_keys
    781774                    }
    782775
Note: See TracChangeset for help on using the changeset viewer.