Changeset 416292f
- Timestamp:
- Dec 4, 2008 10:18:30 PM (16 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
- Children:
- c3d5d53
- Parents:
- c3dcf48
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/access.py
rc3dcf48 r416292f 36 36 class parse_error(RuntimeError): pass 37 37 38 bool_attrs = ("project_priority", "allow_proxy")39 emulab_attrs = ("boss", "ops", "domain", "fileserver", "eventserver")40 id_attrs = ("proxy",41 "proxy_cert_file", "proxy_cert_pwd", "proxy_trusted_certs",42 "project_allocation_uri", "project_allocation_cert_file",43 "project_allocation_cert_pwd", "project_allocation_trusted_certs")44 id_list_attrs = ("restricted",)45 38 46 39 proxy_RequestAccess= service_caller('RequestAccess') … … 53 46 54 47 # Make sure that the configuration is in place 55 if config: 56 if not config.has_section("access"): 57 config.add_section("access") 58 if not config.has_section("globals"): 59 config.add_section("globals") 60 else: 48 if not config: 61 49 raise RunTimeError("No config to fedd.access") 62 50 63 # Create instance attributes from the static lists 64 for a in access.bool_attrs: 65 if config.has_option("access", a): 66 setattr(self, a, config.get("access", a)) 67 else: 68 setattr(self, a, False) 69 70 for a in access.emulab_attrs + access.id_attrs: 71 if config.has_option("access", a): 72 setattr(self, a, config.get("access",a)) 73 else: 74 setattr(self, a, None) 51 self.project_priority = config.getboolean("access", "project_priority") 52 self.allow_proxy = config.getboolean("access", "allow_proxy") 53 54 self.boss = config.get("access", "boss") 55 self.ops = config.get("access", "ops") 56 self.domain = config.get("access", "domain") 57 self.fileserver = config.get("access", "fileserver") 58 self.eventserver = config.get("access", "eventserver") 75 59 76 60 self.attrs = { } 77 61 self.access = { } 78 62 self.restricted = [ ] 79 self.fedid_category = { }80 63 self.projects = { } 81 64 self.keys = { } … … 107 90 self.state_filename = config.get("access", "access_state") 108 91 self.read_state() 109 # Certs are promoted from the generic to the specific, so without a 110 # specific proxy certificate, the main certificates are used for 111 # proxy interactions. If no dynamic project certificates, then 112 # proxy certs are used, and if none of those the main certs. 113 114 if config.has_option("globals", "proxy_cert_file"): 115 if not self.project_allocation_cert_file: 116 self.project_allocation_cert_file = \ 117 config.get("globals", "proxy_cert_file") 118 if config.has_option("globals", "proxy_cert_pwd"): 119 self.project_allocation_cert_pwd = \ 120 config.get("globals", "proxy_cert_pwd") 121 122 if config.has_option("globals", "proxy_trusted_certs"): 123 if not self.project_allocation_trusted_certs: 124 self.project_allocation_trusted_certs =\ 125 config.get("globals", proxy_trusted_certs) 126 127 if config.has_option("globals", "cert_file"): 128 has_pwd = config.has_option("globals", "cert_pwd") 129 if not self.project_allocation_cert_file: 130 self.project_allocation_cert_file = \ 131 config.get("globals", "cert_file") 132 if has_pwd: 133 self.project_allocation_cert_pwd = \ 134 config.get("globals", "cert_pwd") 135 if not self.proxy_cert_file: 136 self.proxy_cert_file = config.get("globals", "cert_file") 137 if has_pwd: 138 self.proxy_cert_pwd = config.get("globals", "cert_pwd") 139 140 if config.get("globals", "trusted_certs"): 141 if not self.proxy_trusted_certs: 142 self.proxy_trusted_certs = \ 143 config.get("globals", "trusted_certs") 144 if not self.project_allocation_trusted_certs: 145 self.project_allocation_trusted_certs = \ 146 config.get("globals", "trusted_certs") 147 148 proj_certs = (self.project_allocation_cert_file, 149 self.project_allocation_trusted_certs, 150 self.project_allocation_cert_pwd) 92 93 # Keep cert_file and cert_pwd coming from the same place 94 self.cert_file = config.get("access", "cert_file") 95 if self.cert_file: 96 self.sert_pwd = config.get("access", "cert_pw") 97 else: 98 self.cert_file = config.get("globals", "cert_file") 99 self.sert_pwd = config.get("globals", "cert_pw") 100 101 self.trusted_certs = config.get("access", "trusted_certs") or \ 102 config.get("globals", "trusted_certs") 151 103 152 104 self.soap_services = {\ … … 275 227 (lineno, config)) 276 228 f.close() 277 278 279 def dump_state(self):280 """281 Dump the state read from a configuration file. Mostly for debugging.282 """283 for a in access.bool_attrs:284 print "%s: %s" % (a, getattr(self, a ))285 for a in access.emulab_attrs + access.id_attrs:286 print "%s: %s" % (a, getattr(self, a))287 for k, v in self.attrs.iteritems():288 print "%s %s" % (k, v)289 print "Access DB:"290 for k, v in self.access.iteritems():291 print "%s %s" % (k, v)292 print "Trust DB:"293 for k, v in self.fedid_category.iteritems():294 print "%s %s" % (k, v)295 print "Restricted: %s" % str(',').join(sorted(self.restricted))296 229 297 230 def get_users(self, obj): … … 713 646 if self.allow_proxy: 714 647 resp = self.proxy_RequestAccess.call_service(dt, req, 715 self. proxy_cert_file, self.proxy_cert_pwd,716 self. proxy_trusted_certs)648 self.cert_file, self.cert_pwd, 649 self.trusted_certs) 717 650 if resp.has_key('RequestAccessResponseBody'): 718 651 return resp['RequestAccessResponseBody'] … … 823 756 if self.allow_proxy: 824 757 resp = self.proxy_ReleaseAccess.call_service(dt, req, 825 self. proxy_cert_file, self.proxy_cert_pwd,826 self. proxy_trusted_certs)758 self.cert_file, self.cert_pwd, 759 self.trusted_certs) 827 760 if resp.has_key('ReleaseAccessResponseBody'): 828 761 return resp['ReleaseAccessResponseBody']
Note: See TracChangeset
for help on using the changeset viewer.