Changeset 416292f for fedd/federation


Ignore:
Timestamp:
Dec 4, 2008 10:18:30 PM (16 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
Children:
c3d5d53
Parents:
c3dcf48
Message:

Cleanup

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fedd/federation/access.py

    rc3dcf48 r416292f  
    3636    class parse_error(RuntimeError): pass
    3737
    38     bool_attrs = ("project_priority", "allow_proxy")
    39     emulab_attrs = ("boss", "ops", "domain", "fileserver", "eventserver")
    40     id_attrs = ("proxy",
    41             "proxy_cert_file", "proxy_cert_pwd", "proxy_trusted_certs",
    42             "project_allocation_uri", "project_allocation_cert_file",
    43             "project_allocation_cert_pwd", "project_allocation_trusted_certs")
    44     id_list_attrs = ("restricted",)
    4538
    4639    proxy_RequestAccess= service_caller('RequestAccess')
     
    5346
    5447        # Make sure that the configuration is in place
    55         if config:
    56             if not config.has_section("access"):
    57                 config.add_section("access")
    58             if not config.has_section("globals"):
    59                 config.add_section("globals")
    60         else:
     48        if not config:
    6149            raise RunTimeError("No config to fedd.access")
    6250
    63         # Create instance attributes from the static lists
    64         for a in access.bool_attrs:
    65             if config.has_option("access", a):
    66                 setattr(self, a, config.get("access", a))
    67             else:
    68                 setattr(self, a, False)
    69 
    70         for a in access.emulab_attrs + access.id_attrs:
    71             if config.has_option("access", a):
    72                 setattr(self, a, config.get("access",a))
    73             else:
    74                 setattr(self, a, None)
     51        self.project_priority = config.getboolean("access", "project_priority")
     52        self.allow_proxy = config.getboolean("access", "allow_proxy")
     53
     54        self.boss = config.get("access", "boss")
     55        self.ops = config.get("access", "ops")
     56        self.domain = config.get("access", "domain")
     57        self.fileserver = config.get("access", "fileserver")
     58        self.eventserver = config.get("access", "eventserver")
    7559
    7660        self.attrs = { }
    7761        self.access = { }
    7862        self.restricted = [ ]
    79         self.fedid_category = { }
    8063        self.projects = { }
    8164        self.keys = { }
     
    10790        self.state_filename = config.get("access", "access_state")
    10891        self.read_state()
    109         # Certs are promoted from the generic to the specific, so without a
    110         # specific proxy certificate, the main certificates are used for
    111         # proxy interactions. If no dynamic project certificates, then
    112         # proxy certs are used, and if none of those the main certs.
    113 
    114         if config.has_option("globals", "proxy_cert_file"):
    115             if not self.project_allocation_cert_file:
    116                 self.project_allocation_cert_file = \
    117                         config.get("globals", "proxy_cert_file")
    118                 if config.has_option("globals", "proxy_cert_pwd"):
    119                     self.project_allocation_cert_pwd = \
    120                             config.get("globals", "proxy_cert_pwd")
    121 
    122         if config.has_option("globals", "proxy_trusted_certs"):
    123             if not self.project_allocation_trusted_certs:
    124                 self.project_allocation_trusted_certs =\
    125                         config.get("globals", proxy_trusted_certs)
    126 
    127         if config.has_option("globals", "cert_file"):
    128             has_pwd = config.has_option("globals", "cert_pwd")
    129             if not self.project_allocation_cert_file:
    130                 self.project_allocation_cert_file = \
    131                         config.get("globals", "cert_file")
    132                 if has_pwd:
    133                     self.project_allocation_cert_pwd = \
    134                             config.get("globals", "cert_pwd")
    135             if not self.proxy_cert_file:
    136                 self.proxy_cert_file = config.get("globals", "cert_file")
    137                 if has_pwd:
    138                     self.proxy_cert_pwd = config.get("globals", "cert_pwd")
    139 
    140         if config.get("globals", "trusted_certs"):
    141             if not self.proxy_trusted_certs:
    142                 self.proxy_trusted_certs = \
    143                         config.get("globals", "trusted_certs")
    144             if not self.project_allocation_trusted_certs:
    145                 self.project_allocation_trusted_certs = \
    146                         config.get("globals", "trusted_certs")
    147 
    148         proj_certs = (self.project_allocation_cert_file,
    149                 self.project_allocation_trusted_certs,
    150                 self.project_allocation_cert_pwd)
     92
     93        # Keep cert_file and cert_pwd coming from the same place
     94        self.cert_file = config.get("access", "cert_file")
     95        if self.cert_file:
     96            self.sert_pwd = config.get("access", "cert_pw")
     97        else:
     98            self.cert_file = config.get("globals", "cert_file")
     99            self.sert_pwd = config.get("globals", "cert_pw")
     100
     101        self.trusted_certs = config.get("access", "trusted_certs") or \
     102                config.get("globals", "trusted_certs")
    151103
    152104        self.soap_services = {\
     
    275227                    (lineno, config))
    276228        f.close()
    277 
    278 
    279     def dump_state(self):
    280         """
    281         Dump the state read from a configuration file.  Mostly for debugging.
    282         """
    283         for a in access.bool_attrs:
    284             print "%s: %s" % (a, getattr(self, a ))
    285         for a in access.emulab_attrs + access.id_attrs:
    286             print "%s: %s" % (a, getattr(self, a))
    287         for k, v in self.attrs.iteritems():
    288             print "%s %s" % (k, v)
    289         print "Access DB:"
    290         for k, v in self.access.iteritems():
    291             print "%s %s" % (k, v)
    292         print "Trust DB:"
    293         for k, v in self.fedid_category.iteritems():
    294             print "%s %s" % (k, v)
    295         print "Restricted: %s" % str(',').join(sorted(self.restricted))
    296229
    297230    def get_users(self, obj):
     
    713646            if self.allow_proxy:
    714647                resp = self.proxy_RequestAccess.call_service(dt, req,
    715                             self.proxy_cert_file, self.proxy_cert_pwd,
    716                             self.proxy_trusted_certs)
     648                            self.cert_file, self.cert_pwd,
     649                            self.trusted_certs)
    717650                if resp.has_key('RequestAccessResponseBody'):
    718651                    return resp['RequestAccessResponseBody']
     
    823756            if self.allow_proxy:
    824757                resp = self.proxy_ReleaseAccess.call_service(dt, req,
    825                             self.proxy_cert_file, self.proxy_cert_pwd,
    826                             self.proxy_trusted_certs)
     758                            self.cert_file, self.cert_pwd,
     759                            self.trusted_certs)
    827760                if resp.has_key('ReleaseAccessResponseBody'):
    828761                    return resp['ReleaseAccessResponseBody']
Note: See TracChangeset for help on using the changeset viewer.