Changeset 4ed10ae for fedd/fedd_access.py
- Timestamp:
- Nov 14, 2008 5:13:10 PM (15 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
- Children:
- afa43a8
- Parents:
- 2dafa0c
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/fedd_access.py
r2dafa0c r4ed10ae 38 38 dynamically. This implements both direct requests and proxies. 39 39 """ 40 41 class parse_error(RuntimeError): pass 40 42 41 43 bool_attrs = ("dynamic_projects", "project_priority") … … 82 84 self.fedid_category[fedid(hexstr=m.string)] = cat 83 85 else: 84 raise parse_error(\86 raise self.parse_error(\ 85 87 "Bad fedid in trust file (%s) line: %d" % \ 86 88 (trust, lineno)) … … 93 95 # Nothing matched - bad line, raise exception 94 96 f.close() 95 raise parse_error(\97 raise self.parse_error(\ 96 98 "Unparsable line in trustfile %s line %d" % (trust, lineno)) 97 99 f.close() … … 121 123 with a # are ignored. 122 124 123 Parsing errors result in a parse_error exception being raised.125 Parsing errors result in a self.parse_error exception being raised. 124 126 """ 125 127 lineno=0 … … 138 140 access_re = re.compile('\('+key_name+'\s*,\s*'+key_name+'\s*,\s*'+ 139 141 key_name+'\s*\)\s*->\s*\('+access_proj + '\s*,\s*' + 140 access_name + '\s* \)', re.IGNORECASE)142 access_name + '\s*,\s*' + access_name + '\s*\)', re.IGNORECASE) 141 143 142 144 def parse_name(n): … … 165 167 continue 166 168 167 # Access line (t, p, u) -> (ap, au) line169 # Access line (t, p, u) -> (ap, cu, su) line 168 170 m = access_re.match(line) 169 171 if m != None: … … 174 176 aps[0] = fedid(hexstr=aps[0]) 175 177 176 au = m.group(5)177 if au.startswith("fedid:"):178 au = fedid(hexstr=aus[len("fedid:"):]) 179 180 access_val = (access_project(aps[0], aps[1:]), au)178 cu = parse_name(m.group(5)) 179 su = parse_name(m.group(6)) 180 181 access_val = (access_project(aps[0], aps[1:]), 182 parse_name(m.group(5)), parse_name(m.group(6))) 181 183 182 184 self.access[access_key] = access_val … … 185 187 # Nothing matched to here: unknown line - raise exception 186 188 f.close() 187 raise parse_error("Unknown statement at line %d of %s" % \189 raise self.parse_error("Unknown statement at line %d of %s" % \ 188 190 (lineno, config)) 189 191 f.close() … … 287 289 if not config.has_option("access", "dynamic_projects_url"): 288 290 self.allocate_project = \ 289 fedd_allocate_project_local(self.dynamic_projects, 290 None, proj_certs) 291 fedd_allocate_project_local(config) 291 292 else: 292 293 self.allocate_project = \ 293 fedd_allocate_project_remote(self.dynamic_projects, 294 config.get("access", "dynamic_projects_url"), 295 proj_certs) 294 fedd_allocate_project_remote(config) 296 295 297 296 # If the project allocator exports services, put them in this object's … … 328 327 return None 329 328 330 def strip_unicode(self, obj):331 """Loosly de-unicode an object"""332 if isinstance(obj, dict):333 for k in obj.keys():334 obj[k] = self.strip_unicode(obj[k])335 return obj336 elif isinstance(obj, basestring):337 return str(obj)338 elif getattr(obj, "__iter__", None):339 return [ self.strip_unicode(x) for x in obj]340 else:341 return obj342 343 329 def proxy_xmlrpc_request(self, dt, req): 344 330 """Send an XMLRPC proxy request. Called if the SOAP RPC fails""" … … 360 346 else: url = str(dt) 361 347 362 r = copy.deepcopy(req) 363 self.strip_unicode(r) 348 r = strip_unicode(copy.deepcopy(req)) 364 349 365 350 transport = SSL_Transport(ctx) … … 517 502 # resolve <dynamic> and <same> in found 518 503 dyn_proj = False 519 dyn_user = False 504 dyn_create_user = False 505 dyn_service_user = False 520 506 521 507 if found[0].name == "<same>": … … 535 521 if found[1] == "<same>": 536 522 if user_match == "<any>": 537 if user != None: r u = user[0]523 if user != None: rcu = user[0] 538 524 else: raise service_error(\ 539 525 service_error.server_config, 540 526 "Matched <same> on anonymous request") 541 527 else: 542 r u = user_match528 rcu = user_match 543 529 elif found[1] == "<dynamic>": 544 r u = None545 dyn_ user = True530 rcu = None 531 dyn_create_user = True 546 532 547 return (rp, ru), (dyn_user, dyn_proj) 533 if found[2] == "<same>": 534 if user_match == "<any>": 535 if user != None: rsu = user[0] 536 else: raise service_error(\ 537 service_error.server_config, 538 "Matched <same> on anonymous request") 539 else: 540 rsu = user_match 541 elif found[2] == "<dynamic>": 542 rsu = None 543 dyn_service_user = True 544 545 return (rp, rcu, rsu), (dyn_create_user, dyn_service_user, dyn_proj) 548 546 549 547 def build_response(self, alloc_id, ap): … … 612 610 "Access denied (nodetypes %s)" % \ 613 611 str(', ').join(inaccessible)) 614 # XXX: This allocates a single user for both service and creation. 615 # This needs to be made more nuanced. 616 tmp_ssh = [ x['sshPubkey'] \ 617 for x in req['serviceAccess'] + req['createAccess'] \ 618 if x.has_key('sshPubkey')] 619 620 # Converting to a set collapses duplicates 621 ssh = set(tmp_ssh) 622 623 if len(ssh) > 0: 612 # These collect the keys for teh two roles into single sets, one 613 # for creation and one for service. The sets are a simple way to 614 # eliminate duplicates 615 create_ssh = set([ x['sshPubkey'] \ 616 for x in req['createAccess'] \ 617 if x.has_key('sshPubkey')]) 618 619 service_ssh = set([ x['sshPubkey'] \ 620 for x in req['serviceAccess'] \ 621 if x.has_key('sshPubkey')]) 622 623 if len(create_ssh) > 0 and len(service_ssh) >0: 624 624 if dyn[1]: 625 625 # Compose the dynamic project request … … 628 628 { 'project' : {\ 629 629 'user': [ \ 630 { 'access': [ { 'sshPubkey': s } ] } \ 631 for s in ssh ] \ 630 { \ 631 'access': [ { 'sshPubkey': s } \ 632 for s in service_ssh ], 633 'role': "serviceAccess",\ 634 }, \ 635 { \ 636 'access': [ { 'sshPubkey': s } \ 637 for s in create_ssh ], 638 'role': "experimentCreation",\ 639 }, \ 640 ], \ 632 641 }\ 633 642 }\ … … 641 650 else: 642 651 # XXX ssh key additions 643 ap = { 'project': \ 644 { 'name' : { 'localname' : found[0].name },\ 645 'user' : [ {\ 646 'userID': { 'localname' : found[1] }, \ 647 'access': [ { 'sshPubkey': s } for s in ssh]}\ 648 ]\ 652 preq = {'StaticProjectRequestBody' : \ 653 { 'project': \ 654 { 'name' : { 'localname' : found[0].name },\ 655 'user' : [ \ 656 {\ 657 'userID': { 'localname' : found[1] }, \ 658 'access': [ { 'sshPubkey': s } 659 for s in create_ssh ], 660 'role': 'experimentCreation'\ 661 },\ 662 {\ 663 'userID': { 'localname' : found[2] }, \ 664 'access': [ { 'sshPubkey': s } 665 for s in service_ssh ], 666 'role': 'serviceAccess'\ 667 },\ 668 ]}\ 649 669 }\ 650 670 } 671 if restricted != None and len(restricted) > 0: 672 preq['StaticProjectRequestBody']['resources'] = \ 673 [ {'node': { 'hardware' : [ h ] } } \ 674 for h in restricted ] 675 ap = self.allocate_project.static_project(preq) 651 676 else: 652 677 raise service_error(service_error.req,
Note: See TracChangeset
for help on using the changeset viewer.