- Timestamp:
- Mar 26, 2012 6:01:37 PM (13 years ago)
- Branches:
- compt_changes, master
- Children:
- 3bcb2eb
- Parents:
- 406f3b5
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/access_to_abac.py
r406f3b5 r5529264 280 280 help='do not accept delegated attributes with the ' +\ 281 281 'acting_for linking role') 282 self.add_option('--fed-root', dest='root', 283 help='add a rule to accept federated users from facilities ' +\ 284 'recognized by ROOT. This is a certificate file') 285 self.add_option('--fed-tuple', dest='ftuple', 286 help='a tuple into which to map federated ' + \ 287 'users about which we know nothing else.') 282 288 self.add_option('--no_auth', action='store_false', dest='create_auth', 283 289 default=True, help='do not create a full ABAC authorizer') … … 392 398 cert = None 393 399 400 fed_to_id = { } 401 if any((opts.root, opts.ftuple)) and not all ((opts.root, opts.ftuple)): 402 sys.exit('Either both or neither of --fed-root and ' + \ 403 '--fed-project must be specified') 404 elif opts.root: 405 try: 406 root_fedid = fedid(file=opts.root) 407 except EnvironmentError, e: 408 sys.exit('Bad --root: %s (%s)' % (e.strerror, e.filename or '?!')) 409 410 fed_tuple = tuple(opts.ftuple.split(',')) 411 fed_someuser_cred = \ 412 credential(me, 'some_feduser', 413 [attribute(root_fedid.get_hexstr(), 414 'fedfacility', 'feduser')]) 415 fed_user_cred = \ 416 credential(me, 'default_feduser', 417 [attribute(me.get_hexstr(), 418 'some_feduser', 'acting_for')]) 419 fed_access_cred = \ 420 credential(me, 'access', 421 [attribute(me.get_hexstr(), 'default_feduser')]) 422 423 fed_to_id[fed_tuple] = [fed_user_cred] 424 425 else: 426 # No fed-root or fed-tuple 427 fed_access_cred = None 428 fed_user_cred = None 429 fed_someuser_cred = None 430 394 431 # The try block makes sure that credentials split into tmp files are deleted 395 432 try: … … 401 438 print >> sys.stderr, "%s" % e 402 439 continue 403 404 440 except EnvironmentError, e: 405 441 print >>sys.stderr, "File error %s: %s" % \ … … 409 445 # Credential output 410 446 if opts.create_creds: 447 if fed_access_cred and fed_user_cred and fed_someuser_cred: 448 creds.add(fed_access_cred) 449 creds.add(fed_user_cred) 450 creds.add(fed_someuser_cred) 411 451 if all([cert, key, opts.dir]): 412 452 try: … … 426 466 else: 427 467 f = sys.stdout 428 for k, c in to_id.items() :468 for k, c in to_id.items() + fed_to_id.items(): 429 469 # Keys are either a single string or a tuple of them; join 430 470 # the tuples into a comma-separated string.
Note: See TracChangeset
for help on using the changeset viewer.