Changeset 66bb590
- Timestamp:
- Dec 10, 2010 9:03:35 AM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 52b6ebc
- Parents:
- 913dc7a (diff), 8d5394e (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Location:
- fedd
- Files:
-
- 19 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/access_to_abac.py
r8d5394e r66bb590 12 12 from federation.fedid import fedid 13 13 from federation.authorizer import abac_authorizer 14 from federation.util import abac_split_cert, abac_pem_type 14 from federation.util import abac_split_cert, abac_pem_type, file_expanding_opts 15 15 16 16 … … 224 224 225 225 226 class access_opts( OptionParser):226 class access_opts(file_expanding_opts): 227 227 ''' 228 228 Parse the options for this program. Most are straightforward, but the … … 247 247 248 248 def __init__(self): 249 OptionParser.__init__(self, usage='%prog [opts] file [...]')249 file_expanding_opts.__init__(self, usage='%prog [opts] file [...]') 250 250 self.add_option('--cert', dest='cert', default=None, 251 type='str', action='callback', callback=self.expand_file, 251 252 help='my fedid as an X.509 certificate') 252 253 self.add_option('--key', dest='key', default=None, 254 type='str', action='callback', callback=self.expand_file, 253 255 help='key for the certificate') 254 256 self.add_option('--dir', dest='dir', default=None, 257 type='str', action='callback', callback=self.expand_file, 255 258 help='Output directory for credentials') 256 259 self.add_option('--type', action='callback', nargs=1, type='str', … … 263 266 default=False, 264 267 help='Do not print credential to local attribute map') 265 self.add_option('--create -creds', action='store_true',268 self.add_option('--create_creds', action='store_true', 266 269 dest='create_creds', default=False, 267 270 help='create credentials for rules. Requires ' + \ 268 271 '--cert, --key, and --dir to be given.') 269 272 self.add_option('--file', dest='file', default=None, 273 type='str', action='callback', callback=self.expand_file, 270 274 help='Access DB to parse. If this is present, ' + \ 271 275 'omit the positional filename') 272 276 self.add_option('--mapfile', dest='map', default=None, 277 type='str', action='callback', callback=self.expand_file, 273 278 help='File for the attribute to local authorization data') 274 279 self.add_option('--no-delegate', action='store_false', dest='delegate', -
fedd/cert_to_fedid.py
r8d5394e r66bb590 3 3 import sys, os 4 4 import subprocess, tempfile 5 import os.path 5 6 6 7 from string import join 7 from optparse import OptionParser 8 from federation.util import abac_pem_type, abac_split_cert 8 from federation.util import abac_pem_type, abac_split_cert, file_expanding_opts 9 9 10 class Parser( OptionParser):10 class Parser(file_expanding_opts): 11 11 def __init__(self): 12 OptionParser.__init__(self, usage='%prog [options]')12 file_expanding_opts.__init__(self, usage='%prog [options]') 13 13 self.add_option('--out', dest='out', help='destination file', 14 action='callback', callback=self.expand_file, type='str', 14 15 default='./cert.pem') 15 16 self.add_option('--debug', dest='debug', action='store_true', -
fedd/confirm_sshkey.py
r8d5394e r66bb590 3 3 import os, sys 4 4 import MySQLdb 5 from optparse import OptionParser5 from federation.util import file_expanding_opts 6 6 7 7 8 class opt_parser( OptionParser):8 class opt_parser(file_expanding_opts): 9 9 def __init__(self): 10 10 OptionParser.__init__(self, usage="%prog [opts] (--help for details)", … … 12 12 self.add_option('-u', '--user', dest='user', action='store', 13 13 default=None, help="User to confirm key of") 14 self.add_option('-f', '--keyfile', dest='keyfile', action='store', 14 self.add_option('-f', '--keyfile', dest='keyfile', 15 action='callback', callback=self.expand_file, type='str', 15 16 default=None, help="file containing pubkey to confirm") 16 self.add_option('-k', '--key', dest='key', 17 default=None, action='store',17 self.add_option('-k', '--key', dest='key', default=None, 18 action='callback', callback=self.expand_file, type='str', 18 19 help='Key on the command line') 19 20 self.add_option('-q', '--quiet', dest='verbose', action='store_false', -
fedd/creddy_split.py
r8d5394e r66bb590 5 5 import os 6 6 7 from optparse import OptionParser 8 from federation.util import abac_split_cert, abac_pem_type 7 from federation.util import abac_split_cert, abac_pem_type, file_expanding_opts 9 8 10 9 # Options 11 class Parser( OptionParser):10 class Parser(file_expanding_opts): 12 11 def __init__(self): 13 OptionParser.__init__(self, usage="%prog [options] file.pem")12 file_expanding_opts.__init__(self, usage="%prog [options] file.pem") 14 13 self.add_option('--cert', dest='cert', default='./cert.pem', 14 action='callback', callback=self.expand_file, type='str', 15 15 help='File to extract certificate into, default: [%default]') 16 16 self.add_option('--key', dest='key', default='./key.pem', 17 action='callback', callback=self.expand_file, type='str', 17 18 help='File to extract key into, default: [%default]') 18 19 self.add_option('--force', action='store_true', dest='force', -
fedd/fedd.py
r8d5394e r66bb590 7 7 from federation import config_parser 8 8 from federation.server import server, xmlrpc_handler, soap_handler 9 from federation.util import fedd_ssl_context 9 from federation.util import fedd_ssl_context, file_expanding_opts 10 10 from federation.deter_impl import new_feddservice 11 11 … … 18 18 import logging 19 19 import M2Crypto 20 21 class fedd_opts(OptionParser): 20 import os.path 21 22 class fedd_opts(file_expanding_opts): 22 23 """Encapsulate option processing in this class, rather than in main""" 24 23 25 def __init__(self): 24 OptionParser.__init__(self, usage="%prog [opts] (--help for details)", 26 file_expanding_opts.__init__(self, 27 usage="%prog [opts] (--help for details)", 25 28 version="0.1") 26 29 … … 29 32 self.add_option("-d", "--debug", action="count", dest="debug", 30 33 help="Set debug. Repeat for more information") 31 self.add_option("-f", "--configfile", action="store", 34 self.add_option("-f", "--configfile", action="callback", 35 callback=self.expand_file, type='str', 32 36 default="/usr/local/etc/fedd.conf", 33 dest="configfile", help="Configuration file (required)")37 dest="configfile", help="Configuration file") 34 38 self.add_option("-l", "--logfile", action="store", dest="logfile", 35 39 help="File to send log messages to") -
fedd/fedd_create.py
r8d5394e r66bb590 26 26 client_opts.__init__(self) 27 27 self.add_option("--experiment_cert", dest="out_certfile", 28 action="callback", callback=self.expand_file, 28 29 type="string", help="output certificate file") 29 30 self.add_option("--experiment_name", dest="exp_name", 30 31 type="string", help="Suggested experiment name") 31 self.add_option("--file", dest="file", 32 self.add_option("--file", dest="file", action="callback", 33 callback=self.expand_file, type="str", 32 34 help="experiment description file") 33 35 self.add_option("--project", action="store", dest="project", -
fedd/fedd_ftopo.py
r8d5394e r66bb590 12 12 client_opts.__init__(self) 13 13 self.add_option("--experiment_cert", dest="exp_certfile", 14 type="string", help="experiment certificate file") 14 action='callback', callback=self.expand_file, type='str', 15 help="experiment certificate file") 15 16 self.add_option("--experiment_name", dest="exp_name", 16 17 type="string", help="human readable experiment name") -
fedd/fedd_image.py
r8d5394e r66bb590 17 17 client_opts.__init__(self) 18 18 self.add_option("--experiment_cert", dest="exp_certfile", 19 type="string", help="experiment certificate file") 19 action='callback', callback=self.expand_file, type='str', 20 help="experiment certificate file") 20 21 self.add_option("--experiment_name", dest="exp_name", 21 22 type="string", help="human readable experiment name") 22 self.add_option("--output", dest="outfile", type="string", 23 self.add_option("--output", dest="outfile", 24 action='callback', callback=self.expand_file, type='str', 23 25 help="output image file") 24 26 self.add_option("--format", dest="format", type="choice", … … 38 40 help="Size of output in pixels (diagrams are square") 39 41 self.add_option("--file", dest="file", 42 action='callback', callback=self.expand_file, type='str', 40 43 help="experiment description file") 41 44 self.add_option("--group", dest="group", action="append", default=[], -
fedd/fedd_info.py
r8d5394e r66bb590 11 11 client_opts.__init__(self) 12 12 self.add_option("--experiment_cert", dest="exp_certfile", 13 type="string", help="experiment certificate file") 13 action='callback', callback=self.expand_file, type='str', 14 help="experiment certificate file") 14 15 self.add_option("--experiment_name", dest="exp_name", 15 16 type="string", help="human readable experiment name") -
fedd/fedd_new.py
r8d5394e r66bb590 14 14 client_opts.__init__(self) 15 15 self.add_option("--experiment_cert", dest="out_certfile", 16 type="string", help="output certificate file") 16 action='callback', callback=self.expand_file, type='str', 17 help="output certificate file") 17 18 self.add_option("--experiment_name", dest="exp_name", 18 19 type="string", help="Suggested experiment name") -
fedd/fedd_ns2topdl.py
r8d5394e r66bb590 12 12 client_opts.__init__(self) 13 13 self.add_option("--file", dest="file", 14 action='callback', callback=self.expand_file, type='str', 14 15 help="experiment description file") 15 16 self.add_option("--output", dest="outfile", type="string", -
fedd/fedd_spewlog.py
r8d5394e r66bb590 12 12 client_opts.__init__(self) 13 13 self.add_option("--experiment_cert", dest="exp_certfile", 14 type="string", help="experiment name certificate file") 14 action='callback', callback=self.expand_file, type='str', 15 help="experiment name certificate file") 15 16 self.add_option("--experiment_name", dest="exp_name", 16 17 type="string", help="human readable experiment name") 17 18 self.add_option("--logfile", dest="logfile", default=None, 19 action='callback', callback=self.expand_file, type='str', 18 20 help="File to write log to") 19 21 self.add_option('--update_time', dest='update', type='int', default=10, -
fedd/fedd_terminate.py
r8d5394e r66bb590 12 12 client_opts.__init__(self) 13 13 self.add_option("--experiment_cert", dest="exp_certfile", 14 type="string", help="experiment certificate file") 14 action='callback', callback=self.expand_file, type='str', 15 help="experiment certificate file") 15 16 self.add_option("--experiment_name", dest="exp_name", 16 17 type="string", help="human readable experiment name") … … 19 20 help="Force termination if experiment is in strange state") 20 21 self.add_option("--logfile", dest="logfile", default=None, 22 action='callback', callback=self.expand_file, type='str', 21 23 help="File to write log to") 22 24 self.add_option("--print_log", dest="print_log", default=False, -
fedd/fedd_to_abac.py
r8d5394e r66bb590 9 9 10 10 from string import join 11 from optparse import OptionParser12 11 13 from federation.util import abac_pem_type, abac_split_cert 12 from federation.util import abac_pem_type, abac_split_cert, file_expanding_opts 14 13 15 class Parser( OptionParser):14 class Parser(file_expanding_opts): 16 15 def __init__(self): 17 OptionParser.__init__(self)16 file_expanding_opts.__init__(self) 18 17 self.add_option('--cert', dest='cert', default=None, 18 action='callback', callback=self.expand_file, type='str', 19 19 help='my fedid as an X.509 certificate') 20 20 self.add_option('--key', dest='key', default=None, 21 action='callback', callback=self.expand_file, type='str', 21 22 help='key for the certificate') 22 23 self.add_option('--dir', dest='dir', default=None, 24 action='callback', callback=self.expand_file, type='str', 23 25 help='Output directory for credentials') 24 26 self.add_option('--make-dir', action='store_true', dest='make_dir', -
fedd/federation/client_lib.py
r8d5394e r66bb590 10 10 11 11 from fedid import fedid 12 from util import fedd_ssl_context 12 from util import fedd_ssl_context, file_expanding_opts 13 13 from remote_service import service_caller 14 14 from service_error import service_error … … 17 17 18 18 19 class client_opts( OptionParser):19 class client_opts(file_expanding_opts): 20 20 """ 21 21 Standatd set of options that all clients talking to fedd can probably use. 22 22 Client code usually specializes this. 23 23 """ 24 24 25 def __init__(self): 25 OptionParser.__init__(self, usage="%prog [opts] (--help for details)", 26 file_expanding_opts.__init__(self, 27 usage="%prog [opts] (--help for details)", 26 28 version="0.1") 27 29 28 self.add_option("--cert", action="store", dest="cert", 30 self.add_option("--cert", action="callback", dest="cert", 31 callback=self.expand_file, 29 32 type="string", help="my certificate file") 30 self.add_option("--abac", action="store", dest="abac_dir", 31 type="string", help="Directory with abac certs") 33 self.add_option("--abac", action="callback", dest="abac_dir", 34 callback=self.expand_file, 35 type="string", default=os.path.expanduser('~/.abac'), 36 help="Directory with abac certs") 37 self.add_option('--no_abac', action='store_const', const=None, 38 dest='abac_dir', help='Do not use abac authorization') 32 39 self.add_option( "--debug", action="count", dest="debug", 33 40 default=0, help="Set debug. Repeat for more information") … … 35 42 dest="serialize_only", default=False, 36 43 help="Print the SOAP request that would be sent and exit") 37 self.add_option("--trusted", action="store", dest="trusted", 44 self.add_option("--trusted", action="callback", dest="trusted", 45 callback=self.expand_file, 38 46 type="string", help="Trusted certificates (required)") 39 47 self.add_option("--url", action="store", dest="url", … … 98 106 ''' 99 107 rv = [ ] 100 if dir :108 if dir and os.path.isdir(dir): 101 109 for fn in ["%s/%s" % (dir, p) for p in os.listdir(dir) \ 102 110 if os.path.isfile("%s/%s" % (dir,p))]: -
fedd/federation/experiment_control.py
r8d5394e r66bb590 1062 1062 else: e.software = s 1063 1063 1064 def append_experiment_authorization(self, expid, attrs, 1065 need_state_lock=True): 1066 """ 1067 Append the authorization information to system state 1068 """ 1069 1070 for p, a in attrs: 1071 self.auth.set_attribute(p, a) 1072 self.auth.save() 1073 1074 if need_state_lock: self.state_lock.acquire() 1075 self.state[expid]['auth'].update(attrs) 1076 if self.state_filename: self.write_state() 1077 if need_state_lock: self.state_lock.release() 1078 1079 def clear_experiment_authorizaton(self, expid, need_state_lock=True): 1080 """ 1081 Attrs is a set of attribute principal pairs that need to be removed 1082 from the authenticator. Remove them and save the authenticator. 1083 """ 1084 1085 for p, a in attrs: 1086 self.auth.unset_attribute(p, a) 1087 self.auth.save() 1088 1089 if need_state_lock: self.state_lock.acquire() 1090 self.state[expid]['auth'] = set() 1091 if self.state_filename: self.write_state() 1092 if need_state_lock: self.state_lock.release() 1093 1064 1094 1065 1095 def create_experiment_state(self, fid, req, expid, expcert, … … 1087 1117 status = self.state[eid].get('experimentStatus', None) 1088 1118 if status and status == 'failed': 1089 # remove the old access attribute 1090 self. auth.unset_attribute(fid, old_expid)1091 self.auth.save()1119 # remove the old access attributes 1120 self.clear_experiment_authorization(self.state[eid]['auth'], 1121 need_state_lock=False) 1092 1122 overwrite = True 1093 1123 del self.state[eid] … … 1105 1135 'owner': fid, 1106 1136 'log' : [], 1137 'auth': set(), 1107 1138 } 1108 1139 self.state[expid] = self.state[eid] 1109 1110 1140 if self.state_filename: self.write_state() 1141 self.state_lock.release() 1111 1142 else: 1112 1143 eid = self.exp_stem … … 1126 1157 'owner': fid, 1127 1158 'log' : [], 1159 'auth': set(), 1128 1160 } 1129 1161 self.state[expid] = self.state[eid] 1130 if self.state_filename: self.write_state() 1131 self.state_lock.release() 1162 if self.state_filename: self.write_state() 1163 self.state_lock.release() 1164 1165 # Let users touch the state. Authorize this fid and the expid itself 1166 # to touch the experiment, as well as allowing th eoverrides. 1167 self.append_experiment_authorization(eid, 1168 set([(fid, expid), (expid,expid)] + \ 1169 [ (o, expid) for o in self.overrides])) 1132 1170 1133 1171 return eid … … 1362 1400 "Cannot create software directory: %s" % e) 1363 1401 # The actual copying. Everything's converted into a url for copying. 1402 auth_attrs = set() 1364 1403 for pkg in pkgs: 1365 1404 loc = pkg … … 1394 1433 ( self.repo_url, path, dest) 1395 1434 1396 # Allow the individual segments to access the software. 1397 for tb in tbparams.keys(): 1398 self.auth.set_attribute(tbparams[tb]['allocID']['fedid'], 1399 "/%s/%s" % ( path, dest)) 1400 self.auth.save() 1435 # Allow the individual segments to access the software by assigning 1436 # an attribute to each testbed allocation that encodes the data to 1437 # be released. This expression collects the data for each run of 1438 # the loop. 1439 auth_attrs.update([ 1440 (tbparams[tb]['allocID']['fedid'], "/%s/%s" % ( path, dest)) \ 1441 for tb in tbparams.keys()]) 1442 1443 self.append_experiment_authorization(expid, auth_attrs) 1401 1444 1402 1445 # Convert the software locations in the segments into the local … … 1467 1510 eid = self.create_experiment_state(fid, req, expid, expcert, 1468 1511 state='empty') 1469 1470 # Let users touch the state1471 self.auth.set_attribute(fid, expid)1472 self.auth.set_attribute(expid, expid)1473 # Override fedids can manipulate state as well1474 for o in self.overrides:1475 self.auth.set_attribute(o, expid)1476 self.auth.save()1477 1512 1478 1513 rv = { … … 1700 1735 "Cannot copy keyfiles: %s" % e) 1701 1736 1702 # Allow the individual testbeds to access the configuration files .1703 for tb in tbparams.keys():1704 asignee = tbparams[tb]['allocID']['fedid']1705 for f in ("hosts", gw_secretkey_base, gw_pubkey_base):1706 self.auth.set_attribute(asignee, "%s/%s" %\1707 (configpath, f))1708 self.auth.save()1737 # Allow the individual testbeds to access the configuration files, 1738 # again by setting an attribute for the relevant pathnames on each 1739 # allocation principal. Yeah, that's a long list comprehension. 1740 self.append_experiment_authorization(expid, set([ 1741 (tbparams[tb]['allocID']['fedid'], "%s/%s" % (configpath, f)) \ 1742 for tb in tbparams.keys() \ 1743 for f in ("hosts", gw_secretkey_base, gw_pubkey_base)])) 1709 1744 1710 1745 attrs = [ … … 1940 1975 part.add_portals(top, topo, eid, pmasters, tbparams, ip_allocator, 1941 1976 connInfo, expid) 1977 1978 auth_attrs = set() 1942 1979 # Now get access to the dynamic testbeds (those added above) 1943 1980 for tb in [ t for t in topo if t not in allocated]: … … 1948 1985 # Give the testbed access to keys it exports or imports 1949 1986 if store_keys: 1950 for sk in store_keys.split(" "): 1951 self.auth.set_attribute(\ 1952 tbparams[tb]['allocID']['fedid'], sk) 1953 self.auth.save() 1987 auth_keys.update(set([ 1988 (tbparams[tb]['allocID']['fedid'], sk) \ 1989 for sk in store_keys.split(" ")])) 1990 1991 if auth_attrs: 1992 self.append_experiment_authorization(expid, auth_attrs) 1954 1993 1955 1994 # transit and disconnected testbeds may not have a connInfo entry. … … 1976 2015 # here on out, the state will stick around a while. 1977 2016 2017 # XXX: I think this is redundant 1978 2018 # Let users touch the state 1979 self.auth.set_attribute(fid, expid)1980 self.auth.set_attribute(expid, expid)2019 # self.auth.set_attribute(fid, expid) 2020 # self.auth.set_attribute(expid, expid) 1981 2021 # Override fedids can manipulate state as well 1982 for o in self.overrides:1983 self.auth.set_attribute(o, expid)1984 self.auth.save()2022 # for o in self.overrides: 2023 # self.auth.set_attribute(o, expid) 2024 # self.auth.save() 1985 2025 1986 2026 # Create a logger that logs to the experiment's state object as well as … … 2077 2117 # Remove the owner info (should always be there, but...) 2078 2118 if rv.has_key('owner'): del rv['owner'] 2119 if 'auth' in rv: del rv['auth'] 2079 2120 2080 2121 # Convert the log into the allocationLog parameter and remove the -
fedd/federation/server.py
r913dc7a r66bb590 13 13 14 14 from fedid import fedid 15 16 # ZSI uses a deprecated multifile interface. This shuts the warning system up. 17 from warnings import filterwarnings 18 filterwarnings("ignore", ".*multifile.*", DeprecationWarning, "ZSI") 19 15 20 try: 16 21 from fedd_services import ns0 -
fedd/federation/util.py
r8d5394e r66bb590 8 8 9 9 import httplib 10 11 from optparse import OptionParser 10 12 11 13 from socket import sslerror … … 95 97 self.set_allow_unknown_ca(True) 96 98 self.set_verify(SSL.verify_peer, 10, callback=callb) 99 100 class file_expanding_opts(OptionParser): 101 def expand_file(self, option, opt_str, v, p): 102 """ 103 Store the given value to the given destination after expanding home 104 directories. 105 """ 106 setattr(p.values, option.dest, os.path.expanduser(v)) 107 108 def __init__(self, usage=None, version=None): 109 OptionParser.__init__(self) 110 97 111 98 112 def read_simple_accessdb(fn, auth, mask=[]): -
fedd/init_abac_authorizer.py
r8d5394e r66bb590 5 5 6 6 from optparse import OptionParser 7 from federation.authorizer import abac_authorizer 7 from federation.authorizer import abac_authorizer, file_expanding_opts 8 8 9 9 class Parser(OptionParser): 10 10 def __init__(self): 11 11 OptionParser.__init__(self, usage='%prog [options]') 12 self.add_option('--cert', dest='cert', help='Identity certificate') 13 self.add_option('--key', dest='key', help='Identity key') 12 self.add_option('--cert', dest='cert', 13 action='callback', callback=self.expand_file, type='str', 14 help='Identity certificate') 15 self.add_option('--key', dest='key', 16 action='callback', callback=self.expand_file, type='str', 17 help='Identity key') 14 18 self.add_option('--policy', dest='policy', 19 action='callback', callback=self.expand_file, type='str', 15 20 help='ABAC policy certificates') 16 self.add_option('--dir', dest='out_dir', help='directory to save into') 21 self.add_option('--dir', dest='out_dir', 22 action='callback', callback=self.expand_file, type='str', 23 help='directory to save into') 17 24 18 25 parser = Parser()
Note: See TracChangeset
for help on using the changeset viewer.