Changeset 66bb590


Ignore:
Timestamp:
Dec 10, 2010 9:03:35 AM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
52b6ebc
Parents:
913dc7a (diff), 8d5394e (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'master' of tardis.deterlab.net:/var/local/git/fedd

Location:
fedd
Files:
19 edited

Legend:

Unmodified
Added
Removed
  • fedd/access_to_abac.py

    r8d5394e r66bb590  
    1212from federation.fedid import fedid
    1313from federation.authorizer import abac_authorizer
    14 from federation.util import abac_split_cert, abac_pem_type
     14from federation.util import abac_split_cert, abac_pem_type, file_expanding_opts
    1515
    1616
     
    224224
    225225
    226 class access_opts(OptionParser):
     226class access_opts(file_expanding_opts):
    227227    '''
    228228    Parse the options for this program.  Most are straightforward, but the
     
    247247
    248248    def __init__(self):
    249         OptionParser.__init__(self, usage='%prog [opts] file [...]')
     249        file_expanding_opts.__init__(self, usage='%prog [opts] file [...]')
    250250        self.add_option('--cert', dest='cert', default=None,
     251                type='str', action='callback', callback=self.expand_file,
    251252                help='my fedid as an X.509 certificate')
    252253        self.add_option('--key', dest='key', default=None,
     254                type='str', action='callback', callback=self.expand_file,
    253255                help='key for the certificate')
    254256        self.add_option('--dir', dest='dir', default=None,
     257                type='str', action='callback', callback=self.expand_file,
    255258                help='Output directory for credentials')
    256259        self.add_option('--type', action='callback', nargs=1, type='str',
     
    263266                default=False,
    264267                help='Do not print credential to local attribute map')
    265         self.add_option('--create-creds', action='store_true',
     268        self.add_option('--create_creds', action='store_true',
    266269                dest='create_creds', default=False,
    267270                help='create credentials for rules.  Requires ' + \
    268271                        '--cert, --key, and --dir to be given.')
    269272        self.add_option('--file', dest='file', default=None,
     273                type='str', action='callback', callback=self.expand_file,
    270274                help='Access DB to parse.  If this is present, ' + \
    271275                        'omit the positional filename')
    272276        self.add_option('--mapfile', dest='map', default=None,
     277                type='str', action='callback', callback=self.expand_file,
    273278                help='File for the attribute to local authorization data')
    274279        self.add_option('--no-delegate', action='store_false', dest='delegate',
  • fedd/cert_to_fedid.py

    r8d5394e r66bb590  
    33import sys, os
    44import subprocess, tempfile
     5import os.path
    56
    67from string import join
    7 from optparse import OptionParser
    8 from federation.util import abac_pem_type, abac_split_cert
     8from federation.util import abac_pem_type, abac_split_cert, file_expanding_opts
    99
    10 class Parser(OptionParser):
     10class Parser(file_expanding_opts):
    1111    def __init__(self):
    12         OptionParser.__init__(self, usage='%prog [options]')
     12        file_expanding_opts.__init__(self, usage='%prog [options]')
    1313        self.add_option('--out', dest='out', help='destination file',
     14                action='callback', callback=self.expand_file, type='str',
    1415                default='./cert.pem')
    1516        self.add_option('--debug', dest='debug', action='store_true',
  • fedd/confirm_sshkey.py

    r8d5394e r66bb590  
    33import os, sys
    44import MySQLdb
    5 from optparse import OptionParser
     5from federation.util import file_expanding_opts
    66
    77
    8 class opt_parser(OptionParser):
     8class opt_parser(file_expanding_opts):
    99    def __init__(self):
    1010        OptionParser.__init__(self, usage="%prog [opts] (--help for details)",
     
    1212        self.add_option('-u', '--user', dest='user', action='store',
    1313                default=None, help="User to confirm key of")
    14         self.add_option('-f', '--keyfile', dest='keyfile', action='store',
     14        self.add_option('-f', '--keyfile', dest='keyfile',
     15                action='callback', callback=self.expand_file, type='str',
    1516                default=None, help="file containing pubkey to confirm")
    16         self.add_option('-k', '--key', dest='key',
    17                 default=None, action='store',
     17        self.add_option('-k', '--key', dest='key', default=None,
     18                action='callback', callback=self.expand_file, type='str',
    1819                help='Key on the command line')
    1920        self.add_option('-q', '--quiet', dest='verbose', action='store_false',
  • fedd/creddy_split.py

    r8d5394e r66bb590  
    55import os
    66
    7 from optparse import OptionParser
    8 from federation.util import abac_split_cert, abac_pem_type
     7from federation.util import abac_split_cert, abac_pem_type, file_expanding_opts
    98
    109# Options
    11 class Parser(OptionParser):
     10class Parser(file_expanding_opts):
    1211    def __init__(self):
    13         OptionParser.__init__(self, usage="%prog [options] file.pem")
     12        file_expanding_opts.__init__(self, usage="%prog [options] file.pem")
    1413        self.add_option('--cert', dest='cert', default='./cert.pem',
     14                action='callback', callback=self.expand_file, type='str',
    1515                help='File to extract certificate into, default: [%default]')
    1616        self.add_option('--key', dest='key', default='./key.pem',
     17                action='callback', callback=self.expand_file, type='str',
    1718                help='File to extract key into, default: [%default]')
    1819        self.add_option('--force', action='store_true', dest='force',
  • fedd/fedd.py

    r8d5394e r66bb590  
    77from federation import config_parser
    88from federation.server import server, xmlrpc_handler, soap_handler
    9 from federation.util import fedd_ssl_context
     9from federation.util import fedd_ssl_context, file_expanding_opts
    1010from federation.deter_impl import new_feddservice
    1111
     
    1818import logging
    1919import M2Crypto
    20 
    21 class fedd_opts(OptionParser):
     20import os.path
     21
     22class fedd_opts(file_expanding_opts):
    2223    """Encapsulate option processing in this class, rather than in main"""
     24
    2325    def __init__(self):
    24         OptionParser.__init__(self, usage="%prog [opts] (--help for details)",
     26        file_expanding_opts.__init__(self,
     27                usage="%prog [opts] (--help for details)",
    2528                version="0.1")
    2629
     
    2932        self.add_option("-d", "--debug", action="count", dest="debug",
    3033                help="Set debug.  Repeat for more information")
    31         self.add_option("-f", "--configfile", action="store",
     34        self.add_option("-f", "--configfile", action="callback",
     35                callback=self.expand_file, type='str',
    3236                default="/usr/local/etc/fedd.conf",
    33                 dest="configfile", help="Configuration file (required)")
     37                dest="configfile", help="Configuration file")
    3438        self.add_option("-l", "--logfile", action="store", dest="logfile",
    3539                help="File to send log messages to")
  • fedd/fedd_create.py

    r8d5394e r66bb590  
    2626        client_opts.__init__(self)
    2727        self.add_option("--experiment_cert", dest="out_certfile",
     28                action="callback", callback=self.expand_file,
    2829                type="string", help="output certificate file")
    2930        self.add_option("--experiment_name", dest="exp_name",
    3031                type="string", help="Suggested experiment name")
    31         self.add_option("--file", dest="file",
     32        self.add_option("--file", dest="file", action="callback",
     33                callback=self.expand_file, type="str",
    3234                help="experiment description file")
    3335        self.add_option("--project", action="store", dest="project",
  • fedd/fedd_ftopo.py

    r8d5394e r66bb590  
    1212        client_opts.__init__(self)
    1313        self.add_option("--experiment_cert", dest="exp_certfile",
    14                 type="string", help="experiment certificate file")
     14                action='callback', callback=self.expand_file, type='str',
     15                help="experiment certificate file")
    1516        self.add_option("--experiment_name", dest="exp_name",
    1617                type="string", help="human readable experiment name")
  • fedd/fedd_image.py

    r8d5394e r66bb590  
    1717        client_opts.__init__(self)
    1818        self.add_option("--experiment_cert", dest="exp_certfile",
    19                 type="string", help="experiment certificate file")
     19                action='callback', callback=self.expand_file, type='str',
     20                help="experiment certificate file")
    2021        self.add_option("--experiment_name", dest="exp_name",
    2122                type="string", help="human readable experiment name")
    22         self.add_option("--output", dest="outfile", type="string",
     23        self.add_option("--output", dest="outfile",
     24                action='callback', callback=self.expand_file, type='str',
    2325                help="output image file")
    2426        self.add_option("--format", dest="format", type="choice",
     
    3840                help="Size of output in pixels (diagrams are square")
    3941        self.add_option("--file", dest="file",
     42                action='callback', callback=self.expand_file, type='str',
    4043                help="experiment description file")
    4144        self.add_option("--group", dest="group", action="append", default=[],
  • fedd/fedd_info.py

    r8d5394e r66bb590  
    1111        client_opts.__init__(self)
    1212        self.add_option("--experiment_cert", dest="exp_certfile",
    13                 type="string", help="experiment certificate file")
     13                action='callback', callback=self.expand_file, type='str',
     14                help="experiment certificate file")
    1415        self.add_option("--experiment_name", dest="exp_name",
    1516                type="string", help="human readable experiment name")
  • fedd/fedd_new.py

    r8d5394e r66bb590  
    1414        client_opts.__init__(self)
    1515        self.add_option("--experiment_cert", dest="out_certfile",
    16                 type="string", help="output certificate file")
     16                action='callback', callback=self.expand_file, type='str',
     17                help="output certificate file")
    1718        self.add_option("--experiment_name", dest="exp_name",
    1819                type="string", help="Suggested experiment name")
  • fedd/fedd_ns2topdl.py

    r8d5394e r66bb590  
    1212        client_opts.__init__(self)
    1313        self.add_option("--file", dest="file",
     14                action='callback', callback=self.expand_file, type='str',
    1415                help="experiment description file")
    1516        self.add_option("--output", dest="outfile", type="string",
  • fedd/fedd_spewlog.py

    r8d5394e r66bb590  
    1212        client_opts.__init__(self)
    1313        self.add_option("--experiment_cert", dest="exp_certfile",
    14                 type="string", help="experiment name certificate file")
     14                action='callback', callback=self.expand_file, type='str',
     15                help="experiment name certificate file")
    1516        self.add_option("--experiment_name", dest="exp_name",
    1617                type="string", help="human readable experiment name")
    1718        self.add_option("--logfile", dest="logfile", default=None,
     19                action='callback', callback=self.expand_file, type='str',
    1820                help="File to write log to")
    1921        self.add_option('--update_time', dest='update', type='int', default=10,
  • fedd/fedd_terminate.py

    r8d5394e r66bb590  
    1212        client_opts.__init__(self)
    1313        self.add_option("--experiment_cert", dest="exp_certfile",
    14                 type="string", help="experiment certificate file")
     14                action='callback', callback=self.expand_file, type='str',
     15                help="experiment certificate file")
    1516        self.add_option("--experiment_name", dest="exp_name",
    1617                type="string", help="human readable experiment name")
     
    1920                help="Force termination if experiment is in strange state")
    2021        self.add_option("--logfile", dest="logfile", default=None,
     22                action='callback', callback=self.expand_file, type='str',
    2123                help="File to write log to")
    2224        self.add_option("--print_log", dest="print_log", default=False,
  • fedd/fedd_to_abac.py

    r8d5394e r66bb590  
    99
    1010from string import join
    11 from optparse import OptionParser
    1211
    13 from federation.util import abac_pem_type, abac_split_cert
     12from federation.util import abac_pem_type, abac_split_cert, file_expanding_opts
    1413
    15 class Parser(OptionParser):
     14class Parser(file_expanding_opts):
    1615    def __init__(self):
    17         OptionParser.__init__(self)
     16        file_expanding_opts.__init__(self)
    1817        self.add_option('--cert', dest='cert', default=None,
     18                action='callback', callback=self.expand_file, type='str',
    1919                help='my fedid as an X.509 certificate')
    2020        self.add_option('--key', dest='key', default=None,
     21                action='callback', callback=self.expand_file, type='str',
    2122                help='key for the certificate')
    2223        self.add_option('--dir', dest='dir', default=None,
     24                action='callback', callback=self.expand_file, type='str',
    2325                help='Output directory for credentials')
    2426        self.add_option('--make-dir', action='store_true', dest='make_dir',
  • fedd/federation/client_lib.py

    r8d5394e r66bb590  
    1010
    1111from fedid import fedid
    12 from util import fedd_ssl_context
     12from util import fedd_ssl_context, file_expanding_opts
    1313from remote_service import service_caller
    1414from service_error import service_error
     
    1717
    1818
    19 class client_opts(OptionParser):
     19class client_opts(file_expanding_opts):
    2020    """
    2121    Standatd set of options that all clients talking to fedd can probably use.
    2222    Client code usually specializes this.
    2323    """
     24
    2425    def __init__(self):
    25         OptionParser.__init__(self, usage="%prog [opts] (--help for details)",
     26        file_expanding_opts.__init__(self,
     27                usage="%prog [opts] (--help for details)",
    2628                version="0.1")
    2729
    28         self.add_option("--cert", action="store", dest="cert",
     30        self.add_option("--cert", action="callback", dest="cert",
     31                callback=self.expand_file,
    2932                type="string", help="my certificate file")
    30         self.add_option("--abac", action="store", dest="abac_dir",
    31                 type="string", help="Directory with abac certs")
     33        self.add_option("--abac", action="callback", dest="abac_dir",
     34                callback=self.expand_file,
     35                type="string", default=os.path.expanduser('~/.abac'),
     36                help="Directory with abac certs")
     37        self.add_option('--no_abac', action='store_const', const=None,
     38                dest='abac_dir', help='Do not use abac authorization')
    3239        self.add_option( "--debug", action="count", dest="debug",
    3340                default=0, help="Set debug.  Repeat for more information")
     
    3542                dest="serialize_only", default=False,
    3643                help="Print the SOAP request that would be sent and exit")
    37         self.add_option("--trusted", action="store", dest="trusted",
     44        self.add_option("--trusted", action="callback", dest="trusted",
     45                callback=self.expand_file,
    3846                type="string", help="Trusted certificates (required)")
    3947        self.add_option("--url", action="store", dest="url",
     
    98106    '''
    99107    rv = [ ]
    100     if dir:
     108    if dir and os.path.isdir(dir):
    101109        for fn in ["%s/%s" % (dir, p) for p in os.listdir(dir) \
    102110                if os.path.isfile("%s/%s" % (dir,p))]:
  • fedd/federation/experiment_control.py

    r8d5394e r66bb590  
    10621062        else: e.software = s
    10631063
     1064    def append_experiment_authorization(self, expid, attrs,
     1065            need_state_lock=True):
     1066        """
     1067        Append the authorization information to system state
     1068        """
     1069
     1070        for p, a in attrs:
     1071            self.auth.set_attribute(p, a)
     1072        self.auth.save()
     1073
     1074        if need_state_lock: self.state_lock.acquire()
     1075        self.state[expid]['auth'].update(attrs)
     1076        if self.state_filename: self.write_state()
     1077        if need_state_lock: self.state_lock.release()
     1078
     1079    def clear_experiment_authorizaton(self, expid, need_state_lock=True):
     1080        """
     1081        Attrs is a set of attribute principal pairs that need to be removed
     1082        from the authenticator.  Remove them and save the authenticator.
     1083        """
     1084
     1085        for p, a in attrs:
     1086            self.auth.unset_attribute(p, a)
     1087        self.auth.save()
     1088
     1089        if need_state_lock: self.state_lock.acquire()
     1090        self.state[expid]['auth'] = set()
     1091        if self.state_filename: self.write_state()
     1092        if need_state_lock: self.state_lock.release()
     1093
    10641094
    10651095    def create_experiment_state(self, fid, req, expid, expcert,
     
    10871117                status = self.state[eid].get('experimentStatus', None)
    10881118                if status and status == 'failed':
    1089                     # remove the old access attribute
    1090                     self.auth.unset_attribute(fid, old_expid)
    1091                     self.auth.save()
     1119                    # remove the old access attributes
     1120                    self.clear_experiment_authorization(self.state[eid]['auth'],
     1121                            need_state_lock=False)
    10921122                    overwrite = True
    10931123                    del self.state[eid]
     
    11051135                    'owner': fid,
    11061136                    'log' : [],
     1137                    'auth': set(),
    11071138                }
    11081139            self.state[expid] = self.state[eid]
    1109             if self.state_filename: self.write_state()
    1110             self.state_lock.release()
     1140            if self.state_filename: self.write_state()
     1141            self.state_lock.release()
    11111142        else:
    11121143            eid = self.exp_stem
     
    11261157                    'owner': fid,
    11271158                    'log' : [],
     1159                    'auth': set(),
    11281160                }
    11291161            self.state[expid] = self.state[eid]
    1130             if self.state_filename: self.write_state()
    1131             self.state_lock.release()
     1162            if self.state_filename: self.write_state()
     1163            self.state_lock.release()
     1164
     1165        # Let users touch the state.  Authorize this fid and the expid itself
     1166        # to touch the experiment, as well as allowing th eoverrides.
     1167        self.append_experiment_authorization(eid,
     1168                set([(fid, expid), (expid,expid)] + \
     1169                        [ (o, expid) for o in self.overrides]))
    11321170
    11331171        return eid
     
    13621400                    "Cannot create software directory: %s" % e)
    13631401        # The actual copying.  Everything's converted into a url for copying.
     1402        auth_attrs = set()
    13641403        for pkg in pkgs:
    13651404            loc = pkg
     
    13941433                    ( self.repo_url, path, dest)
    13951434
    1396             # Allow the individual segments to access the software.
    1397             for tb in tbparams.keys():
    1398                 self.auth.set_attribute(tbparams[tb]['allocID']['fedid'],
    1399                         "/%s/%s" % ( path, dest))
    1400             self.auth.save()
     1435            # Allow the individual segments to access the software by assigning
     1436            # an attribute to each testbed allocation that encodes the data to
     1437            # be released.  This expression collects the data for each run of
     1438            # the loop.
     1439            auth_attrs.update([
     1440                (tbparams[tb]['allocID']['fedid'], "/%s/%s" % ( path, dest)) \
     1441                        for tb in tbparams.keys()])
     1442
     1443        self.append_experiment_authorization(expid, auth_attrs)
    14011444
    14021445        # Convert the software locations in the segments into the local
     
    14671510        eid = self.create_experiment_state(fid, req, expid, expcert,
    14681511                state='empty')
    1469 
    1470         # Let users touch the state
    1471         self.auth.set_attribute(fid, expid)
    1472         self.auth.set_attribute(expid, expid)
    1473         # Override fedids can manipulate state as well
    1474         for o in self.overrides:
    1475             self.auth.set_attribute(o, expid)
    1476         self.auth.save()
    14771512
    14781513        rv = {
     
    17001735                    "Cannot copy keyfiles: %s" % e)
    17011736
    1702         # Allow the individual testbeds to access the configuration files.
    1703         for tb in tbparams.keys():
    1704             asignee = tbparams[tb]['allocID']['fedid']
    1705             for f in ("hosts", gw_secretkey_base, gw_pubkey_base):
    1706                 self.auth.set_attribute(asignee, "%s/%s" % \
    1707                         (configpath, f))
    1708             self.auth.save()
     1737        # Allow the individual testbeds to access the configuration files,
     1738        # again by setting an attribute for the relevant pathnames on each
     1739        # allocation principal.  Yeah, that's a long list comprehension.
     1740        self.append_experiment_authorization(expid, set([
     1741            (tbparams[tb]['allocID']['fedid'], "%s/%s" % (configpath, f)) \
     1742                    for tb in tbparams.keys() \
     1743                        for f in ("hosts", gw_secretkey_base, gw_pubkey_base)]))
    17091744
    17101745        attrs = [
     
    19401975            part.add_portals(top, topo, eid, pmasters, tbparams, ip_allocator,
    19411976                    connInfo, expid)
     1977
     1978            auth_attrs = set()
    19421979            # Now get access to the dynamic testbeds (those added above)
    19431980            for tb in [ t for t in topo if t not in allocated]:
     
    19481985                # Give the testbed access to keys it exports or imports
    19491986                if store_keys:
    1950                     for sk in store_keys.split(" "):
    1951                         self.auth.set_attribute(\
    1952                                 tbparams[tb]['allocID']['fedid'], sk)
    1953             self.auth.save()
     1987                    auth_keys.update(set([
     1988                        (tbparams[tb]['allocID']['fedid'], sk) \
     1989                                for sk in store_keys.split(" ")]))
     1990
     1991            if auth_attrs:
     1992                self.append_experiment_authorization(expid, auth_attrs)
    19541993
    19551994            # transit and disconnected testbeds may not have a connInfo entry.
     
    19762015        # here on out, the state will stick around a while.
    19772016
     2017        # XXX: I think this is redundant
    19782018        # Let users touch the state
    1979         self.auth.set_attribute(fid, expid)
    1980         self.auth.set_attribute(expid, expid)
     2019        # self.auth.set_attribute(fid, expid)
     2020        # self.auth.set_attribute(expid, expid)
    19812021        # Override fedids can manipulate state as well
    1982         for o in self.overrides:
    1983             self.auth.set_attribute(o, expid)
    1984         self.auth.save()
     2022        # for o in self.overrides:
     2023            # self.auth.set_attribute(o, expid)
     2024        # self.auth.save()
    19852025
    19862026        # Create a logger that logs to the experiment's state object as well as
     
    20772117        # Remove the owner info (should always be there, but...)
    20782118        if rv.has_key('owner'): del rv['owner']
     2119        if 'auth' in rv: del rv['auth']
    20792120
    20802121        # Convert the log into the allocationLog parameter and remove the
  • fedd/federation/server.py

    r913dc7a r66bb590  
    1313
    1414from fedid import fedid
     15
     16# ZSI uses a deprecated multifile interface.  This shuts the warning system up.
     17from warnings import filterwarnings
     18filterwarnings("ignore", ".*multifile.*", DeprecationWarning, "ZSI")
     19
    1520try:
    1621    from fedd_services import ns0
  • fedd/federation/util.py

    r8d5394e r66bb590  
    88
    99import httplib
     10
     11from optparse import OptionParser
    1012
    1113from socket import sslerror
     
    9597            self.set_allow_unknown_ca(True)
    9698            self.set_verify(SSL.verify_peer, 10, callback=callb)
     99
     100class file_expanding_opts(OptionParser):
     101    def expand_file(self, option, opt_str, v, p):
     102        """
     103        Store the given value to the given destination after expanding home
     104        directories.
     105        """
     106        setattr(p.values, option.dest, os.path.expanduser(v))
     107
     108    def __init__(self, usage=None, version=None):
     109        OptionParser.__init__(self)
     110
    97111
    98112def read_simple_accessdb(fn, auth, mask=[]):
  • fedd/init_abac_authorizer.py

    r8d5394e r66bb590  
    55
    66from optparse import OptionParser
    7 from federation.authorizer import abac_authorizer
     7from federation.authorizer import abac_authorizer, file_expanding_opts
    88
    99class Parser(OptionParser):
    1010    def __init__(self):
    1111        OptionParser.__init__(self, usage='%prog [options]')
    12         self.add_option('--cert', dest='cert', help='Identity certificate')
    13         self.add_option('--key', dest='key', help='Identity key')
     12        self.add_option('--cert', dest='cert',
     13                action='callback', callback=self.expand_file, type='str',
     14                help='Identity certificate')
     15        self.add_option('--key', dest='key',
     16                action='callback', callback=self.expand_file, type='str',
     17                help='Identity key')
    1418        self.add_option('--policy', dest='policy',
     19                action='callback', callback=self.expand_file, type='str',
    1520                help='ABAC policy certificates')
    16         self.add_option('--dir', dest='out_dir', help='directory to save into')
     21        self.add_option('--dir', dest='out_dir',
     22                action='callback', callback=self.expand_file, type='str',
     23                help='directory to save into')
    1724
    1825parser = Parser()
Note: See TracChangeset for help on using the changeset viewer.