Changeset 6e63513 for fedd/federation/experiment_control.py

Timestamp:

Nov 23, 2010 6:42:19 PM (13 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

25f66c3

Parents:

353db8c

Message:

Checkpoint

File:

• fedd/federation/experiment_control.py (modified) (3 diffs)

fedd/federation/experiment_control.py

@@ -1431 +1431 @@
             allocated[tb] = 1
 
+    def get_abac_access_to_testbeds(self, testbeds, fid, allocated, 
+            tbparams, masters, tbmap):
+        for tb in testbeds:
+            self.get_abac_access(tb, tbparams, fid, masters, tbmap)
+            allocated[tb] = 1
+
+    def get_abac_access(self, tb, tbparams,fid, masters, tbmap):
+        """
+        Get access to testbed through fedd and set the parameters for that tb
+        """
+        def get_export_project(svcs):
+            """
+            Look through for the list of federated_service for this testbed
+            objects for a project_export service, and extract the project
+            parameter.
+            """
+
+            pe = [s for s in svcs if s.name=='project_export']
+            if len(pe) == 1:
+                return pe[0].params.get('project', None)
+            elif len(pe) == 0:
+                return None
+            else:
+                raise service_error(service_error.req,
+                        "More than one project export is not supported")
+
+        uri = tbmap.get(testbed_base(tb), None)
+        if not uri:
+            raise service_error(service_error.server_config, 
+                    "Unknown testbed: %s" % tb)
+
+        export_svcs = masters.get(tb,[])
+        import_svcs = [ s for m in masters.values() \
+                for s in m \
+                    if tb in s.importers ]
+
+        export_project = get_export_project(export_svcs)
+        # Compose the credential list so that IDs come before attributes
+        creds = set()
+        keys = set()
+        for c in self.auth.get_creds_for_principal(fid):
+            keys.add(c.issuer_cert())
+            creds.add(c.attribute_cert())
+        creds = list(keys) + list(creds)
+
+        # Request credentials
+        req = {
+                'abac_credential': creds,
+            }
+        # Make the service request from the services we're importing and
+        # exporting.  Keep track of the export request ids so we can
+        # collect the resulting info from the access response.
+        e_keys = { }
+        if import_svcs or export_svcs:
+            req['service'] = [ ]
+
+            for i, s in enumerate(import_svcs):
+                idx = 'import%d' % i
+                sr = {'id': idx, 'name': s.name, 'visibility': 'import' }
+                if s.params:
+                    sr['fedAttr'] = [ { 'attribute': k, 'value': v } \
+                            for k, v in s.params.items()]
+                req['service'].append(sr)
+
+            for i, s in enumerate(export_svcs):
+                idx = 'export%d' % i
+                e_keys[idx] = s
+                sr = {'id': idx, 'name': s.name, 'visibility': 'export' }
+                if s.params:
+                    sr['fedAttr'] = [ { 'attribute': k, 'value': v } 
+                            for k, v in s.params.items()]
+                req['service'].append(sr)
+
+
+        if self.local_access.has_key(uri):
+            # Local access call
+            req = { 'RequestAccessRequestBody' : req }
+            r = self.local_access[uri].RequestAccess(req, 
+                    fedid(file=self.cert_file))
+            r = { 'RequestAccessResponseBody' : r }
+        else:
+            r = self.call_RequestAccess(uri, req, 
+                    self.cert_file, self.cert_pwd, self.trusted_certs)
+
+        tbparam[tb] = { 
+                "allocID" : r['allocID'],
+                "uri": uri,
+                }
+
+        # Collect the responses corresponding to the services this testbed
+        # exports.  These will be the service requests that we will include in
+        # the start segment requests (with appropriate visibility values) to
+        # import and export the segments.
+        for s in r.get('service', []):
+            id = s.get('id', None)
+            if id and id in e_keys:
+                e_keys[id].reqs.append(s)
+
+        # Add attributes to parameter space.  We don't allow attributes to
+        # overlay any parameters already installed.
+        for a in r.get('fedAttr', []):
+            try:
+                if a['attribute'] and \
+                        isinstance(a['attribute'], basestring)\
+                        and not tbparam[tb].has_key(a['attribute'].lower()):
+                    tbparam[tb][a['attribute'].lower()] = a['value']
+            except KeyError:
+                self.log.error("Bad attribute in response: %s" % a)
+
+
     def split_topology(self, top, topo, testbeds):
         """
@@ -1637 +1747 @@
             raise service_error(service_error.req, "No request?")
 
+        # Import information from the requester
+        if self.auth.import_credentials(data_list=req.get('credential', [])):
+            self.auth.save()
+
         self.check_experiment_access(fid, key)
 
@@ -1790 +1904 @@
             connInfo = { }          # Connection information
 
-            self.get_access_to_testbeds(testbeds, access_user, allocated, 
-                    tbparams, masters, tbmap)
+            if self.auth_type == 'legacy':
+                self.get_access_to_testbeds(testbeds, access_user, allocated, 
+                        tbparams, masters, tbmap)
+            elif self.auth_type == 'abac':
+                self.get_abac_access_to_testbeds(testbeds, fid, allocated, 
+                        tbparams, masters, tbmap)
+            else:
+                raise service_error(service_error.internal, 
+                        "Unknown auth_type %s" % self.auth_type)
 
             self.split_topology(top, topo, testbeds)