Changeset 6e63513 for fedd/federation/experiment_control.py
- Timestamp:
- Nov 23, 2010 6:42:19 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 25f66c3
- Parents:
- 353db8c
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/experiment_control.py
r353db8c r6e63513 1431 1431 allocated[tb] = 1 1432 1432 1433 def get_abac_access_to_testbeds(self, testbeds, fid, allocated, 1434 tbparams, masters, tbmap): 1435 for tb in testbeds: 1436 self.get_abac_access(tb, tbparams, fid, masters, tbmap) 1437 allocated[tb] = 1 1438 1439 def get_abac_access(self, tb, tbparams,fid, masters, tbmap): 1440 """ 1441 Get access to testbed through fedd and set the parameters for that tb 1442 """ 1443 def get_export_project(svcs): 1444 """ 1445 Look through for the list of federated_service for this testbed 1446 objects for a project_export service, and extract the project 1447 parameter. 1448 """ 1449 1450 pe = [s for s in svcs if s.name=='project_export'] 1451 if len(pe) == 1: 1452 return pe[0].params.get('project', None) 1453 elif len(pe) == 0: 1454 return None 1455 else: 1456 raise service_error(service_error.req, 1457 "More than one project export is not supported") 1458 1459 uri = tbmap.get(testbed_base(tb), None) 1460 if not uri: 1461 raise service_error(service_error.server_config, 1462 "Unknown testbed: %s" % tb) 1463 1464 export_svcs = masters.get(tb,[]) 1465 import_svcs = [ s for m in masters.values() \ 1466 for s in m \ 1467 if tb in s.importers ] 1468 1469 export_project = get_export_project(export_svcs) 1470 # Compose the credential list so that IDs come before attributes 1471 creds = set() 1472 keys = set() 1473 for c in self.auth.get_creds_for_principal(fid): 1474 keys.add(c.issuer_cert()) 1475 creds.add(c.attribute_cert()) 1476 creds = list(keys) + list(creds) 1477 1478 # Request credentials 1479 req = { 1480 'abac_credential': creds, 1481 } 1482 # Make the service request from the services we're importing and 1483 # exporting. Keep track of the export request ids so we can 1484 # collect the resulting info from the access response. 1485 e_keys = { } 1486 if import_svcs or export_svcs: 1487 req['service'] = [ ] 1488 1489 for i, s in enumerate(import_svcs): 1490 idx = 'import%d' % i 1491 sr = {'id': idx, 'name': s.name, 'visibility': 'import' } 1492 if s.params: 1493 sr['fedAttr'] = [ { 'attribute': k, 'value': v } \ 1494 for k, v in s.params.items()] 1495 req['service'].append(sr) 1496 1497 for i, s in enumerate(export_svcs): 1498 idx = 'export%d' % i 1499 e_keys[idx] = s 1500 sr = {'id': idx, 'name': s.name, 'visibility': 'export' } 1501 if s.params: 1502 sr['fedAttr'] = [ { 'attribute': k, 'value': v } 1503 for k, v in s.params.items()] 1504 req['service'].append(sr) 1505 1506 1507 if self.local_access.has_key(uri): 1508 # Local access call 1509 req = { 'RequestAccessRequestBody' : req } 1510 r = self.local_access[uri].RequestAccess(req, 1511 fedid(file=self.cert_file)) 1512 r = { 'RequestAccessResponseBody' : r } 1513 else: 1514 r = self.call_RequestAccess(uri, req, 1515 self.cert_file, self.cert_pwd, self.trusted_certs) 1516 1517 tbparam[tb] = { 1518 "allocID" : r['allocID'], 1519 "uri": uri, 1520 } 1521 1522 # Collect the responses corresponding to the services this testbed 1523 # exports. These will be the service requests that we will include in 1524 # the start segment requests (with appropriate visibility values) to 1525 # import and export the segments. 1526 for s in r.get('service', []): 1527 id = s.get('id', None) 1528 if id and id in e_keys: 1529 e_keys[id].reqs.append(s) 1530 1531 # Add attributes to parameter space. We don't allow attributes to 1532 # overlay any parameters already installed. 1533 for a in r.get('fedAttr', []): 1534 try: 1535 if a['attribute'] and \ 1536 isinstance(a['attribute'], basestring)\ 1537 and not tbparam[tb].has_key(a['attribute'].lower()): 1538 tbparam[tb][a['attribute'].lower()] = a['value'] 1539 except KeyError: 1540 self.log.error("Bad attribute in response: %s" % a) 1541 1542 1433 1543 def split_topology(self, top, topo, testbeds): 1434 1544 """ … … 1637 1747 raise service_error(service_error.req, "No request?") 1638 1748 1749 # Import information from the requester 1750 if self.auth.import_credentials(data_list=req.get('credential', [])): 1751 self.auth.save() 1752 1639 1753 self.check_experiment_access(fid, key) 1640 1754 … … 1790 1904 connInfo = { } # Connection information 1791 1905 1792 self.get_access_to_testbeds(testbeds, access_user, allocated, 1793 tbparams, masters, tbmap) 1906 if self.auth_type == 'legacy': 1907 self.get_access_to_testbeds(testbeds, access_user, allocated, 1908 tbparams, masters, tbmap) 1909 elif self.auth_type == 'abac': 1910 self.get_abac_access_to_testbeds(testbeds, fid, allocated, 1911 tbparams, masters, tbmap) 1912 else: 1913 raise service_error(service_error.internal, 1914 "Unknown auth_type %s" % self.auth_type) 1794 1915 1795 1916 self.split_topology(top, topo, testbeds)
Note: See TracChangeset
for help on using the changeset viewer.