Changeset 73ded03

Timestamp:

Oct 28, 2009 6:38:39 PM (15 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master, version-2.00, version-3.01, version-3.02

Children:

a31b94d

Parents:

bda8351

Message:

global parameters to configure ABAC authorizer

File:

• fedd/federation/deter_impl.py (modified) (3 diffs)

fedd/federation/deter_impl.py

@@ -6 +6 @@
 from split import split_local
 from util import read_simple_accessdb
+from fedid import fedid
 
-from authorizer import authorizer
+from authorizer import authorizer, abac_authorizer
 
 class deter_impl:
@@ -27 +28 @@
         self.soap_services = { }
         self.xmlrpc_services = { }
-        self.auth = authorizer()
+        self.auth = None
 
         if config:
@@ -34 +35 @@
             self.trusted_certs = config.get("globals", "trusted_certs");
             self.access_type = config.get("globals", "access_type", "emulab")
+            self.auth_type = config.get("globals", "auth_type", "legacy")
+
+            if self.auth_type == 'legacy':
+                self.auth = authorizer()
+            elif self.auth_type == 'abac':
+                auth_url = config.get('globals', 'auth_url')
+                if not auth_url:
+                    raise RuntimeError("auth_url required for ABAC " + \
+                            "authorization")
+                if self.cert_file:
+                    me = fedid(file=self.cert_file)
+                else:
+                    raise RuntimeError("ABAC authorization needs a " +\
+                            "certificate file")
+                self.auth= abac_authorizer(url=auth_url, 
+                        cert_file=self.cert_file, cert_pwd=self.cert_pwd,
+                        trusted_certs=self.trusted_certs, me=me)
+            else:
+                raise RuntimeError("Unknown authorizer type %s" % \
+                        self.auth_type)
 
             access_db = config.get("globals", "accessdb")