Changeset 7583a62

Timestamp:

Nov 17, 2008 6:49:56 PM (16 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02

Children:

159a447

Parents:

d81971a

Message:

another checkpoint

Location:

fedd

Files:

• fedd_access.py (modified) (1 diff)
• fedd_allocate_project.py (modified) (7 diffs)

fedd/fedd_access.py

@@ -857 +857 @@
                 if users: 
                     msg['project']['user'] = users
-                print msg
+                if self.allocate_project.release_project:
+                    msg = { 'ReleaseProjectRequestBody' : msg}
+                    self.allocate_project.release_project(msg)
             self.write_state()
             return { 'allocID': req['allocID'] } 

fedd/fedd_allocate_project.py

@@ -20 +20 @@
 from fedd_internal_services import *
 from fedd_util import *
+import fixed_key
 import parse_detail
 from service_error import *
@@ -50 +51 @@
                 '/usr/testbed/sbin/newproj')
         self.mkproj = config.get('access', 'mkproj', '/usr/testbed/sbin/mkproj')
+        self.rmproj = config.get('access', 'rmproj', '/usr/testbed/sbin/rmproj')
         self.addpubkey = config.get('access', 'addpubkey', 
                 '/usr/testbed/sbin/taddpubkey')
@@ -56 +58 @@
         self.log = logging.getLogger("fedd.allocate.local")
         set_log_level(config, "access", self.log)
+        fixed_key_db = config.get("access", "fixed_keys", None)
+        fixed_project_db = config.get("access", "fixed_projects", None)
+        if fixed_key_db:
+            try:
+                self.fixed_keys = fixed_key.read_db(fixed_key_db)
+            except:
+                log.debug("Can't read fixed_key_db from %s" % fixed_key_db)
+        else:
+            self.fixed_keys = set()
+
+        if fixed_project_db:
+            try:
+                f = open(fixed_project_db, "r")
+                for line in f:
+                    self.fixed_projects.add(line.rstrip())
+                f.close()
+            except:
+                log.debug("Can't read fixed_project_db from %s" % \
+                        fixed_project_db)
+        else:
+            self.fixed_projects = set()
+
 
         # Internal services are SOAP only
@@ -66 +90 @@
                 StaticProjectRequestMessage.typecode,\
                 self.static_project, StaticProjectResponseMessage,\
-                "StaticProjectResponseBody")\
+                "StaticProjectResponseBody"),\
+                #"ReleaseProject": make_soap_handler(\
+                #ReleaseProjectRequestMessage.typecode,\
+                #self.release_project, ReleaseProjectResponseMessage,\
+                #"ReleaseProjectResponseBody")\
                 }
         self.xmlrpc_services = { }
@@ -242 +270 @@
             for sk in [ k['sshPubkey'] for k in u.get('access', []) \
                     if k.has_key('sshPubkey')]:
-                cmds.append((self.addpubkey, '-w', '-u', name, '-k', sk))
+                cmds.append((self.wap, self.addpubkey, '-w', \
+                        '-u', name, '-k', sk))
         
 
@@ -274 +303 @@
         return { 'project': req['StaticProjectRequestBody']['project']}
 
+    def release_project(self, req, fedid=None):
+        """
+        Remove user keys from users and delete dynamic projects.
+
+        Only keys not in the set of fixed keys are deleted. and there are
+        similar protections for projects.
+        """
+
+        cmds = []
+        pname = None
+        users = []
+
+        print "release %s" % req
+        try:
+            if req['ReleaseProjectRequestBody']['project'].has_key('name'):
+                pname = req['ReleaseProjectRequestBody']['project']\
+                        ['name']['localname']
+            if req['ReleaseProjectRequestBody']['project'].has_key('user'):
+                users = req['ReleaseProjectRequestBody']['project']['user']
+        except KeyError:
+            raise service_error(service_error.req, "Badly formed request")
+
+        for u in users:
+            try:
+                name = u['userID']['localname']
+            except KeyError:
+                raise service_error(service_error.req, "Badly formed user")
+            for sk in [ k['sshPubkey'] for k in u.get('access', []) \
+                    if k.has_key('sshPubkey')]:
+                if (name, sk) not in self.fixed_keys:
+                    cmds.append((self.wap, self.addpubkey, '-R', '-w', \
+                            '-u', name, '-k', sk))
+        if pname and pname not in fixed_projects:
+            cmds.append((self.wap, self.rmproj, pname))
+
+        # Run the commands 
+        rc = 0
+        for cmd in cmds:
+            self.log.debug("[release_project]: %s" % ' '.join(cmd))
+            if not self.debug:
+                try:
+                    rc = subprocess.call(cmd)
+                except OSError, e:
+                    print "Release project subprocess creation error "+ \
+                                    "[%s] (%s)" %  (cmd[0], e.strerror)
+                    raise service_error(service_error.internal,
+                            "Release project subprocess creation error "+ \
+                                    "[%s] (%s)" %  (cmd[0], e.strerror))
+
+            if rc != 0: 
+                raise service_error(service_error.internal,
+                        "Release project subprocess error " +\
+                                "[%s] (%d)" % (cmd[0], rc))
+
+        return { 'project': req['ReleaseProjectRequestBody']['project']}
+
 def make_proxy(method, req_name, req_alloc, resp_name):
     """
@@ -383 +468 @@
         self.log = logging.getLogger("fedd.allocate.remote")
         set_log_level(config, "access", self.log)
-        #self.dynamic_project = fedd_allocate_project_remote.dynamic_project
-        #self.static_project = fedd_allocate_project_remote.static_project
+        self.release_project = None