Changeset 8cf2b90e for fedd/federation
- Timestamp:
- May 27, 2010 2:53:10 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master, version-3.01, version-3.02
- Children:
- d6990a4
- Parents:
- f771e2f
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/emulab_access.py
rf771e2f r8cf2b90e 463 463 return resp 464 464 465 def do_release_project(self, del_project, del_users, del_types): 466 """ 467 If a project and users has to be deleted, make the call. 468 """ 469 msg = { 'project': { }} 470 if del_project: 471 msg['project']['name']= {'localname': del_project} 472 users = [ ] 473 for u in del_users.keys(): 474 users.append({ 'userID': { 'localname': u },\ 475 'access' : \ 476 [ {'sshPubkey' : s } for s in del_users[u]]\ 477 }) 478 if users: 479 msg['project']['user'] = users 480 if len(del_types) > 0: 481 msg['resources'] = { 'node': \ 482 [ {'hardware': [ h ] } for h in del_types ]\ 483 } 484 if self.allocate_project.release_project: 485 msg = { 'ReleaseProjectRequestBody' : msg} 486 self.allocate_project.release_project(msg) 487 465 488 def ReleaseAccess(self, req, fid): 466 489 # The dance to get into the request body … … 470 493 raise service_error(service_error.req, "No request!?") 471 494 472 if req.has_key('destinationTestbed'): 473 dt = unpack_id(req['destinationTestbed']) 474 else: 475 dt = None 476 477 if dt == None or dt in self.testbed: 478 # Local request 479 try: 480 if req['allocID'].has_key('localname'): 481 auth_attr = aid = req['allocID']['localname'] 482 elif req['allocID'].has_key('fedid'): 483 aid = unicode(req['allocID']['fedid']) 484 auth_attr = req['allocID']['fedid'] 485 else: 486 raise service_error(service_error.req, 487 "Only localnames and fedids are understood") 488 except KeyError: 489 raise service_error(service_error.req, "Badly formed request") 490 491 self.log.debug("[access] deallocation requested for %s", aid) 492 if not self.auth.check_attribute(fid, auth_attr): 493 self.log.debug("[access] deallocation denied for %s", aid) 494 raise service_error(service_error.access, "Access Denied") 495 496 # If we know this allocation, reduce the reference counts and 497 # remove the local allocations. Otherwise report an error. If 498 # there is an allocation to delete, del_users will be a dictonary 499 # of sets where the key is the user that owns the keys in the set. 500 # We use a set to avoid duplicates. del_project is just the name 501 # of any dynamic project to delete. We're somewhat lazy about 502 # deleting authorization attributes. Having access to something 503 # that doesn't exist isn't harmful. 504 del_users = { } 505 del_project = None 506 del_types = set() 507 508 if self.allocation.has_key(aid): 509 self.log.debug("Found allocation for %s" %aid) 510 self.state_lock.acquire() 511 for k in self.allocation[aid]['keys']: 512 kk = "%s:%s" % k 513 self.keys[kk] -= 1 514 if self.keys[kk] == 0: 515 if not del_users.has_key(k[0]): 516 del_users[k[0]] = set() 517 del_users[k[0]].add(k[1]) 518 del self.keys[kk] 519 520 if self.allocation[aid].has_key('project'): 521 pname = self.allocation[aid]['project'] 522 self.projects[pname] -= 1 523 if self.projects[pname] == 0: 524 del_project = pname 525 del self.projects[pname] 526 527 if self.allocation[aid].has_key('types'): 528 for t in self.allocation[aid]['types']: 529 self.types[t] -= 1 530 if self.types[t] == 0: 531 if not del_project: del_project = t[0] 532 del_types.add(t[1]) 533 del self.types[t] 534 535 del self.allocation[aid] 536 self.write_state() 537 self.state_lock.release() 538 # If we actually have resources to deallocate, prepare the call. 539 if del_project or del_users: 540 msg = { 'project': { }} 541 if del_project: 542 msg['project']['name']= {'localname': del_project} 543 users = [ ] 544 for u in del_users.keys(): 545 users.append({ 'userID': { 'localname': u },\ 546 'access' : \ 547 [ {'sshPubkey' : s } for s in del_users[u]]\ 548 }) 549 if users: 550 msg['project']['user'] = users 551 if len(del_types) > 0: 552 msg['resources'] = { 'node': \ 553 [ {'hardware': [ h ] } for h in del_types ]\ 554 } 555 if self.allocate_project.release_project: 556 msg = { 'ReleaseProjectRequestBody' : msg} 557 self.allocate_project.release_project(msg) 558 # And remove the access cert 559 cf = "%s/%s.pem" % (self.certdir, aid) 560 self.log.debug("Removing %s" % cf) 561 os.remove(cf) 562 return { 'allocID': req['allocID'] } 563 else: 564 raise service_error(service_error.req, "No such allocation") 565 566 else: 567 if self.allow_proxy: 568 resp = self.proxy_ReleaseAccess.call_service(dt, req, 569 self.cert_file, self.cert_pwd, 570 self.trusted_certs) 571 if resp.has_key('ReleaseAccessResponseBody'): 572 return resp['ReleaseAccessResponseBody'] 573 else: 574 return None 575 else: 576 raise service_error(service_error.access, 577 "Access proxying denied") 578 579 def generate_ns2(self, topo, expfn, softdir, master, connInfo): 495 try: 496 if req['allocID'].has_key('localname'): 497 auth_attr = aid = req['allocID']['localname'] 498 elif req['allocID'].has_key('fedid'): 499 aid = unicode(req['allocID']['fedid']) 500 auth_attr = req['allocID']['fedid'] 501 else: 502 raise service_error(service_error.req, 503 "Only localnames and fedids are understood") 504 except KeyError: 505 raise service_error(service_error.req, "Badly formed request") 506 507 self.log.debug("[access] deallocation requested for %s", aid) 508 if not self.auth.check_attribute(fid, auth_attr): 509 self.log.debug("[access] deallocation denied for %s", aid) 510 raise service_error(service_error.access, "Access Denied") 511 512 # If we know this allocation, reduce the reference counts and 513 # remove the local allocations. Otherwise report an error. If 514 # there is an allocation to delete, del_users will be a dictonary 515 # of sets where the key is the user that owns the keys in the set. 516 # We use a set to avoid duplicates. del_project is just the name 517 # of any dynamic project to delete. We're somewhat lazy about 518 # deleting authorization attributes. Having access to something 519 # that doesn't exist isn't harmful. 520 del_users = { } 521 del_project = None 522 del_types = set() 523 524 self.state_lock.acquire() 525 if aid in self.allocation: 526 self.log.debug("Found allocation for %s" %aid) 527 for k in self.allocation[aid]['keys']: 528 kk = "%s:%s" % k 529 self.keys[kk] -= 1 530 if self.keys[kk] == 0: 531 if not del_users.has_key(k[0]): 532 del_users[k[0]] = set() 533 del_users[k[0]].add(k[1]) 534 del self.keys[kk] 535 536 if 'project' in self.allocation[aid]: 537 pname = self.allocation[aid]['project'] 538 self.projects[pname] -= 1 539 if self.projects[pname] == 0: 540 del_project = pname 541 del self.projects[pname] 542 543 if 'types' in self.allocation[aid]: 544 for t in self.allocation[aid]['types']: 545 self.types[t] -= 1 546 if self.types[t] == 0: 547 if not del_project: del_project = t[0] 548 del_types.add(t[1]) 549 del self.types[t] 550 551 del self.allocation[aid] 552 self.write_state() 553 self.state_lock.release() 554 # If we actually have resources to deallocate, prepare the call. 555 if del_project or del_users: 556 self.do_release_project(del_project, del_users, del_types) 557 # And remove the access cert 558 cf = "%s/%s.pem" % (self.certdir, aid) 559 self.log.debug("Removing %s" % cf) 560 os.remove(cf) 561 return { 'allocID': req['allocID'] } 562 else: 563 self.state_lock.release() 564 raise service_error(service_error.req, "No such allocation") 565 566 567 def generate_ns2(self, topo, expfn, softdir, connInfo): 580 568 class dragon_commands: 581 569 """ … … 634 622 break 635 623 else: 636 raise service_error(service_error.internal, 637 "No vlan tag") 624 raise service_error(service_error.internal, "No vlan tag") 638 625 members = i.get('member', []) 639 626 if len(members) > 1: type = 'lan' … … 642 629 try: 643 630 for m in members: 644 if dragon_map.has_key(m['element']):631 if m['element'] in dragon_map: 645 632 dragon_map[m['element']].append(( m['interface'], 646 633 vlan, type)) … … 782 769 783 770 def configure_seer_services(self, services, topo, softdir): 784 local_seer = False 785 collect_seer = False 786 seer_master= False 771 """ 772 Make changes to the topology required for the seer requests being made. 773 Specifically, add any control or master nodes required and set up the 774 start commands on the nodes to interconnect them. 775 """ 776 local_seer = False # True if we need to add a control node 777 collect_seer = False # True if there is a seer-master node 778 seer_master= False # True if we need to add the seer-master 787 779 for s in services: 788 780 s_name = s.get('name', '') 789 781 s_vis = s.get('visibility','') 790 782 791 if s_name == 'local_seer_control' 783 if s_name == 'local_seer_control' and s_vis == 'export': 792 784 local_seer = True 793 785 elif s_name == 'seer_master': … … 973 965 services) 974 966 self.generate_ns2(topo, expfile, 975 "/proj/%s/software/%s/" % (proj, ename), master,connInfo)967 "/proj/%s/software/%s/" % (proj, ename), connInfo) 976 968 977 969 starter = self.start_segment(keyfile=self.ssh_privkey_file,
Note: See TracChangeset
for help on using the changeset viewer.