Changeset 93a06fb for fedd


Ignore:
Timestamp:
Nov 26, 2008 3:11:26 PM (16 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
Children:
0ea5050
Parents:
40eab39
Message:

Explicit allocation levels for the different knods of allocations.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/fedd_allocate_project.py

    r40eab39 r93a06fb  
    3333    Allocate projects on this machine in response to an access request.
    3434    """
     35    dynamic_projects = 4
     36    dynamic_keys= 2
     37    confirm_keys = 1
     38    none = 0
     39
     40    levels = {
     41            'dynamic_projects': dynamic_projects,
     42            'dynamic_keys': dynamic_keys,
     43            'confirm_keys': confirm_keys,
     44            'none': none,
     45    }
     46
    3547    def __init__(self, config, auth=None):
    3648        """
     
    4860        self.grantnodetype = config.get('access', 'grantnodetype',
    4961                '/usr/testbed/sbin/grantnodetype')
     62        self.confirmkey = config.get('access', 'confirmkey',
     63                '/usr/testbed/sbin/taddpubkey')
     64        self.allocation_level = config.get("access", "allocation_level", "none")
    5065        self.log = logging.getLogger("fedd.allocate.local")
     66
     67        try:
     68            self.allocation_level = \
     69                    self.levels[self.allocation_level.strip().lower()]
     70        except KeyError:
     71            self.log.error("Bad allocation_level %s.  Defaulting to none" % \
     72                    self.allocation_error)
     73            self.allocation_level = self.none
     74
     75
    5176        set_log_level(config, "access", self.log)
    5277        fixed_key_db = config.get("access", "fixed_keys", None)
     
    112137        Req includes the project and resources as a dictionary
    113138        """
     139
     140        if self.allocation_level < self.dynamic_projects:
     141            raise service_error(service_error.access,
     142                    "[dynamic_project] dynamic project allocation not " + \
     143                            "permitted: check allocation level")
    114144        # tempfiles for the parameter files
    115145        uf, userfile = tempfile.mkstemp(prefix="usr", suffix=".xml",
     
    254284            for sk in [ k['sshPubkey'] for k in u.get('access', []) \
    255285                    if k.has_key('sshPubkey')]:
    256                 cmds.append((self.wap, self.addpubkey, '-w', \
    257                         '-u', name, '-k', sk))
     286                if self.allocation_level >= self.dynamic_keys:
     287                    cmds.append((self.wap, self.addpubkey, '-w', \
     288                            '-u', name, '-k', sk))
     289                elif self.allocation_level >= self.confirm_keys:
     290                    cmds.append((self.wap, self.confirmkey, '-C', \
     291                            '-u', name, '-k', sk))
     292                else:
     293                    self.log.warning("[static_project] no checking of " + \
     294                            "static keys")
    258295       
    259296
     
    264301                if r.has_key('node') and r['node'].has_key('hardware')\
    265302                    for h in r['node']['hardware'] ] :
    266             cmds.append((self.wap, self.grantnodetype, '-p', pname, nt))
     303            if self.allocation_level >= self.confirm_keys:
     304                cmds.append((self.wap, self.grantnodetype, '-p', pname, nt))
    267305
    268306        # Run the commands
     
    314352                    if k.has_key('sshPubkey')]:
    315353                if (name.rstrip(), sk.rstrip()) not in self.fixed_keys:
    316                     cmds.append((self.wap, self.addpubkey, '-R', '-w', \
    317                             '-u', name, '-k', sk))
    318         if pname and pname not in self.fixed_projects:
     354                    if self.allocation_level >= self.dynamic_keys:
     355                        cmds.append((self.wap, self.addpubkey, '-R', '-w', \
     356                                '-u', name, '-k', sk))
     357        if pname and pname not in self.fixed_projects and \
     358                self.allocation_level >= self.dynamic_projects:
    319359            cmds.append((self.wap, self.rmproj, pname))
    320360
     
    393433
    394434        self.debug = config.get("access", "debug_project", False)
    395         self.url = config.get("access", "dynamic_projects_url", "")
     435        self.url = config.get("access", "project_allocation_uri", "")
    396436
    397437        self.cert_file = config.get("access", "cert_file", None)
     
    429469        self.log = logging.getLogger("fedd.allocate.remote")
    430470        set_log_level(config, "access", self.log)
     471
    431472        # The specializations of the proxy functions
    432473        self.dynamic_project = self.proxy(self.url, self.cert_file,
Note: See TracChangeset for help on using the changeset viewer.