Changeset 9973d57 for fedd/federation/deter_internal_access.py
- Timestamp:
- Dec 12, 2010 9:33:44 AM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 2627eb3
- Parents:
- c65b7e4
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/deter_internal_access.py
rc65b7e4 r9973d57 142 142 } 143 143 144 def RequestAccess(self, req, fid): 145 """ 146 Handle the access request. Proxy if not for us. 147 148 Parse out the fields and make the allocations or rejections if for us, 149 otherwise, assuming we're willing to proxy, proxy the request out. 150 """ 151 152 # The dance to get into the request body 153 if req.has_key('RequestAccessRequestBody'): 154 req = req['RequestAccessRequestBody'] 155 else: 156 raise service_error(service_error.req, "No request!?") 157 158 found, match, owners = self.lookup_access(req, fid) 159 # keep track of what's been added 160 allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log) 161 aid = unicode(allocID) 162 163 self.state_lock.acquire() 164 self.state[aid] = { } 165 self.state[aid]['user'] = found 166 self.state[aid]['owners'] = owners 167 self.state[aid]['vlan'] = None 168 self.state[aid]['auth'] = set() 169 self.append_allocation_authorization(aid, 170 ((fid, allocID),(allocID, allocID))) 171 self.write_state() 172 self.state_lock.release() 173 174 try: 175 f = open("%s/%s.pem" % (self.certdir, aid), "w") 176 print >>f, alloc_cert 177 f.close() 178 except EnvironmentError, e: 179 raise service_error(service_error.internal, 180 "Can't open %s/%s : %s" % (self.certdir, aid, e)) 181 return { 'allocID': { 'fedid': allocID } } 182 183 def ReleaseAccess(self, req, fid): 184 # The dance to get into the request body 185 if req.has_key('ReleaseAccessRequestBody'): 186 req = req['ReleaseAccessRequestBody'] 187 else: 188 raise service_error(service_error.req, "No request!?") 189 190 # Local request 191 try: 192 if req['allocID'].has_key('localname'): 193 auth_attr = aid = req['allocID']['localname'] 194 elif req['allocID'].has_key('fedid'): 195 aid = unicode(req['allocID']['fedid']) 196 auth_attr = req['allocID']['fedid'] 197 else: 198 raise service_error(service_error.req, 199 "Only localnames and fedids are understood") 200 except KeyError: 201 raise service_error(service_error.req, "Badly formed request") 202 203 self.log.debug("[access] deallocation requested for %s", aid) 204 if not self.auth.check_attribute(fid, auth_attr): 205 self.log.debug("[access] deallocation denied for %s", aid) 206 raise service_error(service_error.access, "Access Denied") 207 208 self.state_lock.acquire() 209 if self.state.has_key(aid): 210 self.log.debug("Found allocation for %s" %aid) 211 self.clear_allocation_authorization(aid) 212 del self.state[aid] 213 self.write_state() 214 self.state_lock.release() 215 # And remove the access cert 216 cf = "%s/%s.pem" % (self.certdir, aid) 217 self.log.debug("Removing %s" % cf) 218 os.remove(cf) 219 return { 'allocID': req['allocID'] } 220 else: 221 self.state_lock.release() 222 raise service_error(service_error.req, "No such allocation") 144 # RequestAccess and ReleaseAccess come from the base 223 145 224 146 def extract_parameters(self, top):
Note: See TracChangeset
for help on using the changeset viewer.