Changeset 9973d57 for fedd/federation/deter_internal_access.py

Timestamp:

Dec 12, 2010 9:33:44 AM (13 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

2627eb3

Parents:

c65b7e4

Message:

Move common GetRequest/ReleaseAccess? implementations to the base class

File:

• fedd/federation/deter_internal_access.py (modified) (1 diff)

fedd/federation/deter_internal_access.py

@@ -142 +142 @@
             }
 
-    def RequestAccess(self, req, fid):
-        """
-        Handle the access request.  Proxy if not for us.
-
-        Parse out the fields and make the allocations or rejections if for us,
-        otherwise, assuming we're willing to proxy, proxy the request out.
-        """
-
-        # The dance to get into the request body
-        if req.has_key('RequestAccessRequestBody'):
-            req = req['RequestAccessRequestBody']
-        else:
-            raise service_error(service_error.req, "No request!?")
-
-        found, match, owners = self.lookup_access(req, fid)
-        # keep track of what's been added
-        allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log)
-        aid = unicode(allocID)
-
-        self.state_lock.acquire()
-        self.state[aid] = { }
-        self.state[aid]['user'] = found
-        self.state[aid]['owners'] = owners
-        self.state[aid]['vlan'] = None
-        self.state[aid]['auth'] = set()
-        self.append_allocation_authorization(aid, 
-                ((fid, allocID),(allocID, allocID)))
-        self.write_state()
-        self.state_lock.release()
-
-        try:
-            f = open("%s/%s.pem" % (self.certdir, aid), "w")
-            print >>f, alloc_cert
-            f.close()
-        except EnvironmentError, e:
-            raise service_error(service_error.internal, 
-                    "Can't open %s/%s : %s" % (self.certdir, aid, e))
-        return { 'allocID': { 'fedid': allocID } }
-
-    def ReleaseAccess(self, req, fid):
-        # The dance to get into the request body
-        if req.has_key('ReleaseAccessRequestBody'):
-            req = req['ReleaseAccessRequestBody']
-        else:
-            raise service_error(service_error.req, "No request!?")
-
-        # Local request
-        try:
-            if req['allocID'].has_key('localname'):
-                auth_attr = aid = req['allocID']['localname']
-            elif req['allocID'].has_key('fedid'):
-                aid = unicode(req['allocID']['fedid'])
-                auth_attr = req['allocID']['fedid']
-            else:
-                raise service_error(service_error.req,
-                        "Only localnames and fedids are understood")
-        except KeyError:
-            raise service_error(service_error.req, "Badly formed request")
-
-        self.log.debug("[access] deallocation requested for %s", aid)
-        if not self.auth.check_attribute(fid, auth_attr):
-            self.log.debug("[access] deallocation denied for %s", aid)
-            raise service_error(service_error.access, "Access Denied")
-
-        self.state_lock.acquire()
-        if self.state.has_key(aid):
-            self.log.debug("Found allocation for %s" %aid)
-            self.clear_allocation_authorization(aid)
-            del self.state[aid]
-            self.write_state()
-            self.state_lock.release()
-            # And remove the access cert
-            cf = "%s/%s.pem" % (self.certdir, aid)
-            self.log.debug("Removing %s" % cf)
-            os.remove(cf)
-            return { 'allocID': req['allocID'] } 
-        else:
-            self.state_lock.release()
-            raise service_error(service_error.req, "No such allocation")
+    # RequestAccess and ReleaseAccess come from the base
 
     def extract_parameters(self, top):