- Timestamp:
- Apr 6, 2012 9:56:22 AM (13 years ago)
- Branches:
- compt_changes, master
- Children:
- effd4f6
- Parents:
- e1ede1ac
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/access_to_abac.py
re1ede1ac rbfbaa85 276 276 type='str', action='callback', callback=self.expand_file, 277 277 help='File for the attribute to local authorization data') 278 self.add_option('--update', action='store_const', const=True, 279 dest='update_authorizer', default=False, 280 help='Add the generated policy to an existing authorizer') 278 281 self.add_option('--no-delegate', action='store_false', dest='delegate', 279 282 default=True, … … 292 295 self.set_defaults(mapper=None) 293 296 294 def create_creds(creds, cert, key, dir, debug=False, 295 creddy='/usr/local/bin/creddy'): 297 def create_creds(creds, cert, key, dir, debug=False): 296 298 ''' 297 299 Make the the attributes from the list of credential 298 300 objects in the creds parameter. 299 301 ''' 302 cfiles = [] 300 303 for i, c in enumerate(creds): 301 304 cid = Creddy.ID(cert) … … 312 315 raise parse_error('Attribute without a principal?') 313 316 cattr.bake() 314 cattr.write_name('%s/cred%d_attr.der' % (dir, i)) 317 fn = '%s/cred%d_attr.der' % (dir, i) 318 cattr.write_name(fn) 319 cfiles.append(fn) 320 return cfiles 321 315 322 316 323 def clear_dir(dir): … … 428 435 fed_user_cred = None 429 436 fed_someuser_cred = None 437 438 credfiles = [] 430 439 431 440 # The try block makes sure that credentials split into tmp files are deleted … … 451 460 if all([cert, key, opts.dir]): 452 461 try: 453 create_creds([c for c in creds if c.principal == me], 462 credfiles = create_creds( 463 [c for c in creds if c.principal == me], 454 464 cert, key, creds_dir, opts.debug) 455 465 except credential_error, e: … … 480 490 # Create an authorizer if requested. 481 491 if opts.create_auth: 482 clear_dir(auth_dir)483 492 try: 484 493 # Pass in the options rather than the potentially split key … … 486 495 # internally. The opts.cert may get split twice, but we won't 487 496 # lose one. 488 a = abac_authorizer(key=opts.key, me=opts.cert, 489 certs=creds_dir, save=auth_dir) 490 a.save(auth_dir) 497 if opts.update_authorizer: 498 operation = 'updat' 499 a = abac_authorizer(load=auth_dir) 500 a.import_credentials(file_list=credfiles) 501 a.save() 502 else: 503 clear_dir(auth_dir) 504 operation = 'creat' 505 a = abac_authorizer(key=opts.key, me=opts.cert, 506 certs=creds_dir, save=auth_dir) 507 a.save(auth_dir) 491 508 except EnvironmentError, e: 492 509 sys.exit("Can't create or write %s: %s" % \ 493 510 (e.filename, e.strerror)) 494 511 except abac_authorizer.bad_cert_error, e: 495 sys.exit("Error creating authorizer: %s" % e)512 sys.exit("Error %sing authorizer: %s" % (operation, e)) 496 513 497 514 finally:
Note: See TracChangeset
for help on using the changeset viewer.