Changeset c35207d
- Timestamp:
- Nov 23, 2008 5:23:15 PM (16 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
- Children:
- 69c015e
- Parents:
- a398ec9
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/fedd_access.py
ra398ec9 rc35207d 50 50 feddServiceLocator, RequestAccessRequestMessage, 51 51 'RequestAccessRequestBody') 52 53 proxy_ReleaseAccess= \ 54 service_caller('ReleaseAccess', 'getfeddPortType', 55 feddServiceLocator, ReleaseAccessRequestMessage, 56 'ReleaseAccessRequestBody') 52 57 53 58 def __init__(self, config=None, auth=None): … … 705 710 raise service_error(service_error.req, "No request!?") 706 711 707 try: 708 if req['allocID'].has_key('localname'): 709 auth_attr = aid = req['allocID']['localname'] 710 elif req['allocID'].has_key('fedid'): 711 aid = unicode(req['allocID']['fedid']) 712 auth_attr = req['allocID']['fedid'] 713 else: 714 raise service_error(service_error.req, 715 "Only localnames and fedids are understood") 716 except KeyError: 717 raise service_error(service_error.req, "Badly formed request") 718 719 print "Checking for %s %s" % (fid, auth_attr) 720 if not self.auth.check_attribute(fid, auth_attr): 721 raise service_error(service_error.access, "Access Denied") 722 723 # If we know this allocation, reduce the reference counts and remove 724 # the local allocations. Otherwise report an error. If there is an 725 # allocation to delete, del_users will be a dictonary of sets where the 726 # key is the user that owns the keys in the set. We use a set to avoid 727 # duplicates. del_project is just the name of any dynamic project to 728 # delete. 729 # We're somewhat lazy about deleting authorization attributes. Having 730 # access to something that doesn't exist isn't harmful. 731 del_users = { } 732 del_project = None 733 if self.allocation.has_key(aid): 734 self.state_lock.acquire() 735 for k in self.allocation[aid]['keys']: 736 kk = "%s:%s" % k 737 self.keys[kk] -= 1 738 if self.keys[kk] == 0: 739 if not del_users.has_key(k[0]): 740 del_users[k[0]] = set() 741 del_users[k[0]].add(k[1]) 742 del self.keys[kk] 743 744 if self.allocation[aid].has_key('project'): 745 pname = self.allocation[aid]['project'] 746 self.projects[pname] -= 1 747 if self.projects[pname] == 0: 748 del_project = pname 749 del self.projects[pname] 750 751 del self.allocation[aid] 752 self.write_state() 753 self.state_lock.release() 754 # If we actually have resources to deallocate, prepare the call. 755 if del_project or del_users: 756 msg = { 'project': { }} 757 if del_project: 758 msg['project']['name']= {'localname': del_project} 759 users = [ ] 760 for u in del_users.keys(): 761 users.append({ 'userID': { 'localname': u },\ 762 'access' : \ 763 [ {'sshPubkey' : s } for s in del_users[u]]\ 764 }) 765 if users: 766 msg['project']['user'] = users 767 if self.allocate_project.release_project: 768 msg = { 'ReleaseProjectRequestBody' : msg} 769 self.allocate_project.release_project(msg) 770 return { 'allocID': req['allocID'] } 771 else: 772 raise service_error(service_error.req, "No such allocation") 773 774 775 712 if req.has_key('destinationTestbed'): 713 dt = unpack_id(req['destinationTestbed']) 714 715 if dt == None or dt == self.testbed: 716 # Local request 717 try: 718 if req['allocID'].has_key('localname'): 719 auth_attr = aid = req['allocID']['localname'] 720 elif req['allocID'].has_key('fedid'): 721 aid = unicode(req['allocID']['fedid']) 722 auth_attr = req['allocID']['fedid'] 723 else: 724 raise service_error(service_error.req, 725 "Only localnames and fedids are understood") 726 except KeyError: 727 raise service_error(service_error.req, "Badly formed request") 728 729 print "Checking for %s %s" % (fid, auth_attr) 730 if not self.auth.check_attribute(fid, auth_attr): 731 raise service_error(service_error.access, "Access Denied") 732 733 # If we know this allocation, reduce the reference counts and 734 # remove the local allocations. Otherwise report an error. If 735 # there is an allocation to delete, del_users will be a dictonary 736 # of sets where the key is the user that owns the keys in the set. 737 # We use a set to avoid duplicates. del_project is just the name 738 # of any dynamic project to delete. We're somewhat lazy about 739 # deleting authorization attributes. Having access to something 740 # that doesn't exist isn't harmful. 741 del_users = { } 742 del_project = None 743 if self.allocation.has_key(aid): 744 self.state_lock.acquire() 745 for k in self.allocation[aid]['keys']: 746 kk = "%s:%s" % k 747 self.keys[kk] -= 1 748 if self.keys[kk] == 0: 749 if not del_users.has_key(k[0]): 750 del_users[k[0]] = set() 751 del_users[k[0]].add(k[1]) 752 del self.keys[kk] 753 754 if self.allocation[aid].has_key('project'): 755 pname = self.allocation[aid]['project'] 756 self.projects[pname] -= 1 757 if self.projects[pname] == 0: 758 del_project = pname 759 del self.projects[pname] 760 761 del self.allocation[aid] 762 self.write_state() 763 self.state_lock.release() 764 # If we actually have resources to deallocate, prepare the call. 765 if del_project or del_users: 766 msg = { 'project': { }} 767 if del_project: 768 msg['project']['name']= {'localname': del_project} 769 users = [ ] 770 for u in del_users.keys(): 771 users.append({ 'userID': { 'localname': u },\ 772 'access' : \ 773 [ {'sshPubkey' : s } for s in del_users[u]]\ 774 }) 775 if users: 776 msg['project']['user'] = users 777 if self.allocate_project.release_project: 778 msg = { 'ReleaseProjectRequestBody' : msg} 779 self.allocate_project.release_project(msg) 780 return { 'allocID': req['allocID'] } 781 else: 782 raise service_error(service_error.req, "No such allocation") 783 784 else: 785 if self.allow_proxy: 786 resp = self.proxy_ReleaseAccess.call_service(dt, req, 787 self.proxy_cert_file, self.proxy_cert_pwd, 788 self.proxy_trusted_certs) 789 if resp.has_key('ReleaseAccessResponseBody'): 790 return resp['ReleaseAccessResponseBody'] 791 else: 792 return None 793 else: 794 raise service_error(service_error.access, 795 "Access proxying denied") 796 797
Note: See TracChangeset
for help on using the changeset viewer.