Ignore:
Timestamp:
Nov 24, 2010 3:45:50 PM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
725c55d
Parents:
de7cb08
Message:

Checkpoint. Still lots to do

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fedd/federation/experiment_control.py

    rde7cb08 rc573278  
    2020from threading import Lock, Thread, Condition
    2121from subprocess import call, Popen, PIPE
     22from string import join
    2223
    2324from urlparse import urlparse
     
    11271128    def allocate_resources(self, allocated, masters, eid, expid,
    11281129            tbparams, top, topo, tmpdir, alloc_log=None, log_collector=None,
    1129             attrs=None, connInfo={}, tbmap=None):
     1130            attrs=None, connInfo={}, tbmap=None, expcert=None):
    11301131
    11311132        started = { }           # Testbeds where a sub-experiment started
     
    11421143        threads = [ ]
    11431144        starters = [ ]
     1145
     1146        if expcert:
     1147            cert = expcert
     1148            pw = None
     1149        else:
     1150            cert = self.cert_file
     1151            pw = self.cert_pw
    11441152
    11451153        for tb in allocated.keys():
     
    11671175
    11681176            s = self.start_segment(log=log, debug=self.debug,
    1169                     testbed=tb, cert_file=self.cert_file,
    1170                     cert_pwd=self.cert_pwd, trusted_certs=self.trusted_certs,
     1177                    testbed=tb, cert_file=cert,
     1178                    cert_pwd=pw, trusted_certs=self.trusted_certs,
    11711179                    caller=self.call_StartSegment,
    11721180                    log_collector=log_collector)
     
    14321440
    14331441    def get_abac_access_to_testbeds(self, testbeds, fid, allocated,
    1434             tbparams, masters, tbmap):
     1442            tbparams, masters, tbmap, expid=None, expcert=None):
    14351443        for tb in testbeds:
    1436             self.get_abac_access(tb, tbparams, fid, masters, tbmap)
     1444            self.get_abac_access(tb, tbparams, fid, masters, tbmap, expid,
     1445                    expcert)
    14371446            allocated[tb] = 1
    14381447
    1439     def get_abac_access(self, tb, tbparams,fid, masters, tbmap):
     1448    def get_abac_access(self, tb, tbparams,fid, masters, tbmap, expid=None, expcert=None):
    14401449        """
    14411450        Get access to testbed through fedd and set the parameters for that tb
     
    14711480        creds = set()
    14721481        keys = set()
    1473         for c in self.auth.get_creds_for_principal(fid):
     1482        certs = self.auth.get_creds_for_principal(fid)
     1483        if expid:
     1484            print join([ "%s <- %s" % ( c.head().string(), c.tail().string()) \
     1485                    for c in self.auth.get_creds_for_principal(expid)])
     1486            certs.update(self.auth.get_creds_for_principal(expid))
     1487        for c in certs:
    14741488            keys.add(c.issuer_cert())
    14751489            creds.add(c.attribute_cert())
    14761490        creds = list(keys) + list(creds)
     1491
     1492        if expcert: cert, pw = expcert, None
     1493        else: cert, pw = self.cert_file, self.cert_pw
    14771494
    14781495        # Request credentials
     
    15121529            r = { 'RequestAccessResponseBody' : r }
    15131530        else:
    1514             r = self.call_RequestAccess(uri, req,
    1515                     self.cert_file, self.cert_pwd, self.trusted_certs)
     1531            r = self.call_RequestAccess(uri, req, cert, pw, self.trusted_certs)
    15161532
    15171533        tbparam[tb] = {
     
    16531669        if self.auth.import_credentials(data_list=req.get('credential', [])):
    16541670            self.auth.save()
    1655        
     1671
    16561672        if not self.auth.check_attribute(fid, 'new'):
    16571673            raise service_error(service_error.access, "New access denied")
     
    17471763            raise service_error(service_error.req, "No request?")
    17481764
     1765        print "%s" % expid
     1766        print 'creds ',
     1767        print join([ "%s <- %s" % ( c.head().string(), c.tail().string()) \
     1768                for c in self.auth.get_creds_for_principal(expid)])
    17491769        # Import information from the requester
    17501770        if self.auth.import_credentials(data_list=req.get('credential', [])):
    17511771            self.auth.save()
    17521772
     1773        print 'creds ',
     1774        print join([ "%s <- %s" % ( c.head().string(), c.tail().string()) \
     1775                for c in self.auth.get_creds_for_principal(expid)])
    17531776        self.check_experiment_access(fid, key)
    17541777
     
    18081831                elif not eid and e.has_key('localname'):
    18091832                    eid = e['localname']
     1833            if 'experimentAccess' in self.state[key] and \
     1834                    'X509' in self.state[key]['experimentAccess']:
     1835                expcert = self.state[key]['experimentAccess']['X509']
     1836            else:
     1837                expcert = None
    18101838        self.state_lock.release()
    18111839
     
    18131841            raise service_error(service_error.internal,
    18141842                    "Cannot find local experiment info!?")
     1843
     1844        # make a protected copy of the access certificate so the experiment
     1845        # controller can act as the experiment principal.  mkstemp is the most
     1846        # secure way to do that and the file is in a directory created by
     1847        # mkdtemp.  expcert enters the if as the contents of the file and
     1848        # leaves is as the filename in which the cert is stored.  All this goes
     1849        # away when the tempfiles are cleared.
     1850        if expcert:
     1851            try:
     1852                certf, certfn = tempfile.mkstemp(suffix=".pem", dir=tmpdir)
     1853                f = os.fdopen(certf, 'w')
     1854                print >> f, expcert
     1855                f.close()
     1856                expcert = certfn
     1857            except EnvironmentError, e:
     1858                raise service_error(service_error.internal,
     1859                        "Cannot create temp cert file?")
    18151860
    18161861        try:
     
    19091954            elif self.auth_type == 'abac':
    19101955                self.get_abac_access_to_testbeds(testbeds, fid, allocated,
    1911                         tbparams, masters, tbmap)
     1956                        tbparams, masters, tbmap, expid, expcert)
    19121957            else:
    19131958                raise service_error(service_error.internal,
     
    19552000            # Now get access to the dynamic testbeds (those added above)
    19562001            for tb in [ t for t in topo if t not in allocated]:
     2002                #XXX: ABAC
    19572003                self.get_access(tb, None, tbparams, access_user, masters, tbmap)
    19582004                allocated[tb] = 1
     
    20532099                args=(allocated, masters, eid, expid, tbparams,
    20542100                    top, topo, tmpdir, alloc_log, alloc_collector, attrs,
    2055                     connInfo, tbmap),
     2101                    connInfo, tbmap, expcert),
    20562102                name=eid)
    20572103        t.start()
Note: See TracChangeset for help on using the changeset viewer.