Changeset c573278 for fedd/federation/experiment_control.py
- Timestamp:
- Nov 24, 2010 3:45:50 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 725c55d
- Parents:
- de7cb08
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/experiment_control.py
rde7cb08 rc573278 20 20 from threading import Lock, Thread, Condition 21 21 from subprocess import call, Popen, PIPE 22 from string import join 22 23 23 24 from urlparse import urlparse … … 1127 1128 def allocate_resources(self, allocated, masters, eid, expid, 1128 1129 tbparams, top, topo, tmpdir, alloc_log=None, log_collector=None, 1129 attrs=None, connInfo={}, tbmap=None ):1130 attrs=None, connInfo={}, tbmap=None, expcert=None): 1130 1131 1131 1132 started = { } # Testbeds where a sub-experiment started … … 1142 1143 threads = [ ] 1143 1144 starters = [ ] 1145 1146 if expcert: 1147 cert = expcert 1148 pw = None 1149 else: 1150 cert = self.cert_file 1151 pw = self.cert_pw 1144 1152 1145 1153 for tb in allocated.keys(): … … 1167 1175 1168 1176 s = self.start_segment(log=log, debug=self.debug, 1169 testbed=tb, cert_file= self.cert_file,1170 cert_pwd= self.cert_pwd, trusted_certs=self.trusted_certs,1177 testbed=tb, cert_file=cert, 1178 cert_pwd=pw, trusted_certs=self.trusted_certs, 1171 1179 caller=self.call_StartSegment, 1172 1180 log_collector=log_collector) … … 1432 1440 1433 1441 def get_abac_access_to_testbeds(self, testbeds, fid, allocated, 1434 tbparams, masters, tbmap ):1442 tbparams, masters, tbmap, expid=None, expcert=None): 1435 1443 for tb in testbeds: 1436 self.get_abac_access(tb, tbparams, fid, masters, tbmap) 1444 self.get_abac_access(tb, tbparams, fid, masters, tbmap, expid, 1445 expcert) 1437 1446 allocated[tb] = 1 1438 1447 1439 def get_abac_access(self, tb, tbparams,fid, masters, tbmap ):1448 def get_abac_access(self, tb, tbparams,fid, masters, tbmap, expid=None, expcert=None): 1440 1449 """ 1441 1450 Get access to testbed through fedd and set the parameters for that tb … … 1471 1480 creds = set() 1472 1481 keys = set() 1473 for c in self.auth.get_creds_for_principal(fid): 1482 certs = self.auth.get_creds_for_principal(fid) 1483 if expid: 1484 print join([ "%s <- %s" % ( c.head().string(), c.tail().string()) \ 1485 for c in self.auth.get_creds_for_principal(expid)]) 1486 certs.update(self.auth.get_creds_for_principal(expid)) 1487 for c in certs: 1474 1488 keys.add(c.issuer_cert()) 1475 1489 creds.add(c.attribute_cert()) 1476 1490 creds = list(keys) + list(creds) 1491 1492 if expcert: cert, pw = expcert, None 1493 else: cert, pw = self.cert_file, self.cert_pw 1477 1494 1478 1495 # Request credentials … … 1512 1529 r = { 'RequestAccessResponseBody' : r } 1513 1530 else: 1514 r = self.call_RequestAccess(uri, req, 1515 self.cert_file, self.cert_pwd, self.trusted_certs) 1531 r = self.call_RequestAccess(uri, req, cert, pw, self.trusted_certs) 1516 1532 1517 1533 tbparam[tb] = { … … 1653 1669 if self.auth.import_credentials(data_list=req.get('credential', [])): 1654 1670 self.auth.save() 1655 1671 1656 1672 if not self.auth.check_attribute(fid, 'new'): 1657 1673 raise service_error(service_error.access, "New access denied") … … 1747 1763 raise service_error(service_error.req, "No request?") 1748 1764 1765 print "%s" % expid 1766 print 'creds ', 1767 print join([ "%s <- %s" % ( c.head().string(), c.tail().string()) \ 1768 for c in self.auth.get_creds_for_principal(expid)]) 1749 1769 # Import information from the requester 1750 1770 if self.auth.import_credentials(data_list=req.get('credential', [])): 1751 1771 self.auth.save() 1752 1772 1773 print 'creds ', 1774 print join([ "%s <- %s" % ( c.head().string(), c.tail().string()) \ 1775 for c in self.auth.get_creds_for_principal(expid)]) 1753 1776 self.check_experiment_access(fid, key) 1754 1777 … … 1808 1831 elif not eid and e.has_key('localname'): 1809 1832 eid = e['localname'] 1833 if 'experimentAccess' in self.state[key] and \ 1834 'X509' in self.state[key]['experimentAccess']: 1835 expcert = self.state[key]['experimentAccess']['X509'] 1836 else: 1837 expcert = None 1810 1838 self.state_lock.release() 1811 1839 … … 1813 1841 raise service_error(service_error.internal, 1814 1842 "Cannot find local experiment info!?") 1843 1844 # make a protected copy of the access certificate so the experiment 1845 # controller can act as the experiment principal. mkstemp is the most 1846 # secure way to do that and the file is in a directory created by 1847 # mkdtemp. expcert enters the if as the contents of the file and 1848 # leaves is as the filename in which the cert is stored. All this goes 1849 # away when the tempfiles are cleared. 1850 if expcert: 1851 try: 1852 certf, certfn = tempfile.mkstemp(suffix=".pem", dir=tmpdir) 1853 f = os.fdopen(certf, 'w') 1854 print >> f, expcert 1855 f.close() 1856 expcert = certfn 1857 except EnvironmentError, e: 1858 raise service_error(service_error.internal, 1859 "Cannot create temp cert file?") 1815 1860 1816 1861 try: … … 1909 1954 elif self.auth_type == 'abac': 1910 1955 self.get_abac_access_to_testbeds(testbeds, fid, allocated, 1911 tbparams, masters, tbmap )1956 tbparams, masters, tbmap, expid, expcert) 1912 1957 else: 1913 1958 raise service_error(service_error.internal, … … 1955 2000 # Now get access to the dynamic testbeds (those added above) 1956 2001 for tb in [ t for t in topo if t not in allocated]: 2002 #XXX: ABAC 1957 2003 self.get_access(tb, None, tbparams, access_user, masters, tbmap) 1958 2004 allocated[tb] = 1 … … 2053 2099 args=(allocated, masters, eid, expid, tbparams, 2054 2100 top, topo, tmpdir, alloc_log, alloc_collector, attrs, 2055 connInfo, tbmap ),2101 connInfo, tbmap, expcert), 2056 2102 name=eid) 2057 2103 t.start()
Note: See TracChangeset
for help on using the changeset viewer.