Changeset dee164e for fedd/federation/deter_internal_access.py
- Timestamp:
- Nov 30, 2010 7:20:16 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- c324ad3
- Parents:
- 4692a16
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/deter_internal_access.py
r4692a16 rdee164e 15 15 from allocate_project import allocate_project_local, allocate_project_remote 16 16 from fedid import fedid, generate_fedid 17 from authorizer import authorizer 17 from authorizer import authorizer, abac_authorizer 18 18 from service_error import service_error 19 19 from remote_service import xmlrpc_handler, soap_handler, service_caller … … 29 29 30 30 from access import access_base 31 from legacy_access import legacy_access 31 32 32 33 # Make log messages disappear if noone configures a fedd logger … … 37 38 fl.addHandler(nullHandler()) 38 39 39 class access(access_base ):40 class access(access_base, legacy_access): 40 41 @staticmethod 41 42 def parse_vlans(v, log=None): … … 81 82 set_log_level(config, "access", self.log) 82 83 83 if config.has_option("access", "accessdb"): 84 self.read_access(config.get("access", "accessdb")) 85 86 # Add the ownership attributes to the authorizer. Note that the 87 # indices of the allocation dict are strings, but the attributes are 88 # fedids, so there is a conversion. 89 self.state_lock.acquire() 90 for k in self.state.keys(): 91 for o in self.state[k].get('owners', []): 92 self.auth.set_attribute(o, fedid(hexstr=k)) 93 self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k)) 94 # If the allocation has a vlan assigned, remove it from the 95 # available vlans 96 v = self.state[k].get('vlan', None) 97 if v: 98 self.vlans.discard(v) 99 self.state_lock.release() 100 101 self.lookup_access = self.lookup_access_base 84 85 # authorization information 86 self.auth_type = config.get('access', 'auth_type') \ 87 or 'legacy' 88 self.auth_dir = config.get('access', 'auth_dir') 89 accessdb = config.get("access", "accessdb") 90 # initialize the authorization system 91 if self.auth_type == 'legacy': 92 self.access = { } 93 if accessdb: 94 self.legacy_read_access(accessdb) 95 elif self.auth_type == 'abac': 96 self.auth = abac_authorizer(load=self.auth_dir) 97 self.access = [ ] 98 if accessdb: 99 self.read_access(accessdb, default=[('access', None)]) 100 else: 101 raise service_error(service_error.internal, 102 "Unknown auth_type: %s" % self.auth_type) 103 104 if self.auth_type == 'legacy': 105 # Add the ownership attributes to the authorizer. Note that the 106 # indices of the allocation dict are strings, but the attributes are 107 # fedids, so there is a conversion. 108 self.state_lock.acquire() 109 for k in self.state.keys(): 110 for o in self.state[k].get('owners', []): 111 self.auth.set_attribute(o, fedid(hexstr=k)) 112 self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k)) 113 # If the allocation has a vlan assigned, remove it from the 114 # available vlans 115 v = self.state[k].get('vlan', None) 116 if v: 117 self.vlans.discard(v) 118 self.state_lock.release() 119 120 self.lookup_access = self.legacy_lookup_access_base 121 # under ABAC we use access.lookup_access 122 102 123 103 124 self.call_GetValue= service_caller('GetValue') … … 135 156 raise service_error(service_error.req, "No request!?") 136 157 137 found, match = self.lookup_access(req, fid)158 found, match, owners = self.lookup_access(req, fid) 138 159 # keep track of what's been added 139 160 allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log) … … 143 164 self.state[aid] = { } 144 165 self.state[aid]['user'] = found 145 self.state[aid]['owners'] = [ fid ]166 self.state[aid]['owners'] = owners 146 167 self.state[aid]['vlan'] = None 147 168 self.write_state() … … 149 170 self.auth.set_attribute(fid, allocID) 150 171 self.auth.set_attribute(allocID, allocID) 172 self.auth.save() 151 173 152 174 try:
Note: See TracChangeset
for help on using the changeset viewer.