Changeset e1ede1ac for fedd/federation
- Timestamp:
- Mar 29, 2012 7:17:09 PM (13 years ago)
- Branches:
- compt_changes, master
- Children:
- bfbaa85
- Parents:
- dd73c6d
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/experiment_control.py
rdd73c6d re1ede1ac 129 129 self.gatewaykit = parse_tarfile_list(\ 130 130 config.get("experiment_control", "gatewaykit")) 131 accessdb_file = config.get("experiment_control", "accessdb")132 131 133 132 dt = config.get("experiment_control", "direct_transit") … … 198 197 'ucb':'https://users.isi.deterlab.net:23237', 199 198 } 200 201 if accessdb_file:202 self.read_accessdb(accessdb_file)203 else:204 raise service_error(service_error.internal,205 "No accessdb specified in config")206 199 207 200 # Grab saved state. OK to do this w/o locking because it's read only … … 320 313 self.log.warning("[read_state]: State ownership or identity " +\ 321 314 "misformatted in %s: %s" % (self.state_filename, e)) 322 323 324 def read_accessdb(self, accessdb_file):325 """326 Read the mapping from fedids that can create experiments to their name327 in the 3-level access namespace. All will be asserted from this328 testbed and can include the local username and porject that will be329 asserted on their behalf by this fedd. Each fedid is also added to the330 authorization system with the "create" attribute.331 """332 self.accessdb = {}333 # These are the regexps for parsing the db334 name_expr = "[" + string.ascii_letters + string.digits + "\.\-]+"335 project_line = re.compile("^\s*fedid:([" + string.hexdigits + "]+)"+ \336 "\s*->\(\s*("+name_expr+")\s*,\s*("+name_expr+")\s*\)\s*$")337 user_line = re.compile("^\s*fedid:([" + string.hexdigits + "]+)"+ \338 "\s*->\s*(" + name_expr + ")\s*$")339 lineno = 0340 341 # Parse the mappings and store in self.authdb, a dict of342 # fedid -> (proj, user)343 try:344 f = open(accessdb_file, "r")345 for line in f:346 lineno += 1347 line = line.strip()348 if len(line) == 0 or line.startswith('#'):349 continue350 m = project_line.match(line)351 if m:352 fid = fedid(hexstr=m.group(1))353 project, user = m.group(2,3)354 if not self.accessdb.has_key(fid):355 self.accessdb[fid] = []356 self.accessdb[fid].append((project, user))357 continue358 359 m = user_line.match(line)360 if m:361 fid = fedid(hexstr=m.group(1))362 project = None363 user = m.group(2)364 if not self.accessdb.has_key(fid):365 self.accessdb[fid] = []366 self.accessdb[fid].append((project, user))367 continue368 self.log.warn("[experiment_control] Error parsing access " +\369 "db %s at line %d" % (accessdb_file, lineno))370 except EnvironmentError:371 raise service_error(service_error.internal,372 ("Error opening/reading %s as experiment " +\373 "control accessdb") % accessdb_file)374 f.close()375 376 # Initialize the authorization attributes377 # XXX: legacy378 if self.auth_type == 'legacy':379 for fid in self.accessdb.keys():380 self.auth.set_attribute(fid, 'create')381 self.auth.set_attribute(fid, 'new')382 315 383 316 def read_mapdb(self, file): … … 1691 1624 raise service_error(service_error.internal, "Cannot create tmp dir") 1692 1625 1693 try:1694 access_user = self.accessdb[fid]1695 except KeyError:1696 raise service_error(service_error.internal,1697 "Access map and authorizer out of sync in " + \1698 "new_experiment for fedid %s" % fid)1699 1700 1626 # Generate an ID for the experiment (slice) and a certificate that the 1701 1627 # allocator can use to prove they own it. We'll ship it back through
Note: See TracChangeset
for help on using the changeset viewer.