Changeset e83f2f2 for fedd/federation/emulab_access.py

Timestamp:

Dec 14, 2010 6:58:28 PM (13 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

c092b7f

Parents:

2627eb3

Message:

Move proofs around. Lots of changes, including fault handling.

File:

• fedd/federation/emulab_access.py (modified) (11 diffs)

fedd/federation/emulab_access.py

@@ -24 +24 @@
 from service_error import service_error
 from remote_service import xmlrpc_handler, soap_handler, service_caller
+from proof import proof as access_proof
 
 import httplib
@@ -480 +481 @@
 
         if self.auth_type == "legacy":
-            found, dyn, owners = self.legacy_lookup_access(req, fid)
+            found, dyn, owners= self.legacy_lookup_access(req, fid)
+            proof = access_proof("me", fid, "create")
         elif self.auth_type == 'abac':
-            found, dyn, owners = self.lookup_access(req, fid, filter=pf)
+            found, dyn, owners, proof = self.lookup_access(req, fid, filter=pf)
         else:
             raise service_error(service_error.internal, 
@@ -523 +525 @@
                     "Can't open %s/%s : %s" % (self.certdir, aid, e))
         resp = self.build_access_response({ 'fedid': allocID } ,
-                ap, services)
+                ap, services, proof)
         return resp
 
@@ -570 +572 @@
         self.log.debug("[access] deallocation requested for %s by %s" % \
                 (aid, fid))
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             self.log.debug("[access] deallocation denied for %s", aid)
             raise service_error(service_error.access, "Access Denied")
@@ -624 +628 @@
             self.log.debug("Removing %s" % cf)
             os.remove(cf)
-            return { 'allocID': req['allocID'] } 
+            return { 'allocID': req['allocID'], 'proof': proof.to_dict() } 
         else:
             self.state_lock.release()
@@ -997 +1001 @@
         return (ename, proj, user, pubkey_base, secretkey_base, alloc_log)
 
-    def finalize_experiment(self, starter, topo, aid, alloc_id):
+    def finalize_experiment(self, starter, topo, aid, alloc_id, proof):
         """
         Store key bits of experiment state in the global repository, including
@@ -1022 +1026 @@
                     'topdldescription': topo.clone().to_dict()
                     },
-                'embedding': embedding
+                'embedding': embedding,
+                'proof': proof.to_dict(),
                 }
         retval = copy.copy(self.allocation[aid]['started'])
@@ -1046 +1051 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
         else:
@@ -1112 +1120 @@
 
         if rv:
-            return self.finalize_experiment(starter, topo, aid, req['allocID'])
+            return self.finalize_experiment(starter, topo, aid, req['allocID'],
+                    proof)
         elif err:
             raise service_error(service_error.federant,
@@ -1128 +1137 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
 
@@ -1157 +1169 @@
                 debug=self.create_debug, boss=self.boss, cert=self.xmlrpc_cert)
         stopper(self, user, proj, ename)
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }