Changeset e83f2f2 for fedd/federation/emulab_access.py
- Timestamp:
- Dec 14, 2010 6:58:28 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- c092b7f
- Parents:
- 2627eb3
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/emulab_access.py
r2627eb3 re83f2f2 24 24 from service_error import service_error 25 25 from remote_service import xmlrpc_handler, soap_handler, service_caller 26 from proof import proof as access_proof 26 27 27 28 import httplib … … 480 481 481 482 if self.auth_type == "legacy": 482 found, dyn, owners = self.legacy_lookup_access(req, fid) 483 found, dyn, owners= self.legacy_lookup_access(req, fid) 484 proof = access_proof("me", fid, "create") 483 485 elif self.auth_type == 'abac': 484 found, dyn, owners = self.lookup_access(req, fid, filter=pf)486 found, dyn, owners, proof = self.lookup_access(req, fid, filter=pf) 485 487 else: 486 488 raise service_error(service_error.internal, … … 523 525 "Can't open %s/%s : %s" % (self.certdir, aid, e)) 524 526 resp = self.build_access_response({ 'fedid': allocID } , 525 ap, services )527 ap, services, proof) 526 528 return resp 527 529 … … 570 572 self.log.debug("[access] deallocation requested for %s by %s" % \ 571 573 (aid, fid)) 572 if not self.auth.check_attribute(fid, auth_attr): 574 access_ok, proof = self.auth.check_attribute(fid, auth_attr, 575 with_proof=True) 576 if not access_ok: 573 577 self.log.debug("[access] deallocation denied for %s", aid) 574 578 raise service_error(service_error.access, "Access Denied") … … 624 628 self.log.debug("Removing %s" % cf) 625 629 os.remove(cf) 626 return { 'allocID': req['allocID'] }630 return { 'allocID': req['allocID'], 'proof': proof.to_dict() } 627 631 else: 628 632 self.state_lock.release() … … 997 1001 return (ename, proj, user, pubkey_base, secretkey_base, alloc_log) 998 1002 999 def finalize_experiment(self, starter, topo, aid, alloc_id ):1003 def finalize_experiment(self, starter, topo, aid, alloc_id, proof): 1000 1004 """ 1001 1005 Store key bits of experiment state in the global repository, including … … 1022 1026 'topdldescription': topo.clone().to_dict() 1023 1027 }, 1024 'embedding': embedding 1028 'embedding': embedding, 1029 'proof': proof.to_dict(), 1025 1030 } 1026 1031 retval = copy.copy(self.allocation[aid]['started']) … … 1046 1051 aid = "%s" % auth_attr 1047 1052 attrs = req.get('fedAttr', []) 1048 if not self.auth.check_attribute(fid, auth_attr): 1053 1054 access_ok, proof = self.auth.check_attribute(fid, auth_attr, 1055 with_proof=True) 1056 if not access_ok: 1049 1057 raise service_error(service_error.access, "Access denied") 1050 1058 else: … … 1112 1120 1113 1121 if rv: 1114 return self.finalize_experiment(starter, topo, aid, req['allocID']) 1122 return self.finalize_experiment(starter, topo, aid, req['allocID'], 1123 proof) 1115 1124 elif err: 1116 1125 raise service_error(service_error.federant, … … 1128 1137 aid = "%s" % auth_attr 1129 1138 attrs = req.get('fedAttr', []) 1130 if not self.auth.check_attribute(fid, auth_attr): 1139 1140 access_ok, proof = self.auth.check_attribute(fid, auth_attr, 1141 with_proof=True) 1142 if not access_ok: 1131 1143 raise service_error(service_error.access, "Access denied") 1132 1144 … … 1157 1169 debug=self.create_debug, boss=self.boss, cert=self.xmlrpc_cert) 1158 1170 stopper(self, user, proj, ename) 1159 return { 'allocID': req['allocID'] }1171 return { 'allocID': req['allocID'], 'proof': proof.to_dict() }
Note: See TracChangeset
for help on using the changeset viewer.