Changeset e83f2f2 for fedd/federation/protogeni_access.py

Timestamp:

Dec 14, 2010 6:58:28 PM (13 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

c092b7f

Parents:

2627eb3

Message:

Move proofs around. Lots of changes, including fault handling.

File:

• fedd/federation/protogeni_access.py (modified) (12 diffs)

fedd/federation/protogeni_access.py

@@ -215 +215 @@
             return (None, None)
 
-    def build_access_response(self, alloc_id, services):
+    def build_access_response(self, alloc_id, services, proof):
         """
         Create the SOAP response.
@@ -230 +230 @@
                 'fedAttr': [
                     { 'attribute': 'domain', 'value': self.domain } , 
-                ]
+                ],
+                'proof': proof.to_dict()
             }
         if self.dragon_endpoint:
@@ -262 +263 @@
 
         # Request for this fedd
-        found, match, owners = self.lookup_access(req, fid)
+        found, match, owners, proof = self.lookup_access(req, fid)
         services, svc_state = self.export_services(req.get('service',[]),
                 None, None)
@@ -288 +289 @@
             raise service_error(service_error.internal, 
                     "Can't open %s/%s : %s" % (self.certdir, aid, e))
-        return self.build_access_response({ 'fedid': allocID }, None)
+        return self.build_access_response({ 'fedid': allocID }, None, proof)
 
 
@@ -312 +313 @@
 
         self.log.debug("[access] deallocation requested for %s", aid)
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok , proof = self.auth.check_attribute(fid, auth_attr,
+                with_proof=True)
+        if not access_ok:
             self.log.debug("[access] deallocation denied for %s", aid)
             raise service_error(service_error.access, "Access Denied")
@@ -327 +330 @@
             self.log.debug("Removing %s" % cf)
             os.remove(cf)
-            return { 'allocID': req['allocID'] } 
+            return { 'allocID': req['allocID'], 'proof': proof.to_dict() } 
         else:
             self.state_lock.release()
@@ -1251 +1254 @@
                 cpw, alloc_log)
 
-    def finalize_experiment(self, topo, nodes, aid, alloc_id):
+    def finalize_experiment(self, topo, nodes, aid, alloc_id, proof):
         # Copy the assigned names into the return topology
         rvtopo = topo.clone()
@@ -1273 +1276 @@
                     'topdldescription': rvtopo.to_dict() },
                 'embedding': embedding,
+                'proof': proof.to_dict(),
                 }
         retval = copy.deepcopy(self.allocation[aid]['started'])
@@ -1295 +1299 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
         else:
@@ -1356 +1362 @@
 
         if rv:
-            return self.finalize_experiment(topo, nodes, aid, req['allocID'])
+            return self.finalize_experiment(topo, nodes, aid, req['allocID'],
+                    proof)
         elif err:
             raise service_error(service_error.federant,
@@ -1392 +1399 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
 
@@ -1419 +1428 @@
         self.stop_segment(segment_commands, user, staging, slice_cred,
                 slice_urn, cf, cpw)
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }
 
     def renew_segment(self, segment_commands, name, scred, slice_urn, interval,