Ignore:
Timestamp:
Jan 10, 2012 5:28:15 PM (12 years ago)
Author:
Ted Faber <faber@…>
Branches:
compt_changes, info-ops, master
Children:
f77a256
Parents:
d2e86f6
Message:

Deactivate legacy authorization and dynamic projects

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fedd/federation/deter_internal_access.py

    rd2e86f6 ree950c2  
    1313
    1414from util import *
    15 from allocate_project import allocate_project_local, allocate_project_remote
    1615from fedid import fedid, generate_fedid
    1716from authorizer import authorizer, abac_authorizer
     
    2726
    2827from access import access_base
    29 from legacy_access import legacy_access
    3028
    3129# Make log messages disappear if noone configures a fedd logger
     
    3634fl.addHandler(nullHandler())
    3735
    38 class access(access_base, legacy_access):
     36class access(access_base):
    3937    @staticmethod
    4038    def parse_vlans(v, log=None):
     
    8381        # authorization information
    8482        self.auth_type = config.get('access', 'auth_type') \
    85                 or 'legacy'
     83                or 'abac'
    8684        self.auth_dir = config.get('access', 'auth_dir')
    8785        accessdb = config.get("access", "accessdb")
    8886        # initialize the authorization system
    89         if self.auth_type == 'legacy':
    90             self.access = { }
    91             if accessdb:
    92                 self.legacy_read_access(accessdb)
    93         elif self.auth_type == 'abac':
     87        if self.auth_type == 'abac':
    9488            self.auth = abac_authorizer(load=self.auth_dir)
    9589            self.access = [ ]
     
    9993            raise service_error(service_error.internal,
    10094                    "Unknown auth_type: %s" % self.auth_type)
    101 
    102         if self.auth_type == 'legacy':
    103             # Add the ownership attributes to the authorizer.  Note that the
    104             # indices of the allocation dict are strings, but the attributes are
    105             # fedids, so there is a conversion.
    106             self.state_lock.acquire()
    107             for k in self.state.keys():
    108                 for o in self.state[k].get('owners', []):
    109                     self.auth.set_attribute(o, fedid(hexstr=k))
    110                 self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k))
    111                 # If the allocation has a vlan assigned, remove it from the
    112                 # available vlans
    113                 v = self.state[k].get('vlan', None)
    114                 if v:
    115                     self.vlans.discard(v)
    116             self.state_lock.release()
    117 
    118             self.lookup_access = self.legacy_lookup_access_base
    119         # under ABAC we use access.lookup_access
    120 
    12195
    12296        self.call_GetValue= service_caller('GetValue')
Note: See TracChangeset for help on using the changeset viewer.