Changeset ee950c2 for fedd/federation/deter_internal_access.py
- Timestamp:
- Jan 10, 2012 5:28:15 PM (12 years ago)
- Branches:
- compt_changes, info-ops, master
- Children:
- f77a256
- Parents:
- d2e86f6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/deter_internal_access.py
rd2e86f6 ree950c2 13 13 14 14 from util import * 15 from allocate_project import allocate_project_local, allocate_project_remote16 15 from fedid import fedid, generate_fedid 17 16 from authorizer import authorizer, abac_authorizer … … 27 26 28 27 from access import access_base 29 from legacy_access import legacy_access30 28 31 29 # Make log messages disappear if noone configures a fedd logger … … 36 34 fl.addHandler(nullHandler()) 37 35 38 class access(access_base , legacy_access):36 class access(access_base): 39 37 @staticmethod 40 38 def parse_vlans(v, log=None): … … 83 81 # authorization information 84 82 self.auth_type = config.get('access', 'auth_type') \ 85 or ' legacy'83 or 'abac' 86 84 self.auth_dir = config.get('access', 'auth_dir') 87 85 accessdb = config.get("access", "accessdb") 88 86 # initialize the authorization system 89 if self.auth_type == 'legacy': 90 self.access = { } 91 if accessdb: 92 self.legacy_read_access(accessdb) 93 elif self.auth_type == 'abac': 87 if self.auth_type == 'abac': 94 88 self.auth = abac_authorizer(load=self.auth_dir) 95 89 self.access = [ ] … … 99 93 raise service_error(service_error.internal, 100 94 "Unknown auth_type: %s" % self.auth_type) 101 102 if self.auth_type == 'legacy':103 # Add the ownership attributes to the authorizer. Note that the104 # indices of the allocation dict are strings, but the attributes are105 # fedids, so there is a conversion.106 self.state_lock.acquire()107 for k in self.state.keys():108 for o in self.state[k].get('owners', []):109 self.auth.set_attribute(o, fedid(hexstr=k))110 self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k))111 # If the allocation has a vlan assigned, remove it from the112 # available vlans113 v = self.state[k].get('vlan', None)114 if v:115 self.vlans.discard(v)116 self.state_lock.release()117 118 self.lookup_access = self.legacy_lookup_access_base119 # under ABAC we use access.lookup_access120 121 95 122 96 self.call_GetValue= service_caller('GetValue')
Note: See TracChangeset
for help on using the changeset viewer.