Changeset ee950c2 for fedd/federation/skeleton_access.py
- Timestamp:
- Jan 10, 2012 5:28:15 PM (12 years ago)
- Branches:
- compt_changes, info-ops, master
- Children:
- f77a256
- Parents:
- d2e86f6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/skeleton_access.py
rd2e86f6 ree950c2 18 18 19 19 from access import access_base 20 from legacy_access import legacy_access21 20 22 21 # Make log messages disappear if noone configures a fedd logger. This is … … 32 31 33 32 # The plug-in itself. 34 class access(access_base , legacy_access):33 class access(access_base): 35 34 """ 36 35 This is a demonstration plug-in for fedd. It responds to all the … … 78 77 # authorization information 79 78 self.auth_type = config.get('access', 'auth_type') \ 80 or ' legacy'79 or 'abac' 81 80 self.auth_dir = config.get('access', 'auth_dir') 82 81 accessdb = config.get("access", "accessdb") 83 # initialize the authorization system. In each case we make a call to82 # initialize the authorization system. We make a call to 84 83 # read the access database that maps from authorization information 85 84 # into local information. The local information is parsed by the 86 85 # translator above. 87 if self.auth_type == 'legacy': 88 self.access = { } 89 if accessdb: 90 try: 91 self.legacy_read_access(accessdb, self.parse_access_string) 92 except EnvironmentError, e: 93 self.log.error("Cannot read %s: %s" % \ 94 (config.get("access", "accessdb"), e)) 95 raise e 96 # The base class initializer has read the state dictionary from the 97 # state file, if there is one. The state variable includes 98 # information about each active allocation, keyed by the allocation 99 # identifier. This loop extracts the owners stored with each 100 # allocation and associates an access attribute with them. Each 101 # owner is allowed to access each thing they own. This is a 102 # specialization of the state handling. ABAC records this 103 # information explicitly so this loop only executes for legacy 104 # code. 105 self.state_lock.acquire() 106 for k in self.state.keys(): 107 # Add the owners 108 for o in self.state[k].get('owners', []): 109 self.auth.set_attribute(o, fedid(hexstr=k)) 110 # The principal represented by the allocation itself is also 111 # allowed to make accesses. 112 self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k)) 113 self.state_lock.release() 114 # This access controller does not specialize the process of looking 115 # up local information. This aliases the lookup_access method to 116 # be easier to read. 117 self.lookup_access = self.legacy_lookup_access_base 118 elif self.auth_type == 'abac': 86 if self.auth_type == 'abac': 119 87 # Load the current authorization state 120 88 self.auth = abac_authorizer(load=self.auth_dir)
Note: See TracChangeset
for help on using the changeset viewer.