Changeset ee950c2 for fedd/federation/skeleton_access.py

Timestamp:

Jan 10, 2012 5:28:15 PM (12 years ago)

Author:

Ted Faber <faber@…>

Branches:

compt_changes, info-ops, master

Children:

f77a256

Parents:

d2e86f6

Message:

Deactivate legacy authorization and dynamic projects

File:

• fedd/federation/skeleton_access.py (modified) (3 diffs)

fedd/federation/skeleton_access.py

@@ -18 +18 @@
 
 from access import access_base
-from legacy_access import legacy_access
 
 # Make log messages disappear if noone configures a fedd logger.  This is
@@ -32 +31 @@
 
 # The plug-in itself.
-class access(access_base, legacy_access):
+class access(access_base):
     """
     This is a demonstration plug-in for fedd.  It responds to all the
@@ -78 +77 @@
         # authorization information
         self.auth_type = config.get('access', 'auth_type') \
-                or 'legacy'
+                or 'abac'
         self.auth_dir = config.get('access', 'auth_dir')
         accessdb = config.get("access", "accessdb")
-        # initialize the authorization system.  In each case we make a call to
+        # initialize the authorization system.  We make a call to
         # read the access database that maps from authorization information
         # into local information.  The local information is parsed by the
         # translator above.
-        if self.auth_type == 'legacy':
-            self.access = { }
-            if accessdb:
-                try:
-                    self.legacy_read_access(accessdb, self.parse_access_string)
-                except EnvironmentError, e:
-                    self.log.error("Cannot read %s: %s" % \
-                            (config.get("access", "accessdb"), e))
-                    raise e
-            # The base class initializer has read the state dictionary from the
-            # state file, if there is one.  The state variable includes
-            # information about each active allocation, keyed by the allocation
-            # identifier.  This loop extracts the owners stored with each
-            # allocation and associates an access attribute with them.  Each
-            # owner is allowed to access each thing they own.  This is a
-            # specialization of the state handling.  ABAC records this
-            # information explicitly so this loop only executes for legacy
-            # code.
-            self.state_lock.acquire()
-            for k in self.state.keys():
-                # Add the owners
-                for o in self.state[k].get('owners', []):
-                    self.auth.set_attribute(o, fedid(hexstr=k))
-                # The principal represented by the allocation itself is also
-                # allowed to make accesses.
-                self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k))
-            self.state_lock.release()
-            # This access controller does not specialize the process of looking
-            # up local information.  This aliases the lookup_access method to
-            # be easier to read.
-            self.lookup_access = self.legacy_lookup_access_base
-        elif self.auth_type == 'abac':
+        if self.auth_type == 'abac':
             #  Load the current authorization state
             self.auth = abac_authorizer(load=self.auth_dir)