Changeset f8582c9 for fedd/fedd_access.py
- Timestamp:
- Nov 18, 2008 8:32:05 PM (15 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
- Children:
- dab4d56
- Parents:
- fd729b9
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/fedd_access.py
rfd729b9 rf8582c9 16 16 import pickle 17 17 18 from threading import * 19 18 20 from fedd_access_project import access_project 19 21 from fedd_services import * … … 49 51 "dynamic_projects_cert_pwd", "dynamic_projects_trusted_certs") 50 52 id_list_attrs = ("restricted",) 53 54 def __init__(self, config=None): 55 """ 56 Initializer. Pulls parameters out of the ConfigParser's access section. 57 """ 58 59 # Make sure that the configuration is in place 60 if config: 61 if not config.has_section("access"): 62 config.add_section("access") 63 if not config.has_section("globals"): 64 config.add_section("globals") 65 else: 66 raise RunTimeError("No config to fedd_access") 67 68 69 # Create instance attributes from the static lists 70 for a in fedd_access.bool_attrs: 71 if config.has_option("access", a): 72 setattr(self, a, config.get("access", a)) 73 else: 74 setattr(self, a, False) 75 76 for a in fedd_access.emulab_attrs + fedd_access.id_attrs: 77 if config.has_option("access", a): 78 setattr(self, a, config.get("access",a)) 79 else: 80 setattr(self, a, None) 81 82 self.attrs = { } 83 self.access = { } 84 self.restricted = [ ] 85 self.fedid_category = { } 86 self.projects = { } 87 self.keys = { } 88 self.allocation = { } 89 self.state = { 90 'projects': self.projects, 91 'allocation' : self.allocation, 92 'keys' : self.keys 93 } 94 self.state_lock = Lock() 95 self.fedid_default = "testbed" 96 if config.has_option("access", "accessdb"): 97 self.read_access(config.get("access", "accessdb")) 98 if config.has_option("access", "trustdb"): 99 self.read_trust(config.get("access", "trustdb")) 100 101 self.state_filename = config.get("access", "access_state", "") 102 self.log = logging.getLogger("fedd.access") 103 set_log_level(config, "access", self.log) 104 self.read_state() 105 106 107 # Certs are promoted from the generic to the specific, so without a 108 # specific proxy certificate, the main certificates are used for 109 # proxy interactions. If no dynamic project certificates, then 110 # proxy certs are used, and if none of those the main certs. 111 112 if config.has_option("globals", "proxy_cert_file"): 113 if not self.dynamic_projects_cert_file: 114 self.dynamic_projects_cert_file = \ 115 config.get("globals", "proxy_cert_file") 116 if config.has_option("globals", "porxy_cert_pwd"): 117 self.dynamic_projects_cert_pwd = \ 118 config.get("globals", "proxy_cert_pwd") 119 120 if config.has_option("globals", "proxy_trusted_certs"): 121 if not self.dynamic_projects_trusted_certs: 122 self.dynamic_projects_trusted_certs =\ 123 config.get("globals", proxy_trusted_certs) 124 125 if config.has_option("globals", "cert_file"): 126 has_pwd = config.has_option("globals", "cert_pwd") 127 if not self.dynamic_projects_cert_file: 128 self.dynamic_projects_cert_file = \ 129 config.get("globals", "cert_file") 130 if has_pwd: 131 self.dynamic_projects_cert_pwd = \ 132 config.get("globals", "cert_pwd") 133 if not self.proxy_cert_file: 134 self.proxy_cert_file = config.get("globals", "cert_file") 135 if has_pwd: 136 self.proxy_cert_pwd = config.get("globals", "cert_pwd") 137 138 if config.get("globals", "trusted_certs"): 139 if not self.proxy_trusted_certs: 140 self.proxy_trusted_certs = \ 141 config.get("globals", "trusted_certs") 142 if not self.dynamic_projects_trusted_certs: 143 self.dynamic_projects_trusted_certs = \ 144 config.get("globals", "trusted_certs") 145 146 proj_certs = (self.dynamic_projects_cert_file, 147 self.dynamic_projects_trusted_certs, 148 self.dynamic_projects_cert_pwd) 149 150 self.soap_services = {\ 151 'RequestAccess': make_soap_handler(\ 152 RequestAccessRequestMessage.typecode,\ 153 self.RequestAccess, RequestAccessResponseMessage,\ 154 "RequestAccessResponseBody"), \ 155 'ReleaseAccess': make_soap_handler(\ 156 ReleaseAccessRequestMessage.typecode,\ 157 self.ReleaseAccess, ReleaseAccessResponseMessage,\ 158 "ReleaseAccessResponseBody")\ 159 } 160 self.xmlrpc_services = {\ 161 'RequestAccess': make_xmlrpc_handler(\ 162 self.RequestAccess, "RequestAccessResponseBody"),\ 163 'ReleaseAccess': make_xmlrpc_handler(\ 164 self.ReleaseAccess, "ReleaseAccessResponseBody")\ 165 } 166 167 168 if not config.has_option("access", "dynamic_projects_url"): 169 self.allocate_project = \ 170 fedd_allocate_project_local(config) 171 else: 172 self.allocate_project = \ 173 fedd_allocate_project_remote(config) 174 175 # If the project allocator exports services, put them in this object's 176 # maps so that classes that instantiate this can call the services. 177 self.soap_services.update(self.allocate_project.soap_services) 178 self.xmlrpc_services.update(self.allocate_project.xmlrpc_services) 51 179 52 180 def read_trust(self, trust): … … 192 320 f.close() 193 321 194 195 def __init__(self, config=None):196 """197 Initializer. Pulls parameters out of the ConfigParser's access section.198 """199 200 # Make sure that the configuration is in place201 if config:202 if not config.has_section("access"):203 config.add_section("access")204 if not config.has_section("globals"):205 config.add_section("globals")206 else:207 raise RunTimeError("No config to fedd_access")208 209 210 # Create instance attributes from the static lists211 for a in fedd_access.bool_attrs:212 if config.has_option("access", a):213 setattr(self, a, config.get("access", a))214 else:215 setattr(self, a, False)216 217 for a in fedd_access.emulab_attrs + fedd_access.id_attrs:218 if config.has_option("access", a):219 setattr(self, a, config.get("access",a))220 else:221 setattr(self, a, None)222 223 self.attrs = { }224 self.access = { }225 self.restricted = [ ]226 self.fedid_category = { }227 self.projects = { }228 self.keys = { }229 self.allocation = { }230 self.state = {231 'projects': self.projects,232 'allocation' : self.allocation,233 'keys' : self.keys234 }235 self.fedid_default = "testbed"236 if config.has_option("access", "accessdb"):237 self.read_access(config.get("access", "accessdb"))238 if config.has_option("access", "trustdb"):239 self.read_trust(config.get("access", "trustdb"))240 241 self.state_filename = config.get("access", "access_state", "")242 self.log = logging.getLogger("fedd.access")243 self.read_state()244 245 246 # Certs are promoted from the generic to the specific, so without a247 # specific proxy certificate, the main certificates are used for248 # proxy interactions. If no dynamic project certificates, then249 # proxy certs are used, and if none of those the main certs.250 251 if config.has_option("globals", "proxy_cert_file"):252 if not self.dynamic_projects_cert_file:253 self.dynamic_projects_cert_file = \254 config.get("globals", "proxy_cert_file")255 if config.has_option("globals", "porxy_cert_pwd"):256 self.dynamic_projects_cert_pwd = \257 config.get("globals", "proxy_cert_pwd")258 259 if config.has_option("globals", "proxy_trusted_certs"):260 if not self.dynamic_projects_trusted_certs:261 self.dynamic_projects_trusted_certs =\262 config.get("globals", proxy_trusted_certs)263 264 if config.has_option("globals", "cert_file"):265 has_pwd = config.has_option("globals", "cert_pwd")266 if not self.dynamic_projects_cert_file:267 self.dynamic_projects_cert_file = \268 config.get("globals", "cert_file")269 if has_pwd:270 self.dynamic_projects_cert_pwd = \271 config.get("globals", "cert_pwd")272 if not self.proxy_cert_file:273 self.proxy_cert_file = config.get("globals", "cert_file")274 if has_pwd:275 self.proxy_cert_pwd = config.get("globals", "cert_pwd")276 277 if config.get("globals", "trusted_certs"):278 if not self.proxy_trusted_certs:279 self.proxy_trusted_certs = \280 config.get("globals", "trusted_certs")281 if not self.dynamic_projects_trusted_certs:282 self.dynamic_projects_trusted_certs = \283 config.get("globals", "trusted_certs")284 285 proj_certs = (self.dynamic_projects_cert_file,286 self.dynamic_projects_trusted_certs,287 self.dynamic_projects_cert_pwd)288 289 self.soap_services = {\290 'RequestAccess': make_soap_handler(\291 RequestAccessRequestMessage.typecode,\292 self.RequestAccess, RequestAccessResponseMessage,\293 "RequestAccessResponseBody"), \294 'ReleaseAccess': make_soap_handler(\295 ReleaseAccessRequestMessage.typecode,\296 self.ReleaseAccess, ReleaseAccessResponseMessage,\297 "ReleaseAccessResponseBody")\298 }299 self.xmlrpc_services = {\300 'RequestAccess': make_xmlrpc_handler(\301 self.RequestAccess, "RequestAccessResponseBody"),\302 'ReleaseAccess': make_xmlrpc_handler(\303 self.ReleaseAccess, "ReleaseAccessResponseBody")\304 }305 306 307 if not config.has_option("access", "dynamic_projects_url"):308 self.allocate_project = \309 fedd_allocate_project_local(config)310 else:311 self.allocate_project = \312 fedd_allocate_project_remote(config)313 314 # If the project allocator exports services, put them in this object's315 # maps so that classes that instantiate this can call the services.316 self.soap_services.update(self.allocate_project.soap_services)317 self.xmlrpc_services.update(self.allocate_project.xmlrpc_services)318 322 319 323 def dump_state(self): … … 735 739 "SSH access parameters required") 736 740 # keep track of what's been added 737 if req['allocID'].has_key('fedid'): 738 aid = unicode(req['allocId']['fedid']) 739 elif req['allocID'].has_key('localname'): 740 aid = req['allocID']['localname'] 741 else: 742 raise service_error(service_error.req, "Bad allocation ID") 743 741 allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log) 742 aid = unicode(allocID) 743 744 self.state_lock.acquire() 744 745 self.allocation[aid] = { } 745 746 if dyn[1]: … … 747 748 pname = ap['project']['name']['localname'] 748 749 except KeyError: 750 self.state_lock.release() 749 751 raise service_error(service_error.internal, 750 752 "Misformed allocation response?") … … 765 767 self.allocation[aid]['keys'].append((uname, k)) 766 768 except KeyError: 769 self.state_lock.release() 767 770 raise service_error(service_error.internal, 768 771 "Misformed allocation response?") 769 772 770 773 self.write_state() 771 resp = self.build_response(req['allocID'], ap) 774 self.state_lock.release() 775 resp = self.build_response({ 'fedid': allocID } , ap) 772 776 return resp 773 777 else: … … 806 810 raise service_error(service_error.req, "No request!?") 807 811 808 print req809 812 try: 810 813 if req['allocID'].has_key('localname'): … … 827 830 del_project = None 828 831 if self.allocation.has_key(aid): 832 self.state_lock.acquire() 829 833 for k in self.allocation[aid]['keys']: 830 834 kk = "%s:%s" % k … … 844 848 845 849 del self.allocation[aid] 850 self.write_state() 851 self.state_lock.release() 846 852 # If we actually have resources to deallocate, prepare the call. 847 853 if del_project or del_users: 848 854 msg = { 'project': { }} 849 855 if del_project: 850 msg['project']['name'] ['localname'] = del_project856 msg['project']['name']= {'localname': del_project} 851 857 users = [ ] 852 858 for u in del_users.keys(): … … 860 866 msg = { 'ReleaseProjectRequestBody' : msg} 861 867 self.allocate_project.release_project(msg) 862 self.write_state()863 868 return { 'allocID': req['allocID'] } 864 869 else:
Note: See TracChangeset
for help on using the changeset viewer.