From 8612cf378d330e1fff6f18a5dbd07a031e65f6fa Mon Sep 17 00:00:00 2001 From: parmentelat Date: Wed, 16 May 2018 12:13:11 +0200 Subject: [PATCH] minor and harmless cosmetic changes --- sfa/server/sfa-start.py | 7 ++++--- sfa/trust/auth.py | 42 +++++++++++++++++++++-------------------- sfa/util/sfalogging.py | 8 ++------ sfa/util/xrn.py | 3 --- 4 files changed, 28 insertions(+), 32 deletions(-) diff --git a/sfa/server/sfa-start.py b/sfa/server/sfa-start.py index bca06ee8..bcd00cd6 100755 --- a/sfa/server/sfa-start.py +++ b/sfa/server/sfa-start.py @@ -46,11 +46,12 @@ from sfa.server.registry import Registries from sfa.server.aggregate import Aggregates from sfa.client.return_value import ReturnValue -# after http://www.erlenstar.demon.co.uk/unix/faq_2.html - def daemon(): - """Daemonize the current process.""" + """ + Daemonize the current process. + after http://www.erlenstar.demon.co.uk/unix/faq_2.html + """ if os.fork() != 0: os._exit(0) os.setsid() diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index 16eb8a69..f8ac90f3 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -67,17 +67,19 @@ class Auth: xrns = [] error = (None, None) - def log_invalid_cred(cred): + def log_invalid_cred(cred, exception): if not isinstance(cred, StringType): logger.info( - "cannot validate credential %s - expecting a string" % cred) + "{}: cannot validate credential {}" + .format(exception, cred)) error = ('TypeMismatch', - "checkCredentials: expected a string, received {} -- {}" + "checkCredentials: expected a string, got {} -- {}" .format(type(cred), cred)) else: cred_obj = Credential(string=cred) - logger.info("failed to validate credential - dump=%s" % - cred_obj.dump_string(dump_parents=True)) + logger.info("{}: failed to validate credential dump={}" + .format(exception, + cred_obj.dump_string(dump_parents=True))) error = sys.exc_info()[:2] return error @@ -90,7 +92,7 @@ class Auth: if not isinstance(xrns, list): xrns = [xrns] - slice_xrns = Xrn.filter_type(xrns, 'slice') + # slice_xrns = Xrn.filter_type(xrns, 'slice') sliver_xrns = Xrn.filter_type(xrns, 'sliver') # we are not able to validate slivers in the traditional way so @@ -121,8 +123,8 @@ class Auth: try: self.check(cred, operation, hrn) valid.append(cred) - except: - error = log_invalid_cred(cred) + except Exception as exc: + error = log_invalid_cred(cred, exc) # make sure all sliver xrns are validated against the valid credentials if sliver_xrns: @@ -140,11 +142,11 @@ class Auth: def check(self, credential, operation, hrn=None): """ - Check the credential against the peer cert (callerGID) included - in the credential matches the caller that is connected to the - HTTPS connection, check if the credential was signed by a - trusted cert and check if the credential is allowed to perform - the specified operation. + Check the credential against the peer cert (callerGID) included + in the credential matches the caller that is connected to the + HTTPS connection, check if the credential was signed by a + trusted cert and check if the credential is allowed to perform + the specified operation. """ cred = Credential(cred=credential) self.client_cred = cred @@ -265,16 +267,16 @@ class Auth: Given an authority name, return the information for that authority. This is basically a stub that calls the hierarchy module. - @param auth_hrn human readable name of authority + @param auth_hrn human readable name of authority """ return self.hierarchy.get_auth_info(auth_hrn) def veriry_auth_belongs_to_me(self, name): """ - Verify that an authority belongs to our hierarchy. + Verify that an authority belongs to our hierarchy. This is basically left up to the implementation of the hierarchy - module. If the specified name does not belong, ane exception is + module. If the specified name does not belong, ane exception is thrown indicating the caller should contact someone else. @param auth_name human readable name of authority @@ -289,7 +291,7 @@ class Auth: this implies that the authority that owns the object belongs to our hierarchy. If it does not an exception is thrown. - @param name human readable name of object + @param name human readable name of object """ auth_name = self.get_authority(name) if not auth_name: @@ -306,10 +308,10 @@ class Auth: """ Verify that the object gid that was specified in the credential allows permission to the object 'name'. This is done by a simple - prefix test. For example, an object_gid for plc.arizona would + prefix test. For example, an object_gid for plc.arizona would match the objects plc.arizona.slice1 and plc.arizona. - @param name human readable name to test + @param name human readable name to test """ object_hrn = self.object_gid.get_hrn() if object_hrn == name: @@ -381,7 +383,7 @@ class Auth: def filter_creds_by_caller(self, creds, caller_hrn_list): """ - Returns a list of creds who's gid caller matches the + Returns a list of creds who's gid caller matches the specified caller hrn """ if not isinstance(creds, list): diff --git a/sfa/util/sfalogging.py b/sfa/util/sfalogging.py index 2b7d7823..434043fe 100644 --- a/sfa/util/sfalogging.py +++ b/sfa/util/sfalogging.py @@ -166,12 +166,8 @@ class _SfaLogger: self.logger.addHandler(handler) -info_logger = _SfaLogger(loggername='info', level=logging.INFO) -debug_logger = _SfaLogger(loggername='debug', level=logging.DEBUG) -warn_logger = _SfaLogger(loggername='warning', level=logging.WARNING) -error_logger = _SfaLogger(loggername='error', level=logging.ERROR) -critical_logger = _SfaLogger(loggername='critical', level=logging.CRITICAL) -logger = info_logger +logger = _SfaLogger(loggername='info', level=logging.INFO) + sfi_logger = _SfaLogger(logfile=os.path.expanduser("~/.sfi/") + 'sfi.log', loggername='sfilog', level=logging.DEBUG) ######################################## diff --git a/sfa/util/xrn.py b/sfa/util/xrn.py index 1a7b8b8d..692c80d8 100644 --- a/sfa/util/xrn.py +++ b/sfa/util/xrn.py @@ -177,9 +177,6 @@ class Xrn: self.type = type self.hrn_to_urn() self._normalize() -# happens all the time .. -# if not type: -# debug_logger.debug("type-less Xrn's are not safe") def __repr__(self): result = "