From 37188bb99d58bf192920bc40015119ba37634150 Mon Sep 17 00:00:00 2001
From: Evan Broder <broder@mit.edu>
Date: Fri, 5 Feb 2010 11:20:58 -0500
Subject: [PATCH] Select an authz module using setuptools' entry points
 mechainsm.

Instead of having each authz package install an invirt.authz module,
have them install modules under their own namespace.

In their setup.py, they should indicate that their authz module
provides a unique name within the invirt.authz entry point group.

The new invirt.authz module (part of invirt-base) then gets a name
from the configuration and uses that to find the module.

svn path=/trunk/packages/invirt-base/; revision=2989
---
 debian/changelog       |    7 +++++++
 python/invirt/authz.py |   31 +++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 python/invirt/authz.py

diff --git a/debian/changelog b/debian/changelog
index 554cc5c..0723cb3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+invirt-base (0.0.32) unstable; urgency=low
+
+  * Add back an invirt.authz module, but restructure it so it uses
+    entrypoints to find an actual backend module.
+
+ -- Evan Broder <broder@mit.edu>  Fri, 05 Feb 2010 09:46:51 -0500
+
 invirt-base (0.0.31) unstable; urgency=low
 
   * Added an invirt mako render script.
diff --git a/python/invirt/authz.py b/python/invirt/authz.py
new file mode 100644
index 0000000..f5f02a0
--- /dev/null
+++ b/python/invirt/authz.py
@@ -0,0 +1,31 @@
+"""Invirt authorization.
+
+This module acts as a loader for the pluggable authorization system.
+
+Any Python module which wishes to provide an authorization scheme for
+Invirt should advertise an entry point in the invirt.authz group with
+a unique name. That name can then be configured in
+/etc/invirt/master.yaml as the authz mechanism.
+"""
+
+
+import pkg_resources
+
+from invirt.config import structs as cfg
+
+
+def expandOwner(name):
+    """Expand an "owner" to a list of authorized users."""
+    for ep in pkg_resources.iter_entry_points('invirt.authz', cfg.authz.name):
+        return ep.load().expandOwner(name)
+
+
+def expandAdmin(name):
+    """Expand an "administrator" to a list of authorized users."""
+    for ep in pkg_resources.iter_entry_points('invirt.authz', cfg.authz.name):
+        return ep.load().expandAdmin(name)
+
+
+__all__ = ['expandOwner',
+           'expandAdmin',
+           ]
-- 
1.7.9.5