2 # Thierry Parmentelat - INRIA
4 from PLC.Faults import *
5 from PLC.Method import Method
6 from PLC.Parameter import Parameter, Mixed
7 from PLC.Auth import Auth
9 from PLC.SliceTags import SliceTag, SliceTags
10 from PLC.Nodes import Node
11 from PLC.Slices import Slice, Slices
12 from PLC.InitScripts import InitScript, InitScripts
14 from PLC.AuthorizeHelpers import AuthorizeHelpers
16 class UpdateSliceTag(Method):
18 Updates the value of an existing slice or sliver attribute.
20 Users may only update attributes of slices or slivers of which
21 they are members. PIs may only update attributes of slices or
22 slivers at their sites, or of which they are members. Admins may
23 update attributes of any slice or sliver.
25 Returns 1 if successful, faults otherwise.
28 roles = ['admin', 'pi', 'user', 'node']
32 SliceTag.fields['slice_tag_id'],
33 Mixed(SliceTag.fields['value'],
34 InitScript.fields['name'])
37 returns = Parameter(int, '1 if successful')
39 def call(self, auth, slice_tag_id, value):
40 slice_tags = SliceTags(self.api, [slice_tag_id])
42 raise PLCInvalidArgument, "No such slice attribute"
43 slice_tag = slice_tags[0]
45 slices = Slices(self.api, [slice_tag['slice_id']])
47 raise PLCInvalidArgument, "No such slice %d"%slice_tag['slice_id']
50 assert slice_tag['slice_tag_id'] in slice['slice_tag_ids']
52 # check authorizations
53 node_id_or_hostname=slice_tag['node_id']
54 nodegroup_id_or_name=slice_tag['nodegroup_id']
56 if 'admin' in self.caller['roles']:
58 # does caller have right role(s) ? this knows how to deal with self.caller being a node
59 elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
61 # node callers: check the node is in the slice
62 elif isinstance(self.caller, Node):
63 # nodes can only set their own sliver tags
64 if node_id_or_hostname is None:
66 elif not AuthorizeHelpers.node_match_id (self.api, self.caller, node_id_or_hostname):
68 elif not AuthorizeHelpers.node_in_slice (self.api, self.caller, slice):
70 # caller is a non-admin person
72 # only admins can handle slice tags on a nodegroup
73 if nodegroup_id_or_name:
74 raise PLCPermissionDenied, "%s, cannot set slice tag %s on nodegroup - restricted to admins"%\
75 (self.name,tag_type['tagname'])
76 # if a node is specified it is expected to be in the slice
77 if node_id_or_hostname:
78 if not AuthorizeHelpers.node_id_in_slice (self.api, node_id_or_hostname, slice):
79 raise PLCPermissionDenied, "%s, node must be in slice when setting sliver tag"
80 # try all roles to find a match - tech are ignored b/c not in AddSliceTag.roles anyways
81 for role in AuthorizeHelpers.person_tag_type_common_roles(self.api,self.caller,tag_type):
82 # regular users need to be in the slice
84 if AuthorizeHelpers.person_in_slice(self.api, self.caller, slice):
86 # for convenience, pi's can tweak all the slices in their site
88 if AuthorizeHelpers.slice_belongs_to_pi (self.api, slice, self.caller):
91 raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
93 if slice_tag['tagname'] in ['initscript']:
94 initscripts = InitScripts(self.api, {'enabled': True, 'name': value})
96 raise PLCInvalidArgument, "No such plc initscript"
98 slice_tag['value'] = unicode(value)
100 self.event_objects = {'SliceTag': [slice_tag['slice_tag_id']]}