1 <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
4 <meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
5 <title>The hierarchy Module</title>
8 <h1>The hierarchy Module</h1>
9 <p>This module implements a hierarchy of authorities and performs a similar
10 function as the "tree" module of the original geniwrapper prototype. An HRN
11 is assumed to be a string of authorities separated by dots. For example,
12 "planetlab.us.arizona.bakers". Each component of the HRN is a different
13 authority, with the last component being a leaf in the tree.
15 Each authority is stored in a subdirectory on the registry. Inside this
16 subdirectory are several files:
18 *.PKEY - private key file
19 *.DBINFO - database info</p>
21 <dt><b>AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)</b> (class) [<a href='#hierarchy.AuthInfo-class'>#</a>]</dt>
23 <p>The AuthInfo class contains the information for an authority.</p>
24 <p>For more information about this class, see <a href='#hierarchy.AuthInfo-class'><i>The AuthInfo Class</i></a>.</p>
26 <dt><b>Hierarchy(basedir=".")</b> (class) [<a href='#hierarchy.Hierarchy-class'>#</a>]</dt>
28 <p>The Hierarchy class is responsible for managing the tree of authorities.</p>
29 <p>For more information about this class, see <a href='#hierarchy.Hierarchy-class'><i>The Hierarchy Class</i></a>.</p>
32 <h2><a id='hierarchy.AuthInfo-class' name='hierarchy.AuthInfo-class'>The AuthInfo Class</a></h2>
34 <dt><b>AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)</b> (class) [<a href='#hierarchy.AuthInfo-class'>#</a>]</dt>
36 <p>The AuthInfo class contains the information for an authority. This information
37 includes the GID, private key, and database connection information.</p>
39 <dt><a id='hierarchy.AuthInfo.__init__-method' name='hierarchy.AuthInfo.__init__-method'><b>__init__(hrn, gid_filename, privkey_filename, dbinfo_filename)</b></a> [<a href='#hierarchy.AuthInfo.__init__-method'>#</a>]</dt>
41 <p>Initialize and authority object.</p>
45 the human readable name of the authority</dd>
46 <dt><i>gid_filename</i></dt>
48 the filename containing the GID</dd>
49 <dt><i>privkey_filename</i></dt>
51 the filename containing the private key</dd>
52 <dt><i>dbinfo_filename</i></dt>
54 the filename containing the database info</dd>
57 <dt><a id='hierarchy.AuthInfo.get_dbinfo-method' name='hierarchy.AuthInfo.get_dbinfo-method'><b>get_dbinfo()</b></a> [<a href='#hierarchy.AuthInfo.get_dbinfo-method'>#</a>]</dt>
59 <p>Get the dbinfo in the form of a dictionary</p>
61 <dt><a id='hierarchy.AuthInfo.get_gid_object-method' name='hierarchy.AuthInfo.get_gid_object-method'><b>get_gid_object()</b></a> [<a href='#hierarchy.AuthInfo.get_gid_object-method'>#</a>]</dt>
63 <p>Get the GID in the form of a GID object</p>
65 <dt><a id='hierarchy.AuthInfo.get_pkey_object-method' name='hierarchy.AuthInfo.get_pkey_object-method'><b>get_pkey_object()</b></a> [<a href='#hierarchy.AuthInfo.get_pkey_object-method'>#</a>]</dt>
67 <p>Get the private key in the form of a Keypair object</p>
69 <dt><a id='hierarchy.AuthInfo.set_gid_filename-method' name='hierarchy.AuthInfo.set_gid_filename-method'><b>set_gid_filename(fn)</b></a> [<a href='#hierarchy.AuthInfo.set_gid_filename-method'>#</a>]</dt>
71 <p>Set the filename of the GID</p>
75 filename of file containing GID</dd>
78 <dt><a id='hierarchy.AuthInfo.update_gid_object-method' name='hierarchy.AuthInfo.update_gid_object-method'><b>update_gid_object(gid)</b></a> [<a href='#hierarchy.AuthInfo.update_gid_object-method'>#</a>]</dt>
80 <p>Replace the GID with a new one. The file specified by gid_filename is
81 overwritten with the new GID object</p>
85 object containing new GID</dd>
89 <h2><a id='hierarchy.Hierarchy-class' name='hierarchy.Hierarchy-class'>The Hierarchy Class</a></h2>
91 <dt><b>Hierarchy(basedir=".")</b> (class) [<a href='#hierarchy.Hierarchy-class'>#</a>]</dt>
93 <p>The Hierarchy class is responsible for managing the tree of authorities.
94 Each authority is a node in the tree and exists as an AuthInfo object.
96 The tree is stored on disk in a hierarchical manner than reflects the
97 structure of the tree. Each authority is a subdirectory, and each subdirectory
98 contains the GID, pkey, and dbinfo files for that authority (as well as
99 subdirectories for each sub-authority)</p>
101 <dt><a id='hierarchy.Hierarchy.auth_exists-method' name='hierarchy.Hierarchy.auth_exists-method'><b>auth_exists(hrn)</b></a> [<a href='#hierarchy.Hierarchy.auth_exists-method'>#</a>]</dt>
103 <p>Check to see if an authority exists. An authority exists if it's disk
108 human readable name of the authority to check</dd>
111 <dt><a id='hierarchy.Hierarchy.create_auth-method' name='hierarchy.Hierarchy.create_auth-method'><b>create_auth(hrn, create_parents=False)</b></a> [<a href='#hierarchy.Hierarchy.create_auth-method'>#</a>]</dt>
113 <p>Create an authority. A private key for the authority and the associated
114 GID are created and signed by the parent authority.</p>
118 the human readable name of the authority to create</dd>
119 <dt><i>create_parents</i></dt>
121 if true, also create the parents if they do not exist</dd>
124 <dt><a id='hierarchy.Hierarchy.create_gid-method' name='hierarchy.Hierarchy.create_gid-method'><b>create_gid(hrn, uuid, pkey)</b></a> [<a href='#hierarchy.Hierarchy.create_gid-method'>#</a>]</dt>
126 <p>Create a new GID. The GID will be signed by the authority that is it's
127 immediate parent in the hierarchy (and recursively, the parents' GID
128 will be signed by its parent)</p>
132 the human readable name to store in the GID</dd>
135 the unique identifier to store in the GID</dd>
138 the public key to store in the GID</dd>
141 <dt><a id='hierarchy.Hierarchy.get_auth_cred-method' name='hierarchy.Hierarchy.get_auth_cred-method'><b>get_auth_cred(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_cred-method'>#</a>]</dt>
143 <p>Retrieve an authority credential for an authority. The authority
144 credential will contain the authority privilege and will be signed by
145 the authority's parent.</p>
149 the human readable name of the authority</dd>
152 <dt><a id='hierarchy.Hierarchy.get_auth_filenames-method' name='hierarchy.Hierarchy.get_auth_filenames-method'><b>get_auth_filenames(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_filenames-method'>#</a>]</dt>
154 <p>Given a hrn, return the filenames of the GID, private key, and dbinfo
159 the human readable name of the authority</dd>
162 <dt><a id='hierarchy.Hierarchy.get_auth_info-method' name='hierarchy.Hierarchy.get_auth_info-method'><b>get_auth_info(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_info-method'>#</a>]</dt>
164 <p>Return the AuthInfo object for the specified authority. If the authority
165 does not exist, then an exception is thrown. As a side effect, disk files
166 and a subdirectory may be created to store the authority.</p>
170 the human readable name of the authority to create.</dd>
173 <dt><a id='hierarchy.Hierarchy.get_auth_ticket-method' name='hierarchy.Hierarchy.get_auth_ticket-method'><b>get_auth_ticket(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_ticket-method'>#</a>]</dt>
175 <p>Retrieve an authority ticket. An authority ticket is not actually a
176 redeemable ticket, but only serves the purpose of being included as the
177 parent of another ticket, in order to provide a chain of authentication
180 This looks almost the same as get_auth_cred, but works for tickets
181 XXX does similarity imply there should be more code re-use?</p>
185 the human readable name of the authority</dd>
188 <dt><a id='hierarchy.Hierarchy.refresh_gid-method' name='hierarchy.Hierarchy.refresh_gid-method'><b>refresh_gid(gid, hrn=None, uuid=None, pubkey=None)</b></a> [<a href='#hierarchy.Hierarchy.refresh_gid-method'>#</a>]</dt>
190 <p>Refresh a GID. The primary use of this function is to refresh the
191 the expiration time of the GID. It may also be used to change the HRN,
192 UUID, or Public key of the GID.</p>
196 the GID to refresh</dd>
199 if !=None, change the hrn</dd>
202 if !=None, change the uuid</dd>
203 <dt><i>pubkey</i></dt>
205 if !=None, change the public key</dd>