4 from sfa.trust.certificate import Keypair, convert_public_key
5 from sfa.trust.gid import *
7 from sfa.util.faults import *
8 from sfa.util.misc import *
9 from sfa.util.method import Method
10 from sfa.util.parameter import Parameter, Mixed
11 from sfa.util.record import GeniRecord
12 from sfa.util.debug import log
14 from sfa.trust.auth import Auth
15 from sfa.trust.gid import create_uuid
17 class register(Method):
19 Register an object with the registry. In addition to being stored in the
20 Geni database, the appropriate records will also be created in the
23 @param cred credential string
24 @param record_dict dictionary containing record fields
26 @return gid string representation
29 interfaces = ['registry']
32 Parameter(str, "Credential string"),
33 Parameter(dict, "Record dictionary containing record fields")
36 returns = Parameter(int, "String representation of gid object")
38 def call(self, cred, record_dict):
39 self.api.auth.check(cred, "register")
40 record = GeniRecord(dict = record_dict)
41 type = record.get_type()
42 name = record.get_name()
43 self.api.auth.verify_object_permission(name)
44 auth_name = self.api.auth.get_authority(name)
45 auth_info = self.api.auth.get_auth_info(auth_name)
46 table = self.api.auth.get_auth_table(auth_name)
48 # make sure record has a gid
49 if 'gid' not in record:
51 pkey = Keypair(create=True)
52 if 'key' in record and record['key']:
53 if isinstance(record['key'], list):
54 pub_key = record['key'][0]
56 pub_key = record['key']
57 pkey = convert_public_key(pub_key)
59 gid_object = self.api.auth.hierarchy.create_gid(name, uuid, pkey)
60 gid = gid_object.save_to_string(save_parents=True)
64 # check if record already exists
65 existing_records = table.resolve(type, name)
67 raise ExistingRecord(name)
69 if type in ["authority"]:
71 if not self.api.auth.hierarchy.auth_exists(name):
72 self.api.auth.hierarchy.create_auth(name)
74 # authorities are special since they are managed by the registry
75 # rather than by the caller. We create our own GID for the
76 # authority rather than relying on the caller to supply one.
78 # get the GID from the newly created authority
79 child_auth_info = self.api.auth.get_auth_info(name)
80 gid = auth_info.get_gid_object()
81 record.set_gid(gid.save_to_string(save_parents=True))
83 pl_record = self.api.geni_fields_to_pl_fields(type, name, record)
84 sites = self.api.plshell.GetSites(self.api.plauth, [pl_record['login_base']])
86 pointer = self.api.plshell.AddSite(self.api.plauth, pl_record)
88 pointer = sites[0]['site_id']
90 record.set_pointer(pointer)
92 elif (type == "slice"):
93 pl_record = self.api.geni_fields_to_pl_fields(type, name, record)
94 slices = self.api.plshell.GetSlices(self.api.plauth, [pl_record['name']])
96 pointer = self.api.plshell.AddSlice(self.api.plauth, pl_record)
98 pointer = slices[0]['slice_id']
99 record.set_pointer(pointer)
101 elif (type == "user"):
102 persons = self.api.plshell.GetPersons(self.api.plauth, [record['email']])
104 pointer = self.api.plshell.AddPerson(self.api.plauth, dict(record))
106 pointer = persons[0]['person_id']
108 if 'enabled' in record and record['enabled']:
109 self.api.plshell.UpdatePerson(self.api.plauth, pointer, {'enabled': record['enabled']})
110 login_base = get_leaf(auth_info.hrn)
111 self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base)
112 # What roles should this user have?
113 self.api.plshell.AddRoleToPerson(self.api.plauth, 'user', pointer)
114 record.set_pointer(pointer)
118 self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key})
120 elif (type == "node"):
121 pl_record = self.api.geni_fields_to_pl_fields(type, name, record)
122 login_base = hrn_to_pl_login_base(auth_name)
123 nodes = self.api.plshell.GetNodes(self.api.plauth, [pl_record['hostname']])
125 pointer = self.api.plshell.AddNode(self.api.plauth, login_base, pl_record)
127 pointer = nodes[0]['node_id']
128 record.set_pointer(pointer)
131 raise UnknownGeniType(type)
133 # SFA upcalls may exist in PLCAPI and they could have already added the
134 # record for us. Lets check if the record already exists
135 existing_records = table.resolve(type, name)
136 if not existing_records:
139 # update membership for researchers, pis, owners, operators
140 self.api.update_membership(None, record)
142 return record.get_gid_object().save_to_string(save_parents=True)