git://git.onelab.eu
/
sfa.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
added refresh right to slice
[sfa.git]
/
plc
/
registry.py
diff --git
a/plc/registry.py
b/plc/registry.py
index
1638207
..
53581d4
100644
(file)
--- a/
plc/registry.py
+++ b/
plc/registry.py
@@
-6,17
+6,21
@@
import os
import time
import sys
import time
import sys
+from util.credential import Credential
from util.hierarchy import Hierarchy
from util.trustedroot import TrustedRootList
from util.cert import Keypair, Certificate
from util.hierarchy import Hierarchy
from util.trustedroot import TrustedRootList
from util.cert import Keypair, Certificate
-from util.gid import GID
+from util.gid import GID
, create_uuid
from util.geniserver import GeniServer
from util.record import GeniRecord
from util.geniserver import GeniServer
from util.record import GeniRecord
+from util.rights import RightList
from util.genitable import GeniTable
from util.geniticket import Ticket
from util.excep import *
from util.misc import *
from util.genitable import GeniTable
from util.geniticket import Ticket
from util.excep import *
from util.misc import *
+from util.config import *
+
##
# Convert geni fields to PLC fields for use when registering up updating
# registry record in the PLC database
##
# Convert geni fields to PLC fields for use when registering up updating
# registry record in the PLC database
@@
-132,7
+136,7
@@
class Registry(GeniServer):
# @param auth_hrn human readable name of authority
def get_auth_info(self, auth_hrn):
# @param auth_hrn human readable name of authority
def get_auth_info(self, auth_hrn):
- return
AuthH
ierarchy.get_auth_info(auth_hrn)
+ return
self.h
ierarchy.get_auth_info(auth_hrn)
##
# Given an authority name, return the database table for that authority. If
##
# Given an authority name, return the database table for that authority. If
@@
-151,7
+155,7
@@
class Registry(GeniServer):
# into this authority yet.
if not table.exists():
# into this authority yet.
if not table.exists():
- report.trace("Registry: creating table for authority " + auth_name)
+ print "Registry: creating table for authority", auth_name
table.create()
return table
table.create()
return table
@@
-347,8
+351,8
@@
class Registry(GeniServer):
if (type == "sa") or (type=="ma"):
# update the tree
if (type == "sa") or (type=="ma"):
# update the tree
- if not
AuthH
ierarchy.auth_exists(name):
-
AuthH
ierarchy.create_auth(name)
+ if not
self.h
ierarchy.auth_exists(name):
+
self.h
ierarchy.create_auth(name)
# authorities are special since they are managed by the registry
# rather than by the caller. We create our own GID for the
# authorities are special since they are managed by the registry
# rather than by the caller. We create our own GID for the
@@
-428,20
+432,15
@@
class Registry(GeniServer):
# the current copy of the record in the Geni database, to make sure
# that the appopriate record is removed.
# the current copy of the record in the Geni database, to make sure
# that the appopriate record is removed.
- def remove(self, cred,
record_dict
):
+ def remove(self, cred,
type, hrn
):
self.decode_authentication(cred, "remove")
self.decode_authentication(cred, "remove")
- record = GeniRecord(dict = record_dict)
- type = record.get_type()
-
- self.verify_object_permission(record.get_name())
+ self.verify_object_permission(hrn)
- auth_name = get_authority(
record.get_name()
)
+ auth_name = get_authority(
hrn
)
table = self.get_auth_table(auth_name)
table = self.get_auth_table(auth_name)
- # let's not trust that the caller has a well-formed record (a forged
- # pointer field could be a disaster), so look it up ourselves
- record_list = table.resolve(type, record.get_name())
+ record_list = table.resolve(type, hrn)
if not record_list:
raise RecordNotFound(name)
record = record_list[0]
if not record_list:
raise RecordNotFound(name)
record = record_list[0]
@@
-547,11
+546,13
@@
class Registry(GeniServer):
# @param cred credential string specifying rights of the caller
#
# @return list of record dictionaries
# @param cred credential string specifying rights of the caller
#
# @return list of record dictionaries
- def list(self, cred):
+ def list(self, cred
, auth_hrn
):
self.decode_authentication(cred, "list")
self.decode_authentication(cred, "list")
- auth_name = self.object_gid.get_hrn()
- table = self.get_auth_table(auth_name)
+ if not self.hierarchy.auth_exists(auth_hrn):
+ raise MissingAuthority(auth_hrn)
+
+ table = self.get_auth_table(auth_hrn)
records = table.list()
records = table.list()
@@
-563,7
+564,7
@@
class Registry(GeniServer):
except PlanetLabRecordDoesNotExist:
# silently drop the ones that are missing in PL.
# is this the right thing to do?
except PlanetLabRecordDoesNotExist:
# silently drop the ones that are missing in PL.
# is this the right thing to do?
- report.error("ignoring geni record " + record.get_name() + " because pl record does not exist")
+ print "ignoring geni record ", record.get_name(), " because pl record does not exist"
table.remove(record)
dicts = []
table.remove(record)
dicts = []
@@
-603,7
+604,7
@@
class Registry(GeniServer):
except PlanetLabRecordDoesNotExist:
# silently drop the ones that are missing in PL.
# is this the right thing to do?
except PlanetLabRecordDoesNotExist:
# silently drop the ones that are missing in PL.
# is this the right thing to do?
- report.error("ignoring geni record " + record.get_name() + " because pl record does not exist")
+ print "ignoring geni record ", record.get_name(), "because pl record does not exist"
table.remove(record)
return good_records
table.remove(record)
return good_records
@@
-676,6
+677,7
@@
class Registry(GeniServer):
elif type == "ma":
rl.add("authority")
elif type == "slice":
elif type == "ma":
rl.add("authority")
elif type == "slice":
+ rl.add("refresh")
rl.add("embed")
rl.add("bind")
rl.add("control")
rl.add("embed")
rl.add("bind")
rl.add("control")
@@
-729,7
+731,7
@@
class Registry(GeniServer):
rl = self.determine_rights(type, name)
cred.set_privileges(rl)
rl = self.determine_rights(type, name)
cred.set_privileges(rl)
- cred.set_parent(
AuthH
ierarchy.get_auth_cred(auth_hrn))
+ cred.set_parent(
self.h
ierarchy.get_auth_cred(auth_hrn))
cred.encode()
cred.sign()
cred.encode()
cred.sign()
@@
-775,7
+777,7
@@
class Registry(GeniServer):
rl = self.determine_rights(type, name)
new_cred.set_privileges(rl)
rl = self.determine_rights(type, name)
new_cred.set_privileges(rl)
- new_cred.set_parent(
AuthH
ierarchy.get_auth_cred(auth_hrn))
+ new_cred.set_parent(
self.h
ierarchy.get_auth_cred(auth_hrn))
new_cred.encode()
new_cred.sign()
new_cred.encode()
new_cred.sign()
@@
-808,7
+810,7
@@
class Registry(GeniServer):
pkey = Keypair()
pkey.load_pubkey_from_string(pubkey_str)
pkey = Keypair()
pkey.load_pubkey_from_string(pubkey_str)
- gid =
AuthH
ierarchy.create_gid(name, uuid, pkey)
+ gid =
self.h
ierarchy.create_gid(name, uuid, pkey)
return gid.save_to_string(save_parents=True)
return gid.save_to_string(save_parents=True)