nicer output of sfi (catches SystemExit)

[sfa.git] / sfa / client / sfi.py
diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py

index 55c457a..21f0f8f 100644 (file)
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -13,10 +13,12 @@ import datetime
  import codecs
  import pickle
  import json
  import codecs
  import pickle
  import json
+import shutil
  from lxml import etree
  from StringIO import StringIO
  from optparse import OptionParser
  from pprint import PrettyPrinter
  from lxml import etree
  from StringIO import StringIO
  from optparse import OptionParser
  from pprint import PrettyPrinter
+from tempfile import mkstemp
  
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.gid import GID
  
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.gid import GID
@@ -44,30 +46,8 @@ from sfa.client.candidates import Candidates
  
  CM_PORT=12346
  
  
  CM_PORT=12346
  
-# utility methods here
-def optparse_listvalue_callback(option, option_string, value, parser):
-    setattr(parser.values, option.dest, value.split(','))
-
-# a code fragment that could be helpful for argparse which unfortunately is 
-# available with 2.7 only, so this feels like too strong a requirement for the client side
-#class ExtraArgAction  (argparse.Action):
-#    def __call__ (self, parser, namespace, values, option_string=None):
-# would need a try/except of course
-#        (k,v)=values.split('=')
-#        d=getattr(namespace,self.dest)
-#        d[k]=v
-#####
-#parser.add_argument ("-X","--extra",dest='extras', default={}, action=ExtraArgAction,
-#                     help="set extra flags, testbed dependent, e.g. --extra enabled=true")
-    
-def optparse_dictvalue_callback (option, option_string, value, parser):
-    try:
-        (k,v)=value.split('=',1)
-        d=getattr(parser.values, option.dest)
-        d[k]=v
-    except:
-        parser.print_help()
-        sys.exit(1)
+from sfa.client.common import optparse_listvalue_callback, optparse_dictvalue_callback, \
+    terminal_render, filter_records 
  
  # display methods
  def display_rspec(rspec, format='rspec'):
  
  # display methods
  def display_rspec(rspec, format='rspec'):
@@ -113,14 +93,15 @@ def filter_records(type, records):
      return filtered_records
  
  
      return filtered_records
  
  
-def credential_printable (credential_string):
-    credential=Credential(string=credential_string)
+def credential_printable (cred):
+    credential=Credential(cred=cred)
      result=""
      result += credential.get_summary_tostring()
      result += "\n"
      rights = credential.get_privileges()
      result=""
      result += credential.get_summary_tostring()
      result += "\n"
      rights = credential.get_privileges()
-    result += "rights=%s"%rights
-    result += "\n"
+    result += "type=%s\n" % credential.type    
+    result += "version=%s\n" % credential.version    
+    result += "rights=%s\n"%rights
      return result
  
  def show_credentials (cred_s):
      return result
  
  def show_credentials (cred_s):
@@ -278,24 +259,21 @@ class Sfi:
          ("version", ""),  
          ("list", "authority"),
          ("show", "name"),
          ("version", ""),  
          ("list", "authority"),
          ("show", "name"),
-        ("add", "record"),
-        ("update", "record"),
+        ("add", "[record]"),
+        ("update", "[record]"),
          ("remove", "name"),
          ("remove", "name"),
-        ("slices", ""),
-        ("resources", "[slice_hrn]"),
-        ("create", "slice_hrn rspec"),
+        ("resources", ""),
+        ("describe", "slice_hrn"),
+        ("allocate", "slice_hrn rspec"),
+        ("provision", "slice_hrn"),
+        ("action", "slice_hrn action"), 
          ("delete", "slice_hrn"),
          ("status", "slice_hrn"),
          ("delete", "slice_hrn"),
          ("status", "slice_hrn"),
-        ("start", "slice_hrn"),
-        ("stop", "slice_hrn"),
-        ("reset", "slice_hrn"),
          ("renew", "slice_hrn time"),
          ("shutdown", "slice_hrn"),
          ("renew", "slice_hrn time"),
          ("shutdown", "slice_hrn"),
-        ("get_ticket", "slice_hrn rspec"),
-        ("redeem_ticket", "ticket"),
-        ("delegate", "name"),
-        ("create_gid", "[name]"),
-        ("get_trusted_certs", "cred"),
+        ("delegate", "to_hrn"),
+        ("gid", "[name]"),
+        ("trusted", "cred"),
          ("config", ""),
          ]
  
          ("config", ""),
          ]
  
@@ -338,36 +316,29 @@ class Sfi:
              parser.add_option('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
              parser.add_option('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
              parser.add_option('-e', '--email', dest='email', default="",  help="email (mandatory for users)") 
              parser.add_option('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
              parser.add_option('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
              parser.add_option('-e', '--email', dest='email', default="",  help="email (mandatory for users)") 
-# use --extra instead
-#            parser.add_option('-u', '--url', dest='url', metavar='<url>', default=None, help="URL, useful for slices") 
-#            parser.add_option('-d', '--description', dest='description', metavar='<description>', 
-#                              help='Description, useful for slices', default=None)
              parser.add_option('-k', '--key', dest='key', metavar='<key>', help='public key string or file', 
                                default=None)
              parser.add_option('-k', '--key', dest='key', metavar='<key>', help='public key string or file', 
                                default=None)
-            parser.add_option('-s', '--slices', dest='slices', metavar='<slices>', help='slice xrns',
+            parser.add_option('-s', '--slices', dest='slices', metavar='<slices>', help='Set/replace slice xrns',
                                default='', type="str", action='callback', callback=optparse_listvalue_callback)
              parser.add_option('-r', '--researchers', dest='researchers', metavar='<researchers>', 
                                default='', type="str", action='callback', callback=optparse_listvalue_callback)
              parser.add_option('-r', '--researchers', dest='researchers', metavar='<researchers>', 
-                              help='slice researchers', default='', type="str", action='callback', 
+                              help='Set/replace slice researchers', default='', type="str", action='callback', 
                                callback=optparse_listvalue_callback)
                                callback=optparse_listvalue_callback)
-            parser.add_option('-p', '--pis', dest='pis', metavar='<PIs>', help='Principal Investigators/Project Managers',
+            parser.add_option('-p', '--pis', dest='pis', metavar='<PIs>', help='Set/replace Principal Investigators/Project Managers',
                                default='', type="str", action='callback', callback=optparse_listvalue_callback)
                                default='', type="str", action='callback', callback=optparse_listvalue_callback)
-# use --extra instead
-#            parser.add_option('-f', '--firstname', dest='firstname', metavar='<firstname>', help='user first name')
-#            parser.add_option('-l', '--lastname', dest='lastname', metavar='<lastname>', help='user last name')
              parser.add_option ('-X','--extra',dest='extras',default={},type='str',metavar="<EXTRA_ASSIGNS>",
                                 action="callback", callback=optparse_dictvalue_callback, nargs=1,
                                 help="set extra/testbed-dependent flags, e.g. --extra enabled=true")
  
          # user specifies remote aggregate/sm/component                          
              parser.add_option ('-X','--extra',dest='extras',default={},type='str',metavar="<EXTRA_ASSIGNS>",
                                 action="callback", callback=optparse_dictvalue_callback, nargs=1,
                                 help="set extra/testbed-dependent flags, e.g. --extra enabled=true")
  
          # user specifies remote aggregate/sm/component                          
-        if command in ("resources", "slices", "create", "delete", "start", "stop", 
-                       "restart", "shutdown",  "get_ticket", "renew", "status"):
+        if command in ("resources", "describe", "allocate", "provision", "delete", "allocate", "provision", 
+                       "action", "shutdown", "renew", "status"):
              parser.add_option("-d", "--delegate", dest="delegate", default=None, 
                               action="store_true",
                               help="Include a credential delegated to the user's root"+\
                                    "authority in set of credentials for this call")
  
          # show_credential option
              parser.add_option("-d", "--delegate", dest="delegate", default=None, 
                               action="store_true",
                               help="Include a credential delegated to the user's root"+\
                                    "authority in set of credentials for this call")
  
          # show_credential option
-        if command in ("list","resources","create","add","update","remove","slices","delete","status","renew"):
+        if command in ("list","resources", "describe", "provision", "allocate", "add","update","remove","slices","delete","status","renew"):
              parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False,
                                help="show credential(s) used in human-readable form")
          # registy filter option
              parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False,
                                help="show credential(s) used in human-readable form")
          # registy filter option
@@ -379,7 +350,7 @@ class Sfi:
          if command in ("show"):
              parser.add_option("-k","--key",dest="keys",action="append",default=[],
                                help="specify specific keys to be displayed from record")
          if command in ("show"):
              parser.add_option("-k","--key",dest="keys",action="append",default=[],
                                help="specify specific keys to be displayed from record")
-        if command in ("resources"):
+        if command in ("resources", "describe"):
              # rspec version
              parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1",
                                help="schema type and version of resulting RSpec")
              # rspec version
              parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1",
                                help="schema type and version of resulting RSpec")
@@ -400,8 +371,7 @@ class Sfi:
                                  choices=("all", "resources", "leases"), default="resources")
  
  
                                  choices=("all", "resources", "leases"), default="resources")
  
  
-        # 'create' does return the new rspec, makes sense to save that too
-        if command in ("resources", "show", "list", "create_gid", 'create'):
+        if command in ("resources", "describe", "allocate", "provision", "show", "list", "gid"):
             parser.add_option("-o", "--output", dest="file",
                              help="output XML to file", metavar="FILE", default=None)
  
             parser.add_option("-o", "--output", dest="file",
                              help="output XML to file", metavar="FILE", default=None)
  
@@ -416,12 +386,22 @@ class Sfi:
          if command == 'list':
             parser.add_option("-r", "--recursive", dest="recursive", action='store_true',
                               help="list all child records", default=False)
          if command == 'list':
             parser.add_option("-r", "--recursive", dest="recursive", action='store_true',
                               help="list all child records", default=False)
+           parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+                             help="gives details, like user keys", default=False)
          if command in ("delegate"):
             parser.add_option("-u", "--user",
          if command in ("delegate"):
             parser.add_option("-u", "--user",
-                            action="store_true", dest="delegate_user", default=False,
-                            help="delegate user credential")
-           parser.add_option("-s", "--slice", dest="delegate_slice",
-                            help="delegate slice credential", metavar="HRN", default=None)
+                             action="store_true", dest="delegate_user", default=False,
+                             help="delegate your own credentials; default if no other option is provided")
+           parser.add_option("-s", "--slice", dest="delegate_slices",action='append',default=[],
+                             metavar="slice_hrn", help="delegate cred. for slice HRN")
+           parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[],
+                             metavar='auth_hrn', help="delegate cred for auth HRN")
+           # this primarily is a shorthand for -a my_hrn^
+           parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true',
+                             help="delegate your PI credentials, so s.t. like -a your_hrn^")
+           parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False,
+                             help="""by default the mandatory argument is expected to be a user, 
+use this if you mean an authority instead""")
          
          if command in ("version"):
              parser.add_option("-R","--registry-version",
          
          if command in ("version"):
              parser.add_option("-R","--registry-version",
@@ -486,7 +466,11 @@ class Sfi:
      # Main: parse arguments and dispatch to command
      #
      def dispatch(self, command, command_options, command_args):
      # Main: parse arguments and dispatch to command
      #
      def dispatch(self, command, command_options, command_args):
-        return getattr(self, command)(command_options, command_args)
+        method=getattr(self, command,None)
+        if not method:
+            print "Unknown command %s"%command
+            return
+        return method(command_options, command_args)
  
      def main(self):
          self.sfi_parser = self.create_parser()
  
      def main(self):
          self.sfi_parser = self.create_parser()
@@ -517,29 +501,47 @@ class Sfi:
  
          self.read_config () 
          self.bootstrap ()
  
          self.read_config () 
          self.bootstrap ()
-        self.logger.info("Command=%s" % command)
+        self.logger.debug("Command=%s" % command)
  
          try:
              self.dispatch(command, command_options, command_args)
  
          try:
              self.dispatch(command, command_options, command_args)
-        except KeyError:
-            self.logger.critical ("Unknown command %s"%command)
-            sys.exit(1)
+        except SystemExit:
+            return 1
+        except:
+            self.logger.log_exc ("sfi command %s failed"%command)
+            return 1
  
  
-        return
+        return 0
      
      ####################
      def read_config(self):
          config_file = os.path.join(self.options.sfi_dir,"sfi_config")
      
      ####################
      def read_config(self):
          config_file = os.path.join(self.options.sfi_dir,"sfi_config")
+        shell_config_file  = os.path.join(self.options.sfi_dir,"sfi_config.sh")
          try:
          try:
-           config = Config (config_file)
+            if Config.is_ini(config_file):
+                config = Config (config_file)
+            else:
+                # try upgrading from shell config format
+                fp, fn = mkstemp(suffix='sfi_config', text=True)  
+                config = Config(fn)
+                # we need to preload the sections we want parsed 
+                # from the shell config
+                config.add_section('sfi')
+                config.add_section('sface')
+                config.load(config_file)
+                # back up old config
+                shutil.move(config_file, shell_config_file)
+                # write new config
+                config.save(config_file)
+                 
          except:
          except:
-           self.logger.critical("Failed to read configuration file %s"%config_file)
-           self.logger.info("Make sure to remove the export clauses and to add quotes")
-           if self.options.verbose==0:
-               self.logger.info("Re-run with -v for more details")
-           else:
-               self.logger.log_exc("Could not read config file %s"%config_file)
-           sys.exit(1)
+            self.logger.critical("Failed to read configuration file %s"%config_file)
+            self.logger.info("Make sure to remove the export clauses and to add quotes")
+            if self.options.verbose==0:
+                self.logger.info("Re-run with -v for more details")
+            else:
+                self.logger.log_exc("Could not read config file %s"%config_file)
+            sys.exit(1)
       
          errors = 0
          # Set SliceMgr URL
       
          errors = 0
          # Set SliceMgr URL
@@ -557,7 +559,7 @@ class Sfi:
          elif hasattr(config, "SFI_REGISTRY"):
             self.reg_url = config.SFI_REGISTRY
          else:
          elif hasattr(config, "SFI_REGISTRY"):
             self.reg_url = config.SFI_REGISTRY
          else:
-           self.logger.errors("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file)
+           self.logger.error("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file)
             errors += 1 
  
          # Set user HRN
             errors += 1 
  
          # Set user HRN
@@ -566,7 +568,7 @@ class Sfi:
          elif hasattr(config, "SFI_USER"):
             self.user = config.SFI_USER
          else:
          elif hasattr(config, "SFI_USER"):
             self.user = config.SFI_USER
          else:
-           self.logger.errors("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file)
+           self.logger.error("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file)
             errors += 1 
  
          # Set authority HRN
             errors += 1 
  
          # Set authority HRN
@@ -608,7 +610,8 @@ class Sfi:
      
      # init self-signed cert, user credentials and gid
      def bootstrap (self):
      
      # init self-signed cert, user credentials and gid
      def bootstrap (self):
-        client_bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir)
+        client_bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir,
+                                               logger=self.logger)
          # if -k is provided, use this to initialize private key
          if self.options.user_private_key:
              client_bootstrap.init_private_key_if_missing (self.options.user_private_key)
          # if -k is provided, use this to initialize private key
          if self.options.user_private_key:
              client_bootstrap.init_private_key_if_missing (self.options.user_private_key)
@@ -618,7 +621,7 @@ class Sfi:
              if not os.path.isfile(client_bootstrap.private_key_filename()):
                  self.logger.info ("private key not found, trying legacy name")
                  try:
              if not os.path.isfile(client_bootstrap.private_key_filename()):
                  self.logger.info ("private key not found, trying legacy name")
                  try:
-                    legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%get_leaf(self.user))
+                    legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%Xrn.unescape(get_leaf(self.user)))
                      self.logger.debug("legacy_private_key=%s"%legacy_private_key)
                      client_bootstrap.init_private_key_if_missing (legacy_private_key)
                      self.logger.info("Copied private key from legacy location %s"%legacy_private_key)
                      self.logger.debug("legacy_private_key=%s"%legacy_private_key)
                      client_bootstrap.init_private_key_if_missing (legacy_private_key)
                      self.logger.info("Copied private key from legacy location %s"%legacy_private_key)
@@ -631,6 +634,9 @@ class Sfi:
          # extract what's needed
          self.private_key = client_bootstrap.private_key()
          self.my_credential_string = client_bootstrap.my_credential_string ()
          # extract what's needed
          self.private_key = client_bootstrap.private_key()
          self.my_credential_string = client_bootstrap.my_credential_string ()
+        self.my_credential = {'geni_type': 'geni_sfa',
+                              'geni_version': '3.0', 
+                              'geni_value': self.my_credential_string}
          self.my_gid = client_bootstrap.my_gid ()
          self.client_bootstrap = client_bootstrap
  
          self.my_gid = client_bootstrap.my_gid ()
          self.client_bootstrap = client_bootstrap
  
@@ -641,9 +647,17 @@ class Sfi:
              sys.exit(-1)
          return self.client_bootstrap.authority_credential_string (self.authority)
  
              sys.exit(-1)
          return self.client_bootstrap.authority_credential_string (self.authority)
  
+    def authority_credential_string(self, auth_hrn):
+        return self.client_bootstrap.authority_credential_string (auth_hrn)
+
      def slice_credential_string(self, name):
          return self.client_bootstrap.slice_credential_string (name)
  
      def slice_credential_string(self, name):
          return self.client_bootstrap.slice_credential_string (name)
  
+    def slice_credential(self, name):
+        return {'geni_type': 'geni_sfa',
+                'geni_version': '3.0',
+                'geni_value': self.slice_credential_string(name)}    
+
      # xxx should be supported by sfaclientbootstrap as well
      def delegate_cred(self, object_cred, hrn, type='authority'):
          # the gid and hrn of the object we are delegating
      # xxx should be supported by sfaclientbootstrap as well
      def delegate_cred(self, object_cred, hrn, type='authority'):
          # the gid and hrn of the object we are delegating
@@ -837,10 +851,9 @@ or version information about sfi itself
              raise Exception, "Not enough parameters for the 'list' command"
  
          # filter on person, slice, site, node, etc.
              raise Exception, "Not enough parameters for the 'list' command"
  
          # filter on person, slice, site, node, etc.
-        # THis really should be in the self.filter_records funct def comment...
+        # This really should be in the self.filter_records funct def comment...
          list = filter_records(options.type, list)
          list = filter_records(options.type, list)
-        for record in list:
-            print "%s (%s)" % (record['hrn'], record['type'])
+        terminal_render (list, options)
          if options.file:
              save_records_to_file(options.file, list, options.fileformat)
          return
          if options.file:
              save_records_to_file(options.file, list, options.fileformat)
          return
@@ -853,7 +866,8 @@ or version information about sfi itself
              self.print_help()
              sys.exit(1)
          hrn = args[0]
              self.print_help()
              sys.exit(1)
          hrn = args[0]
-        record_dicts = self.registry().Resolve(hrn, self.my_credential_string)
+        # explicitly require Resolve to run in details mode
+        record_dicts = self.registry().Resolve(hrn, self.my_credential_string, {'details':True})
          record_dicts = filter_records(options.type, record_dicts)
          if not record_dicts:
              self.logger.error("No record of type %s"% options.type)
          record_dicts = filter_records(options.type, record_dicts)
          if not record_dicts:
              self.logger.error("No record of type %s"% options.type)
@@ -876,15 +890,22 @@ or version information about sfi itself
          return
      
      def add(self, options, args):
          return
      
      def add(self, options, args):
-        "add record into registry from xml file (Register)"
+        "add record into registry by using the command options (Recommended) or from xml file (Register)"
          auth_cred = self.my_authority_credential_string()
          if options.show_credential:
              show_credentials(auth_cred)
          record_dict = {}
          auth_cred = self.my_authority_credential_string()
          if options.show_credential:
              show_credentials(auth_cred)
          record_dict = {}
-        if len(args) > 0:
-            record_filepath = args[0]
-            rec_file = self.get_record_file(record_filepath)
-            record_dict.update(load_record_from_file(rec_file).todict())
+        if len(args) > 1:
+            self.print_help()
+            sys.exit(1)
+        if len(args)==1:
+            try:
+                record_filepath = args[0]
+                rec_file = self.get_record_file(record_filepath)
+                record_dict.update(load_record_from_file(rec_file).todict())
+            except:
+                print "Cannot load record file %s"%record_filepath
+                sys.exit(1)
          if options:
              record_dict.update(load_record_from_opts(options).todict())
          # we should have a type by now
          if options:
              record_dict.update(load_record_from_opts(options).todict())
          # we should have a type by now
@@ -901,7 +922,7 @@ or version information about sfi itself
          return self.registry().Register(record_dict, auth_cred)
      
      def update(self, options, args):
          return self.registry().Register(record_dict, auth_cred)
      
      def update(self, options, args):
-        "update record into registry from xml file (Update)"
+        "update record into registry by using the command options (Recommended) or from xml file (Update)"
          record_dict = {}
          if len(args) > 0:
              record_filepath = args[0]
          record_dict = {}
          if len(args) > 0:
              record_filepath = args[0]
@@ -964,12 +985,9 @@ or version information about sfi itself
          server = self.sliceapi()
          # creds
          creds = [self.my_credential_string]
          server = self.sliceapi()
          # creds
          creds = [self.my_credential_string]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(self.my_credential_string, get_authority(self.authority))
-            creds.append(delegated_cred)  
          # options and call_id when supported
          api_options = {}
          # options and call_id when supported
          api_options = {}
-       api_options['call_id']=unique_call_id()
+        api_options['call_id']=unique_call_id()
          if options.show_credential:
              show_credentials(creds)
          result = server.ListSlices(creds, *self.ois(server,api_options))
          if options.show_credential:
              show_credentials(creds)
          result = server.ListSlices(creds, *self.ois(server,api_options))
@@ -983,17 +1001,12 @@ or version information about sfi itself
      # show rspec for named slice
      def resources(self, options, args):
          """
      # show rspec for named slice
      def resources(self, options, args):
          """
-        with no arg, discover available resources, (ListResources)
-or with an slice hrn, shows currently provisioned resources
+        discover available resources (ListResources)
          """
          server = self.sliceapi()
  
          # set creds
          """
          server = self.sliceapi()
  
          # set creds
-        creds = []
-        if args:
-            creds.append(self.slice_credential_string(args[0]))
-        else:
-            creds.append(self.my_credential_string)
+        creds = [self.my_credential]
          if options.delegate:
              creds.append(self.delegate_cred(cred, get_authority(self.authority)))
          if options.show_credential:
          if options.delegate:
              creds.append(self.delegate_cred(cred, get_authority(self.authority)))
          if options.show_credential:
@@ -1006,9 +1019,6 @@ or with an slice hrn, shows currently provisioned resources
          api_options ['call_id'] = unique_call_id()
          # ask for cached value if available
          api_options ['cached'] = True
          api_options ['call_id'] = unique_call_id()
          # ask for cached value if available
          api_options ['cached'] = True
-        if args:
-            hrn = args[0]
-            api_options['geni_slice_urn'] = hrn_to_urn(hrn, 'slice')
          if options.info:
              api_options['info'] = options.info
          if options.list_leases:
          if options.info:
              api_options['info'] = options.info
          if options.list_leases:
@@ -1039,82 +1049,48 @@ or with an slice hrn, shows currently provisioned resources
  
          return
  
  
          return
  
-    def create(self, options, args):
+    def describe(self, options, args):
          """
          """
-        create or update named slice with given rspec
+        shows currently allocated/provisioned resources of the named slice or set of slivers (Describe) 
          """
          server = self.sliceapi()
  
          """
          server = self.sliceapi()
  
-        # xxx do we need to check usage (len(args)) ?
-        # slice urn
-        slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice')
-
-        # credentials
-        creds = [self.slice_credential_string(slice_hrn)]
-
-        delegated_cred = None
-        server_version = self.get_cached_server_version(server)
-        if server_version.get('interface') == 'slicemgr':
-            # delegate our cred to the slice manager
-            # do not delegate cred to slicemgr...not working at the moment
-            pass
-            #if server_version.get('hrn'):
-            #    delegated_cred = self.delegate_cred(slice_cred, server_version['hrn'])
-            #elif server_version.get('urn'):
-            #    delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn']))
-
+        # set creds
+        creds = [self.slice_credential(args[0])]
+        if options.delegate:
+            creds.append(self.delegate_cred(cred, get_authority(self.authority)))
          if options.show_credential:
              show_credentials(creds)
  
          if options.show_credential:
              show_credentials(creds)
  
-        # rspec
-        rspec_file = self.get_rspec_file(args[1])
-        rspec = open(rspec_file).read()
-
-        # users
-        # need to pass along user keys to the aggregate.
-        # users = [
-        #  { urn: urn:publicid:IDN+emulab.net+user+alice
-        #    keys: [<ssh key A>, <ssh key B>]
-        #  }]
-        users = []
-        slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string])
-        if slice_records and 'researcher' in slice_records[0] and slice_records[0]['researcher']!=[]:
-            slice_record = slice_records[0]
-            user_hrns = slice_record['researcher']
-            user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
-            user_records = self.registry().Resolve(user_urns, [self.my_credential_string])
-
-            if 'sfa' not in server_version:
-                users = pg_users_arg(user_records)
-                rspec = RSpec(rspec)
-                rspec.filter({'component_manager_id': server_version['urn']})
-                rspec = RSpecConverter.to_pg_rspec(rspec.toxml(), content_type='request')
+        api_options = {'call_id': unique_call_id(),
+                       'cached': True,
+                       'info': options.info,
+                       'list_leases': options.list_leases,
+                       'geni_rspec_version': {'type': 'geni', 'version': '3.0'},
+                      }
+        if options.rspec_version:
+            version_manager = VersionManager()
+            server_version = self.get_cached_server_version(server)
+            if 'sfa' in server_version:
+                # just request the version the client wants
+                api_options['geni_rspec_version'] = version_manager.get_version(options.rspec_version).to_dict()
              else:
              else:
-                users = sfa_users_arg(user_records, slice_record)
-
-        # do not append users, keys, or slice tags. Anything
-        # not contained in this request will be removed from the slice
-
-        # CreateSliver has supported the options argument for a while now so it should
-        # be safe to assume this server support it
-        api_options = {}
-        api_options ['append'] = False
-        api_options ['call_id'] = unique_call_id()
-        result = server.CreateSliver(slice_urn, creds, rspec, users, *self.ois(server, api_options))
+                api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'}
+        urn = Xrn(args[0], type='slice').get_urn()        
+        result = server.Describe([urn], creds, api_options)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          if options.file is not None:
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          if options.file is not None:
-            save_rspec_to_file (value, options.file)
+            save_rspec_to_file(value, options.file)
          if (self.options.raw is None) and (options.file is None):
          if (self.options.raw is None) and (options.file is None):
-            print value
+            display_rspec(value, options.format)
  
  
-        return value
+        return 
  
      def delete(self, options, args):
          """
  
      def delete(self, options, args):
          """
-        delete named slice (DeleteSliver)
+        de-allocate and de-provision all or named slivers of the slice (Delete)
          """
          server = self.sliceapi()
  
          """
          server = self.sliceapi()
  
@@ -1123,117 +1099,167 @@ or with an slice hrn, shows currently provisioned resources
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
  
          # creds
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
  
          # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
+        slice_cred = self.slice_credential(slice_hrn)
          creds = [slice_cred]
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          
          # options and call_id when supported
          api_options = {}
          api_options ['call_id'] = unique_call_id()
          if options.show_credential:
              show_credentials(creds)
          
          # options and call_id when supported
          api_options = {}
          api_options ['call_id'] = unique_call_id()
          if options.show_credential:
              show_credentials(creds)
-        result = server.DeleteSliver(slice_urn, creds, *self.ois(server, api_options ) )
+        result = server.Delete([slice_urn], creds, *self.ois(server, api_options ) )
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          else:
              print value
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          else:
              print value
-        return value 
-  
-    def status(self, options, args):
+        return value
+
+    def allocate(self, options, args):
          """
          """
-        retrieve slice status (SliverStatus)
+         allocate resources to the named slice (Allocate)
          """
          server = self.sliceapi()
          """
          server = self.sliceapi()
-
-        # slice urn
+        server_version = self.get_cached_server_version(server)
          slice_hrn = args[0]
          slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        slice_urn = Xrn(slice_hrn, type='slice').get_urn()
  
  
-        # creds 
-        slice_cred = self.slice_credential_string(slice_hrn)
-        creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
+        # credentials
+        creds = [self.slice_credential(slice_hrn)]
+
+        delegated_cred = None
+        if server_version.get('interface') == 'slicemgr':
+            # delegate our cred to the slice manager
+            # do not delegate cred to slicemgr...not working at the moment
+            pass
+            #if server_version.get('hrn'):
+            #    delegated_cred = self.delegate_cred(slice_cred, server_version['hrn'])
+            #elif server_version.get('urn'):
+            #    delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn']))
  
  
-        # options and call_id when supported
-        api_options = {}
-        api_options['call_id']=unique_call_id()
          if options.show_credential:
              show_credentials(creds)
          if options.show_credential:
              show_credentials(creds)
-        result = server.SliverStatus(slice_urn, creds, *self.ois(server,api_options))
+
+        # rspec
+        rspec_file = self.get_rspec_file(args[1])
+        rspec = open(rspec_file).read()
+        api_options = {}
+        api_options ['call_id'] = unique_call_id()
+        result = server.Allocate(slice_urn, creds, rspec, api_options)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
-        else:
+        if options.file is not None:
+            save_rspec_to_file (value, options.file)
+        if (self.options.raw is None) and (options.file is None):
              print value
  
              print value
  
-    def start(self, options, args):
+        return value
+        
+
+    def provision(self, options, args):
          """
          """
-        start named slice (Start)
+        provision already allocated resources of named slice (Provision)
          """
          server = self.sliceapi()
          """
          server = self.sliceapi()
-
-        # the slice urn
+        server_version = self.get_cached_server_version(server)
          slice_hrn = args[0]
          slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        slice_urn = Xrn(slice_hrn, type='slice').get_urn()
+
+        # credentials
+        creds = [self.slice_credential(slice_hrn)]
+        delegated_cred = None
+        if server_version.get('interface') == 'slicemgr':
+            # delegate our cred to the slice manager
+            # do not delegate cred to slicemgr...not working at the moment
+            pass
+            #if server_version.get('hrn'):
+            #    delegated_cred = self.delegate_cred(slice_cred, server_version['hrn'])
+            #elif server_version.get('urn'):
+            #    delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn']))
+
+        if options.show_credential:
+            show_credentials(creds)
+
+        api_options = {}
+        api_options ['call_id'] = unique_call_id()
+
+        # set the requtested rspec version
+        version_manager = VersionManager()
+        rspec_version = version_manager._get_version('geni', '3.0').to_dict()
+        api_options['geni_rspec_version'] = rspec_version
+
+        # users
+        # need to pass along user keys to the aggregate.
+        # users = [
+        #  { urn: urn:publicid:IDN+emulab.net+user+alice
+        #    keys: [<ssh key A>, <ssh key B>]
+        #  }]
+        users = []
+        slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string])
+        if slice_records and 'researcher' in slice_records[0] and slice_records[0]['researcher']!=[]:
+            slice_record = slice_records[0]
+            user_hrns = slice_record['researcher']
+            user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
+            user_records = self.registry().Resolve(user_urns, [self.my_credential_string])
+            users = pg_users_arg(user_records)
          
          
-        # cred
-        slice_cred = self.slice_credential_string(args[0])
-        creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        # xxx Thierry - does this not need an api_options as well ?
-        result = server.Start(slice_urn, creds)
+        api_options['geni_users'] = users
+        result = server.Provision([slice_urn], creds, api_options)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
-        else:
+        if options.file is not None:
+            save_rspec_to_file (value, options.file)
+        if (self.options.raw is None) and (options.file is None):
              print value
              print value
-        return value
-    
-    def stop(self, options, args):
+        return value     
+
+    def status(self, options, args):
          """
          """
-        stop named slice (Stop)
+        retrieve the status of the slivers belonging to tne named slice (Status)
          """
          server = self.sliceapi()
          """
          server = self.sliceapi()
+
          # slice urn
          slice_hrn = args[0]
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          # slice urn
          slice_hrn = args[0]
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
-        # cred
-        slice_cred = self.slice_credential_string(args[0])
+
+        # creds 
+        slice_cred = self.slice_credential(slice_hrn)
          creds = [slice_cred]
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        result =  server.Stop(slice_urn, creds)
+
+        # options and call_id when supported
+        api_options = {}
+        api_options['call_id']=unique_call_id()
+        if options.show_credential:
+            show_credentials(creds)
+        result = server.Status([slice_urn], creds, *self.ois(server,api_options))
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          else:
              print value
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          else:
              print value
-        return value
-    
+
      # reset named slice
      # reset named slice
-    def reset(self, options, args):
+    def action(self, options, args):
          """
          """
-        reset named slice (reset_slice)
+        Perform the named operational action on the named slivers
          """
          server = self.sliceapi()
          """
          server = self.sliceapi()
+        api_options = {}
          # slice urn
          slice_hrn = args[0]
          # slice urn
          slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        action = args[1]
+        slice_urn = Xrn(slice_hrn, type='slice').get_urn() 
          # cred
          # cred
-        slice_cred = self.slice_credential_string(args[0])
+        slice_cred = self.slice_credential(args[0])
          creds = [slice_cred]
          if options.delegate:
              delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
              creds.append(delegated_cred)
          creds = [slice_cred]
          if options.delegate:
              delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
              creds.append(delegated_cred)
-        result = server.reset_slice(creds, slice_urn)
+        
+        result = server.PerformOperationalAction([slice_urn], creds, action , api_options)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
@@ -1254,17 +1280,14 @@ or with an slice hrn, shows currently provisioned resources
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          # time: don't try to be smart on the time format, server-side will
          # creds
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          # time: don't try to be smart on the time format, server-side will
          # creds
-        slice_cred = self.slice_credential_string(args[0])
+        slice_cred = self.slice_credential(args[0])
          creds = [slice_cred]
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          # options and call_id when supported
          api_options = {}
          # options and call_id when supported
          api_options = {}
-       api_options['call_id']=unique_call_id()
+        api_options['call_id']=unique_call_id()
          if options.show_credential:
              show_credentials(creds)
          if options.show_credential:
              show_credentials(creds)
-        result =  server.RenewSliver(slice_urn, creds, input_time, *self.ois(server,api_options))
+        result =  server.Renew([slice_urn], creds, input_time, *self.ois(server,api_options))
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
          value = ReturnValue.get_value(result)
          if self.options.raw:
              save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
@@ -1282,11 +1305,8 @@ or with an slice hrn, shows currently provisioned resources
          slice_hrn = args[0]
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          # creds
          slice_hrn = args[0]
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
+        slice_cred = self.slice_credential(slice_hrn)
          creds = [slice_cred]
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          result = server.Shutdown(slice_urn, creds)
          value = ReturnValue.get_value(result)
          if self.options.raw:
          result = server.Shutdown(slice_urn, creds)
          value = ReturnValue.get_value(result)
          if self.options.raw:
@@ -1296,76 +1316,7 @@ or with an slice hrn, shows currently provisioned resources
          return value         
      
  
          return value         
      
  
-    def get_ticket(self, options, args):
-        """
-        get a ticket for the specified slice
-        """
-        server = self.sliceapi()
-        # slice urn
-        slice_hrn, rspec_path = args[0], args[1]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice')
-        # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
-        creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        # rspec
-        rspec_file = self.get_rspec_file(rspec_path) 
-        rspec = open(rspec_file).read()
-        # options and call_id when supported
-        api_options = {}
-       api_options['call_id']=unique_call_id()
-        # get ticket at the server
-        ticket_string = server.GetTicket(slice_urn, creds, rspec, *self.ois(server,api_options))
-        # save
-        file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
-        self.logger.info("writing ticket to %s"%file)
-        ticket = SfaTicket(string=ticket_string)
-        ticket.save_to_file(filename=file, save_parents=True)
-
-    def redeem_ticket(self, options, args):
-        """
-        Connects to nodes in a slice and redeems a ticket
-(slice hrn is retrieved from the ticket)
-        """
-        ticket_file = args[0]
-        
-        # get slice hrn from the ticket
-        # use this to get the right slice credential 
-        ticket = SfaTicket(filename=ticket_file)
-        ticket.decode()
-        ticket_string = ticket.save_to_string(save_parents=True)
-
-        slice_hrn = ticket.gidObject.get_hrn()
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
-        #slice_hrn = ticket.attributes['slivers'][0]['hrn']
-        slice_cred = self.slice_credential_string(slice_hrn)
-        
-        # get a list of node hostnames from the RSpec 
-        tree = etree.parse(StringIO(ticket.rspec))
-        root = tree.getroot()
-        hostnames = root.xpath("./network/site/node/hostname/text()")
-        
-        # create an xmlrpc connection to the component manager at each of these
-        # components and gall redeem_ticket
-        connections = {}
-        for hostname in hostnames:
-            try:
-                self.logger.info("Calling redeem_ticket at %(hostname)s " % locals())
-                cm_url="http://%s:%s/"%(hostname,CM_PORT)
-                server = SfaServerProxy(cm_url, self.private_key, self.my_gid)
-                server = self.server_proxy(hostname, CM_PORT, self.private_key, 
-                                           timeout=self.options.timeout, verbose=self.options.debug)
-                server.RedeemTicket(ticket_string, slice_cred)
-                self.logger.info("Success")
-            except socket.gaierror:
-                self.logger.error("redeem_ticket failed on %s: Component Manager not accepting requests"%hostname)
-            except Exception, e:
-                self.logger.log_exc(e.message)
-        return
-
-    def create_gid(self, options, args):
+    def gid(self, options, args):
          """
          Create a GID (CreateGid)
          """
          """
          Create a GID (CreateGid)
          """
@@ -1373,7 +1324,8 @@ or with an slice hrn, shows currently provisioned resources
              self.print_help()
              sys.exit(1)
          target_hrn = args[0]
              self.print_help()
              sys.exit(1)
          target_hrn = args[0]
-        gid = self.registry().CreateGid(self.my_credential_string, target_hrn, self.client_bootstrap.my_gid_string())
+        my_gid_string = open(self.client_bootstrap.my_gid()).read() 
+        gid = self.registry().CreateGid(self.my_credential_string, target_hrn, my_gid_string)
          if options.file:
              filename = options.file
          else:
          if options.file:
              filename = options.file
          else:
@@ -1382,33 +1334,53 @@ or with an slice hrn, shows currently provisioned resources
          GID(string=gid).save_to_file(filename)
           
  
          GID(string=gid).save_to_file(filename)
           
  
-    def delegate(self, options, args):
+    def delegate (self, options, args):
          """
          (locally) create delegate credential for use by given hrn
          """
          """
          (locally) create delegate credential for use by given hrn
          """
-        delegee_hrn = args[0]
-        if options.delegate_user:
-            cred = self.delegate_cred(self.my_credential_string, delegee_hrn, 'user')
-        elif options.delegate_slice:
-            slice_cred = self.slice_credential_string(options.delegate_slice)
-            cred = self.delegate_cred(slice_cred, delegee_hrn, 'slice')
-        else:
-            self.logger.warning("Must specify either --user or --slice <hrn>")
-            return
-        delegated_cred = Credential(string=cred)
-        object_hrn = delegated_cred.get_gid_object().get_hrn()
+        if len(args) != 1:
+            self.print_help()
+            sys.exit(1)
+        to_hrn = args[0]
+        # support for several delegations in the same call
+        # so first we gather the things to do
+        tuples=[]
+        for slice_hrn in options.delegate_slices:
+            message="%s.slice"%slice_hrn
+            original = self.slice_credential_string(slice_hrn)
+            tuples.append ( (message, original,) )
+        if options.delegate_pi:
+            my_authority=self.authority
+            message="%s.pi"%my_authority
+            original = self.my_authority_credential_string()
+            tuples.append ( (message, original,) )
+        for auth_hrn in options.delegate_auths:
+            message="%s.auth"%auth_hrn
+            original=self.authority_credential_string(auth_hrn)
+            tuples.append ( (message, original, ) )
+        # if nothing was specified at all at this point, let's assume -u
+        if not tuples: options.delegate_user=True
+        # this user cred
          if options.delegate_user:
          if options.delegate_user:
-            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
-                                  + get_leaf(object_hrn) + ".cred")
-        elif options.delegate_slice:
-            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
-                                  + get_leaf(object_hrn) + ".cred")
-
-        delegated_cred.save_to_file(dest_fn, save_parents=True)
-
-        self.logger.info("delegated credential for %s to %s and wrote to %s"%(object_hrn, delegee_hrn,dest_fn))
+            message="%s.user"%self.user
+            original = self.my_credential_string
+            tuples.append ( (message, original, ) )
+
+        # default type for beneficial is user unless -A
+        if options.delegate_to_authority:       to_type='authority'
+        else:                                   to_type='user'
+
+        # let's now handle all this
+        # it's all in the filenaming scheme
+        for (message,original) in tuples:
+            delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type)
+            delegated_credential = Credential (string=delegated_string)
+            filename = os.path.join ( self.options.sfi_dir,
+                                      "%s_for_%s.%s.cred"%(message,to_hrn,to_type))
+            delegated_credential.save_to_file(filename, save_parents=True)
+            self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename))
      
      
-    def get_trusted_certs(self, options, args):
+    def trusted(self, options, args):
          """
          return uhe trusted certs at this interface (get_trusted_certs)
          """ 
          """
          return uhe trusted certs at this interface (get_trusted_certs)
          """ 
@@ -1417,7 +1389,7 @@ or with an slice hrn, shows currently provisioned resources
              gid = GID(string=trusted_cert)
              gid.dump()
              cert = Certificate(string=trusted_cert)
              gid = GID(string=trusted_cert)
              gid.dump()
              cert = Certificate(string=trusted_cert)
-            self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject())
+            self.logger.debug('Sfi.trusted -> %r'%cert.get_subject())
          return 
  
      def config (self, options, args):
          return 
  
      def config (self, options, args):