- def delegate(self,opts, args):
- user_cred = self.get_user_cred()
- if opts.delegate_user:
- object_cred = user_cred
- elif opts.delegate_slice:
- object_cred = self.get_slice_cred(opts.delegate_slice)
- else:
- print "Must specify either --user or --slice <hrn>"
- return
-
- # the gid and hrn of the object we are delegating
- object_gid = object_cred.get_gid_object()
- object_hrn = object_gid.get_hrn()
-
- if not object_cred.get_delegate():
- print "Error: Object credential", object_hrn, "does not have delegate bit set"
- return
-
- records = self.registry.resolve(user_cred, args[0])
- records = filter_records("user", records)
-
- if not records:
- print "Error: Didn't find a user record for", args[0]
- return
-
- # the gid of the user who will be delegated too
- delegee_gid = records[0].get_gid_object()
- delegee_hrn = delegee_gid.get_hrn()
-
- # the key and hrn of the user who will be delegating
- user_key = Keypair(filename = self.get_key_file())
- user_hrn = user_cred.get_gid_caller().get_hrn()
-
- dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
- dcred.set_gid_caller(delegee_gid)
- dcred.set_gid_object(object_gid)
- dcred.set_privileges(object_cred.get_privileges())
- dcred.set_delegate(True)
- dcred.set_pubkey(object_gid.get_pubkey())
- dcred.set_issuer(user_key, user_hrn)
- dcred.set_parent(object_cred)
- dcred.encode()
- dcred.sign()
-
- if opts.delegate_user:
- dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
- + get_leaf(object_hrn) + ".cred")
- elif opts.delegate_slice:
- dest_fn = os.path_join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
- + get_leaf(object_hrn) + ".cred")
-
- dcred.save_to_file(dest_fn, save_parents = True)
-
- print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
-
- # removed named registry record
- # - have to first retrieve the record to be removed
- def remove(self,opts, args):
- auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
- hrn = args[0]
- type = opts.type
- if type in ['all']:
- type = '*'
- request_hash=None
- if self.hashrequest:
- arg_list = [auth_cred, type, hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.registry.remove(auth_cred, type, hrn, request_hash)
-
- # add named registry record
- def add(self,opts, args):