first step to merge senslab upstream:

[sfa.git] / sfa / client / sfi.py
diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py

index 80e8fc3..8f9682f 100644 (file)
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -13,10 +13,12 @@ import datetime
  import codecs
  import pickle
  import json
  import codecs
  import pickle
  import json
+import shutil
  from lxml import etree
  from StringIO import StringIO
  from optparse import OptionParser
  from pprint import PrettyPrinter
  from lxml import etree
  from StringIO import StringIO
  from optparse import OptionParser
  from pprint import PrettyPrinter
+from tempfile import mkstemp
  
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.gid import GID
  
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.gid import GID
@@ -195,6 +197,54 @@ def save_record_to_file(filename, record_dict):
      f.close()
      return
  
      f.close()
      return
  
+# used in sfi list
+def terminal_render (records,options):
+    # sort records by type
+    grouped_by_type={}
+    for record in records:
+        type=record['type']
+        if type not in grouped_by_type: grouped_by_type[type]=[]
+        grouped_by_type[type].append(record)
+    group_types=grouped_by_type.keys()
+    group_types.sort()
+    for type in group_types:
+        group=grouped_by_type[type]
+#        print 20 * '-', type
+        try:    renderer=eval('terminal_render_'+type)
+        except: renderer=terminal_render_default
+        for record in group: renderer(record,options)
+
+def render_plural (how_many, name,names=None):
+    if not names: names="%ss"%name
+    if how_many<=0: return "No %s"%name
+    elif how_many==1: return "1 %s"%name
+    else: return "%d %s"%(how_many,names)
+
+def terminal_render_default (record,options):
+    print "%s (%s)" % (record['hrn'], record['type'])
+def terminal_render_user (record, options):
+    print "%s (User)"%record['hrn'],
+    if record.get('reg-pi-authorities',None): print " [PI at %s]"%(" and ".join(record['reg-pi-authorities'])),
+    if record.get('reg-slices',None): print " [IN slices %s]"%(" and ".join(record['reg-slices'])),
+    user_keys=record.get('reg-keys',[])
+    if not options.verbose:
+        print " [has %s]"%(render_plural(len(user_keys),"key"))
+    else:
+        print ""
+        for key in user_keys: print 8*' ',key.strip("\n")
+        
+def terminal_render_slice (record, options):
+    print "%s (Slice)"%record['hrn'],
+    if record.get('reg-researchers',None): print " [USERS %s]"%(" and ".join(record['reg-researchers'])),
+#    print record.keys()
+    print ""
+def terminal_render_authority (record, options):
+    print "%s (Authority)"%record['hrn'],
+    if record.get('reg-pis',None): print " [PIS %s]"%(" and ".join(record['reg-pis'])),
+    print ""
+def terminal_render_node (record, options):
+    print "%s (Node)"%record['hrn']
+
  # minimally check a key argument
  def check_ssh_key (key):
      good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$'
  # minimally check a key argument
  def check_ssh_key (key):
      good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$'
@@ -278,8 +328,8 @@ class Sfi:
          ("version", ""),  
          ("list", "authority"),
          ("show", "name"),
          ("version", ""),  
          ("list", "authority"),
          ("show", "name"),
-        ("add", "record"),
-        ("update", "record"),
+        ("add", "[record]"),
+        ("update", "[record]"),
          ("remove", "name"),
          ("slices", ""),
          ("resources", "[slice_hrn]"),
          ("remove", "name"),
          ("slices", ""),
          ("resources", "[slice_hrn]"),
@@ -293,7 +343,7 @@ class Sfi:
          ("shutdown", "slice_hrn"),
          ("get_ticket", "slice_hrn rspec"),
          ("redeem_ticket", "ticket"),
          ("shutdown", "slice_hrn"),
          ("get_ticket", "slice_hrn rspec"),
          ("redeem_ticket", "ticket"),
-        ("delegate", "name"),
+        ("delegate", "to_hrn"),
          ("gid", "[name]"),
          ("trusted", "cred"),
          ("config", ""),
          ("gid", "[name]"),
          ("trusted", "cred"),
          ("config", ""),
@@ -358,14 +408,6 @@ class Sfi:
                                 action="callback", callback=optparse_dictvalue_callback, nargs=1,
                                 help="set extra/testbed-dependent flags, e.g. --extra enabled=true")
  
                                 action="callback", callback=optparse_dictvalue_callback, nargs=1,
                                 help="set extra/testbed-dependent flags, e.g. --extra enabled=true")
  
-        # user specifies remote aggregate/sm/component                          
-        if command in ("resources", "slices", "create", "delete", "start", "stop", 
-                       "restart", "shutdown",  "get_ticket", "renew", "status"):
-            parser.add_option("-d", "--delegate", dest="delegate", default=None, 
-                             action="store_true",
-                             help="Include a credential delegated to the user's root"+\
-                                  "authority in set of credentials for this call")
-
          # show_credential option
          if command in ("list","resources","create","add","update","remove","slices","delete","status","renew"):
              parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False,
          # show_credential option
          if command in ("list","resources","create","add","update","remove","slices","delete","status","renew"):
              parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False,
@@ -416,12 +458,22 @@ class Sfi:
          if command == 'list':
             parser.add_option("-r", "--recursive", dest="recursive", action='store_true',
                               help="list all child records", default=False)
          if command == 'list':
             parser.add_option("-r", "--recursive", dest="recursive", action='store_true',
                               help="list all child records", default=False)
+           parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+                             help="gives details, like user keys", default=False)
          if command in ("delegate"):
             parser.add_option("-u", "--user",
          if command in ("delegate"):
             parser.add_option("-u", "--user",
-                            action="store_true", dest="delegate_user", default=False,
-                            help="delegate user credential")
-           parser.add_option("-s", "--slice", dest="delegate_slice",
-                            help="delegate slice credential", metavar="HRN", default=None)
+                             action="store_true", dest="delegate_user", default=False,
+                             help="delegate your own credentials; default if no other option is provided")
+           parser.add_option("-s", "--slice", dest="delegate_slices",action='append',default=[],
+                             metavar="slice_hrn", help="delegate cred. for slice HRN")
+           parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[],
+                             metavar='auth_hrn', help="delegate cred for auth HRN")
+           # this primarily is a shorthand for -a my_hrn^
+           parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true',
+                             help="delegate your PI credentials, so s.t. like -a your_hrn^")
+           parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False,
+                             help="""by default the mandatory argument is expected to be a user, 
+use this if you mean an authority instead""")
          
          if command in ("version"):
              parser.add_option("-R","--registry-version",
          
          if command in ("version"):
              parser.add_option("-R","--registry-version",
@@ -486,7 +538,11 @@ class Sfi:
      # Main: parse arguments and dispatch to command
      #
      def dispatch(self, command, command_options, command_args):
      # Main: parse arguments and dispatch to command
      #
      def dispatch(self, command, command_options, command_args):
-        return getattr(self, command)(command_options, command_args)
+        method=getattr(self, command,None)
+        if not method:
+            print "Unknown command %s"%command
+            return
+        return method(command_options, command_args)
  
      def main(self):
          self.sfi_parser = self.create_parser()
  
      def main(self):
          self.sfi_parser = self.create_parser()
@@ -521,8 +577,8 @@ class Sfi:
  
          try:
              self.dispatch(command, command_options, command_args)
  
          try:
              self.dispatch(command, command_options, command_args)
-        except KeyError:
-            self.logger.critical ("Unknown command %s"%command)
+        except:
+            self.logger.log_exc ("sfi command %s failed"%command)
              sys.exit(1)
  
          return
              sys.exit(1)
  
          return
@@ -530,16 +586,32 @@ class Sfi:
      ####################
      def read_config(self):
          config_file = os.path.join(self.options.sfi_dir,"sfi_config")
      ####################
      def read_config(self):
          config_file = os.path.join(self.options.sfi_dir,"sfi_config")
+        shell_config_file  = os.path.join(self.options.sfi_dir,"sfi_config.sh")
          try:
          try:
-           config = Config (config_file)
+            if Config.is_ini(config_file):
+                config = Config (config_file)
+            else:
+                # try upgrading from shell config format
+                fp, fn = mkstemp(suffix='sfi_config', text=True)  
+                config = Config(fn)
+                # we need to preload the sections we want parsed 
+                # from the shell config
+                config.add_section('sfi')
+                config.add_section('sface')
+                config.load(config_file)
+                # back up old config
+                shutil.move(config_file, shell_config_file)
+                # write new config
+                config.save(config_file)
+                 
          except:
          except:
-           self.logger.critical("Failed to read configuration file %s"%config_file)
-           self.logger.info("Make sure to remove the export clauses and to add quotes")
-           if self.options.verbose==0:
-               self.logger.info("Re-run with -v for more details")
-           else:
-               self.logger.log_exc("Could not read config file %s"%config_file)
-           sys.exit(1)
+            self.logger.critical("Failed to read configuration file %s"%config_file)
+            self.logger.info("Make sure to remove the export clauses and to add quotes")
+            if self.options.verbose==0:
+                self.logger.info("Re-run with -v for more details")
+            else:
+                self.logger.log_exc("Could not read config file %s"%config_file)
+            sys.exit(1)
       
          errors = 0
          # Set SliceMgr URL
       
          errors = 0
          # Set SliceMgr URL
@@ -557,7 +629,7 @@ class Sfi:
          elif hasattr(config, "SFI_REGISTRY"):
             self.reg_url = config.SFI_REGISTRY
          else:
          elif hasattr(config, "SFI_REGISTRY"):
             self.reg_url = config.SFI_REGISTRY
          else:
-           self.logger.errors("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file)
+           self.logger.error("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file)
             errors += 1 
  
          # Set user HRN
             errors += 1 
  
          # Set user HRN
@@ -566,7 +638,7 @@ class Sfi:
          elif hasattr(config, "SFI_USER"):
             self.user = config.SFI_USER
          else:
          elif hasattr(config, "SFI_USER"):
             self.user = config.SFI_USER
          else:
-           self.logger.errors("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file)
+           self.logger.error("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file)
             errors += 1 
  
          # Set authority HRN
             errors += 1 
  
          # Set authority HRN
@@ -619,7 +691,7 @@ class Sfi:
              if not os.path.isfile(client_bootstrap.private_key_filename()):
                  self.logger.info ("private key not found, trying legacy name")
                  try:
              if not os.path.isfile(client_bootstrap.private_key_filename()):
                  self.logger.info ("private key not found, trying legacy name")
                  try:
-                    legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%get_leaf(self.user))
+                    legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%Xrn.unescape(get_leaf(self.user)))
                      self.logger.debug("legacy_private_key=%s"%legacy_private_key)
                      client_bootstrap.init_private_key_if_missing (legacy_private_key)
                      self.logger.info("Copied private key from legacy location %s"%legacy_private_key)
                      self.logger.debug("legacy_private_key=%s"%legacy_private_key)
                      client_bootstrap.init_private_key_if_missing (legacy_private_key)
                      self.logger.info("Copied private key from legacy location %s"%legacy_private_key)
@@ -642,30 +714,12 @@ class Sfi:
              sys.exit(-1)
          return self.client_bootstrap.authority_credential_string (self.authority)
  
              sys.exit(-1)
          return self.client_bootstrap.authority_credential_string (self.authority)
  
+    def authority_credential_string(self, auth_hrn):
+        return self.client_bootstrap.authority_credential_string (auth_hrn)
+
      def slice_credential_string(self, name):
          return self.client_bootstrap.slice_credential_string (name)
  
      def slice_credential_string(self, name):
          return self.client_bootstrap.slice_credential_string (name)
  
-    # xxx should be supported by sfaclientbootstrap as well
-    def delegate_cred(self, object_cred, hrn, type='authority'):
-        # the gid and hrn of the object we are delegating
-        if isinstance(object_cred, str):
-            object_cred = Credential(string=object_cred) 
-        object_gid = object_cred.get_gid_object()
-        object_hrn = object_gid.get_hrn()
-    
-        if not object_cred.get_privileges().get_all_delegate():
-            self.logger.error("Object credential %s does not have delegate bit set"%object_hrn)
-            return
-
-        # the delegating user's gid
-        caller_gidfile = self.my_gid()
-  
-        # the gid of the user who will be delegated to
-        delegee_gid = self.client_bootstrap.gid(hrn,type)
-        delegee_hrn = delegee_gid.get_hrn()
-        dcred = object_cred.delegate(delegee_gid, self.private_key, caller_gidfile)
-        return dcred.save_to_string(save_parents=True)
-     
      #
      # Management of the servers
      # 
      #
      # Management of the servers
      # 
@@ -838,10 +892,9 @@ or version information about sfi itself
              raise Exception, "Not enough parameters for the 'list' command"
  
          # filter on person, slice, site, node, etc.
              raise Exception, "Not enough parameters for the 'list' command"
  
          # filter on person, slice, site, node, etc.
-        # THis really should be in the self.filter_records funct def comment...
+        # This really should be in the self.filter_records funct def comment...
          list = filter_records(options.type, list)
          list = filter_records(options.type, list)
-        for record in list:
-            print "%s (%s)" % (record['hrn'], record['type'])
+        terminal_render (list, options)
          if options.file:
              save_records_to_file(options.file, list, options.fileformat)
          return
          if options.file:
              save_records_to_file(options.file, list, options.fileformat)
          return
@@ -854,7 +907,8 @@ or version information about sfi itself
              self.print_help()
              sys.exit(1)
          hrn = args[0]
              self.print_help()
              sys.exit(1)
          hrn = args[0]
-        record_dicts = self.registry().Resolve(hrn, self.my_credential_string)
+        # explicitly require Resolve to run in details mode
+        record_dicts = self.registry().Resolve(hrn, self.my_credential_string, {'details':True})
          record_dicts = filter_records(options.type, record_dicts)
          if not record_dicts:
              self.logger.error("No record of type %s"% options.type)
          record_dicts = filter_records(options.type, record_dicts)
          if not record_dicts:
              self.logger.error("No record of type %s"% options.type)
@@ -877,7 +931,7 @@ or version information about sfi itself
          return
      
      def add(self, options, args):
          return
      
      def add(self, options, args):
-        "add record into registry from xml file (Register)"
+        "add record into registry by using the command options (Recommended) or from xml file (Register)"
          auth_cred = self.my_authority_credential_string()
          if options.show_credential:
              show_credentials(auth_cred)
          auth_cred = self.my_authority_credential_string()
          if options.show_credential:
              show_credentials(auth_cred)
@@ -902,7 +956,7 @@ or version information about sfi itself
          return self.registry().Register(record_dict, auth_cred)
      
      def update(self, options, args):
          return self.registry().Register(record_dict, auth_cred)
      
      def update(self, options, args):
-        "update record into registry from xml file (Update)"
+        "update record into registry by using the command options (Recommended) or from xml file (Update)"
          record_dict = {}
          if len(args) > 0:
              record_filepath = args[0]
          record_dict = {}
          if len(args) > 0:
              record_filepath = args[0]
@@ -965,9 +1019,6 @@ or version information about sfi itself
          server = self.sliceapi()
          # creds
          creds = [self.my_credential_string]
          server = self.sliceapi()
          # creds
          creds = [self.my_credential_string]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(self.my_credential_string, get_authority(self.authority))
-            creds.append(delegated_cred)  
          # options and call_id when supported
          api_options = {}
         api_options['call_id']=unique_call_id()
          # options and call_id when supported
          api_options = {}
         api_options['call_id']=unique_call_id()
@@ -992,11 +1043,11 @@ or with an slice hrn, shows currently provisioned resources
          # set creds
          creds = []
          if args:
          # set creds
          creds = []
          if args:
-            creds.append(self.slice_credential_string(args[0]))
+            the_credential=self.slice_credential_string(args[0])
+            creds.append(the_credential)
          else:
          else:
-            creds.append(self.my_credential_string)
-        if options.delegate:
-            creds.append(self.delegate_cred(cred, get_authority(self.authority)))
+            the_credential=self.my_credential_string
+            creds.append(the_credential)
          if options.show_credential:
              show_credentials(creds)
  
          if options.show_credential:
              show_credentials(creds)
  
@@ -1079,10 +1130,14 @@ or with an slice hrn, shows currently provisioned resources
          #    keys: [<ssh key A>, <ssh key B>]
          #  }]
          users = []
          #    keys: [<ssh key A>, <ssh key B>]
          #  }]
          users = []
+        # xxx Thierry 2012 sept. 21
+        # contrary to what I was first thinking, calling Resolve with details=False does not yet work properly here
+        # I am turning details=True on again on a - hopefully - temporary basis, just to get this whole thing to work again
          slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string])
          slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string])
-        if slice_records and 'researcher' in slice_records[0] and slice_records[0]['researcher']!=[]:
+        # slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string], {'details':True})
+        if slice_records and 'reg-researchers' in slice_records[0] and slice_records[0]['reg-researchers']:
              slice_record = slice_records[0]
              slice_record = slice_records[0]
-            user_hrns = slice_record['researcher']
+            user_hrns = slice_record['reg-researchers']
              user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
              user_records = self.registry().Resolve(user_urns, [self.my_credential_string])
  
              user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
              user_records = self.registry().Resolve(user_urns, [self.my_credential_string])
  
@@ -1126,9 +1181,6 @@ or with an slice hrn, shows currently provisioned resources
          # creds
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
          # creds
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          
          # options and call_id when supported
          api_options = {}
          
          # options and call_id when supported
          api_options = {}
@@ -1156,9 +1208,6 @@ or with an slice hrn, shows currently provisioned resources
          # creds 
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
          # creds 
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
  
          # options and call_id when supported
          api_options = {}
  
          # options and call_id when supported
          api_options = {}
@@ -1185,9 +1234,6 @@ or with an slice hrn, shows currently provisioned resources
          # cred
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
          # cred
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          # xxx Thierry - does this not need an api_options as well ?
          result = server.Start(slice_urn, creds)
          value = ReturnValue.get_value(result)
          # xxx Thierry - does this not need an api_options as well ?
          result = server.Start(slice_urn, creds)
          value = ReturnValue.get_value(result)
@@ -1208,9 +1254,6 @@ or with an slice hrn, shows currently provisioned resources
          # cred
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
          # cred
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          result =  server.Stop(slice_urn, creds)
          value = ReturnValue.get_value(result)
          if self.options.raw:
          result =  server.Stop(slice_urn, creds)
          value = ReturnValue.get_value(result)
          if self.options.raw:
@@ -1231,9 +1274,6 @@ or with an slice hrn, shows currently provisioned resources
          # cred
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
          # cred
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          result = server.reset_slice(creds, slice_urn)
          value = ReturnValue.get_value(result)
          if self.options.raw:
          result = server.reset_slice(creds, slice_urn)
          value = ReturnValue.get_value(result)
          if self.options.raw:
@@ -1257,9 +1297,6 @@ or with an slice hrn, shows currently provisioned resources
          # creds
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
          # creds
          slice_cred = self.slice_credential_string(args[0])
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          # options and call_id when supported
          api_options = {}
         api_options['call_id']=unique_call_id()
          # options and call_id when supported
          api_options = {}
         api_options['call_id']=unique_call_id()
@@ -1285,9 +1322,6 @@ or with an slice hrn, shows currently provisioned resources
          # creds
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
          # creds
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          result = server.Shutdown(slice_urn, creds)
          value = ReturnValue.get_value(result)
          if self.options.raw:
          result = server.Shutdown(slice_urn, creds)
          value = ReturnValue.get_value(result)
          if self.options.raw:
@@ -1308,9 +1342,6 @@ or with an slice hrn, shows currently provisioned resources
          # creds
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
          # creds
          slice_cred = self.slice_credential_string(slice_hrn)
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
          # rspec
          rspec_file = self.get_rspec_file(rspec_path) 
          rspec = open(rspec_file).read()
          # rspec
          rspec_file = self.get_rspec_file(rspec_path) 
          rspec = open(rspec_file).read()
@@ -1374,7 +1405,8 @@ or with an slice hrn, shows currently provisioned resources
              self.print_help()
              sys.exit(1)
          target_hrn = args[0]
              self.print_help()
              sys.exit(1)
          target_hrn = args[0]
-        gid = self.registry().CreateGid(self.my_credential_string, target_hrn, self.client_bootstrap.my_gid_string())
+        my_gid_string = open(self.client_bootstrap.my_gid()).read() 
+        gid = self.registry().CreateGid(self.my_credential_string, target_hrn, my_gid_string)
          if options.file:
              filename = options.file
          else:
          if options.file:
              filename = options.file
          else:
@@ -1383,31 +1415,51 @@ or with an slice hrn, shows currently provisioned resources
          GID(string=gid).save_to_file(filename)
           
  
          GID(string=gid).save_to_file(filename)
           
  
-    def delegate(self, options, args):
+    def delegate (self, options, args):
          """
          (locally) create delegate credential for use by given hrn
          """
          """
          (locally) create delegate credential for use by given hrn
          """
-        delegee_hrn = args[0]
-        if options.delegate_user:
-            cred = self.delegate_cred(self.my_credential_string, delegee_hrn, 'user')
-        elif options.delegate_slice:
-            slice_cred = self.slice_credential_string(options.delegate_slice)
-            cred = self.delegate_cred(slice_cred, delegee_hrn, 'slice')
-        else:
-            self.logger.warning("Must specify either --user or --slice <hrn>")
-            return
-        delegated_cred = Credential(string=cred)
-        object_hrn = delegated_cred.get_gid_object().get_hrn()
+        if len(args) != 1:
+            self.print_help()
+            sys.exit(1)
+        to_hrn = args[0]
+        # support for several delegations in the same call
+        # so first we gather the things to do
+        tuples=[]
+        for slice_hrn in options.delegate_slices:
+            message="%s.slice"%slice_hrn
+            original = self.slice_credential_string(slice_hrn)
+            tuples.append ( (message, original,) )
+        if options.delegate_pi:
+            my_authority=self.authority
+            message="%s.pi"%my_authority
+            original = self.my_authority_credential_string()
+            tuples.append ( (message, original,) )
+        for auth_hrn in options.delegate_auths:
+            message="%s.auth"%auth_hrn
+            original=self.authority_credential_string(auth_hrn)
+            tuples.append ( (message, original, ) )
+        # if nothing was specified at all at this point, let's assume -u
+        if not tuples: options.delegate_user=True
+        # this user cred
          if options.delegate_user:
          if options.delegate_user:
-            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
-                                  + get_leaf(object_hrn) + ".cred")
-        elif options.delegate_slice:
-            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
-                                  + get_leaf(object_hrn) + ".cred")
-
-        delegated_cred.save_to_file(dest_fn, save_parents=True)
-
-        self.logger.info("delegated credential for %s to %s and wrote to %s"%(object_hrn, delegee_hrn,dest_fn))
+            message="%s.user"%self.user
+            original = self.my_credential_string
+            tuples.append ( (message, original, ) )
+
+        # default type for beneficial is user unless -A
+        if options.delegate_to_authority:       to_type='authority'
+        else:                                   to_type='user'
+
+        # let's now handle all this
+        # it's all in the filenaming scheme
+        for (message,original) in tuples:
+            delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type)
+            delegated_credential = Credential (string=delegated_string)
+            filename = os.path.join ( self.options.sfi_dir,
+                                      "%s_for_%s.%s.cred"%(message,to_hrn,to_type))
+            delegated_credential.save_to_file(filename, save_parents=True)
+            self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename))
      
      def trusted(self, options, args):
          """
      
      def trusted(self, options, args):
          """