sfi myslice : store delegated creds like sfi delegate does, and turn on INFO log...

[sfa.git] / sfa / client / sfi.py
diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py

index d91e7e2..213f755 100644 (file)
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -1,34 +1,38 @@
-# 
+#
  # sfi.py - basic SFA command-line client
  # sfi.py - basic SFA command-line client
-# the actual binary in sfa/clientbin essentially runs main()
-# this module is used in sfascan
-# 
+# this module is also used in sfascan
+#
  
  import sys
  sys.path.append('.')
  
  import os, os.path
  import socket
  
  import sys
  sys.path.append('.')
  
  import os, os.path
  import socket
+import re
  import datetime
  import codecs
  import pickle
  import datetime
  import codecs
  import pickle
+import json
+import shutil
  from lxml import etree
  from StringIO import StringIO
  from optparse import OptionParser
  from pprint import PrettyPrinter
  from lxml import etree
  from StringIO import StringIO
  from optparse import OptionParser
  from pprint import PrettyPrinter
+from tempfile import mkstemp
  
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.gid import GID
  from sfa.trust.credential import Credential
  from sfa.trust.sfaticket import SfaTicket
  
  
  from sfa.trust.certificate import Keypair, Certificate
  from sfa.trust.gid import GID
  from sfa.trust.credential import Credential
  from sfa.trust.sfaticket import SfaTicket
  
+from sfa.util.faults import SfaInvalidArgument
  from sfa.util.sfalogging import sfi_logger
  from sfa.util.sfalogging import sfi_logger
-from sfa.util.xrn import get_leaf, get_authority, hrn_to_urn
+from sfa.util.xrn import get_leaf, get_authority, hrn_to_urn, Xrn
  from sfa.util.config import Config
  from sfa.util.version import version_core
  from sfa.util.cache import Cache
  
  from sfa.util.config import Config
  from sfa.util.version import version_core
  from sfa.util.cache import Cache
  
-from sfa.storage.record import SfaRecord, UserRecord, SliceRecord, NodeRecord, AuthorityRecord
+from sfa.storage.record import Record
  
  from sfa.rspecs.rspec import RSpec
  from sfa.rspecs.rspec_converter import RSpecConverter
  
  from sfa.rspecs.rspec import RSpec
  from sfa.rspecs.rspec_converter import RSpecConverter
@@ -38,10 +42,14 @@ from sfa.client.sfaclientlib import SfaClientBootstrap
  from sfa.client.sfaserverproxy import SfaServerProxy, ServerException
  from sfa.client.client_helper import pg_users_arg, sfa_users_arg
  from sfa.client.return_value import ReturnValue
  from sfa.client.sfaserverproxy import SfaServerProxy, ServerException
  from sfa.client.client_helper import pg_users_arg, sfa_users_arg
  from sfa.client.return_value import ReturnValue
+from sfa.client.candidates import Candidates
+from sfa.client.manifolduploader import ManifoldUploader
  
  CM_PORT=12346
  
  
  CM_PORT=12346
  
-# utility methods here
+from sfa.client.common import optparse_listvalue_callback, optparse_dictvalue_callback, \
+    terminal_render, filter_records 
+
  # display methods
  def display_rspec(rspec, format='rspec'):
      if format in ['dns']:
  # display methods
  def display_rspec(rspec, format='rspec'):
      if format in ['dns']:
@@ -71,7 +79,7 @@ def display_records(recordList, dump=False):
  
  def display_record(record, dump=False):
      if dump:
  
  def display_record(record, dump=False):
      if dump:
-        record.dump()
+        record.dump(sort=True)
      else:
          info = record.getdict()
          print "%s (%s)" % (info['hrn'], info['type'])
      else:
          info = record.getdict()
          print "%s (%s)" % (info['hrn'], info['type'])
@@ -86,17 +94,45 @@ def filter_records(type, records):
      return filtered_records
  
  
      return filtered_records
  
  
+def credential_printable (cred):
+    credential=Credential(cred=cred)
+    result=""
+    result += credential.get_summary_tostring()
+    result += "\n"
+    rights = credential.get_privileges()
+    result += "type=%s\n" % credential.type    
+    result += "version=%s\n" % credential.version    
+    result += "rights=%s\n"%rights
+    return result
+
+def show_credentials (cred_s):
+    if not isinstance (cred_s,list): cred_s = [cred_s]
+    for cred in cred_s:
+        print "Using Credential %s"%credential_printable(cred)
+
  # save methods
  # save methods
-def save_variable_to_file(var, filename, format="text"):
-    f = open(filename, "w")
+def save_raw_to_file(var, filename, format="text", banner=None):
+    if filename == "-":
+        # if filename is "-", send it to stdout
+        f = sys.stdout
+    else:
+        f = open(filename, "w")
+    if banner:
+        f.write(banner+"\n")
      if format == "text":
          f.write(str(var))
      elif format == "pickled":
          f.write(pickle.dumps(var))
      if format == "text":
          f.write(str(var))
      elif format == "pickled":
          f.write(pickle.dumps(var))
+    elif format == "json":
+        if hasattr(json, "dumps"):
+            f.write(json.dumps(var))   # python 2.6
+        else:
+            f.write(json.write(var))   # python 2.5
      else:
          # this should never happen
          print "unknown output format", format
      else:
          # this should never happen
          print "unknown output format", format
-
+    if banner:
+        f.write('\n'+banner+"\n")
  
  def save_rspec_to_file(rspec, filename):
      if not filename.endswith(".rspec"):
  
  def save_rspec_to_file(rspec, filename):
      if not filename.endswith(".rspec"):
@@ -106,66 +142,123 @@ def save_rspec_to_file(rspec, filename):
      f.close()
      return
  
      f.close()
      return
  
-def save_records_to_file(filename, recordList, format="xml"):
+def save_records_to_file(filename, record_dicts, format="xml"):
      if format == "xml":
          index = 0
      if format == "xml":
          index = 0
-        for record in recordList:
+        for record_dict in record_dicts:
              if index > 0:
              if index > 0:
-                save_record_to_file(filename + "." + str(index), record)
+                save_record_to_file(filename + "." + str(index), record_dict)
              else:
              else:
-                save_record_to_file(filename, record)
+                save_record_to_file(filename, record_dict)
              index = index + 1
      elif format == "xmllist":
          f = open(filename, "w")
          f.write("<recordlist>\n")
              index = index + 1
      elif format == "xmllist":
          f = open(filename, "w")
          f.write("<recordlist>\n")
-        for record in recordList:
-            record = SfaRecord(dict=record)
-            f.write('<record hrn="' + record.get_name() + '" type="' + record.get_type() + '" />\n')
+        for record_dict in record_dicts:
+            record_obj=Record(dict=record_dict)
+            f.write('<record hrn="' + record_obj.hrn + '" type="' + record_obj.type + '" />\n')
          f.write("</recordlist>\n")
          f.close()
      elif format == "hrnlist":
          f = open(filename, "w")
          f.write("</recordlist>\n")
          f.close()
      elif format == "hrnlist":
          f = open(filename, "w")
-        for record in recordList:
-            record = SfaRecord(dict=record)
-            f.write(record.get_name() + "\n")
+        for record_dict in record_dicts:
+            record_obj=Record(dict=record_dict)
+            f.write(record_obj.hrn + "\n")
          f.close()
      else:
          # this should never happen
          print "unknown output format", format
  
          f.close()
      else:
          # this should never happen
          print "unknown output format", format
  
-def save_record_to_file(filename, record):
-    if record['type'] in ['user']:
-        record = UserRecord(dict=record)
-    elif record['type'] in ['slice']:
-        record = SliceRecord(dict=record)
-    elif record['type'] in ['node']:
-        record = NodeRecord(dict=record)
-    elif record['type'] in ['authority', 'ma', 'sa']:
-        record = AuthorityRecord(dict=record)
-    else:
-        record = SfaRecord(dict=record)
-    str = record.save_to_string()
+def save_record_to_file(filename, record_dict):
+    record = Record(dict=record_dict)
+    xml = record.save_as_xml()
      f=codecs.open(filename, encoding='utf-8',mode="w")
      f=codecs.open(filename, encoding='utf-8',mode="w")
-    f.write(str)
+    f.write(xml)
      f.close()
      return
  
      f.close()
      return
  
+# minimally check a key argument
+def check_ssh_key (key):
+    good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$'
+    return re.match(good_ssh_key, key, re.IGNORECASE)
  
  # load methods
  
  # load methods
+def load_record_from_opts(options):
+    record_dict = {}
+    if hasattr(options, 'xrn') and options.xrn:
+        if hasattr(options, 'type') and options.type:
+            xrn = Xrn(options.xrn, options.type)
+        else:
+            xrn = Xrn(options.xrn)
+        record_dict['urn'] = xrn.get_urn()
+        record_dict['hrn'] = xrn.get_hrn()
+        record_dict['type'] = xrn.get_type()
+    if hasattr(options, 'key') and options.key:
+        try:
+            pubkey = open(options.key, 'r').read()
+        except IOError:
+            pubkey = options.key
+        if not check_ssh_key (pubkey):
+            raise SfaInvalidArgument(name='key',msg="Could not find file, or wrong key format")
+        record_dict['keys'] = [pubkey]
+    if hasattr(options, 'slices') and options.slices:
+        record_dict['slices'] = options.slices
+    if hasattr(options, 'researchers') and options.researchers:
+        record_dict['researcher'] = options.researchers
+    if hasattr(options, 'email') and options.email:
+        record_dict['email'] = options.email
+    if hasattr(options, 'pis') and options.pis:
+        record_dict['pi'] = options.pis
+
+    # handle extra settings
+    record_dict.update(options.extras)
+    
+    return Record(dict=record_dict)
+
  def load_record_from_file(filename):
      f=codecs.open(filename, encoding="utf-8", mode="r")
  def load_record_from_file(filename):
      f=codecs.open(filename, encoding="utf-8", mode="r")
-    str = f.read()
+    xml_string = f.read()
      f.close()
      f.close()
-    record = SfaRecord(string=str)
-    return record
+    return Record(xml=xml_string)
  
  
  import uuid
  def unique_call_id(): return uuid.uuid4().urn
  
  
  
  import uuid
  def unique_call_id(): return uuid.uuid4().urn
  
+########## a simple model for maintaing 3 doc attributes per command (instead of just one)
+# essentially for the methods that implement a subcommand like sfi list
+# we need to keep track of
+# (*) doc         a few lines that tell what it does, still located in __doc__
+# (*) args_string a simple one-liner that describes mandatory arguments
+# (*) example     well, one or several releant examples
+# 
+# since __doc__ only accounts for one, we use this simple mechanism below
+# however we keep doc in place for easier migration
+
+from functools import wraps
+
+# we use a list as well as a dict so we can keep track of the order
+commands_list=[]
+commands_dict={}
+
+def register_command (args_string, example):
+    def wrap(m): 
+        name=getattr(m,'__name__')
+        doc=getattr(m,'__doc__',"-- missing doc --")
+        doc=doc.strip(" \t\n")
+        commands_list.append(name)
+        commands_dict[name]=(doc, args_string, example)
+        @wraps(m)
+        def new_method (*args, **kwds): return m(*args, **kwds)
+        return new_method
+    return wrap
+
+##########
+
  class Sfi:
      
  class Sfi:
      
-    required_options=['verbose',  'debug',  'registry',  'sm',  'auth',  'user']
+    # dirty hack to make this class usable from the outside
+    required_options=['verbose',  'debug',  'registry',  'sm',  'auth',  'user', 'user_private_key']
  
      @staticmethod
      def default_sfi_dir ():
  
      @staticmethod
      def default_sfi_dir ():
@@ -189,35 +282,15 @@ class Sfi:
          self.authority = None
          self.logger = sfi_logger
          self.logger.enable_console()
          self.authority = None
          self.logger = sfi_logger
          self.logger.enable_console()
-        self.available_names = [ tuple[0] for tuple in Sfi.available ]
-        self.available_dict = dict (Sfi.available)
-   
-    # tuples command-name expected-args in the order in which they should appear in the help
-    available = [ 
-        ("version", ""),  
-        ("list", "authority"),
-        ("show", "name"),
-        ("add", "record"),
-        ("update", "record"),
-        ("remove", "name"),
-        ("slices", ""),
-        ("resources", "[slice_hrn]"),
-        ("create", "slice_hrn rspec"),
-        ("delete", "slice_hrn"),
-        ("status", "slice_hrn"),
-        ("start", "slice_hrn"),
-        ("stop", "slice_hrn"),
-        ("reset", "slice_hrn"),
-        ("renew", "slice_hrn time"),
-        ("shutdown", "slice_hrn"),
-        ("get_ticket", "slice_hrn rspec"),
-        ("redeem_ticket", "ticket"),
-        ("delegate", "name"),
-        ("create_gid", "[name]"),
-        ("get_trusted_certs", "cred"),
-        ]
-
-    def print_command_help (self, options):
+        ### various auxiliary material that we keep at hand 
+        self.command=None
+        # need to call this other than just 'config' as we have a command/method with that name
+        self.config_instance=None
+        self.config_file=None
+        self.client_bootstrap=None
+
+    ### suitable if no reasonable command has been provided
+    def print_commands_help (self, options):
          verbose=getattr(options,'verbose')
          format3="%18s %-15s %s"
          line=80*'-'
          verbose=getattr(options,'verbose')
          format3="%18s %-15s %s"
          line=80*'-'
@@ -226,47 +299,140 @@ class Sfi:
              print line
          else:
              print line
              print line
          else:
              print line
-            self.create_parser().print_help()
-        for command in self.available_names:
-            args=self.available_dict[command]
-            method=getattr(self,command,None)
-            doc=""
-            if method: doc=getattr(method,'__doc__',"")
-            if not doc: doc="*** no doc found ***"
-            doc=doc.strip(" \t\n")
-            doc=doc.replace("\n","\n"+35*' ')
+            self.create_parser_global().print_help()
+        # preserve order from the code
+        for command in commands_list:
+            (doc, args_string, example) = commands_dict[command]
              if verbose:
                  print line
              if verbose:
                  print line
-            print format3%(command,args,doc)
+            doc=doc.replace("\n","\n"+35*' ')
+            print format3%(command,args_string,doc)
              if verbose:
              if verbose:
-                self.create_command_parser(command).print_help()
+                self.create_parser_command(command).print_help()
+            
+    ### now if a known command was found we can be more verbose on that one
+    def print_help (self):
+        print "==================== Generic sfi usage"
+        self.sfi_parser.print_help()
+        (doc,_,example)=commands_dict[self.command]
+        print "\n==================== Purpose of %s"%self.command
+        print doc
+        print "\n==================== Specific usage for %s"%self.command
+        self.command_parser.print_help()
+        if example:
+            print "\n==================== %s example(s)"%self.command
+            print example
+
+    def create_parser_global(self):
+        # Generate command line parser
+        parser = OptionParser(add_help_option=False,
+                              usage="sfi [sfi_options] command [cmd_options] [cmd_args]",
+                              description="Commands: %s"%(" ".join(commands_list)))
+        parser.add_option("-r", "--registry", dest="registry",
+                         help="root registry", metavar="URL", default=None)
+        parser.add_option("-s", "--sliceapi", dest="sm", default=None, metavar="URL",
+                         help="slice API - in general a SM URL, but can be used to talk to an aggregate")
+        parser.add_option("-R", "--raw", dest="raw", default=None,
+                          help="Save raw, unparsed server response to a file")
+        parser.add_option("", "--rawformat", dest="rawformat", type="choice",
+                          help="raw file format ([text]|pickled|json)", default="text",
+                          choices=("text","pickled","json"))
+        parser.add_option("", "--rawbanner", dest="rawbanner", default=None,
+                          help="text string to write before and after raw output")
+        parser.add_option("-d", "--dir", dest="sfi_dir",
+                         help="config & working directory - default is %default",
+                         metavar="PATH", default=Sfi.default_sfi_dir())
+        parser.add_option("-u", "--user", dest="user",
+                         help="user name", metavar="HRN", default=None)
+        parser.add_option("-a", "--auth", dest="auth",
+                         help="authority name", metavar="HRN", default=None)
+        parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
+                         help="verbose mode - cumulative")
+        parser.add_option("-D", "--debug",
+                          action="store_true", dest="debug", default=False,
+                          help="Debug (xml-rpc) protocol messages")
+        # would it make sense to use ~/.ssh/id_rsa as a default here ?
+        parser.add_option("-k", "--private-key",
+                         action="store", dest="user_private_key", default=None,
+                         help="point to the private key file to use if not yet installed in sfi_dir")
+        parser.add_option("-t", "--timeout", dest="timeout", default=None,
+                         help="Amout of time to wait before timing out the request")
+        parser.add_option("-h", "--help", 
+                         action="store_true", dest="help", default=False,
+                         help="one page summary on commands & exit")
+        parser.disable_interspersed_args()
+
+        return parser
+        
  
  
-    def create_command_parser(self, command):
-        if command not in self.available_dict:
+    def create_parser_command(self, command):
+        if command not in commands_dict:
              msg="Invalid command\n"
              msg+="Commands: "
              msg="Invalid command\n"
              msg+="Commands: "
-            msg += ','.join(self.available_names)            
+            msg += ','.join(commands_list)            
              self.logger.critical(msg)
              sys.exit(2)
  
              self.logger.critical(msg)
              sys.exit(2)
  
-        parser = OptionParser(usage="sfi [sfi_options] %s [cmd_options] %s" \
-                                     % (command, self.available_dict[command]))
+        # retrieve args_string
+        (_, args_string, __) = commands_dict[command]
+
+        parser = OptionParser(add_help_option=False,
+                              usage="sfi [sfi_options] %s [cmd_options] %s"
+                              % (command, args_string))
+        parser.add_option ("-h","--help",dest='help',action='store_true',default=False,
+                           help="Summary of one command usage")
+
+        if command in ("config"):
+            parser.add_option('-m', '--myslice', dest='myslice', action='store_true', default=False,
+                              help='how myslice config variables as well')
+
+        if command in ("version"):
+            parser.add_option("-R","--registry-version",
+                              action="store_true", dest="version_registry", default=False,
+                              help="probe registry version instead of sliceapi")
+            parser.add_option("-l","--local",
+                              action="store_true", dest="version_local", default=False,
+                              help="display version of the local client")
+
+        if command in ("add", "update"):
+            parser.add_option('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
+            parser.add_option('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
+            parser.add_option('-e', '--email', dest='email', default="",  help="email (mandatory for users)") 
+            parser.add_option('-k', '--key', dest='key', metavar='<key>', help='public key string or file', 
+                              default=None)
+            parser.add_option('-s', '--slices', dest='slices', metavar='<slices>', help='Set/replace slice xrns',
+                              default='', type="str", action='callback', callback=optparse_listvalue_callback)
+            parser.add_option('-r', '--researchers', dest='researchers', metavar='<researchers>', 
+                              help='Set/replace slice researchers', default='', type="str", action='callback', 
+                              callback=optparse_listvalue_callback)
+            parser.add_option('-p', '--pis', dest='pis', metavar='<PIs>', help='Set/replace Principal Investigators/Project Managers',
+                              default='', type="str", action='callback', callback=optparse_listvalue_callback)
+            parser.add_option ('-X','--extra',dest='extras',default={},type='str',metavar="<EXTRA_ASSIGNS>",
+                               action="callback", callback=optparse_dictvalue_callback, nargs=1,
+                               help="set extra/testbed-dependent flags, e.g. --extra enabled=true")
  
          # user specifies remote aggregate/sm/component                          
  
          # user specifies remote aggregate/sm/component                          
-        if command in ("resources", "slices", "create", "delete", "start", "stop", 
-                       "restart", "shutdown",  "get_ticket", "renew", "status"):
+        if command in ("resources", "describe", "allocate", "provision", "delete", "allocate", "provision", 
+                       "action", "shutdown", "renew", "status"):
              parser.add_option("-d", "--delegate", dest="delegate", default=None, 
                               action="store_true",
                               help="Include a credential delegated to the user's root"+\
                                    "authority in set of credentials for this call")
  
              parser.add_option("-d", "--delegate", dest="delegate", default=None, 
                               action="store_true",
                               help="Include a credential delegated to the user's root"+\
                                    "authority in set of credentials for this call")
  
+        # show_credential option
+        if command in ("list","resources", "describe", "provision", "allocate", "add","update","remove","delete","status","renew"):
+            parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False,
+                              help="show credential(s) used in human-readable form")
          # registy filter option
          if command in ("list", "show", "remove"):
              parser.add_option("-t", "--type", dest="type", type="choice",
                              help="type filter ([all]|user|slice|authority|node|aggregate)",
                              choices=("all", "user", "slice", "authority", "node", "aggregate"),
                              default="all")
          # registy filter option
          if command in ("list", "show", "remove"):
              parser.add_option("-t", "--type", dest="type", type="choice",
                              help="type filter ([all]|user|slice|authority|node|aggregate)",
                              choices=("all", "user", "slice", "authority", "node", "aggregate"),
                              default="all")
-        if command in ("resources"):
+        if command in ("show"):
+            parser.add_option("-k","--key",dest="keys",action="append",default=[],
+                              help="specify specific keys to be displayed from record")
+        if command in ("resources", "describe"):
              # rspec version
              parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1",
                                help="schema type and version of resulting RSpec")
              # rspec version
              parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1",
                                help="schema type and version of resulting RSpec")
@@ -279,12 +445,15 @@ class Sfi:
                               help="display format ([xml]|dns|ip)", default="xml",
                               choices=("xml", "dns", "ip"))
              #panos: a new option to define the type of information about resources a user is interested in
                               help="display format ([xml]|dns|ip)", default="xml",
                               choices=("xml", "dns", "ip"))
              #panos: a new option to define the type of information about resources a user is interested in
-           parser.add_option("-i", "--info", dest="info",
+            parser.add_option("-i", "--info", dest="info",
                                  help="optional component information", default=None)
                                  help="optional component information", default=None)
+            # a new option to retreive or not reservation-oriented RSpecs (leases)
+            parser.add_option("-l", "--list_leases", dest="list_leases", type="choice",
+                                help="Retreive or not reservation-oriented RSpecs ([resources]|leases|all )",
+                                choices=("all", "resources", "leases"), default="resources")
  
  
  
  
-        # 'create' does return the new rspec, makes sense to save that too
-        if command in ("resources", "show", "list", "create_gid", 'create'):
+        if command in ("resources", "describe", "allocate", "provision", "show", "list", "gid"):
             parser.add_option("-o", "--output", dest="file",
                              help="output XML to file", metavar="FILE", default=None)
  
             parser.add_option("-o", "--output", dest="file",
                              help="output XML to file", metavar="FILE", default=None)
  
@@ -296,82 +465,54 @@ class Sfi:
             parser.add_option("-F", "--fileformat", dest="fileformat", type="choice",
                               help="output file format ([xml]|xmllist|hrnlist)", default="xml",
                               choices=("xml", "xmllist", "hrnlist"))
             parser.add_option("-F", "--fileformat", dest="fileformat", type="choice",
                               help="output file format ([xml]|xmllist|hrnlist)", default="xml",
                               choices=("xml", "xmllist", "hrnlist"))
-
-        if command in ("status", "version"):
-           parser.add_option("-o", "--output", dest="file",
-                            help="output dictionary to file", metavar="FILE", default=None)
-           parser.add_option("-F", "--fileformat", dest="fileformat", type="choice",
-                             help="output file format ([text]|pickled)", default="text",
-                             choices=("text","pickled"))
-
+        if command == 'list':
+           parser.add_option("-r", "--recursive", dest="recursive", action='store_true',
+                             help="list all child records", default=False)
+           parser.add_option("-v", "--verbose", dest="verbose", action='store_true',
+                             help="gives details, like user keys", default=False)
          if command in ("delegate"):
             parser.add_option("-u", "--user",
          if command in ("delegate"):
             parser.add_option("-u", "--user",
-                            action="store_true", dest="delegate_user", default=False,
-                            help="delegate user credential")
-           parser.add_option("-s", "--slice", dest="delegate_slice",
-                            help="delegate slice credential", metavar="HRN", default=None)
+                             action="store_true", dest="delegate_user", default=False,
+                             help="delegate your own credentials; default if no other option is provided")
+           parser.add_option("-s", "--slice", dest="delegate_slices",action='append',default=[],
+                             metavar="slice_hrn", help="delegate cred. for slice HRN")
+           parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[],
+                             metavar='auth_hrn', help="delegate cred for auth HRN")
+           # this primarily is a shorthand for -a my_hrn
+           parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true',
+                             help="delegate your PI credentials, so s.t. like -a your_hrn^")
+           parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False,
+                             help="""by default the mandatory argument is expected to be a user, 
+use this if you mean an authority instead""")
+
+        if command in ("myslice"):
+            parser.add_option("-p","--password",dest='password',action='store',default=None,
+                              help="specify mainfold password on the command line")
+            parser.add_option("-s", "--slice", dest="delegate_slices",action='append',default=[],
+                             metavar="slice_hrn", help="delegate cred. for slice HRN")
+            parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[],
+                             metavar='auth_hrn', help="delegate PI cred for auth HRN")
+            parser.add_option('-d', '--delegate', dest='delegate', help="Override 'delegate' from the config file")
+            parser.add_option('-b', '--backend',  dest='backend',  help="Override 'backend' from the config file")
          
          
-        if command in ("version"):
-            parser.add_option("-R","--registry-version",
-                              action="store_true", dest="version_registry", default=False,
-                              help="probe registry version instead of sliceapi")
-            parser.add_option("-l","--local",
-                              action="store_true", dest="version_local", default=False,
-                              help="display version of the local client")
-
          return parser
  
          
          return parser
  
          
-    def create_parser(self):
-
-        # Generate command line parser
-        parser = OptionParser(usage="sfi [sfi_options] command [cmd_options] [cmd_args]",
-                             description="Commands: %s"%(" ".join(self.available_names)))
-        parser.add_option("-r", "--registry", dest="registry",
-                         help="root registry", metavar="URL", default=None)
-        parser.add_option("-s", "--sliceapi", dest="sm", default=None, metavar="URL",
-                         help="slice API - in general a SM URL, but can be used to talk to an aggregate")
-        parser.add_option("-d", "--dir", dest="sfi_dir",
-                         help="config & working directory - default is %default",
-                         metavar="PATH", default=Sfi.default_sfi_dir())
-        parser.add_option("-u", "--user", dest="user",
-                         help="user name", metavar="HRN", default=None)
-        parser.add_option("-a", "--auth", dest="auth",
-                         help="authority name", metavar="HRN", default=None)
-        parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0,
-                         help="verbose mode - cumulative")
-        parser.add_option("-D", "--debug",
-                          action="store_true", dest="debug", default=False,
-                          help="Debug (xml-rpc) protocol messages")
-        # would it make sense to use ~/.ssh/id_rsa as a default here ?
-        parser.add_option("-k", "--private-key",
-                         action="store", dest="user_private_key", default=None,
-                         help="point to the private key file to use if not yet installed in sfi_dir")
-        parser.add_option("-t", "--timeout", dest="timeout", default=None,
-                         help="Amout of time to wait before timing out the request")
-        parser.add_option("-?", "--commands", 
-                         action="store_true", dest="command_help", default=False,
-                         help="one page summary on commands & exit")
-        parser.disable_interspersed_args()
-
-        return parser
-        
-
-    def print_help (self):
-        self.sfi_parser.print_help()
-        self.command_parser.print_help()
-
      #
      # Main: parse arguments and dispatch to command
      #
      def dispatch(self, command, command_options, command_args):
      #
      # Main: parse arguments and dispatch to command
      #
      def dispatch(self, command, command_options, command_args):
-        return getattr(self, command)(command_options, command_args)
+        method=getattr(self, command, None)
+        if not method:
+            print "Unknown command %s"%command
+            return
+        return method(command_options, command_args)
  
      def main(self):
  
      def main(self):
-        self.sfi_parser = self.create_parser()
+        self.sfi_parser = self.create_parser_global()
          (options, args) = self.sfi_parser.parse_args()
          (options, args) = self.sfi_parser.parse_args()
-        if options.command_help: 
-            self.print_command_help(options)
+        if options.help: 
+            self.print_commands_help(options)
              sys.exit(1)
          self.options = options
  
              sys.exit(1)
          self.options = options
  
@@ -379,41 +520,74 @@ class Sfi:
  
          if len(args) <= 0:
              self.logger.critical("No command given. Use -h for help.")
  
          if len(args) <= 0:
              self.logger.critical("No command given. Use -h for help.")
-            self.print_command_help(options)
+            self.print_commands_help(options)
              return -1
      
              return -1
      
-        command = args[0]
-        self.command_parser = self.create_command_parser(command)
+        # complete / find unique match with command set
+        command_candidates = Candidates (commands_list)
+        input = args[0]
+        command = command_candidates.only_match(input)
+        if not command:
+            self.print_commands_help(options)
+            sys.exit(1)
+        # second pass options parsing
+        self.command=command
+        self.command_parser = self.create_parser_command(command)
          (command_options, command_args) = self.command_parser.parse_args(args[1:])
          (command_options, command_args) = self.command_parser.parse_args(args[1:])
+        if command_options.help:
+            self.print_help()
+            sys.exit(1)
          self.command_options = command_options
  
          self.read_config () 
          self.bootstrap ()
          self.command_options = command_options
  
          self.read_config () 
          self.bootstrap ()
-        self.logger.info("Command=%s" % command)
+        self.logger.debug("Command=%s" % self.command)
  
          try:
              self.dispatch(command, command_options, command_args)
  
          try:
              self.dispatch(command, command_options, command_args)
-        except KeyError:
-            self.logger.critical ("Unknown command %s"%command)
-            raise
-            sys.exit(1)
-    
-        return
+        except SystemExit:
+            return 1
+        except:
+            self.logger.log_exc ("sfi command %s failed"%command)
+            return 1
+
+        return 0
      
      ####################
      def read_config(self):
          config_file = os.path.join(self.options.sfi_dir,"sfi_config")
      
      ####################
      def read_config(self):
          config_file = os.path.join(self.options.sfi_dir,"sfi_config")
+        shell_config_file  = os.path.join(self.options.sfi_dir,"sfi_config.sh")
          try:
          try:
-           config = Config (config_file)
+            if Config.is_ini(config_file):
+                config = Config (config_file)
+            else:
+                # try upgrading from shell config format
+                fp, fn = mkstemp(suffix='sfi_config', text=True)  
+                config = Config(fn)
+                # we need to preload the sections we want parsed 
+                # from the shell config
+                config.add_section('sfi')
+                # sface users should be able to use this same file to configure their stuff
+                config.add_section('sface')
+                # manifold users should be able to specify the details 
+                # of their backend server here for 'sfi myslice'
+                config.add_section('myslice')
+                config.load(config_file)
+                # back up old config
+                shutil.move(config_file, shell_config_file)
+                # write new config
+                config.save(config_file)
+                 
          except:
          except:
-           self.logger.critical("Failed to read configuration file %s"%config_file)
-           self.logger.info("Make sure to remove the export clauses and to add quotes")
-           if self.options.verbose==0:
-               self.logger.info("Re-run with -v for more details")
-           else:
-               self.logger.log_exc("Could not read config file %s"%config_file)
-           sys.exit(1)
+            self.logger.critical("Failed to read configuration file %s"%config_file)
+            self.logger.info("Make sure to remove the export clauses and to add quotes")
+            if self.options.verbose==0:
+                self.logger.info("Re-run with -v for more details")
+            else:
+                self.logger.log_exc("Could not read config file %s"%config_file)
+            sys.exit(1)
       
       
+        self.config_instance=config
          errors = 0
          # Set SliceMgr URL
          if (self.options.sm is not None):
          errors = 0
          # Set SliceMgr URL
          if (self.options.sm is not None):
@@ -430,7 +604,7 @@ class Sfi:
          elif hasattr(config, "SFI_REGISTRY"):
             self.reg_url = config.SFI_REGISTRY
          else:
          elif hasattr(config, "SFI_REGISTRY"):
             self.reg_url = config.SFI_REGISTRY
          else:
-           self.logger.errors("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file)
+           self.logger.error("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file)
             errors += 1 
  
          # Set user HRN
             errors += 1 
  
          # Set user HRN
@@ -439,7 +613,7 @@ class Sfi:
          elif hasattr(config, "SFI_USER"):
             self.user = config.SFI_USER
          else:
          elif hasattr(config, "SFI_USER"):
             self.user = config.SFI_USER
          else:
-           self.logger.errors("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file)
+           self.logger.error("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file)
             errors += 1 
  
          # Set authority HRN
             errors += 1 
  
          # Set authority HRN
@@ -451,6 +625,7 @@ class Sfi:
             self.logger.error("You need to set e.g. SFI_AUTH='plc.princeton' in %s" % config_file)
             errors += 1 
  
             self.logger.error("You need to set e.g. SFI_AUTH='plc.princeton' in %s" % config_file)
             errors += 1 
  
+        self.config_file=config_file
          if errors:
             sys.exit(1)
  
          if errors:
             sys.exit(1)
  
@@ -469,41 +644,53 @@ class Sfi:
      
      # init self-signed cert, user credentials and gid
      def bootstrap (self):
      
      # init self-signed cert, user credentials and gid
      def bootstrap (self):
-        bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir)
+        client_bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir,
+                                               logger=self.logger)
          # if -k is provided, use this to initialize private key
          if self.options.user_private_key:
          # if -k is provided, use this to initialize private key
          if self.options.user_private_key:
-            bootstrap.init_private_key_if_missing (self.options.user_private_key)
+            client_bootstrap.init_private_key_if_missing (self.options.user_private_key)
          else:
              # trigger legacy compat code if needed 
              # the name has changed from just <leaf>.pkey to <hrn>.pkey
          else:
              # trigger legacy compat code if needed 
              # the name has changed from just <leaf>.pkey to <hrn>.pkey
-            if not os.path.isfile(bootstrap.private_key_filename()):
+            if not os.path.isfile(client_bootstrap.private_key_filename()):
                  self.logger.info ("private key not found, trying legacy name")
                  try:
                  self.logger.info ("private key not found, trying legacy name")
                  try:
-                    legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%get_leaf(self.user))
+                    legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%Xrn.unescape(get_leaf(self.user)))
                      self.logger.debug("legacy_private_key=%s"%legacy_private_key)
                      self.logger.debug("legacy_private_key=%s"%legacy_private_key)
-                    bootstrap.init_private_key_if_missing (legacy_private_key)
+                    client_bootstrap.init_private_key_if_missing (legacy_private_key)
                      self.logger.info("Copied private key from legacy location %s"%legacy_private_key)
                  except:
                      self.logger.log_exc("Can't find private key ")
                      sys.exit(1)
              
          # make it bootstrap
                      self.logger.info("Copied private key from legacy location %s"%legacy_private_key)
                  except:
                      self.logger.log_exc("Can't find private key ")
                      sys.exit(1)
              
          # make it bootstrap
-        bootstrap.bootstrap_my_gid()
+        client_bootstrap.bootstrap_my_gid()
          # extract what's needed
          # extract what's needed
-        self.private_key = bootstrap.private_key()
-        self.my_credential_string = bootstrap.my_credential_string ()
-        self.my_gid = bootstrap.my_gid ()
-        self.bootstrap = bootstrap
+        self.private_key = client_bootstrap.private_key()
+        self.my_credential_string = client_bootstrap.my_credential_string ()
+        self.my_credential = {'geni_type': 'geni_sfa',
+                              'geni_version': '3', 
+                              'geni_value': self.my_credential_string}
+        self.my_gid = client_bootstrap.my_gid ()
+        self.client_bootstrap = client_bootstrap
  
  
      def my_authority_credential_string(self):
          if not self.authority:
              self.logger.critical("no authority specified. Use -a or set SF_AUTH")
              sys.exit(-1)
  
  
      def my_authority_credential_string(self):
          if not self.authority:
              self.logger.critical("no authority specified. Use -a or set SF_AUTH")
              sys.exit(-1)
-        return self.bootstrap.authority_credential_string (self.authority)
+        return self.client_bootstrap.authority_credential_string (self.authority)
+
+    def authority_credential_string(self, auth_hrn):
+        return self.client_bootstrap.authority_credential_string (auth_hrn)
  
      def slice_credential_string(self, name):
  
      def slice_credential_string(self, name):
-        return self.bootstrap.slice_credential_string (name)
+        return self.client_bootstrap.slice_credential_string (name)
+
+    def slice_credential(self, name):
+        return {'geni_type': 'geni_sfa',
+                'geni_version': '3',
+                'geni_value': self.slice_credential_string(name)}    
  
      # xxx should be supported by sfaclientbootstrap as well
      def delegate_cred(self, object_cred, hrn, type='authority'):
  
      # xxx should be supported by sfaclientbootstrap as well
      def delegate_cred(self, object_cred, hrn, type='authority'):
@@ -521,7 +708,7 @@ class Sfi:
          caller_gidfile = self.my_gid()
    
          # the gid of the user who will be delegated to
          caller_gidfile = self.my_gid()
    
          # the gid of the user who will be delegated to
-        delegee_gid = self.bootstrap.gid(hrn,type)
+        delegee_gid = self.client_bootstrap.gid(hrn,type)
          delegee_hrn = delegee_gid.get_hrn()
          dcred = object_cred.delegate(delegee_gid, self.private_key, caller_gidfile)
          return dcred.save_to_string(save_parents=True)
          delegee_hrn = delegee_gid.get_hrn()
          dcred = object_cred.delegate(delegee_gid, self.private_key, caller_gidfile)
          return dcred.save_to_string(save_parents=True)
@@ -650,18 +837,43 @@ class Sfi:
         else:
            self.logger.critical("No such registry record file %s"%record)
            sys.exit(1)
         else:
            self.logger.critical("No such registry record file %s"%record)
            sys.exit(1)
-    
+
  
      #==========================================================================
      # Following functions implement the commands
      #
      # Registry-related commands
      #==========================================================================
  
      #==========================================================================
      # Following functions implement the commands
      #
      # Registry-related commands
      #==========================================================================
-  
+
+    @register_command("","")
+    def config (self, options, args):
+        "Display contents of current config"
+        print "# From configuration file %s"%self.config_file
+        flags=[ ('sfi', [ ('registry','reg_url'),
+                          ('auth','authority'),
+                          ('user','user'),
+                          ('sm','sm_url'),
+                          ]),
+                ]
+        if options.myslice:
+            flags.append ( ('myslice', ['backend', 'delegate', 'platform', 'username'] ) )
+
+        for (section, tuples) in flags:
+            print "[%s]"%section
+            try:
+                for (external_name, internal_name) in tuples:
+                    print "%-20s = %s"%(external_name,getattr(self,internal_name))
+            except:
+                for name in tuples:
+                    varname="%s_%s"%(section.upper(),name.upper())
+                    value=getattr(self.config_instance,varname)
+                    print "%-20s = %s"%(name,value)
+
+    @register_command("","")
      def version(self, options, args):
          """
      def version(self, options, args):
          """
-        display an SFA server version (GetVersion) 
-or version information about sfi itself
+        display an SFA server version (GetVersion)
+  or version information about sfi itself
          """
          if options.version_local:
              version=version_core()
          """
          if options.version_local:
              version=version_core()
@@ -672,11 +884,13 @@ or version information about sfi itself
                  server = self.sliceapi()
              result = server.GetVersion()
              version = ReturnValue.get_value(result)
                  server = self.sliceapi()
              result = server.GetVersion()
              version = ReturnValue.get_value(result)
-        pprinter = PrettyPrinter(indent=4)
-        pprinter.pprint(version)
-        if options.file:
-            save_variable_to_file(version, options.file, options.fileformat)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        else:
+            pprinter = PrettyPrinter(indent=4)
+            pprinter.pprint(version)
  
  
+    @register_command("authority","")
      def list(self, options, args):
          """
          list entries in named authority registry (List)
      def list(self, options, args):
          """
          list entries in named authority registry (List)
@@ -685,20 +899,26 @@ or version information about sfi itself
              self.print_help()
              sys.exit(1)
          hrn = args[0]
              self.print_help()
              sys.exit(1)
          hrn = args[0]
+        opts = {}
+        if options.recursive:
+            opts['recursive'] = options.recursive
+        
+        if options.show_credential:
+            show_credentials(self.my_credential_string)
          try:
          try:
-            list = self.registry().List(hrn, self.my_credential_string)
+            list = self.registry().List(hrn, self.my_credential_string, options)
          except IndexError:
              raise Exception, "Not enough parameters for the 'list' command"
  
          # filter on person, slice, site, node, etc.
          except IndexError:
              raise Exception, "Not enough parameters for the 'list' command"
  
          # filter on person, slice, site, node, etc.
-        # THis really should be in the self.filter_records funct def comment...
+        # This really should be in the self.filter_records funct def comment...
          list = filter_records(options.type, list)
          list = filter_records(options.type, list)
-        for record in list:
-            print "%s (%s)" % (record['hrn'], record['type'])
+        terminal_render (list, options)
          if options.file:
              save_records_to_file(options.file, list, options.fileformat)
          return
      
          if options.file:
              save_records_to_file(options.file, list, options.fileformat)
          return
      
+    @register_command("name","")
      def show(self, options, args):
          """
          show details about named registry record (Resolve)
      def show(self, options, args):
          """
          show details about named registry record (Resolve)
@@ -707,55 +927,92 @@ or version information about sfi itself
              self.print_help()
              sys.exit(1)
          hrn = args[0]
              self.print_help()
              sys.exit(1)
          hrn = args[0]
-        records = self.registry().Resolve(hrn, self.my_credential_string)
-        records = filter_records(options.type, records)
-        if not records:
+        # explicitly require Resolve to run in details mode
+        record_dicts = self.registry().Resolve(hrn, self.my_credential_string, {'details':True})
+        record_dicts = filter_records(options.type, record_dicts)
+        if not record_dicts:
              self.logger.error("No record of type %s"% options.type)
              self.logger.error("No record of type %s"% options.type)
+            return
+        # user has required to focus on some keys
+        if options.keys:
+            def project (record):
+                projected={}
+                for key in options.keys:
+                    try: projected[key]=record[key]
+                    except: pass
+                return projected
+            record_dicts = [ project (record) for record in record_dicts ]
+        records = [ Record(dict=record_dict) for record_dict in record_dicts ]
          for record in records:
          for record in records:
-            if record['type'] in ['user']:
-                record = UserRecord(dict=record)
-            elif record['type'] in ['slice']:
-                record = SliceRecord(dict=record)
-            elif record['type'] in ['node']:
-                record = NodeRecord(dict=record)
-            elif record['type'].startswith('authority'):
-                record = AuthorityRecord(dict=record)
-            else:
-                record = SfaRecord(dict=record)
-            if (options.format == "text"): 
-                record.dump()  
-            else:
-                print record.save_to_string() 
+            if (options.format == "text"):      record.dump(sort=True)  
+            else:                               print record.save_as_xml() 
          if options.file:
          if options.file:
-            save_records_to_file(options.file, records, options.fileformat)
+            save_records_to_file(options.file, record_dicts, options.fileformat)
          return
      
          return
      
+    @register_command("[xml-filename]","")
      def add(self, options, args):
      def add(self, options, args):
-        "add record into registry from xml file (Register)"
+        """add record into registry (Register) 
+  from command line options (recommended) 
+  old-school method involving an xml file still supported"""
+
          auth_cred = self.my_authority_credential_string()
          auth_cred = self.my_authority_credential_string()
-        if len(args)!=1:
+        if options.show_credential:
+            show_credentials(auth_cred)
+        record_dict = {}
+        if len(args) > 1:
              self.print_help()
              sys.exit(1)
              self.print_help()
              sys.exit(1)
-        record_filepath = args[0]
-        rec_file = self.get_record_file(record_filepath)
-        record = load_record_from_file(rec_file).as_dict()
-        return self.registry().Register(record, auth_cred)
+        if len(args)==1:
+            try:
+                record_filepath = args[0]
+                rec_file = self.get_record_file(record_filepath)
+                record_dict.update(load_record_from_file(rec_file).todict())
+            except:
+                print "Cannot load record file %s"%record_filepath
+                sys.exit(1)
+        if options:
+            record_dict.update(load_record_from_opts(options).todict())
+        # we should have a type by now
+        if 'type' not in record_dict :
+            self.print_help()
+            sys.exit(1)
+        # this is still planetlab dependent.. as plc will whine without that
+        # also, it's only for adding
+        if record_dict['type'] == 'user':
+            if not 'first_name' in record_dict:
+                record_dict['first_name'] = record_dict['hrn']
+            if 'last_name' not in record_dict:
+                record_dict['last_name'] = record_dict['hrn'] 
+        return self.registry().Register(record_dict, auth_cred)
      
      
+    @register_command("[xml-filename]","")
      def update(self, options, args):
      def update(self, options, args):
-        "update record into registry from xml file (Update)"
-        if len(args)!=1:
+        """update record into registry (Update) 
+  from command line options (recommended) 
+  old-school method involving an xml file still supported"""
+        record_dict = {}
+        if len(args) > 0:
+            record_filepath = args[0]
+            rec_file = self.get_record_file(record_filepath)
+            record_dict.update(load_record_from_file(rec_file).todict())
+        if options:
+            record_dict.update(load_record_from_opts(options).todict())
+        # at the very least we need 'type' here
+        if 'type' not in record_dict:
              self.print_help()
              sys.exit(1)
              self.print_help()
              sys.exit(1)
-        rec_file = self.get_record_file(args[0])
-        record = load_record_from_file(rec_file)
-        if record['type'] == "user":
-            if record.get_name() == self.user:
+
+        # don't translate into an object, as this would possibly distort
+        # user-provided data; e.g. add an 'email' field to Users
+        if record_dict['type'] == "user":
+            if record_dict['hrn'] == self.user:
                  cred = self.my_credential_string
              else:
                  cred = self.my_authority_credential_string()
                  cred = self.my_credential_string
              else:
                  cred = self.my_authority_credential_string()
-        elif record['type'] in ["slice"]:
+        elif record_dict['type'] in ["slice"]:
              try:
              try:
-                cred = self.slice_credential_string(record.get_name())
+                cred = self.slice_credential_string(record_dict['hrn'])
              except ServerException, e:
                 # XXX smbaker -- once we have better error return codes, update this
                 # to do something better than a string compare
              except ServerException, e:
                 # XXX smbaker -- once we have better error return codes, update this
                 # to do something better than a string compare
@@ -763,15 +1020,17 @@ or version information about sfi itself
                     cred = self.my_authority_credential_string()
                 else:
                     raise
                     cred = self.my_authority_credential_string()
                 else:
                     raise
-        elif record.get_type() in ["authority"]:
+        elif record_dict['type'] in ["authority"]:
              cred = self.my_authority_credential_string()
              cred = self.my_authority_credential_string()
-        elif record.get_type() == 'node':
+        elif record_dict['type'] == 'node':
              cred = self.my_authority_credential_string()
          else:
              cred = self.my_authority_credential_string()
          else:
-            raise "unknown record type" + record.get_type()
-        record = record.as_dict()
-        return self.registry().Update(record, cred)
+            raise "unknown record type" + record_dict['type']
+        if options.show_credential:
+            show_credentials(cred)
+        return self.registry().Update(record_dict, cred)
    
    
+    @register_command("hrn","")
      def remove(self, options, args):
          "remove registry record by name (Remove)"
          auth_cred = self.my_authority_credential_string()
      def remove(self, options, args):
          "remove registry record by name (Remove)"
          auth_cred = self.my_authority_credential_string()
@@ -782,57 +1041,40 @@ or version information about sfi itself
          type = options.type 
          if type in ['all']:
              type = '*'
          type = options.type 
          if type in ['all']:
              type = '*'
+        if options.show_credential:
+            show_credentials(auth_cred)
          return self.registry().Remove(hrn, auth_cred, type)
      
      # ==================================================================
      # Slice-related commands
      # ==================================================================
  
          return self.registry().Remove(hrn, auth_cred, type)
      
      # ==================================================================
      # Slice-related commands
      # ==================================================================
  
-    def slices(self, options, args):
-        "list instantiated slices (ListSlices) - returns urn's"
-        server = self.sliceapi()
-        # creds
-        creds = [self.my_credential_string]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(self.my_credential_string, get_authority(self.authority))
-            creds.append(delegated_cred)  
-        # options and call_id when supported
-        api_options = {}
-       api_options['call_id']=unique_call_id()
-        result = server.ListSlices(creds, *self.ois(server,api_options))
-        value = ReturnValue.get_value(result)
-        display_list(value)
-        return
-    
      # show rspec for named slice
      # show rspec for named slice
+    @register_command("","")
      def resources(self, options, args):
          """
      def resources(self, options, args):
          """
-        with no arg, discover available resources, (ListResources)
-or with an slice hrn, shows currently provisioned resources
+        discover available resources (ListResources)
          """
          server = self.sliceapi()
  
          # set creds
          """
          server = self.sliceapi()
  
          # set creds
-        creds = []
-        if args:
-            creds.append(self.slice_credential_string(args[0]))
-        else:
-            creds.append(self.my_credential_string)
+        creds = [self.my_credential]
          if options.delegate:
              creds.append(self.delegate_cred(cred, get_authority(self.authority)))
          if options.delegate:
              creds.append(self.delegate_cred(cred, get_authority(self.authority)))
-       
+        if options.show_credential:
+            show_credentials(creds)
+
          # no need to check if server accepts the options argument since the options has
          # no need to check if server accepts the options argument since the options has
-        # been a required argument since v1 API   
+        # been a required argument since v1 API
          api_options = {}
          # always send call_id to v2 servers
          api_options ['call_id'] = unique_call_id()
          # ask for cached value if available
          api_options ['cached'] = True
          api_options = {}
          # always send call_id to v2 servers
          api_options ['call_id'] = unique_call_id()
          # ask for cached value if available
          api_options ['cached'] = True
-        if args:
-            hrn = args[0]
-            api_options['geni_slice_urn'] = hrn_to_urn(hrn, 'slice')
          if options.info:
              api_options['info'] = options.info
          if options.info:
              api_options['info'] = options.info
+        if options.list_leases:
+            api_options['list_leases'] = options.list_leases
          if options.current:
              if options.current == True:
                  api_options['cached'] = False
          if options.current:
              if options.current == True:
                  api_options['cached'] = False
@@ -845,32 +1087,103 @@ or with an slice hrn, shows currently provisioned resources
                  # just request the version the client wants
                  api_options['geni_rspec_version'] = version_manager.get_version(options.rspec_version).to_dict()
              else:
                  # just request the version the client wants
                  api_options['geni_rspec_version'] = version_manager.get_version(options.rspec_version).to_dict()
              else:
-                api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'}    
+                api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3'}
          else:
          else:
-            api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'}    
+            api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3'}
          result = server.ListResources (creds, api_options)
          value = ReturnValue.get_value(result)
          result = server.ListResources (creds, api_options)
          value = ReturnValue.get_value(result)
-        if options.file is None:
-            display_rspec(value, options.format)
-        else:
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        if options.file is not None:
              save_rspec_to_file(value, options.file)
              save_rspec_to_file(value, options.file)
+        if (self.options.raw is None) and (options.file is None):
+            display_rspec(value, options.format)
+
          return
  
          return
  
-    def create(self, options, args):
+    @register_command("slice_hrn","")
+    def describe(self, options, args):
          """
          """
-        create or update named slice with given rspec
+        shows currently allocated/provisioned resources 
+        of the named slice or set of slivers (Describe) 
+        """
+        server = self.sliceapi()
+
+        # set creds
+        creds = [self.slice_credential(args[0])]
+        if options.delegate:
+            creds.append(self.delegate_cred(cred, get_authority(self.authority)))
+        if options.show_credential:
+            show_credentials(creds)
+
+        api_options = {'call_id': unique_call_id(),
+                       'cached': True,
+                       'info': options.info,
+                       'list_leases': options.list_leases,
+                       'geni_rspec_version': {'type': 'geni', 'version': '3'},
+                      }
+        if options.rspec_version:
+            version_manager = VersionManager()
+            server_version = self.get_cached_server_version(server)
+            if 'sfa' in server_version:
+                # just request the version the client wants
+                api_options['geni_rspec_version'] = version_manager.get_version(options.rspec_version).to_dict()
+            else:
+                api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3'}
+        urn = Xrn(args[0], type='slice').get_urn()        
+        result = server.Describe([urn], creds, api_options)
+        value = ReturnValue.get_value(result)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        if options.file is not None:
+            save_rspec_to_file(value, options.file)
+        if (self.options.raw is None) and (options.file is None):
+            display_rspec(value, options.format)
+
+        return 
+
+    @register_command("slice_hrn","")
+    def delete(self, options, args):
+        """
+        de-allocate and de-provision all or named slivers of the slice (Delete)
          """
          server = self.sliceapi()
  
          """
          server = self.sliceapi()
  
-        # xxx do we need to check usage (len(args)) ?
          # slice urn
          slice_hrn = args[0]
          # slice urn
          slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice')
+        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+
+        # creds
+        slice_cred = self.slice_credential(slice_hrn)
+        creds = [slice_cred]
+        
+        # options and call_id when supported
+        api_options = {}
+        api_options ['call_id'] = unique_call_id()
+        if options.show_credential:
+            show_credentials(creds)
+        result = server.Delete([slice_urn], creds, *self.ois(server, api_options ) )
+        value = ReturnValue.get_value(result)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        else:
+            print value
+        return value
+
+    @register_command("slice_hrn rspec","")
+    def allocate(self, options, args):
+        """
+         allocate resources to the named slice (Allocate)
+        """
+        server = self.sliceapi()
+        server_version = self.get_cached_server_version(server)
+        slice_hrn = args[0]
+        slice_urn = Xrn(slice_hrn, type='slice').get_urn()
  
          # credentials
  
          # credentials
-        creds = [self.slice_credential_string(slice_hrn)]
+        creds = [self.slice_credential(slice_hrn)]
+
          delegated_cred = None
          delegated_cred = None
-        server_version = self.get_cached_server_version(server)
          if server_version.get('interface') == 'slicemgr':
              # delegate our cred to the slice manager
              # do not delegate cred to slicemgr...not working at the moment
          if server_version.get('interface') == 'slicemgr':
              # delegate our cred to the slice manager
              # do not delegate cred to slicemgr...not working at the moment
@@ -879,77 +1192,104 @@ or with an slice hrn, shows currently provisioned resources
              #    delegated_cred = self.delegate_cred(slice_cred, server_version['hrn'])
              #elif server_version.get('urn'):
              #    delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn']))
              #    delegated_cred = self.delegate_cred(slice_cred, server_version['hrn'])
              #elif server_version.get('urn'):
              #    delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn']))
-                
-        # rspec 
+
+        if options.show_credential:
+            show_credentials(creds)
+
+        # rspec
          rspec_file = self.get_rspec_file(args[1])
          rspec = open(rspec_file).read()
          rspec_file = self.get_rspec_file(args[1])
          rspec = open(rspec_file).read()
-
+        api_options = {}
+        api_options ['call_id'] = unique_call_id()
          # users
          # users
-        # need to pass along user keys to the aggregate.
-        # users = [
-        #  { urn: urn:publicid:IDN+emulab.net+user+alice
-        #    keys: [<ssh key A>, <ssh key B>]
-        #  }]
-        users = []
+        sfa_users = []
+        geni_users = []
          slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string])
          slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string])
-        if slice_records and 'researcher' in slice_records[0] and slice_records[0]['researcher']!=[]:
+        if slice_records and 'reg-researchers' in slice_records[0] and slice_records[0]['reg-researchers']!=[]:
              slice_record = slice_records[0]
              slice_record = slice_records[0]
-            user_hrns = slice_record['researcher']
+            user_hrns = slice_record['reg-researchers']
              user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
              user_records = self.registry().Resolve(user_urns, [self.my_credential_string])
              user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
              user_records = self.registry().Resolve(user_urns, [self.my_credential_string])
+            sfa_users = sfa_users_arg(user_records, slice_record)
+            geni_users = pg_users_arg(user_records)
  
  
-            if 'sfa' not in server_version:
-                users = pg_users_arg(user_records)
-                rspec = RSpec(rspec)
-                rspec.filter({'component_manager_id': server_version['urn']})
-                rspec = RSpecConverter.to_pg_rspec(rspec.toxml(), content_type='request')
-            else:
-                users = sfa_users_arg(user_records, slice_record)
-        
-        # do not append users, keys, or slice tags. Anything 
-        # not contained in this request will be removed from the slice
-
-        # CreateSliver has supported the options argument for a while now so it should
-        # be safe to assume this server support it
-        api_options = {}
-        api_options ['append'] = False
-        api_options ['call_id'] = unique_call_id()
+        api_options['sfa_users'] = sfa_users
+        api_options['geni_users'] = geni_users
  
  
-        result = server.CreateSliver(slice_urn, creds, rspec, users, *self.ois(server, api_options))
+        result = server.Allocate(slice_urn, creds, rspec, api_options)
          value = ReturnValue.get_value(result)
          value = ReturnValue.get_value(result)
-        if options.file is None:
-            print value
-        else:
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        if options.file is not None:
              save_rspec_to_file (value, options.file)
              save_rspec_to_file (value, options.file)
+        if (self.options.raw is None) and (options.file is None):
+            print value
          return value
          return value
+        
  
  
-    def delete(self, options, args):
+    @register_command("slice_hrn","")
+    def provision(self, options, args):
          """
          """
-        delete named slice (DeleteSliver)
+        provision already allocated resources of named slice (Provision)
          """
          server = self.sliceapi()
          """
          server = self.sliceapi()
-
-        # slice urn
+        server_version = self.get_cached_server_version(server)
          slice_hrn = args[0]
          slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        slice_urn = Xrn(slice_hrn, type='slice').get_urn()
+
+        # credentials
+        creds = [self.slice_credential(slice_hrn)]
+        delegated_cred = None
+        if server_version.get('interface') == 'slicemgr':
+            # delegate our cred to the slice manager
+            # do not delegate cred to slicemgr...not working at the moment
+            pass
+            #if server_version.get('hrn'):
+            #    delegated_cred = self.delegate_cred(slice_cred, server_version['hrn'])
+            #elif server_version.get('urn'):
+            #    delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn']))
+
+        if options.show_credential:
+            show_credentials(creds)
  
  
-        # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
-        creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        
-        # options and call_id when supported
          api_options = {}
          api_options ['call_id'] = unique_call_id()
          api_options = {}
          api_options ['call_id'] = unique_call_id()
-        result = server.DeleteSliver(slice_urn, creds, *self.ois(server, api_options ) )
-        # xxx no ReturnValue ??
-        return result
-  
+
+        # set the requtested rspec version
+        version_manager = VersionManager()
+        rspec_version = version_manager._get_version('geni', '3').to_dict()
+        api_options['geni_rspec_version'] = rspec_version
+
+        # users
+        # need to pass along user keys to the aggregate.
+        # users = [
+        #  { urn: urn:publicid:IDN+emulab.net+user+alice
+        #    keys: [<ssh key A>, <ssh key B>]
+        #  }]
+        users = []
+        slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string])
+        if slice_records and 'reg-researchers' in slice_records[0] and slice_records[0]['reg-researchers']!=[]:
+            slice_record = slice_records[0]
+            user_hrns = slice_record['reg-researchers']
+            user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns]
+            user_records = self.registry().Resolve(user_urns, [self.my_credential_string])
+            users = pg_users_arg(user_records)
+        
+        api_options['geni_users'] = users
+        result = server.Provision([slice_urn], creds, api_options)
+        value = ReturnValue.get_value(result)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        if options.file is not None:
+            save_rspec_to_file (value, options.file)
+        if (self.options.raw is None) and (options.file is None):
+            print value
+        return value     
+
+    @register_command("slice_hrn","")
      def status(self, options, args):
          """
      def status(self, options, args):
          """
-        retrieve slice status (SliverStatus)
+        retrieve the status of the slivers belonging to tne named slice (Status)
          """
          server = self.sliceapi()
  
          """
          server = self.sliceapi()
  
@@ -958,97 +1298,80 @@ or with an slice hrn, shows currently provisioned resources
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
  
          # creds 
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
  
          # creds 
-        slice_cred = self.slice_credential_string(slice_hrn)
+        slice_cred = self.slice_credential(slice_hrn)
          creds = [slice_cred]
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
  
          # options and call_id when supported
          api_options = {}
  
          # options and call_id when supported
          api_options = {}
-       api_options['call_id']=unique_call_id()
-        result = server.SliverStatus(slice_urn, creds, *self.ois(server,api_options))
+        api_options['call_id']=unique_call_id()
+        if options.show_credential:
+            show_credentials(creds)
+        result = server.Status([slice_urn], creds, *self.ois(server,api_options))
          value = ReturnValue.get_value(result)
          value = ReturnValue.get_value(result)
-        print value
-        if options.file:
-            save_variable_to_file(value, options.file, options.fileformat)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        else:
+            print value
+        # Thierry: seemed to be missing
+        return value
  
  
-    def start(self, options, args):
+    @register_command("slice_hrn action","")
+    def action(self, options, args):
          """
          """
-        start named slice (Start)
-        """
-        server = self.sliceapi()
-
-        # the slice urn
-        slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
-        
-        # cred
-        slice_cred = self.slice_credential_string(args[0])
-        creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        # xxx Thierry - does this not need an api_options as well ?
-        return server.Start(slice_urn, creds)
-    
-    def stop(self, options, args):
-        """
-        stop named slice (Stop)
-        """
-        server = self.sliceapi()
-        # slice urn
-        slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
-        # cred
-        slice_cred = self.slice_credential_string(args[0])
-        creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        return server.Stop(slice_urn, creds)
-    
-    # reset named slice
-    def reset(self, options, args):
-        """
-        reset named slice (reset_slice)
+        Perform the named operational action on these slivers
          """
          server = self.sliceapi()
          """
          server = self.sliceapi()
+        api_options = {}
          # slice urn
          slice_hrn = args[0]
          # slice urn
          slice_hrn = args[0]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        action = args[1]
+        slice_urn = Xrn(slice_hrn, type='slice').get_urn() 
          # cred
          # cred
-        slice_cred = self.slice_credential_string(args[0])
+        slice_cred = self.slice_credential(args[0])
          creds = [slice_cred]
          if options.delegate:
              delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
              creds.append(delegated_cred)
          creds = [slice_cred]
          if options.delegate:
              delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
              creds.append(delegated_cred)
-        return server.reset_slice(creds, slice_urn)
+        
+        result = server.PerformOperationalAction([slice_urn], creds, action , api_options)
+        value = ReturnValue.get_value(result)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        else:
+            print value
+        return value
  
  
+    @register_command("slice_hrn time","")
      def renew(self, options, args):
          """
          renew slice (RenewSliver)
          """
          server = self.sliceapi()
      def renew(self, options, args):
          """
          renew slice (RenewSliver)
          """
          server = self.sliceapi()
+        if len(args) != 2:
+            self.print_help()
+            sys.exit(1)
+        [ slice_hrn, input_time ] = args
          # slice urn    
          # slice urn    
-        slice_hrn = args[0]
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
+        # time: don't try to be smart on the time format, server-side will
          # creds
          # creds
-        slice_cred = self.slice_credential_string(args[0])
+        slice_cred = self.slice_credential(args[0])
          creds = [slice_cred]
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        # time
-        time = args[1]
          # options and call_id when supported
          api_options = {}
          # options and call_id when supported
          api_options = {}
-       api_options['call_id']=unique_call_id()
-        result =  server.RenewSliver(slice_urn, creds, time, *self.ois(server,api_options))
+        api_options['call_id']=unique_call_id()
+        if options.show_credential:
+            show_credentials(creds)
+        result =  server.Renew([slice_urn], creds, input_time, *self.ois(server,api_options))
          value = ReturnValue.get_value(result)
          value = ReturnValue.get_value(result)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        else:
+            print value
          return value
  
  
          return value
  
  
+    @register_command("slice_hrn","")
      def shutdown(self, options, args):
          """
          shutdown named slice (Shutdown)
      def shutdown(self, options, args):
          """
          shutdown named slice (Shutdown)
@@ -1058,84 +1381,19 @@ or with an slice hrn, shows currently provisioned resources
          slice_hrn = args[0]
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          # creds
          slice_hrn = args[0]
          slice_urn = hrn_to_urn(slice_hrn, 'slice') 
          # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
+        slice_cred = self.slice_credential(slice_hrn)
          creds = [slice_cred]
          creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        return server.Shutdown(slice_urn, creds)         
+        result = server.Shutdown(slice_urn, creds)
+        value = ReturnValue.get_value(result)
+        if self.options.raw:
+            save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner)
+        else:
+            print value
+        return value         
      
  
      
  
-    def get_ticket(self, options, args):
-        """
-        get a ticket for the specified slice
-        """
-        server = self.sliceapi()
-        # slice urn
-        slice_hrn, rspec_path = args[0], args[1]
-        slice_urn = hrn_to_urn(slice_hrn, 'slice')
-        # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
-        creds = [slice_cred]
-        if options.delegate:
-            delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
-            creds.append(delegated_cred)
-        # rspec
-        rspec_file = self.get_rspec_file(rspec_path) 
-        rspec = open(rspec_file).read()
-        # options and call_id when supported
-        api_options = {}
-       api_options['call_id']=unique_call_id()
-        # get ticket at the server
-        ticket_string = server.GetTicket(slice_urn, creds, rspec, *self.ois(server,api_options))
-        # save
-        file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
-        self.logger.info("writing ticket to %s"%file)
-        ticket = SfaTicket(string=ticket_string)
-        ticket.save_to_file(filename=file, save_parents=True)
-
-    def redeem_ticket(self, options, args):
-        """
-        Connects to nodes in a slice and redeems a ticket
-(slice hrn is retrieved from the ticket)
-        """
-        ticket_file = args[0]
-        
-        # get slice hrn from the ticket
-        # use this to get the right slice credential 
-        ticket = SfaTicket(filename=ticket_file)
-        ticket.decode()
-        ticket_string = ticket.save_to_string(save_parents=True)
-
-        slice_hrn = ticket.gidObject.get_hrn()
-        slice_urn = hrn_to_urn(slice_hrn, 'slice') 
-        #slice_hrn = ticket.attributes['slivers'][0]['hrn']
-        slice_cred = self.slice_credential_string(slice_hrn)
-        
-        # get a list of node hostnames from the RSpec 
-        tree = etree.parse(StringIO(ticket.rspec))
-        root = tree.getroot()
-        hostnames = root.xpath("./network/site/node/hostname/text()")
-        
-        # create an xmlrpc connection to the component manager at each of these
-        # components and gall redeem_ticket
-        connections = {}
-        for hostname in hostnames:
-            try:
-                self.logger.info("Calling redeem_ticket at %(hostname)s " % locals())
-                cm_url="http://%s:%s/"%(hostname,CM_PORT)
-                server = SfaServerProxy(cm_url, self.private_key, self.my_gid)
-                server = self.server_proxy(hostname, CM_PORT, self.private_key, 
-                                           timeout=self.options.timeout, verbose=self.options.debug)
-                server.RedeemTicket(ticket_string, slice_cred)
-                self.logger.info("Success")
-            except socket.gaierror:
-                self.logger.error("redeem_ticket failed on %s: Component Manager not accepting requests"%hostname)
-            except Exception, e:
-                self.logger.log_exc(e.message)
-        return
-
-    def create_gid(self, options, args):
+    @register_command("[name]","")
+    def gid(self, options, args):
          """
          Create a GID (CreateGid)
          """
          """
          Create a GID (CreateGid)
          """
@@ -1143,7 +1401,8 @@ or with an slice hrn, shows currently provisioned resources
              self.print_help()
              sys.exit(1)
          target_hrn = args[0]
              self.print_help()
              sys.exit(1)
          target_hrn = args[0]
-        gid = self.registry().CreateGid(self.my_credential_string, target_hrn, self.bootstrap.my_gid_string())
+        my_gid_string = open(self.client_bootstrap.my_gid()).read() 
+        gid = self.registry().CreateGid(self.my_credential_string, target_hrn, my_gid_string)
          if options.file:
              filename = options.file
          else:
          if options.file:
              filename = options.file
          else:
@@ -1151,42 +1410,214 @@ or with an slice hrn, shows currently provisioned resources
          self.logger.info("writing %s gid to %s" % (target_hrn, filename))
          GID(string=gid).save_to_file(filename)
           
          self.logger.info("writing %s gid to %s" % (target_hrn, filename))
          GID(string=gid).save_to_file(filename)
           
-
-    def delegate(self, options, args):
+    ####################
+    @register_command("to_hrn","""$ sfi delegate -u -p -s ple.inria.heartbeat -s ple.inria.omftest ple.upmc.slicebrowser
+
+  will locally create a set of delegated credentials for the benefit of ple.upmc.slicebrowser
+  the set of credentials in the scope for this call would be
+  (*) ple.inria.thierry_parmentelat.user_for_ple.upmc.slicebrowser.user.cred
+      as per -u/--user
+  (*) ple.inria.pi_for_ple.upmc.slicebrowser.user.cred
+      as per -p/--pi
+  (*) ple.inria.heartbeat.slice_for_ple.upmc.slicebrowser.user.cred
+  (*) ple.inria.omftest.slice_for_ple.upmc.slicebrowser.user.cred
+      because of the two -s options
+
+""")
+    def delegate (self, options, args):
          """
          (locally) create delegate credential for use by given hrn
          """
          (locally) create delegate credential for use by given hrn
+  make sure to check for 'sfi myslice' instead if you plan
+  on using MySlice
          """
          """
-        delegee_hrn = args[0]
-        if options.delegate_user:
-            cred = self.delegate_cred(self.my_credential_string, delegee_hrn, 'user')
-        elif options.delegate_slice:
-            slice_cred = self.slice_credential_string(options.delegate_slice)
-            cred = self.delegate_cred(slice_cred, delegee_hrn, 'slice')
-        else:
-            self.logger.warning("Must specify either --user or --slice <hrn>")
-            return
-        delegated_cred = Credential(string=cred)
-        object_hrn = delegated_cred.get_gid_object().get_hrn()
+        if len(args) != 1:
+            self.print_help()
+            sys.exit(1)
+        to_hrn = args[0]
+        # support for several delegations in the same call
+        # so first we gather the things to do
+        tuples=[]
+        for slice_hrn in options.delegate_slices:
+            message="%s.slice"%slice_hrn
+            original = self.slice_credential_string(slice_hrn)
+            tuples.append ( (message, original,) )
+        if options.delegate_pi:
+            my_authority=self.authority
+            message="%s.pi"%my_authority
+            original = self.my_authority_credential_string()
+            tuples.append ( (message, original,) )
+        for auth_hrn in options.delegate_auths:
+            message="%s.auth"%auth_hrn
+            original=self.authority_credential_string(auth_hrn)
+            tuples.append ( (message, original, ) )
+        # if nothing was specified at all at this point, let's assume -u
+        if not tuples: options.delegate_user=True
+        # this user cred
          if options.delegate_user:
          if options.delegate_user:
-            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
-                                  + get_leaf(object_hrn) + ".cred")
-        elif options.delegate_slice:
-            dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
-                                  + get_leaf(object_hrn) + ".cred")
+            message="%s.user"%self.user
+            original = self.my_credential_string
+            tuples.append ( (message, original, ) )
+
+        # default type for beneficial is user unless -A
+        if options.delegate_to_authority:       to_type='authority'
+        else:                                   to_type='user'
+
+        # let's now handle all this
+        # it's all in the filenaming scheme
+        for (message,original) in tuples:
+            delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type)
+            delegated_credential = Credential (string=delegated_string)
+            filename = os.path.join ( self.options.sfi_dir,
+                                      "%s_for_%s.%s.cred"%(message,to_hrn,to_type))
+            delegated_credential.save_to_file(filename, save_parents=True)
+            self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename))
+    
+    ####################
+    @register_command("","""$ less +/myslice sfi_config
+[myslice]
+backend  = http://manifold.pl.sophia.inria.fr:7080
+# the HRN that myslice uses, so that we are delegating to
+delegate = ple.upmc.slicebrowser
+# platform - this is a myslice concept
+platform = ple
+# username - as of this writing (May 2013) a simple login name
+username = thierry
+
+$ sfi myslice
+  will first collect the slices that you are part of, then make sure
+  all your credentials are up-to-date (read: refresh expired ones)
+  then compute delegated credentials for user 'ple.upmc.slicebrowser'
+  and upload them all on myslice backend, using 'platform' and 'user'.
+  A password will be prompted for the upload part.
+
+$ sfi -v myslice  -- or sfi -vv myslice
+  same but with more and more verbosity
+
+$ sfi m
+  is synonym to sfi myslice as no other command starts with an 'm'
+"""
+) # register_command
+    def myslice (self, options, args):
+
+        """ This helper is for refreshing your credentials at myslice; it will
+  * compute all the slices that you currently have credentials on
+  * refresh all your credentials (you as a user and pi, your slices)
+  * upload them to the manifold backend server
+  for last phase, sfi_config is read to look for the [myslice] section, 
+  and namely the 'backend', 'delegate' and 'user' settings"""
+
+        ##########
+        if len(args)>0:
+            self.print_help()
+            sys.exit(1)
+        # enable info by default
+        self.logger.setLevelFromOptVerbose(self.options.verbose+1)
+        ### the rough sketch goes like this
+        # (a) rain check for sufficient config in sfi_config
+        myslice_dict={}
+        myslice_keys=['backend', 'delegate', 'platform', 'username']
+        for key in myslice_keys:
+            value=None
+            # oct 2013 - I'm finding myself juggling with config files
+            # so a couple of command-line options can now override config
+            if hasattr(args,key):
+                value=getattr(args,key)
+            else:
+                full_key="MYSLICE_" + key.upper()
+                value=getattr(self.config_instance,full_key,None)
+            if value:   myslice_dict[key]=value
+            else:       print "Unsufficient config, missing key %s in [myslice] section of sfi_config"%key
+        if len(myslice_dict) != len(myslice_keys):
+            sys.exit(1)
  
  
-        delegated_cred.save_to_file(dest_fn, save_parents=True)
+        # (b) figure whether we are PI for the authority where we belong
+        self.logger.info("Resolving our own id %s"%self.user)
+        my_records=self.registry().Resolve(self.user,self.my_credential_string)
+        if len(my_records)!=1: print "Cannot Resolve %s -- exiting"%self.user; sys.exit(1)
+        my_record=my_records[0]
+        my_auths_all = my_record['reg-pi-authorities']
+        self.logger.info("Found %d authorities that we are PI for"%len(my_auths_all))
+        self.logger.debug("They are %s"%(my_auths_all))
+        
+        my_auths = my_auths_all
+        if options.delegate_auths:
+            my_auths = list(set(my_auths_all).intersection(set(options.delegate_auths)))
+            self.logger.debug("Restricted to user-provided auths"%(my_auths))
+
+        # (c) get the set of slices that we are in
+        my_slices_all=my_record['reg-slices']
+        self.logger.info("Found %d slices that we are member of"%len(my_slices_all))
+        self.logger.debug("They are: %s"%(my_slices_all))
+ 
+        my_slices = my_slices_all
+        # if user provided slices, deal only with these - if they are found
+        if options.delegate_slices:
+            my_slices = list(set(my_slices_all).intersection(set(options.delegate_slices)))
+            self.logger.debug("Restricted to user-provided slices: %s"%(my_slices))
+
+        # (d) make sure we have *valid* credentials for all these
+        hrn_credentials=[]
+        hrn_credentials.append ( (self.user, 'user', self.my_credential_string,) )
+        for auth_hrn in my_auths:
+            hrn_credentials.append ( (auth_hrn, 'auth', self.authority_credential_string(auth_hrn),) )
+        for slice_hrn in my_slices:
+            hrn_credentials.append ( (slice_hrn, 'slice', self.slice_credential_string (slice_hrn),) )
+
+        # (e) check for the delegated version of these
+        # xxx todo add an option -a/-A? like for 'sfi delegate' for when we ever 
+        # switch to myslice using an authority instead of a user
+        delegatee_type='user'
+        delegatee_hrn=myslice_dict['delegate']
+        hrn_delegated_credentials = []
+        for (hrn, htype, credential) in hrn_credentials:
+            delegated_credential = self.client_bootstrap.delegate_credential_string (credential, delegatee_hrn, delegatee_type)
+            # save these so user can monitor what she's uploaded
+            filename = os.path.join ( self.options.sfi_dir,
+                                      "%s.%s_for_%s.%s.cred"%(hrn,htype,delegatee_hrn,delegatee_type))
+            with file(filename,'w') as f:
+                f.write(delegated_credential)
+            self.logger.debug("(Over)wrote %s"%filename)
+            hrn_delegated_credentials.append ((hrn, htype, delegated_credential, filename, ))
+
+        # (f) and finally upload them to manifold server
+        # xxx todo add an option so the password can be set on the command line
+        # (but *NOT* in the config file) so other apps can leverage this
+        uploader = ManifoldUploader (logger=self.logger,
+                                     url=myslice_dict['backend'],
+                                     platform=myslice_dict['platform'],
+                                     username=myslice_dict['username'],
+                                     password=options.password)
+        uploader.prompt_all()
+        (count_all,count_success)=(0,0)
+        for (hrn,htype,delegated_credential,filename) in hrn_delegated_credentials:
+            # inspect
+            inspect=Credential(string=delegated_credential)
+            expire_datetime=inspect.get_expiration()
+            message="%s (%s) [exp:%s]"%(hrn,htype,expire_datetime)
+            if uploader.upload(delegated_credential,message=message):
+                count_success+=1
+            count_all+=1
+
+        self.logger.info("Successfully uploaded %d/%d credentials"%(count_success,count_all))
+        # at first I thought we would want to save these,
+        # like 'sfi delegate does' but on second thought
+        # it is probably not helpful as people would not
+        # need to run 'sfi delegate' at all anymore
+        if count_success != count_all: sys.exit(1)
+        return
  
  
-        self.logger.info("delegated credential for %s to %s and wrote to %s"%(object_hrn, delegee_hrn,dest_fn))
-    
-    def get_trusted_certs(self, options, args):
+    @register_command("cred","")
+    def trusted(self, options, args):
          """
          """
-        return uhe trusted certs at this interface (get_trusted_certs)
+        return the trusted certs at this interface (get_trusted_certs)
          """ 
          trusted_certs = self.registry().get_trusted_certs()
          for trusted_cert in trusted_certs:
          """ 
          trusted_certs = self.registry().get_trusted_certs()
          for trusted_cert in trusted_certs:
+            print "\n===========================================================\n"
              gid = GID(string=trusted_cert)
              gid.dump()
              cert = Certificate(string=trusted_cert)
              gid = GID(string=trusted_cert)
              gid.dump()
              cert = Certificate(string=trusted_cert)
-            self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject())
+            self.logger.debug('Sfi.trusted -> %r'%cert.get_subject())
+            print "Certificate:\n%s\n\n"%trusted_cert
          return 
  
          return