git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
call traceability for get_credential
[sfa.git] / sfa / methods / create_slice.py
diff --git a/sfa/methods/create_slice.py b/sfa/methods/create_slice.py
index 4192cc0..a85e8e5 100644 (file)
--- a/sfa/methods/create_slice.py
+++ b/sfa/methods/create_slice.py
@@ -2,24 +2,21 @@
 ### $URL$
 
 from sfa.util.faults import *
 ### $URL$
 
 from sfa.util.faults import *
-from sfa.util.misc import *
+from sfa.util.namespace import *
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter, Mixed
 from sfa.trust.auth import Auth
 from sfa.plc.slices import Slices
 from sfa.util.config import Config
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter, Mixed
 from sfa.trust.auth import Auth
 from sfa.plc.slices import Slices
 from sfa.util.config import Config
-# RSpecManager_pl is not used. It's used to make sure the module is in place.
-import sfa.rspecs.aggregates.rspec_manager_pl
 from sfa.trust.credential import Credential
 from sfatables.runtime import SFATablesRules
 
 from sfa.trust.credential import Credential
 from sfatables.runtime import SFATablesRules
 
-
 class create_slice(Method):
     """
     Instantiate the specified slice according to whats defined in the specified rspec      
 
     @param cred credential string specifying the rights of the caller
 class create_slice(Method):
     """
     Instantiate the specified slice according to whats defined in the specified rspec      
 
     @param cred credential string specifying the rights of the caller
-    @param hrn human readable name of slice to instantiate
+    @param hrn human readable name of slice to instantiate (hrn or xrn)
     @param rspec resource specification
     @return 1 is successful, faults otherwise  
     """
     @param rspec resource specification
     @return 1 is successful, faults otherwise  
     """
@@ -28,60 +25,52 @@ class create_slice(Method):
     
     accepts = [
         Parameter(str, "Credential string"),
     
     accepts = [
         Parameter(str, "Credential string"),
-        Parameter(str, "Human readable name of slice to instantiate"),
+        Parameter(str, "Human readable name of slice to instantiate (hrn or xrn)"),
         Parameter(str, "Resource specification"),
         Parameter(str, "Resource specification"),
-        Mixed(Parameter(str, "Request hash"),
-              Parameter(None, "Request hash not specified"))
+        Mixed(Parameter(str, "Human readable name of the original caller"),
+              Parameter(None, "Origin hrn not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
         ]
 
     returns = Parameter(int, "1 if successful")
-    
-    def call(self, cred, hrn, requested_rspec, request_hash=None, caller_cred=None):
-        if caller_cred==None:
-            caller_cred=cred
-        
-        # This cred will be an slice cred, not a user, so we cant use it to
-        # authenticate the caller's request_hash. Let just get the caller's gid
-        # from the cred and authenticate using that
-        client_gid = Credential(string=cred).get_gid_caller()
-        client_gid_str = client_gid.save_to_string(save_parents=True)
-        self.api.auth.authenticateGid(client_gid_str, [cred, hrn, requested_rspec], request_hash)
-        self.api.auth.check(cred, 'createslice')
-
-        #log the call
-        self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name))
 
 
-        sfa_aggregate_type = Config().get_aggregate_rspec_type()
-        rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type, fromlist = ["sfa.rspecs.aggregates"])
-        #Filter the incoming rspec using sfatables
-        incoming_rules = SFATablesRules('INCOMING')
-       if incoming_rules.sorted_rule_list:
-           #incoming_rules.set_slice(hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target
+    def __run_sfatables(self, manager, rules, hrn, origin_hrn, rspec):
+        if rules.sorted_rule_list:
+            contexts = rules.contexts
+            request_context = manager.fetch_context(hrn, origin_hrn, contexts)
+            rules.set_context(request_context)
+            newrspec = rules.apply(rspec)
+        else:  
+            newrspec = rspec
+        return newrspec
 
 
-           contexts = incoming_rules.contexts
-           request_context = rspec_manager.fetch_context(hrn, Credential(string=caller_cred).get_gid_caller().get_hrn(), contexts)
-           incoming_rules.set_context(request_context)
-           rspec = incoming_rules.apply(requested_rspec)
-
-       else:   
-          rspec = requested_rspec
-
-        # send the call to the right manager
-        if sfa_aggregate_type not in ['pl']:
-            # To clean up after July 21 - SB
-            rspec = rspec_manager.create_slice(self.api, hrn, rspec)
-            return 1
+        
+    def call(self, cred, xrn, requested_rspec, origin_hrn=None):
+        hrn, type = urn_to_hrn(xrn) 
+        user_cred = Credential(string=cred)
+        #log the call
+        if not origin_hrn:
+            origin_hrn = user_cred.get_gid_caller().get_hrn()
+        self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+         
+        # validate the credential
+        self.api.auth.check(cred, 'createslice')
 
         manager_base = 'sfa.managers'
         if self.api.interface in ['aggregate']:
             mgr_type = self.api.config.SFA_AGGREGATE_TYPE
             manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
             manager = __import__(manager_module, fromlist=[manager_base])
 
         manager_base = 'sfa.managers'
         if self.api.interface in ['aggregate']:
             mgr_type = self.api.config.SFA_AGGREGATE_TYPE
             manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
             manager = __import__(manager_module, fromlist=[manager_base])
-            manager.create_slice(self.api, hrn, rspec)
+            rspec = self.__run_sfatables(manager, 
+                                         SFATablesRules('INCOMING'),
+                                         hrn, origin_hrn, requested_rspec)
+            manager.create_slice(self.api, xrn, rspec)
         elif self.api.interface in ['slicemgr']:
             mgr_type = self.api.config.SFA_SM_TYPE
             manager_module = manager_base + ".slice_manager_%s" % mgr_type
             manager = __import__(manager_module, fromlist=[manager_base])
         elif self.api.interface in ['slicemgr']:
             mgr_type = self.api.config.SFA_SM_TYPE
             manager_module = manager_base + ".slice_manager_%s" % mgr_type
             manager = __import__(manager_module, fromlist=[manager_base])
-            manager.create_slice(self.api, hrn, rspec, caller_cred)
+            rspec = self.__run_sfatables(manager, 
+                                         SFATablesRules('FORWARD-INCOMING'),
+                                         hrn, origin_hrn, requested_rspec)
+            manager.create_slice(self.api, xrn, rspec, origin_hrn)
 
         return 1 
 
         return 1 
sfa