- (attributes, rspec) = self.api.record_to_slice_info(record)
-
- new_ticket.set_attributes(attributes)
- new_ticket.set_rspec(rspec)
-
- new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
-
- new_ticket.encode()
- new_ticket.sign()
-
- return new_ticket.save_to_string(save_parents=True)
+ # Filter the incoming rspec using sfatables
+ incoming_rules = SFATablesRules('INCOMING')
+ #incoming_rules.set_slice(hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target
+ contexts = incoming_rules.contexts
+ caller_hrn = Credential(string=cred).get_gid_caller().get_hrn()
+ request_context = manager.fetch_context(hrn, caller_hrn, contexts)
+ incoming_rules.set_context(request_context)
+ rspec = incoming_rules.apply(rspec)
+ # remove nodes that are not available at this interface from the rspec
+ valid_rspec = RSpec(xml=manager.get_rspec(self.api))
+ valid_nodes = valid_rspec.getDictsByTagName('NodeSpec')
+ vaild_hostnames = [node['name'] for node in valid_nodes]
+ rspec_object = RSpec(xml=rspec)
+ rspec_object.filter(tagname='NodeSpec', attribute='name', whitelist=valid_hostnames)
+ rspec = rspec_object.toxml()
+ ticket = manager.get_ticket(self.api, hrn, rspec)
+
+ return ticket