+ def register(self, sfa_record, hrn, pub_key):
+
+ if sfa_record['type'] == 'slice':
+ record = self.register_slice(sfa_record, hrn)
+ elif sfa_record['type'] == 'user':
+ record = self.register_user(sfa_record, hrn, pub_key)
+ elif sfa_record['type'].startswith('authority'):
+ record = self.register_authority(sfa_record, hrn)
+ # We should be returning the records id as a pointer but
+ # this is a string and the records table expects this to be an
+ # int.
+ # return record.id
+ return -1
+
+ def register_slice(self, sfa_record, hrn):
+ # add slice description, name, researchers, PI
+ name = hrn_to_os_tenant_name(hrn)
+ description = sfa_record.get('description', None)
+ self.shell.auth_manager.tenants.create(name, description)
+ tenant = self.shell.auth_manager.tenants.find(name=name)
+ auth_hrn = OSXrn(xrn=hrn, type='slice').get_authority_hrn()
+ parent_tenant_name = OSXrn(
+ xrn=auth_hrn, type='slice').get_tenant_name()
+ parent_tenant = self.shell.auth_manager.tenants.find(
+ name=parent_tenant_name)
+ researchers = sfa_record.get('researchers', [])
+ for researcher in researchers:
+ name = Xrn(researcher).get_leaf()
+ user = self.shell.auth_manager.users.find(name=name)
+ self.shell.auth_manager.roles.add_user_role(user, 'Member', tenant)
+ self.shell.auth_manager.roles.add_user_role(user, 'user', tenant)
+
+ pis = sfa_record.get('pis', [])
+ for pi in pis:
+ name = Xrn(pi).get_leaf()
+ user = self.shell.auth_manager.users.find(name=name)
+ self.shell.auth_manager.roles.add_user_role(user, 'pi', tenant)
+ self.shell.auth_manager.roles.add_user_role(
+ user, 'pi', parent_tenant)
+
+ return tenant
+
+ def register_user(self, sfa_record, hrn, pub_key):
+ # add person roles, projects and keys
+ email = sfa_record.get('email', None)
+ xrn = Xrn(hrn)
+ name = xrn.get_leaf()
+ auth_hrn = xrn.get_authority_hrn()
+ tenant_name = OSXrn(xrn=auth_hrn, type='authority').get_tenant_name()
+ tenant = self.shell.auth_manager.tenants.find(name=tenant_name)
+ self.shell.auth_manager.users.create(
+ name, email=email, tenant_id=tenant.id)
+ user = self.shell.auth_manager.users.find(name=name)
+ slices = sfa_records.get('slices', [])
+ for slice in projects:
+ slice_tenant_name = OSXrn(
+ xrn=slice, type='slice').get_tenant_name()
+ slice_tenant = self.shell.auth_manager.tenants.find(
+ name=slice_tenant_name)
+ self.shell.auth_manager.roles.add_user_role(
+ user, slice_tenant, 'user')
+ keys = sfa_records.get('keys', [])
+ for key in keys:
+ keyname = OSXrn(xrn=hrn, type='user').get_slicename()
+ self.shell.nova_client.keypairs.create(keyname, key)
+ return user
+
+ def register_authority(self, sfa_record, hrn):
+ name = OSXrn(xrn=hrn, type='authority').get_tenant_name()
+ self.shell.auth_manager.tenants.create(
+ name, sfa_record.get('description', ''))
+ tenant = self.shell.auth_manager.tenants.find(name=name)
+ return tenant
+
+ ##########
+ # xxx actually old_sfa_record comes filled with plc stuff as well in the
+ # original code
+ def update(self, old_sfa_record, new_sfa_record, hrn, new_key):
+ type = new_sfa_record['type']
+