+
+ def sliver_to_slice_xrn(self, xrn):
+ sliver_id_parts = Xrn(xrn).get_sliver_id_parts()
+ filter = {'peer_id': None}
+ try:
+ filter['slice_id'] = int(sliver_id_parts[0])
+ except ValueError:
+ filter['name'] = sliver_id_parts[0]
+ slices = self.shell.GetSlices(filter, ['hrn'])
+ if not slices:
+ raise Forbidden(
+ "Unable to locate slice record for sliver: {}".format(xrn))
+ slice = slices[0]
+ slice_xrn = slice['hrn']
+ return slice_xrn
+
+ def check_sliver_credentials(self, creds, urns):
+ # build list of cred object hrns
+ slice_cred_names = []
+ for cred in creds:
+ slice_cred_hrn = Credential(cred=cred).get_gid_object().get_hrn()
+ top_auth_hrn = top_auth(slice_cred_hrn)
+ site_hrn = '.'.join(slice_cred_hrn.split('.')[:-1])
+ slice_part = slice_cred_hrn.split('.')[-1]
+ if top_auth_hrn == self.hrn:
+ login_base = slice_cred_hrn.split('.')[-2][:12]
+ else:
+ login_base = hash_loginbase(site_hrn)
+
+ slicename = '_'.join([login_base, slice_part])
+ slice_cred_names.append(slicename)
+
+ # look up slice name of slivers listed in urns arg
+ slice_ids = []
+ for urn in urns:
+ sliver_id_parts = Xrn(xrn=urn).get_sliver_id_parts()
+ try:
+ slice_ids.append(int(sliver_id_parts[0]))
+ except ValueError:
+ pass
+
+ if not slice_ids:
+ raise Forbidden("sliver urn not provided")
+
+ slices = self.shell.GetSlices(slice_ids)
+ sliver_names = [slice['name'] for slice in slices]
+
+ # make sure we have a credential for every specified sliver ierd
+ for sliver_name in sliver_names:
+ if sliver_name not in slice_cred_names:
+ msg = "Valid credential not found for target: {}".format(
+ sliver_name)
+ raise Forbidden(msg)
+