+ def actual_caller_hrn(self):
+ """a helper method used by some API calls like e.g. Allocate
+ to try and find out who really is the original caller
+
+ This admittedly is a bit of a hack, please USE IN LAST RESORT
+
+ This code uses a heuristic to identify a delegated credential
+
+ A first known restriction if for traffic that gets through a slice manager
+ in this case the hrn reported is the one from the last SM in the call graph
+ which is not at all what is meant here"""
+
+ caller_hrn = self.get_gid_caller().get_hrn()
+ issuer_hrn = self.get_signature().get_issuer_gid().get_hrn()
+ subject_hrn = self.get_gid_object().get_hrn()
+ # if we find that the caller_hrn is an immediate descendant of the issuer, then
+ # this seems to be a 'regular' credential
+ if caller_hrn.startswith(issuer_hrn):
+ actual_caller_hrn=caller_hrn
+ # else this looks like a delegated credential, and the real caller is the issuer
+ else:
+ actual_caller_hrn=issuer_hrn
+ logger.info("actual_caller_hrn: caller_hrn={}, issuer_hrn={}, returning {}"
+ .format(caller_hrn,issuer_hrn,actual_caller_hrn))
+ return actual_caller_hrn
+