from geni.util.credential import Credential
from geni.util.geniclient import GeniClient, ServerException
from geni.util.gid import create_uuid
-from geni.util.record import GeniRecord
+from geni.util.record import *
from geni.util.rspec import Rspec
from types import StringTypes, ListType
+# xxx todo xxx auto-load ~/.sfi/sfi_config
+
sfi_dir = os.path.expanduser("~/.sfi/")
slicemgr = None
registry = None
sm_url = os.environ["SFI_SM"]
else:
print "No Known Slice Manager"
+ print "Try:"
+ print " export SFI_SM=http://your.slicemanager.url:12347/"
+ print "Or add this argument to the command line:"
+ print " --slicemgr=http://your.slicemanager.url:12347/"
sys.exit(1)
# Set Registry URL
reg_url = os.environ["SFI_REGISTRY"]
else:
print "No Known Registry Server"
+ print "Try:"
+ print " export SFI_REGISTRY=http://your.slicemanager.url:12345/"
+ print "Or add this argument to the command line:"
+ print " --registry=http://your.slicemanager.url:12345/"
sys.exit(1)
if options.verbose :
user = os.environ["SFI_USER"]
else:
print "No Known User Name"
+ print "Try:"
+ print " export SFI_USER=$SFI_AUTH.username"
+ print "Or add this argument to the command line:"
+ print " --user=username"
sys.exit(1)
# Set authority HRN
print "Failed to get slice credential"
sys.exit(-1)
+def delegate_cred(cred, hrn, type = 'authority'):
+ # the gid and hrn of the object we are delegating
+ object_gid = cred.get_gid_object()
+ object_hrn = object_gid.get_hrn()
+ cred.set_delegate(True)
+ if not cred.get_delegate():
+ raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
+
+
+ records = registry.resolve(cred, hrn)
+ records = filter_records(type, records)
+
+ if not records:
+ raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
+
+ # the gid of the user who will be delegated too
+ delegee_gid = records[0].get_gid_object()
+ delegee_hrn = delegee_gid.get_hrn()
+
+ # the key and hrn of the user who will be delegating
+ user_key = Keypair(filename = get_key_file())
+ user_hrn = cred.get_gid_caller().get_hrn()
+
+ dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
+ dcred.set_gid_caller(delegee_gid)
+ dcred.set_gid_object(object_gid)
+ dcred.set_privileges(cred.get_privileges())
+ dcred.set_delegate(True)
+ dcred.set_pubkey(object_gid.get_pubkey())
+ dcred.set_issuer(user_key, user_hrn)
+ dcred.set_parent(cred)
+ dcred.encode()
+ dcred.sign()
+
+ return dcred
+
def get_rspec_file(rspec):
if (os.path.isabs(rspec)):
file = rspec
os.remove(outfn)
return key_string
-
#
# Generate sub-command parser
#
try:
dispatch(command, cmd_opts, cmd_args)
except KeyError:
+ raise
print "Command not found:", command
sys.exit(1)
# filter on person, slice, site, node, etc.
# THis really should be in the filter_records funct def comment...
list = filter_records(opts.type, list)
- display_records(list)
+ for record in list:
+ print "%s (%s)" % (record['hrn'], record['type'])
if opts.file:
save_records_to_file(opts.file, list)
return
records = filter_records(opts.type, records)
if not records:
print "No record of type", opts.type
- display_records(records, True)
+ for record in records:
+ if record['type'] in ['user']:
+ record = UserRecord(dict = record)
+ elif record['type'] in ['slice']:
+ record = SliceRecord(dict = record)
+ elif record['type'] in ['node']:
+ record = NodeRecord(dict = record)
+ elif record['type'] in ['authority', 'ma', 'sa']:
+ record = AuthorityRecord(dict = record)
+ else:
+ record = GeniRecord(dict = record)
+ record.dump()
+
if opts.file:
save_records_to_file(opts.file, records)
return
records = filter_records("user", records)
if not records:
- print "Error: Didn't find a user record for", delegee_name
+ print "Error: Didn't find a user record for", args[0]
return
# the gid of the user who will be delegated too
rec_file = get_record_file(args[0])
record = load_record_from_file(rec_file)
- # check and see if we need to create a gid for this record. The creator
- # of the record signals this by filling in the create_gid, create_gid_hrn,
- # and create_gid_key members.
- # (note: we'd use an unsigned GID in the record instead, but pyOpenSSL is
- # broken and has no way for us to get the key back out of the gid)
- geni_info = record.get_geni_info()
- if "create_gid" in geni_info:
- key_string = geni_info["create_gid_key"].replace("|","\n") # XXX smbaker: the rspec kills newlines
- gid = registry.create_gid(auth_cred, geni_info["create_gid_hrn"], create_uuid(), key_string)
- record.set_gid(gid)
-
- del geni_info["create_gid"]
- del geni_info["create_gid_hrn"]
- del geni_info["create_gid_key"]
-
return registry.register(auth_cred, record)
# update named registry entry
if record.get_name() == user_cred.get_gid_object().get_hrn():
cred = user_cred
else:
- create = get_auth_cred()
+ cred = get_auth_cred()
elif record.get_type() in ["slice"]:
try:
cred = get_slice_cred(record.get_name())
raise
elif record.get_type() in ["authority"]:
cred = get_auth_cred()
+ elif record.get_type() == 'node':
+ cred = get_auth_cred()
else:
raise "unknown record type" + record.get_type()
return registry.update(cred, record)
format = opts.format
display_rspec(result, format)
if (opts.file is not None):
- save_rspec_to_file(opts.file, result)
+ save_rspec_to_file(result, opts.file)
return
# created named slice with given rspec
# start named slice
def start(opts, args):
global slicemgr
+ slice_hrn = args[0]
slice_cred = get_slice_cred(args[0])
- return slicemgr.start_slice(slice_cred)
+ return slicemgr.start_slice(slice_cred, slice_hrn)
# stop named slice
def stop(opts, args):
global slicemgr
+ slice_hrn = args[0]
slice_cred = get_slice_cred(args[0])
- return slicemgr.stop_slice(slice_cred)
+ return slicemgr.stop_slice(slice_cred, slice_hrn)
# reset named slice
def reset(opts, args):
global slicemgr
+ slice_hrn = args[0]
slice_cred = get_slice_cred(args[0])
- return slicemgr.reset_slice(slice_cred)
+ return slicemgr.reset_slice(slice_cred, slice_hrn)
#
#