added refresh right to slice

[sfa.git] / plc / registry.py

diff --git a/plc/registry.py b/plc/registry.py
index 1638207..53581d4 100644 (file)
--- a/plc/registry.py
+++ b/plc/registry.py
@@ -6,17 +6,21 @@ import os
 import time
 import sys
 
+from util.credential import Credential
 from util.hierarchy import Hierarchy
 from util.trustedroot import TrustedRootList
 from util.cert import Keypair, Certificate
-from util.gid import GID
+from util.gid import GID, create_uuid
 from util.geniserver import GeniServer
 from util.record import GeniRecord
+from util.rights import RightList
 from util.genitable import GeniTable
 from util.geniticket import Ticket
 from util.excep import *
 from util.misc import *
 
+from util.config import *
+
 ##
 # Convert geni fields to PLC fields for use when registering up updating
 # registry record in the PLC database
@@ -132,7 +136,7 @@ class Registry(GeniServer):
     # @param auth_hrn human readable name of authority
 
     def get_auth_info(self, auth_hrn):
-        return AuthHierarchy.get_auth_info(auth_hrn)
+        return self.hierarchy.get_auth_info(auth_hrn)
 
     ##
     # Given an authority name, return the database table for that authority. If
@@ -151,7 +155,7 @@ class Registry(GeniServer):
         # into this authority yet.
 
         if not table.exists():
-            report.trace("Registry: creating table for authority " + auth_name)
+            print "Registry: creating table for authority", auth_name
             table.create()
 
         return table
@@ -347,8 +351,8 @@ class Registry(GeniServer):
 
         if (type == "sa") or (type=="ma"):
             # update the tree
-            if not AuthHierarchy.auth_exists(name):
-                AuthHierarchy.create_auth(name)
+            if not self.hierarchy.auth_exists(name):
+                self.hierarchy.create_auth(name)
 
             # authorities are special since they are managed by the registry
             # rather than by the caller. We create our own GID for the
@@ -428,20 +432,15 @@ class Registry(GeniServer):
     #     the current copy of the record in the Geni database, to make sure
     #     that the appopriate record is removed.
 
-    def remove(self, cred, record_dict):
+    def remove(self, cred, type, hrn):
         self.decode_authentication(cred, "remove")
 
-        record = GeniRecord(dict = record_dict)
-        type = record.get_type()
-
-        self.verify_object_permission(record.get_name())
+        self.verify_object_permission(hrn)
 
-        auth_name = get_authority(record.get_name())
+        auth_name = get_authority(hrn)
         table = self.get_auth_table(auth_name)
 
-        # let's not trust that the caller has a well-formed record (a forged
-        # pointer field could be a disaster), so look it up ourselves
-        record_list = table.resolve(type, record.get_name())
+        record_list = table.resolve(type, hrn)
         if not record_list:
             raise RecordNotFound(name)
         record = record_list[0]
@@ -547,11 +546,13 @@ class Registry(GeniServer):
     # @param cred credential string specifying rights of the caller
     #
     # @return list of record dictionaries
-    def list(self, cred):
+    def list(self, cred, auth_hrn):
         self.decode_authentication(cred, "list")
 
-        auth_name = self.object_gid.get_hrn()
-        table = self.get_auth_table(auth_name)
+        if not self.hierarchy.auth_exists(auth_hrn):
+            raise MissingAuthority(auth_hrn)
+
+        table = self.get_auth_table(auth_hrn)
 
         records = table.list()
 
@@ -563,7 +564,7 @@ class Registry(GeniServer):
             except PlanetLabRecordDoesNotExist:
                 # silently drop the ones that are missing in PL.
                 # is this the right thing to do?
-                report.error("ignoring geni record " + record.get_name() + " because pl record does not exist")
+                print "ignoring geni record ", record.get_name(), " because pl record does not exist"
                 table.remove(record)
 
         dicts = []
@@ -603,7 +604,7 @@ class Registry(GeniServer):
             except PlanetLabRecordDoesNotExist:
                 # silently drop the ones that are missing in PL.
                 # is this the right thing to do?
-                report.error("ignoring geni record " + record.get_name() + " because pl record does not exist")
+                print "ignoring geni record ", record.get_name(), "because pl record does not exist"
                 table.remove(record)
 
         return good_records
@@ -676,6 +677,7 @@ class Registry(GeniServer):
         elif type == "ma":
             rl.add("authority")
         elif type == "slice":
+            rl.add("refresh")
             rl.add("embed")
             rl.add("bind")
             rl.add("control")
@@ -729,7 +731,7 @@ class Registry(GeniServer):
         rl = self.determine_rights(type, name)
         cred.set_privileges(rl)
 
-        cred.set_parent(AuthHierarchy.get_auth_cred(auth_hrn))
+        cred.set_parent(self.hierarchy.get_auth_cred(auth_hrn))
 
         cred.encode()
         cred.sign()
@@ -775,7 +777,7 @@ class Registry(GeniServer):
         rl = self.determine_rights(type, name)
         new_cred.set_privileges(rl)
 
-        new_cred.set_parent(AuthHierarchy.get_auth_cred(auth_hrn))
+        new_cred.set_parent(self.hierarchy.get_auth_cred(auth_hrn))
 
         new_cred.encode()
         new_cred.sign()
@@ -808,7 +810,7 @@ class Registry(GeniServer):
 
         pkey = Keypair()
         pkey.load_pubkey_from_string(pubkey_str)
-        gid = AuthHierarchy.create_gid(name, uuid, pkey)
+        gid = self.hierarchy.create_gid(name, uuid, pkey)
 
         return gid.save_to_string(save_parents=True)