import time
import sys
+from util.credential import Credential
from util.hierarchy import Hierarchy
from util.trustedroot import TrustedRootList
from util.cert import Keypair, Certificate
-from util.gid import GID
+from util.gid import GID, create_uuid
from util.geniserver import GeniServer
from util.record import GeniRecord
+from util.rights import RightList
from util.genitable import GeniTable
from util.geniticket import Ticket
from util.excep import *
from util.misc import *
+from util.config import *
+
##
# Convert geni fields to PLC fields for use when registering up updating
# registry record in the PLC database
# @param auth_hrn human readable name of authority
def get_auth_info(self, auth_hrn):
- return AuthHierarchy.get_auth_info(auth_hrn)
+ return self.hierarchy.get_auth_info(auth_hrn)
##
# Given an authority name, return the database table for that authority. If
# into this authority yet.
if not table.exists():
- report.trace("Registry: creating table for authority " + auth_name)
+ print "Registry: creating table for authority", auth_name
table.create()
return table
if (type == "sa") or (type=="ma"):
# update the tree
- if not AuthHierarchy.auth_exists(name):
- AuthHierarchy.create_auth(name)
+ if not self.hierarchy.auth_exists(name):
+ self.hierarchy.create_auth(name)
# authorities are special since they are managed by the registry
# rather than by the caller. We create our own GID for the
# the current copy of the record in the Geni database, to make sure
# that the appopriate record is removed.
- def remove(self, cred, record_dict):
+ def remove(self, cred, type, hrn):
self.decode_authentication(cred, "remove")
- record = GeniRecord(dict = record_dict)
- type = record.get_type()
-
- self.verify_object_permission(record.get_name())
+ self.verify_object_permission(hrn)
- auth_name = get_authority(record.get_name())
+ auth_name = get_authority(hrn)
table = self.get_auth_table(auth_name)
- # let's not trust that the caller has a well-formed record (a forged
- # pointer field could be a disaster), so look it up ourselves
- record_list = table.resolve(type, record.get_name())
+ record_list = table.resolve(type, hrn)
if not record_list:
raise RecordNotFound(name)
record = record_list[0]
# @param cred credential string specifying rights of the caller
#
# @return list of record dictionaries
- def list(self, cred):
+ def list(self, cred, auth_hrn):
self.decode_authentication(cred, "list")
- auth_name = self.object_gid.get_hrn()
- table = self.get_auth_table(auth_name)
+ if not self.hierarchy.auth_exists(auth_hrn):
+ raise MissingAuthority(auth_hrn)
+
+ table = self.get_auth_table(auth_hrn)
records = table.list()
except PlanetLabRecordDoesNotExist:
# silently drop the ones that are missing in PL.
# is this the right thing to do?
- report.error("ignoring geni record " + record.get_name() + " because pl record does not exist")
+ print "ignoring geni record ", record.get_name(), " because pl record does not exist"
table.remove(record)
dicts = []
except PlanetLabRecordDoesNotExist:
# silently drop the ones that are missing in PL.
# is this the right thing to do?
- report.error("ignoring geni record " + record.get_name() + " because pl record does not exist")
+ print "ignoring geni record ", record.get_name(), "because pl record does not exist"
table.remove(record)
return good_records
elif type == "ma":
rl.add("authority")
elif type == "slice":
+ rl.add("refresh")
rl.add("embed")
rl.add("bind")
rl.add("control")
rl = self.determine_rights(type, name)
cred.set_privileges(rl)
- cred.set_parent(AuthHierarchy.get_auth_cred(auth_hrn))
+ cred.set_parent(self.hierarchy.get_auth_cred(auth_hrn))
cred.encode()
cred.sign()
rl = self.determine_rights(type, name)
new_cred.set_privileges(rl)
- new_cred.set_parent(AuthHierarchy.get_auth_cred(auth_hrn))
+ new_cred.set_parent(self.hierarchy.get_auth_cred(auth_hrn))
new_cred.encode()
new_cred.sign()
pkey = Keypair()
pkey.load_pubkey_from_string(pubkey_str)
- gid = AuthHierarchy.create_gid(name, uuid, pkey)
+ gid = self.hierarchy.create_gid(name, uuid, pkey)
return gid.save_to_string(save_parents=True)