"update": "record",
"aggregates": "[name]",
"registries": "[name]",
+ "get_gid": [],
"get_trusted_certs": "cred",
"slices": "",
"resources": "[name]",
print "Writing self-signed certificate to", file
cert.save_to_file(file)
return file
-
+
+ def get_cached_gid(self, file):
+ """
+ Return a cached gid
+ """
+ gid = None
+ if (os.path.isfile(file)):
+ gid = GID(filename=file)
+ return gid
+
+ def get_gid(self, opts, args):
+ hrn = None
+ if args:
+ hrn = args[0]
+ gid = self._get_gid(hrn)
+ print gid.save_to_string(save_parents=True)
+ return gid
+
+ def _get_gid(self, hrn=None):
+ if not hrn:
+ hrn = self.user
+
+ gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
+ gid = self.get_cached_gid(gidfile)
+ if not gid:
+ user_cred = self.get_user_cred()
+ records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True))
+ if not records:
+ raise RecordNotFound(args[0])
+ gid = GID(string=records[0]['gid'])
+ if self.options.verbose:
+ print "Writing gid to ", gidfile
+ gid.save_to_file(filename=gidfile)
+ return gid
+
+
def get_cached_credential(self, file):
"""
Return a cached credential only if it hasn't expired.
return
def delegate(self, opts, args):
- user_cred = self.get_user_cred()
+
+ delegee_hrn = args[0]
if opts.delegate_user:
- object_cred = user_cred
+ user_cred = self.get_user_cred()
+ cred = self.delegate_cred(user_cred, delegee_hrn)
elif opts.delegate_slice:
- object_cred = self.get_slice_cred(opts.delegate_slice)
+ slice_cred = self.get_slice_cred(opts.delegate_slice)
+ cred = self.delegate_cred(slice_cred, delegee_hrn)
else:
print "Must specify either --user or --slice <hrn>"
return
+ delegated_cred = Credential(string=cred)
+ object_hrn = delegated_cred.get_gid_object().get_hrn()
+ if opts.delegate_user:
+ dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
+ + get_leaf(object_hrn) + ".cred")
+ elif opts.delegate_slice:
+ dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
+ + get_leaf(object_hrn) + ".cred")
+
+ delegated_cred.save_to_file(dest_fn, save_parents=True)
+
+ print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
+ def delegate_cred(self, object_cred, hrn):
# the gid and hrn of the object we are delegating
+ if isinstance(object_cred, str):
+ object_cred = Credential(string=object_cred)
object_gid = object_cred.get_gid_object()
object_hrn = object_gid.get_hrn()
print "Error: Object credential", object_hrn, "does not have delegate bit set"
return
- records = self.registry.Resolve(args[0], user_cred.save_to_string(save_parents=True))
- if not records:
- raise RecordNotFound(args[0])
# the gid of the user who will be delegated to
- delegee_gid = GID(string=records[0]['gid'])
+ delegee_gid = self._get_gid(hrn)
delegee_hrn = delegee_gid.get_hrn()
delegee_gidfile = os.path.join(self.options.sfi_dir, delegee_hrn + ".gid")
delegee_gid.save_to_file(filename=delegee_gidfile)
dcred = object_cred.delegate(delegee_gidfile, self.get_key_file())
-
- if opts.delegate_user:
- dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
- + get_leaf(object_hrn) + ".cred")
- elif opts.delegate_slice:
- dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
- + get_leaf(object_hrn) + ".cred")
-
- dcred.save_to_file(dest_fn, save_parents=True)
-
- print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
-
+ return dcred.save_to_string(save_parents=True)
+
# removed named registry record
# - have to first retrieve the record to be removed
def remove(self, opts, args):
else:
cred = user_cred
hrn = None
-
- result = server.ListResources([cred], call_options)
+
+ delegated_cred = self.delegate_cred(cred, self.authority)
+ creds = [cred, delegated_cred]
+ result = server.ListResources(creds, call_options)
format = opts.format
display_rspec(result, format)
if (opts.file is not None):