"update": "record",
"aggregates": "[name]",
"registries": "[name]",
+ "get_gid": [],
"get_trusted_certs": "cred",
"slices": "",
"resources": "[name]",
% (command, cmdargs[command]))
# user specifies remote aggregate/sm/component
- if command in ("resources", "slices", "create", "delete", "start", "stop", "restart", "get_ticket", "redeem_ticket"):
+ if command in ("resources", "slices", "create", "delete", "start", "stop",
+ "restart", "shutdown", "get_ticket", "renew", "status"):
parser.add_option("-a", "--aggregate", dest="aggregate",
default=None, help="aggregate host")
parser.add_option("-p", "--port", dest="port",
default=AGGREGATE_PORT, help="aggregate port")
parser.add_option("-c", "--component", dest="component", default=None,
help="component hrn")
+ parser.add_option("-d", "--delegate", dest="delegate", default=None,
+ action="store_true",
+ help="Include a credential delegated to the user's root"+\
+ "authority in set of credentials for this call")
# registy filter option
if command in ("list", "show", "remove"):
gid = GID(filename=file)
return gid
- def get_gid(self, hrn):
+ def get_gid(self, opts, args):
+ hrn = None
+ if args:
+ hrn = args[0]
+ gid = self._get_gid(hrn)
+ print gid.save_to_string(save_parents=True)
+ return gid
+
+ def _get_gid(self, hrn=None):
+ if not hrn:
+ hrn = self.user
+
gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
gid = self.get_cached_gid(gidfile)
if not gid:
delegee_hrn = args[0]
if opts.delegate_user:
user_cred = self.get_user_cred()
- cred = delegate_cred(user_cred, delegee_hrn)
+ cred = self.delegate_cred(user_cred, delegee_hrn)
elif opts.delegate_slice:
slice_cred = self.get_slice_cred(opts.delegate_slice)
cred = self.delegate_cred(slice_cred, delegee_hrn)
if not object_cred.get_privileges().get_all_delegate():
print "Error: Object credential", object_hrn, "does not have delegate bit set"
return
-
+
+ # the delegating user's gid
+ caller_gid = self._get_gid(self.user)
+ caller_gidfile = os.path.join(self.options.sfi_dir, self.user + ".gid")
+
# the gid of the user who will be delegated to
- delegee_gid = self.get_gid(hrn)
+ delegee_gid = self._get_gid(hrn)
delegee_hrn = delegee_gid.get_hrn()
delegee_gidfile = os.path.join(self.options.sfi_dir, delegee_hrn + ".gid")
delegee_gid.save_to_file(filename=delegee_gidfile)
- dcred = object_cred.delegate(delegee_gidfile, self.get_key_file())
+ dcred = object_cred.delegate(delegee_gidfile, self.get_key_file(), caller_gidfile)
return dcred.save_to_string(save_parents=True)
# removed named registry record
list instantiated slices
"""
user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ creds = [user_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- results = server.ListSlices([user_cred])
+ results = server.ListSlices(creds)
display_list(results)
return
else:
cred = user_cred
hrn = None
-
- delegated_cred = self.delegate_cred(cred, self.authority)
- creds = [cred, delegated_cred]
+
+ creds = [cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(cred, get_authority(self.authority))
+ creds.append(delegated_cred)
result = server.ListResources(creds, call_options)
format = opts.format
display_rspec(result, format)
slice_urn = hrn_to_urn(slice_hrn, 'slice')
user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
rspec_file = self.get_rspec_file(args[1])
rspec = open(rspec_file).read()
server = self.get_server_from_opts(opts)
- result = server.CreateSliver(slice_urn, [slice_cred], rspec, [])
+ result = server.CreateSliver(slice_urn, creds, rspec, [])
print result
return result
slice_urn = hrn_to_urn(slice_hrn, 'slice')
user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
rspec_file = self.get_rspec_file(rspec_path)
rspec = open(rspec_file).read()
server = self.get_server_from_opts(opts)
- ticket_string = server.GetTicket(slice_urn, [slice_cred], rspec, [])
+ ticket_string = server.GetTicket(slice_urn, creds, rspec, [])
file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
print "writing ticket to ", file
ticket = SfaTicket(string=ticket_string)
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.DeleteSliver(slice_urn, [slice_cred])
+ return server.DeleteSliver(slice_urn, creds)
# start named slice
def start(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.Start(slice_urn, [slice_cred])
+ return server.Start(slice_urn, creds)
# stop named slice
def stop(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.Stop(slice_urn, [slice_cred])
+ return server.Stop(slice_urn, creds)
# reset named slice
def reset(self, opts, args):
slice_urn = hrn_to_urn(slice_hrn, 'slice')
server = self.get_server_from_opts(opts)
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
- return server.reset_slice(slice_cred, slice_urn)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
+ return server.reset_slice(creds, slice_urn)
def renew(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
server = self.get_server_from_opts(opts)
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
time = args[1]
- return server.RenewSliver(slice_urn, [slice_cred], time)
+ return server.RenewSliver(slice_urn, creds, time)
def status(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- print server.SliverStatus(slice_urn, [slice_cred])
+ print server.SliverStatus(slice_urn, creds)
def shutdown(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.Shutdown(slice_urn, [slice_cred])
+ return server.Shutdown(slice_urn, creds)
#
# Main: parse arguments and dispatch to command
git://git.onelab.eu / sfa.git / blobdiff