"update": "record",
"aggregates": "[name]",
"registries": "[name]",
+ "get_gid": [],
"get_trusted_certs": "cred",
"slices": "",
"resources": "[name]",
% (command, cmdargs[command]))
# user specifies remote aggregate/sm/component
- if command in ("resources", "slices", "create", "delete", "start", "stop", "restart", "get_ticket", "redeem_ticket"):
+ if command in ("resources", "slices", "create", "delete", "start", "stop",
+ "restart", "shutdown", "get_ticket", "renew", "status"):
parser.add_option("-a", "--aggregate", dest="aggregate",
default=None, help="aggregate host")
parser.add_option("-p", "--port", dest="port",
default=AGGREGATE_PORT, help="aggregate port")
parser.add_option("-c", "--component", dest="component", default=None,
help="component hrn")
+ parser.add_option("-d", "--delegate", dest="delegate", default=None,
+ action="store_true",
+ help="Include a credential delegated to the user's root"+\
+ "authority in set of credentials for this call")
# registy filter option
if command in ("list", "show", "remove"):
print "Writing self-signed certificate to", file
cert.save_to_file(file)
return file
-
+
+ def get_cached_gid(self, file):
+ """
+ Return a cached gid
+ """
+ gid = None
+ if (os.path.isfile(file)):
+ gid = GID(filename=file)
+ return gid
+
+ def get_gid(self, opts, args):
+ hrn = None
+ if args:
+ hrn = args[0]
+ gid = self._get_gid(hrn)
+ print gid.save_to_string(save_parents=True)
+ return gid
+
+ def _get_gid(self, hrn=None):
+ if not hrn:
+ hrn = self.user
+
+ gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
+ gid = self.get_cached_gid(gidfile)
+ if not gid:
+ user_cred = self.get_user_cred()
+ records = self.registry.Resolve(hrn, user_cred.save_to_string(save_parents=True))
+ if not records:
+ raise RecordNotFound(args[0])
+ gid = GID(string=records[0]['gid'])
+ if self.options.verbose:
+ print "Writing gid to ", gidfile
+ gid.save_to_file(filename=gidfile)
+ return gid
+
+
def get_cached_credential(self, file):
"""
Return a cached credential only if it hasn't expired.
return
def delegate(self, opts, args):
- user_cred = self.get_user_cred()
+
+ delegee_hrn = args[0]
if opts.delegate_user:
- object_cred = user_cred
+ user_cred = self.get_user_cred()
+ cred = self.delegate_cred(user_cred, delegee_hrn)
elif opts.delegate_slice:
- object_cred = self.get_slice_cred(opts.delegate_slice)
+ slice_cred = self.get_slice_cred(opts.delegate_slice)
+ cred = self.delegate_cred(slice_cred, delegee_hrn)
else:
print "Must specify either --user or --slice <hrn>"
return
+ delegated_cred = Credential(string=cred)
+ object_hrn = delegated_cred.get_gid_object().get_hrn()
+ if opts.delegate_user:
+ dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
+ + get_leaf(object_hrn) + ".cred")
+ elif opts.delegate_slice:
+ dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
+ + get_leaf(object_hrn) + ".cred")
+
+ delegated_cred.save_to_file(dest_fn, save_parents=True)
+
+ print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
+ def delegate_cred(self, object_cred, hrn):
# the gid and hrn of the object we are delegating
+ if isinstance(object_cred, str):
+ object_cred = Credential(string=object_cred)
object_gid = object_cred.get_gid_object()
object_hrn = object_gid.get_hrn()
if not object_cred.get_privileges().get_all_delegate():
print "Error: Object credential", object_hrn, "does not have delegate bit set"
return
-
- records = self.registry.Resolve(args[0], user_cred.save_to_string(save_parents=True))
- if not records:
- raise RecordNotFound(args[0])
+
+ # the delegating user's gid
+ caller_gid = self._get_gid(self.user)
+ caller_gidfile = os.path.join(self.options.sfi_dir, self.user + ".gid")
+
# the gid of the user who will be delegated to
- delegee_gid = GID(string=records[0]['gid'])
+ delegee_gid = self._get_gid(hrn)
delegee_hrn = delegee_gid.get_hrn()
delegee_gidfile = os.path.join(self.options.sfi_dir, delegee_hrn + ".gid")
delegee_gid.save_to_file(filename=delegee_gidfile)
- dcred = object_cred.delegate(delegee_gidfile, self.get_key_file())
-
- if opts.delegate_user:
- dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_"
- + get_leaf(object_hrn) + ".cred")
- elif opts.delegate_slice:
- dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_"
- + get_leaf(object_hrn) + ".cred")
-
- dcred.save_to_file(dest_fn, save_parents=True)
-
- print "delegated credential for", object_hrn, "to", delegee_hrn, "and wrote to", dest_fn
-
+ dcred = object_cred.delegate(delegee_gidfile, self.get_key_file(), caller_gidfile)
+ return dcred.save_to_string(save_parents=True)
+
# removed named registry record
# - have to first retrieve the record to be removed
def remove(self, opts, args):
list instantiated slices
"""
user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ creds = [user_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- results = server.ListSlices([user_cred])
+ results = server.ListSlices(creds)
display_list(results)
return
else:
cred = user_cred
hrn = None
-
- result = server.ListResources([cred], call_options)
+
+ creds = [cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(cred, get_authority(self.authority))
+ creds.append(delegated_cred)
+ result = server.ListResources(creds, call_options)
format = opts.format
display_rspec(result, format)
if (opts.file is not None):
slice_urn = hrn_to_urn(slice_hrn, 'slice')
user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
rspec_file = self.get_rspec_file(args[1])
rspec = open(rspec_file).read()
server = self.get_server_from_opts(opts)
- result = server.CreateSliver(slice_urn, [slice_cred], rspec, [])
+ result = server.CreateSliver(slice_urn, creds, rspec, [])
print result
return result
slice_urn = hrn_to_urn(slice_hrn, 'slice')
user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
rspec_file = self.get_rspec_file(rspec_path)
rspec = open(rspec_file).read()
server = self.get_server_from_opts(opts)
- ticket_string = server.GetTicket(slice_urn, [slice_cred], rspec, [])
+ ticket_string = server.GetTicket(slice_urn, creds, rspec, [])
file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
print "writing ticket to ", file
ticket = SfaTicket(string=ticket_string)
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.DeleteSliver(slice_urn, [slice_cred])
+ return server.DeleteSliver(slice_urn, creds)
# start named slice
def start(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.Start(slice_urn, [slice_cred])
+ return server.Start(slice_urn, creds)
# stop named slice
def stop(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.Stop(slice_urn, [slice_cred])
+ return server.Stop(slice_urn, creds)
# reset named slice
def reset(self, opts, args):
slice_urn = hrn_to_urn(slice_hrn, 'slice')
server = self.get_server_from_opts(opts)
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
- return server.reset_slice(slice_cred, slice_urn)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
+ return server.reset_slice(creds, slice_urn)
def renew(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
server = self.get_server_from_opts(opts)
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
time = args[1]
- return server.RenewSliver(slice_urn, [slice_cred], time)
+ return server.RenewSliver(slice_urn, creds, time)
def status(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- print server.SliverStatus(slice_urn, [slice_cred])
+ print server.SliverStatus(slice_urn, creds)
def shutdown(self, opts, args):
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ creds = [slice_cred]
+ if opts.delegate:
+ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
+ creds.append(delegated_cred)
server = self.get_server_from_opts(opts)
- return server.Shutdown(slice_urn, [slice_cred])
+ return server.Shutdown(slice_urn, creds)
#
# Main: parse arguments and dispatch to command
git://git.onelab.eu / sfa.git / blobdiff