from sfa.plc.api import SfaAPI
from sfa.plc.slices import *
+"""
+Create a new plauth object that the Aggregate Manager can use to execute
+plshell commands as the authenticated user.
+"""
+def __get_user_plauth(api, registry, credential, creds, operation, hrn):
+ plauth = None
+
+ user_creds = api.auth.checkCredentials(creds, operation, hrn)
+ user_cred_obj = Credential(string=user_creds[0])
+
+ # If user cred has a parent then the caller is the parent's cred.
+ # This is true for delegated creds.
+ if user_cred_obj.parent:
+ user_hrn = user_cred_obj.parent.get_gid_caller().get_hrn()
+ else:
+ user_hrn = user_cred_obj.get_gid_caller().get_hrn()
+
+ user_record = registry.Resolve(user_hrn, [credential])[0]
+ email = user_record['email']
+
+ person = api.plshell.GetPersons(api.plauth, email)
+ if person:
+ person_id = person[0]['person_id']
+ # Get the user's session if one exists, create one otherwise
+ session = api.plshell.GetSessions(api.plauth, {'person_id': person_id})
+ if not session:
+ session = api.plshell.AddSession(api.plauth, person_id)
+ else:
+ session = session[0]['session_id']
+
+ # Create new authentication token
+ plauth = {'Username':email, 'AuthMethod':'session', 'session':session}
+
+ return plauth
+
def __get_registry_objects(slice_xrn, creds, users):
"""
site = {}
site['site_id'] = 0
- site['name'] = 'geni.%s' % hrn_auth
+ site['name'] = 'geni.%s' % hrn_auth[:20]
site['enabled'] = True
site['max_slices'] = 100
# Note:
# Is it okay if this login base is the same as one already at this myplc site?
# Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps?
- site['login_base'] = get_leaf(hrn_auth)
- site['abbreviated_name'] = hrn
+ site['login_base'] = hrn_auth[:20]
+ site['abbreviated_name'] = hrn_auth[:20]
site['max_slivers'] = 1000
reg_objects['site'] = site
slice = {}
- slice['expires'] = int(mktime(Credential(string=creds[0]).get_lifetime().timetuple()))
+ slice['expires'] = int(time.mktime(Credential(string=creds[0]).get_lifetime().timetuple()))
slice['hrn'] = hrn
slice['name'] = site['login_base'] + "_" + get_leaf(hrn)
slice['url'] = hrn
hostnames.append(node.hostname)
return hostnames
-
-
def get_version():
version = {}
version['geni_api'] = 1
+ version['sfa'] = 1
return version
def slice_status(api, slice_xrn, creds):
Create the sliver[s] (slice) at this aggregate.
Verify HRN and initialize the slice record in PLC if necessary.
"""
-
reg_objects = __get_registry_objects(slice_xrn, creds, users)
hrn, type = urn_to_hrn(slice_xrn)
site_id, remote_site_id = slices.verify_site(registry, credential, hrn,
peer, sfa_peer, reg_objects)
- slice = slices.verify_slice(registry, credential, hrn, site_id,
+ slice_record = slices.verify_slice(registry, credential, hrn, site_id,
remote_site_id, peer, sfa_peer, reg_objects)
- network = Network(api)
+ user_plauth = __get_user_plauth(api, registry, credential, creds,
+ "createsliver", hrn)
+
+ # The Network instance will use user_plauth to call the PLCAPI
+ network = Network(api, user_plauth)
slice = network.get_slice(api, hrn)
+ slice.peer_id = slice_record['peer_slice_id']
current = __get_hostnames(slice.get_nodes())
network.addRSpec(rspec, api.config.SFA_AGGREGATE_RSPEC_SCHEMA)
# add nodes from rspec
added_nodes = list(set(request).difference(current))
-
- if peer:
- api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice.id, peer)
- api.plshell.AddSliceToNodes(api.plauth, slice.name, added_nodes)
- api.plshell.DeleteSliceFromNodes(api.plauth, slice.name, deleted_nodes)
+ try:
+ if peer:
+ api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice.id, peer)
- network.updateSliceTags()
+ api.plshell.AddSliceToNodes(user_plauth, slice.name, added_nodes)
+ api.plshell.DeleteSliceFromNodes(user_plauth, slice.name, deleted_nodes)
- if peer:
- api.plshell.BindObjectToPeer(api.plauth, 'slice', slice.id, peer,
- slice.peer_id)
+ network.updateSliceTags()
- # print network.toxml()
+ finally:
+ if peer:
+ api.plshell.BindObjectToPeer(api.plauth, 'slice', slice.id, peer,
+ slice.peer_id)
+ # print network.toxml()
return True
# determine if this is a peer slice
peer = peers.get_peer(api, hrn)
- if peer:
- api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer)
- api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids'])
- if peer:
- api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
+ try:
+ if peer:
+ api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer)
+ api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids'])
+ finally:
+ if peer:
+ api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
return 1
def get_slices(api, creds):
xrn = options.get('geni_slice_urn', None)
hrn, type = urn_to_hrn(xrn)
- # get hrn of the original caller
- origin_hrn = options.get('origin_hrn', None)
- if not origin_hrn:
- origin_hrn = Credential(string=creds[0]).get_gid_caller().get_hrn()
-
# look in cache first
if api.cache and not xrn:
rspec = api.cache.get('nodes')
if rspec:
return rspec
- network = Network(api)
+ registry = api.registries[api.hrn]
+ credential = api.getCredential()
+ user_plauth = __get_user_plauth(api, registry, credential, creds,
+ "listnodes", hrn)
+
+ # The Network instance will use user_plauth to call the PLCAPI
+ network = Network(api, user_plauth)
if (hrn):
if network.get_slice(api, hrn):
network.addSlice()
# cache the result
if api.cache and not xrn:
api.cache.add('nodes', rspec)
-
+
return rspec
-def get_ticket(api, xrn, rspec, origin_hrn=None, reg_objects=None):
+def get_ticket(api, xrn, creds, rspec, users):
+
+ reg_objects = __get_registry_objects(xrn, creds, users)
slice_hrn, type = urn_to_hrn(xrn)
slices = Slices(api)
# get the slice record
registry = api.registries[api.hrn]
credential = api.getCredential()
- records = registry.resolve(credential, xrn)
+ records = registry.Resolve(xrn, credential)
# similar to create_slice, we must verify that the required records exist
# at this aggregate before we can issue a ticket