from sfa.trust.certificate import *
from sfa.util.faults import *
-def get_credential(api, hrn, type, is_self=False):
+def get_credential(api, xrn, type, is_self=False):
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
api.fill_record_info(record)
+ if record['type']=='user':
+ if not record['enabled']:
+ raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email']))
# get the callers gid
# if this is a self cred the record's gid is the caller's gid
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
- new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
- new_cred.set_pubkey(object_gid.get_pubkey())
+ new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
+ #new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
- new_cred.set_delegate(True)
+ new_cred.get_privileges().delegate_all_privileges(True)
auth_kind = "authority,ma,sa"
- new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
+ # Parent not necessary, verify with certs
+ #new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
-def resolve(api, hrns, type=None, origin_hrn=None):
+def resolve(api, xrns, type=None, origin_hrn=None, full=True):
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
- if not isinstance(hrns, types.ListType):
- hrns = [hrns]
-
+ if not isinstance(xrns, types.ListType):
+ xrns = [xrns]
+ hrns = [urn_to_hrn(xrn)[0] for xrn in xrns]
# create a dict whre key is an registry hrn and its value is a
# hrns at that registry (determined by the known prefix tree).
- hrn_dict = {}
+ xrn_dict = {}
+ # XX Preload this into the api module
registries = Registries(api)
tree = prefixTree()
registry_hrns = registries.keys()
tree.load(registry_hrns)
- for hrn in hrns:
- registry_hrn = tree.best_match(hrn)
- if registry_hrn not in hrn_dict:
- hrn_dict[registry_hrn] = []
- hrn_dict[registry_hrn].append(hrn)
+ for xrn in xrns:
+ registry_hrn = tree.best_match(urn_to_hrn(xrn)[0])
+ if registry_hrn not in xrn_dict:
+ xrn_dict[registry_hrn] = []
+ xrn_dict[registry_hrn].append(xrn)
records = []
- for registry_hrn in hrn_dict:
+ for registry_hrn in xrn_dict:
# skip the hrn without a registry hrn
# XX should we let the user know the authority is unknown?
if not registry_hrn:
# if the best match (longest matching hrn) is not the local registry,
# forward the request
- hrns = hrn_dict[registry_hrn]
+ xrns = xrn_dict[registry_hrn]
if registry_hrn != api.hrn:
credential = api.getCredential()
- peer_records = registries[registry_hrn].resolve(credential, hrn, origin_hrn)
+ peer_records = registries[registry_hrn].resolve(credential, xrns, origin_hrn)
records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
# try resolving the remaining unfound records at the local registry
remaining_hrns = set(hrns).difference([record['hrn'] for record in records])
+ # convert set to list
remaining_hrns = [hrn for hrn in remaining_hrns]
table = SfaTable()
local_records = table.findObjects({'hrn': remaining_hrns})
- for record in local_records:
- try:
- api.fill_record_info(record)
- records.append(dict(record))
- except PlanetLabRecordDoesNotExist:
- # silently drop the ones that are missing in PL
- print >> log, "ignoring SFA record ", record['hrn'], \
- " because pl record does not exist"
- table.remove(record)
-
+ if full:
+ api.fill_record_info(local_records)
+
+ # convert local record objects to dicts
+ records.extend([dict(record) for record in local_records])
if not records:
raise RecordNotFound(str(hrns))
return records
-def list(api, hrn):
+def list(api, xrn, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
records = []
registries = Registries(api)
- hrns = registries.keys()
+ registry_hrns = registries.keys()
tree = prefixTree()
- tree.load(hrns)
+ tree.load(registry_hrns)
registry_hrn = tree.best_match(hrn)
#if there was no match then this record belongs to an unknow registry
if not registry_hrn:
- raise MissingAuthority(hrn)
+ raise MissingAuthority(xrn)
# if the best match (longest matching hrn) is not the local registry,
# forward the request
records = []
if registry_hrn != api.hrn:
credential = api.getCredential()
- record_list = registries[registry_hrn].list(credential, hrn, origin_hrn)
+ record_list = registries[registry_hrn].list(credential, xrn, origin_hrn)
records = [SfaRecord(dict=record).as_dict() for record in record_list]
# if we still havnt found the record yet, try the local registry
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
- slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
- if not slices:
- pointer = api.plshell.AddSlice(api.plauth, pl_record)
- else:
- pointer = slices[0]['slice_id']
- record.set_pointer(pointer)
- record['pointer'] = pointer
+ slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
+ if not slices:
+ pointer = api.plshell.AddSlice(api.plauth, pl_record)
+ else:
+ pointer = slices[0]['slice_id']
+ record.set_pointer(pointer)
+ record['pointer'] = pointer
elif (type == "user"):
persons = api.plshell.GetPersons(api.plauth, [record['email']])
return 1
-def remove(api, hrn, type, origin_hrn=None):
+def remove(api, xrn, type, origin_hrn=None):
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
+
table = SfaTable()
filter = {'hrn': hrn}
if type not in ['all', '*']: