accepts = [
Parameter(str, "Credential string"),
Mixed(Parameter(str, "Human readable name (hrn)"),
- Parameter(None, "hrn not specified"))
+ Parameter(None, "hrn not specified")),
+ Mixed(Parameter(str, "Request hash"),
+ Parameter(None, "Request hash not specified")),
+ Parameter(str, "Callers credential string")
]
returns = Parameter(str, "String representatin of an rspec")
- def call(self, cred, hrn=None, caller_cred=None):
+ def call(self, cred, hrn=None, request_hash = None, caller_cred=None):
sfa_aggregate_type = Config().get_aggregate_rspec_type()
+ # This cred will be an authority cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred,hrn], request_hash)
self.api.auth.check(cred, 'listnodes')
- if caller_cred==None:
- caller_cred=cred
+ if caller_cred==None:
+ caller_cred=cred
#log the call
- self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name))
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name))
# This code needs to be cleaned up so that 'pl' is treated as just another RSpec manager.
# The change ought to be straightforward as soon as we define PL's new RSpec.
+ rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type,
+ fromlist = ["sfa.rspecs.aggregates"])
if (sfa_aggregate_type == 'pl'):
nodes = Nodes(self.api, caller_cred=caller_cred)
if hrn:
nodes.refresh()
rspec = nodes['rspec']
else:
- rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type, fromlist = ["sfa.rspecs.aggregates"])
rspec = rspec_manager.get_rspec(self.api, hrn)
-
- # Filter the outgoing rspec using sfatables
- outgoing_rules = SFATablesRules('OUTGOING')
-
- outgoing_rules.set_user(caller_cred.callerGID.hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target
-
- filtered_rspec = outgoing_rules.apply(rspec)
- return filtered_rspec
+ # Filter the outgoing rspec using sfatables
+ if self.api.interface=='slicemgr':
+ outgoing_rules = SFATablesRules('FORWARD-OUTGOING')
+ else:
+ outgoing_rules = SFATablesRules('OUTGOING')
+ if outgoing_rules.sorted_rule_list:
+ request_context = rspec_manager.fetch_context(
+ hrn,
+ Credential(string=caller_cred).get_gid_caller().get_hrn(),
+ outgoing_rules.contexts)
+ outgoing_rules.set_context(request_context)
+ filtered_rspec = outgoing_rules.apply(rspec)
+ return filtered_rspec
+ else:
+ return rspec
git://git.onelab.eu / sfa.git / blobdiff