### $Id$
### $URL$
-
+import time
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
-from sfa.util.auth import Auth
-from sfa.util.geniticket import *
+from sfa.trust.auth import Auth
+from sfa.util.config import Config
+from sfa.trust.credential import Credential
+from sfa.util.table import SfaTable
+from sfa.util.sfaticket import SfaTicket
+from sfa.plc.slices import Slices
+from sfatables.runtime import SFATablesRules
+from sfa.util.rspec import *
class get_ticket(Method):
"""
initscripts.
@param cred credential string
- @param name name of the slice to retrieve a ticket for
+ @param name name of the slice to retrieve a ticket for (hrn or urn)
@param rspec resource specification dictionary
@return the string representation of a ticket object
"""
- interfaces = ['registry']
+ interfaces = ['aggregate', 'slicemgr']
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"),
- Parameter(str, "Resource specification (rspec)")
+ Parameter(str, "Human readable name of slice to retrive a ticket for (hrn or urn)"),
+ Parameter(str, "Resource specification (rspec)"),
+ Mixed(Parameter(str, "Human readable name of the original caller"),
+ Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(str, "String represeneation of a ticket object")
- def call(self, cred, hrn, rspec):
- self.api.auth.check(cred, "getticket")
- self.api.auth.verify_object_belongs_to_me(hrn)
- self.api.auth.verify_object_permission(name)
-
- # XXX much of this code looks like get_credential... are they so similar
- # that they should be combined?
-
- auth_hrn = self.api.auth.get_authority(hrn)
- if not auth_hrn:
- auth_hrn = hrn
- auth_info = self.api.auth.get_auth_info(auth_hrn)
- record = None
- table = self.api.auth.get_auth_table(auth_hrn)
- record = table.resolve('slice', hrn)
-
- object_gid = record.get_gid_object()
- new_ticket = Ticket(subject = object_gid.get_subject())
- new_ticket.set_gid_caller(self.client_gid)
- new_ticket.set_gid_object(object_gid)
- new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
- new_ticket.set_pubkey(object_gid.get_pubkey())
+ def call(self, cred, xrn, rspec, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
+ user_cred = Credential(string=cred)
- self.api.fill_record_info(record)
+ #log the call
+ if not origin_hrn:
+ origin_hrn = user_cred.get_gid_caller().get_hrn()
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
- (attributes, rspec) = self.api.record_to_slice_info(record)
-
- new_ticket.set_attributes(attributes)
- new_ticket.set_rspec(rspec)
-
- new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
-
- new_ticket.encode()
- new_ticket.sign()
+ # validate the cred
+ self.api.auth.check(cred, "getticket")
+
+ # set the right outgoing rules
+ manager_base = 'sfa.managers'
+ if self.api.interface in ['aggregate']:
+ outgoing_rules = SFATablesRules('OUTGOING')
+ mgr_type = self.api.config.SFA_AGGREGATE_TYPE
+ manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
+ manager = __import__(manager_module, fromlist=[manager_base])
+ elif self.api.interface in ['slicemgr']:
+ outgoing_rules = SFATablesRules('FORWARD-OUTGOING')
+ mgr_type = self.api.config.SFA_SM_TYPE
+ manager_module = manager_base + ".slice_manager_%s" % mgr_type
+ manager = __import__(manager_module, fromlist=[manager_base])
- return new_ticket.save_to_string(save_parents=True)
+ # Filter the incoming rspec using sfatables
+ incoming_rules = SFATablesRules('INCOMING')
+ #incoming_rules.set_slice(hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target
+ contexts = incoming_rules.contexts
+ caller_hrn = Credential(string=cred).get_gid_caller().get_hrn()
+ request_context = manager.fetch_context(hrn, caller_hrn, contexts)
+ incoming_rules.set_context(request_context)
+ rspec = incoming_rules.apply(rspec)
+ # remove nodes that are not available at this interface from the rspec
+ valid_rspec = RSpec(xml=manager.get_rspec(self.api, None, origin_hrn))
+ valid_nodes = valid_rspec.getDictsByTagName('NodeSpec')
+ valid_hostnames = [node['name'] for node in valid_nodes]
+ rspec_object = RSpec(xml=rspec)
+ rspec_object.filter(tagname='NodeSpec', attribute='name', whitelist=valid_hostnames)
+ rspec = rspec_object.toxml()
+ ticket = manager.get_ticket(self.api, xrn, rspec, origin_hrn)
+
+ return ticket