### $Id$
### $URL$
-
+import time
from sfa.util.faults import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
+from sfa.util.config import Config
+from sfa.trust.credential import Credential
+from sfa.util.genitable import GeniTable
from sfa.util.sfaticket import SfaTicket
+from sfa.plc.slices import Slices
+from sfatables.runtime import SFATablesRules
class get_ticket(Method):
"""
@return the string representation of a ticket object
"""
- interfaces = ['registry']
+ interfaces = ['registry', 'aggregate', 'slicemgr']
accepts = [
Parameter(str, "Credential string"),
self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
self.api.auth.check(cred, "getticket")
self.api.auth.verify_object_belongs_to_me(hrn)
- self.api.auth.verify_object_permission(name)
-
- # XXX much of this code looks like get_credential... are they so similar
- # that they should be combined?
+ self.api.auth.verify_object_permission(hrn)
- auth_hrn = self.api.auth.get_authority(hrn)
- if not auth_hrn:
- auth_hrn = hrn
+ # find record info
+ table = GeniTable()
+ records = table.findObjects({'hrn': hrn, 'type': 'slice', 'peer_authority': None})
+ if not records:
+ raise RecordNotFound(hrn)
+ record = records[0]
+ auth_hrn = record['authority']
auth_info = self.api.auth.get_auth_info(auth_hrn)
- record = None
- table = self.api.auth.get_auth_table(auth_hrn)
- record = table.resolve('slice', hrn)
-
object_gid = record.get_gid_object()
new_ticket = SfaTicket(subject = object_gid.get_subject())
- new_ticket.set_gid_caller(self.client_gid)
+ new_ticket.set_gid_caller(self.api.auth.client_gid)
new_ticket.set_gid_object(object_gid)
new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
new_ticket.set_pubkey(object_gid.get_pubkey())
- self.api.fill_record_info(record)
+ # determine aggregate tyep
+ sfa_aggregate_type = Config().get_aggregate_rspec_type()
+ rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type, fromlist = ["sfa.rspecs.aggregates"])
+
+ # Fukter the incoming rspec using sfatables
+ incoming_rules = SFATablesRules('INCOMING')
+ #incoming_rules.set_slice(hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target
+ contexts = incoming_rules.contexts
+ caller_hrn = Credential(string=cred).get_gid_caller().get_hrn()
+ request_context = rspec_manager.fetch_context(hrn, caller_hrn, contexts)
+ incoming_rules.set_context(request_context)
+ rspec = incoming_rules.apply(rspec)
- (attributes, rspec) = self.api.record_to_slice_info(record)
+ # get sliver info
+ slivers = Slices(self.api).get_slivers(hrn)
+ if not slivers:
+ raise SliverDoesNotExist(hrn)
+
+ # get initscripts
+ initscripts = None
+ data = {
+ 'timestamp': int(time.time()),
+ 'initscripts': initscripts,
+ 'slivers': slivers
+ }
- new_ticket.set_attributes(attributes)
+ new_ticket.set_attributes(data)
new_ticket.set_rspec(rspec)
new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
git://git.onelab.eu / sfa.git / blobdiff