from sfa.util.debug import log
from sfa.trust.auth import Auth
from sfa.trust.gid import create_uuid
+from sfa.trust.credential import Credential
class register(Method):
"""
accepts = [
Parameter(str, "Credential string"),
- Parameter(dict, "Record dictionary containing record fields")
+ Parameter(dict, "Record dictionary containing record fields"),
+ Parameter(str, "Request hash")
]
returns = Parameter(int, "String representation of gid object")
- def call(self, cred, record_dict):
+ def call(self, cred, record_dict, request_hash, caller_cred=None):
+ # This cred will be an authority cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred], request_hash)
self.api.auth.check(cred, "register")
+ if caller_cred==None:
+ caller_cred=cred
+
+ #log the call
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), None, self.name))
record = GeniRecord(dict = record_dict)
- table = GeniTable()
+ record['authority'] = get_authority(record['hrn'])
type = record['type']
hrn = record['hrn']
- auth_name = get_authority(hrn)
self.api.auth.verify_object_permission(hrn)
- auth_info = self.api.auth.get_auth_info(auth_name)
+ auth_info = self.api.auth.get_auth_info(record['authority'])
pub_key = None
# make sure record has a gid
if 'gid' not in record:
record.set_gid(gid)
# check if record already exists
+ table = GeniTable()
existing_records = table.find({'type': type, 'hrn': hrn})
if existing_records:
raise ExistingRecord(hrn)
-
+
if type in ["authority"]:
# update the tree
if not self.api.auth.hierarchy.auth_exists(hrn):
pointer = sites[0]['site_id']
record.set_pointer(pointer)
+ record['pointer'] = pointer
elif (type == "slice"):
pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record)
else:
pointer = slices[0]['slice_id']
record.set_pointer(pointer)
+ record['pointer'] = pointer
- elif (type == "user"):
+ elif (type == "user"):
persons = self.api.plshell.GetPersons(self.api.plauth, [record['email']])
if not persons:
pointer = self.api.plshell.AddPerson(self.api.plauth, dict(record))
if 'enabled' in record and record['enabled']:
self.api.plshell.UpdatePerson(self.api.plauth, pointer, {'enabled': record['enabled']})
- login_base = get_leaf(auth_name)
- self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base)
+ # add this persons to the site only if he is being added for the first
+ # time by sfa and doesont already exist in plc
+ if not persons or not persons[0]['site_ids']:
+ login_base = get_leaf(record['authority'])
+ self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base)
+
# What roles should this user have?
self.api.plshell.AddRoleToPerson(self.api.plauth, 'user', pointer)
record.set_pointer(pointer)
-
+ record['pointer'] = pointer
# Add the user's key
if pub_key:
self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key})
elif (type == "node"):
pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record)
- login_base = hrn_to_pl_login_base(auth_name)
+ login_base = hrn_to_pl_login_base(record['authority'])
nodes = self.api.plshell.GetNodes(self.api.plauth, [pl_record['hostname']])
if not nodes:
pointer = self.api.plshell.AddNode(self.api.plauth, login_base, pl_record)
else:
pointer = nodes[0]['node_id']
+ record['pointer'] = pointer
record.set_pointer(pointer)
else:
raise UnknownGeniType(type)
- # SFA upcalls may exist in PLCAPI and they could have already added the
- # record for us. Lets check if the record already exists
- existing_records = table.find({'type': type, 'hrn': hrn})
- if not existing_records:
- table.insert(record)
+ record_id = table.insert(record)
+ record['record_id'] = record_id
# update membership for researchers, pis, owners, operators
self.api.update_membership(None, record)