from sfa.util.faults import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
-from sfa.util.auth import Auth
+from sfa.trust.auth import Auth
from sfa.util.record import GeniRecord
+from sfa.util.genitable import GeniTable
+from sfa.trust.certificate import Keypair, convert_public_key
+from sfa.trust.gid import *
from sfa.util.debug import log
class update(Method):
def call(self, cred, record_dict):
self.api.auth.check(cred, "update")
- record = GeniRecord(dict = record_dict)
- type = record.get_type()
- self.api.auth.verify_object_permission(record.get_name())
- auth_name = self.api.auth.get_authority(record.get_name())
- if not auth_name:
- auth_name = record.get_name()
- table = self.api.auth.get_auth_table(auth_name)
-
+ new_record = GeniRecord(dict = record_dict)
+ type = new_record['type']
+ hrn = new_record['hrn']
+ self.api.auth.verify_object_permission(hrn)
+ table = GeniTable()
# make sure the record exists
- existing_record_list = table.resolve(type, record.get_name())
- if not existing_record_list:
- raise RecordNotFound(record.get_name())
- existing_record = existing_record_list[0]
-
+ records = table.findObjects({'type': type, 'hrn': hrn})
+ if not records:
+ raise RecordNotFound(hrn)
+ record = records[0]
+
# Update_membership needs the membership lists in the existing record
# filled in, so it can see if members were added or removed
- self.api.fill_record_info(existing_record)
+ self.api.fill_record_info(record)
# Use the pointer from the existing record, not the one that the user
# gave us. This prevents the user from inserting a forged pointer
- pointer = existing_record.get_pointer()
+ pointer = record['pointer']
# update the PLC information that was specified with the record
if (type == "authority"):
- self.api.plshell.UpdateSite(self.api.plauth, pointer, record)
+ self.api.plshell.UpdateSite(self.api.plauth, pointer, new_record)
elif type == "slice":
- hrn=record.get_name()
- pl_record=self.api.geni_fields_to_pl_fields(type, hrn, record)
+ pl_record=self.api.geni_fields_to_pl_fields(type, hrn, new_record)
+ if 'name' in pl_record:
+ pl_record.pop('name')
self.api.plshell.UpdateSlice(self.api.plauth, pointer, pl_record)
elif type == "user":
# updated. Ideally we should have a more generic way of doing
# this. I copied the field names from UpdatePerson.py...
update_fields = {}
- all_fields = record
+ all_fields = new_record
for key in all_fields.keys():
if key in ['first_name', 'last_name', 'title', 'email',
'password', 'phone', 'url', 'bio', 'accepted_aup',
update_fields[key] = all_fields[key]
self.api.plshell.UpdatePerson(self.api.plauth, pointer, update_fields)
+ if 'key' in new_record and new_record['key']:
+ # must check this key against the previous one if it exists
+ persons = self.api.plshell.GetPersons(self.api.plauth, [pointer], ['key_ids'])
+ person = persons[0]
+ keys = person['key_ids']
+ keys = self.api.plshell.GetKeys(self.api.plauth, person['key_ids'])
+ key_exists = False
+ if isinstance(new_record['key'], list):
+ new_key = new_record['key'][0]
+ else:
+ new_key = new_record['key']
+
+ # Delete all stale keys
+ for key in keys:
+ if new_record['key'] != key['key']:
+ self.api.plshell.DeleteKey(self.api.plauth, key['key_id'])
+ else:
+ key_exists = True
+ if not key_exists:
+ self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type': 'ssh', 'key': new_key})
+
+ # update the openssl key and gid
+ pkey = convert_public_key(new_key)
+ uuid = create_uuid()
+ gid_object = self.api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid = gid_object.save_to_string(save_parents=True)
+ record['gid'] = gid
+ record = GeniRecord(dict=record)
+ table.update(record)
+
elif type == "node":
- self.api.plshell.UpdateNode(self.api.plauth, pointer, record)
+ self.api.plshell.UpdateNode(self.api.plauth, pointer, new_record)
else:
raise UnknownGeniType(type)
# update membership for researchers, pis, owners, operators
- self.api.update_membership(existing_record, record)
+ self.api.update_membership(record, record)
return 1
git://git.onelab.eu / sfa.git / blobdiff