def __init__(self, api, ttl = .5, origin_hrn=None):
self.api = api
- filepath = path + os.sep + filename
+ #filepath = path + os.sep + filename
self.policy = Policy(self.api)
self.origin_hrn = origin_hrn
return sfa_peer
- def verify_site(self, registry, credential, slice_hrn, peer, sfa_peer):
+ def verify_site(self, registry, credential, slice_hrn, peer, sfa_peer, reg_objects=None):
authority = get_authority(slice_hrn)
authority_urn = hrn_to_urn(authority, 'authority')
- site_records = registry.resolve(credential, authority_urn)
+
+ if reg_objects:
+ site = reg_objects['site']
+ else:
+ site_records = registry.Resolve(authority_urn, [credential])
+ site = {}
+ for site_record in site_records:
+ if site_record['type'] == 'authority':
+ site = site_record
+ if not site:
+ raise RecordNotFound(authority)
- site = {}
- for site_record in site_records:
- if site_record['type'] == 'authority':
- site = site_record
- if not site:
- raise RecordNotFound(authority)
remote_site_id = site.pop('site_id')
login_base = get_leaf(authority)
sites = self.api.plshell.GetSites(self.api.plauth, login_base)
+
if not sites:
site_id = self.api.plshell.AddSite(self.api.plauth, site)
if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
+ try:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
+ except Exception,e:
+ self.api.plshell.DeleteSite(self.api.plauth, site_id)
+ raise e
# mark this site as an sfa peer record
- if sfa_peer:
+ if sfa_peer and not reg_objects:
peer_dict = {'type': 'authority', 'hrn': authority, 'peer_authority': sfa_peer, 'pointer': site_id}
registry.register_peer_object(credential, peer_dict)
else:
site_id = sites[0]['site_id']
remote_site_id = sites[0]['peer_site_id']
+
old_site = sites[0]
- #the site is alredy on the remote agg. Let us update(e.g. max_slices field) it with the latest info.
- self.sync_site(old_site, site, peer)
+ #the site is already on the remote agg. Let us update(e.g. max_slices field) it with the latest info.
+ self.sync_site(old_site, site, peer)
return (site_id, remote_site_id)
- def verify_slice(self, registry, credential, slice_hrn, site_id, remote_site_id, peer, sfa_peer):
+ def verify_slice(self, registry, credential, slice_hrn, site_id, remote_site_id, peer, sfa_peer, reg_objects=None):
slice = {}
slice_record = None
authority = get_authority(slice_hrn)
- slice_records = registry.resolve(credential, slice_hrn)
- for record in slice_records:
- if record['type'] in ['slice']:
- slice_record = record
- if not slice_record:
- raise RecordNotFound(hrn)
+ if reg_objects:
+ slice_record = reg_objects['slice_record']
+ else:
+ slice_records = registry.Resolve(slice_hrn, [credential])
+
+ for record in slice_records:
+ if record['type'] in ['slice']:
+ slice_record = record
+ if not slice_record:
+ raise RecordNotFound(hrn)
+
+
slicename = hrn_to_pl_slicename(slice_hrn)
parts = slicename.split("_")
login_base = parts[0]
#this belongs to a peer
if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice_id, peer, slice_record['pointer'])
+ try:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice_id, peer, slice_record['pointer'])
+ except Exception,e:
+ self.api.plshell.DeleteSlice(self.api.plauth,slice_id)
+ raise e
slice['node_ids'] = []
else:
slice = slices[0]
self.sync_slice(slice, slice_record, peer)
slice['peer_slice_id'] = slice_record['pointer']
- self.verify_persons(registry, credential, slice_record, site_id, remote_site_id, peer, sfa_peer)
+ self.verify_persons(registry, credential, slice_record, site_id, remote_site_id, peer, sfa_peer, reg_objects)
return slice
- def verify_persons(self, registry, credential, slice_record, site_id, remote_site_id, peer, sfa_peer):
+ def verify_persons(self, registry, credential, slice_record, site_id, remote_site_id, peer, sfa_peer, reg_objects=None):
# get the list of valid slice users from the registry and make
# sure they are added to the slice
slicename = hrn_to_pl_slicename(slice_record['hrn'])
- researchers = slice_record.get('researcher', [])
+ if reg_objects:
+ researchers = reg_objects['users'].keys()
+ else:
+ researchers = slice_record.get('researcher', [])
for researcher in researchers:
- person_record = {}
- person_records = registry.resolve(credential, researcher)
- for record in person_records:
- if record['type'] in ['user'] and record['enabled']:
- person_record = record
- if not person_record:
- return 1
- person_dict = person_record
+ if reg_objects:
+ person_dict = reg_objects['users'][researcher]
+ else:
+ person_records = registry.Resolve(researcher, [credential])
+ for record in person_records:
+ if record['type'] in ['user'] and record['enabled']:
+ person_record = record
+ if not person_record:
+ return 1
+ person_dict = person_record
+
local_person=False
if peer:
peer_id = self.api.plshell.GetPeers(self.api.plauth, {'shortname': peer}, ['peer_id'])[0]['peer_id']
persons = self.api.plshell.GetPersons(self.api.plauth, {'email': [person_dict['email']], 'peer_id': peer_id}, ['person_id', 'key_ids'])
- if not persons:
- persons = self.api.plshell.GetPersons(self.api.plauth, [person_dict['email']], ['person_id', 'key_ids'])
- if persons:
- local_person=True
-
+ if not persons:
+ persons = self.api.plshell.GetPersons(self.api.plauth, [person_dict['email']], ['person_id', 'key_ids'])
+ if persons:
+ local_person=True
+
else:
persons = self.api.plshell.GetPersons(self.api.plauth, [person_dict['email']], ['person_id', 'key_ids'])
registry.register_peer_object(credential, peer_dict)
if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
+ try:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
+ except Exception,e:
+ self.api.plshell.DeletePerson(self.api.plauth,person_id)
+ raise e
key_ids = []
else:
person_id = persons[0]['person_id']
# if this is a peer person, we must unbind them from the peer or PLCAPI will throw
# an error
- if peer:
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer)
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', site_id, peer)
+ try:
+ if peer and not local_person:
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer)
+ if peer:
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', site_id, peer)
- self.api.plshell.AddPersonToSlice(self.api.plauth, person_dict['email'], slicename)
- self.api.plshell.AddPersonToSite(self.api.plauth, person_dict['email'], site_id)
- if peer and not local_person:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
- if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
+ self.api.plshell.AddPersonToSlice(self.api.plauth, person_dict['email'], slicename)
+ self.api.plshell.AddPersonToSite(self.api.plauth, person_dict['email'], site_id)
+ finally:
+ if peer:
+ try: self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id)
+ except: pass
+ if peer and not local_person:
+ try: self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
+ except: pass
self.verify_keys(registry, credential, person_dict, key_ids, person_id, peer, local_person)
for personkey in person_dict['keys']:
if personkey not in keys:
key = {'key_type': 'ssh', 'key': personkey}
- if peer:
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer)
- key_id = self.api.plshell.AddPersonKey(self.api.plauth, person_dict['email'], key)
- if peer and not local_person:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
- if peer:
- try: self.api.plshell.BindObjectToPeer(self.api.plauth, 'key', key_id, peer, key_ids.pop(0))
-
- except: pass
+ try:
+ if peer:
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer)
+ key_id = self.api.plshell.AddPersonKey(self.api.plauth, person_dict['email'], key)
+ finally:
+ if peer and not local_person:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer'])
+ if peer:
+ # xxx - thierry how are we getting the peer_key_id in here ?
+ try: self.api.plshell.BindObjectToPeer(self.api.plauth, 'key', key_id, peer, key_ids.pop(0))
+ except: pass
def create_slice_aggregate(self, xrn, rspec):
hrn, type = urn_to_hrn(xrn)
# add nodes from rspec
added_nodes = list(set(node_names).difference(hostnames))
- if peer:
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice['slice_id'], peer)
+ try:
+ if peer:
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice['slice_id'], peer)
- self.api.plshell.AddSliceToNodes(self.api.plauth, slicename, added_nodes)
+ self.api.plshell.AddSliceToNodes(self.api.plauth, slicename, added_nodes)
- # Add recognized slice tags
- for node_name in node_names:
- node = nodes[node_name]
- for slice_tag in node.keys():
- value = node[slice_tag]
- if (isinstance(value, list)):
- value = value[0]
+ # Add recognized slice tags
+ for node_name in node_names:
+ node = nodes[node_name]
+ for slice_tag in node.keys():
+ value = node[slice_tag]
+ if (isinstance(value, list)):
+ value = value[0]
- self.api.plshell.AddSliceTag(self.api.plauth, slicename, slice_tag, value, node_name)
+ self.api.plshell.AddSliceTag(self.api.plauth, slicename, slice_tag, value, node_name)
- self.api.plshell.DeleteSliceFromNodes(self.api.plauth, slicename, deleted_nodes)
- if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
+ self.api.plshell.DeleteSliceFromNodes(self.api.plauth, slicename, deleted_nodes)
+ finally:
+ if peer:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
return 1
def sync_site(self, old_record, new_record, peer):
if old_record['max_slices'] != new_record['max_slices'] or old_record['max_slivers'] != new_record['max_slivers']:
- if peer:
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', old_record['site_id'], peer)
- if old_record['max_slices'] != new_record['max_slices']:
- self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slices' : new_record['max_slices']})
- if old_record['max_slivers'] != new_record['max_slivers']:
- self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slivers' : new_record['max_slivers']})
- if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', old_record['site_id'], peer, old_record['peer_site_id'])
+ try:
+ if peer:
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', old_record['site_id'], peer)
+ if old_record['max_slices'] != new_record['max_slices']:
+ self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slices' : new_record['max_slices']})
+ if old_record['max_slivers'] != new_record['max_slivers']:
+ self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slivers' : new_record['max_slivers']})
+ finally:
+ if peer:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', old_record['site_id'], peer, old_record['peer_site_id'])
return 1
def sync_slice(self, old_record, new_record, peer):
if old_record['expires'] != new_record['expires']:
- if peer:
- self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', old_record['slice_id'], peer)
- self.api.plshell.UpdateSlice(self.api.plauth, old_record['slice_id'], {'expires' : new_record['expires']})
- if peer:
- self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', old_record['slice_id'], peer, old_record['peer_slice_id'])
+ try:
+ if peer:
+ self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', old_record['slice_id'], peer)
+ self.api.plshell.UpdateSlice(self.api.plauth, old_record['slice_id'], {'expires' : new_record['expires']})
+ finally:
+ if peer:
+ self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', old_record['slice_id'], peer, old_record['peer_slice_id'])
return 1