import os, os.path
import datetime
-from sfa.util.faults import SfaFault, SfaAPIError
+from sfa.util.faults import SfaFault, SfaAPIError, RecordNotFound
from sfa.util.genicode import GENICODE
from sfa.util.config import Config
from sfa.util.cache import Cache
-from sfa.trust.auth import Auth
+from sfa.trust.auth import Auth
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
from sfa.trust.rights import determine_rights
-
+from sfa.util.version import version_core
from sfa.server.xmlrpcapi import XmlrpcApi
-
from sfa.client.return_value import ReturnValue
-# thgen xxx fixme this is wrong all right, but temporary, will use generic
-from sfa.storage.table import SfaTable
+from sfa.storage.alchemy import alchemy
####################
class SfaApi (XmlrpcApi):
-
"""
- An SfaApi instance is a basic xmlrcp service
+ An SfaApi instance is a basic xmlrpc service
augmented with the local cryptographic material and hrn
It also has the notion of its own interface (a string describing
It gets augmented by the generic layer with
(*) an instance of manager (actually a manager module for now)
- (*) which in turn holds an instance of a testbed driver
- For convenience api.manager.driver == api.driver
+ beware that this is shared among all instances of api
+ (*) an instance of a testbed driver
"""
def __init__ (self, encoding="utf-8", methods='sfa.methods',
- config = "/etc/sfa/sfa_config.py",
+ config = "/etc/sfa/sfa_config",
peer_cert = None, interface = None,
key_file = None, cert_file = None, cache = None):
# filled later on by generic/Generic
self.manager=None
+ self._dbsession=None
def server_proxy(self, interface, cred, timeout=30):
"""
server = interface.server_proxy(key_file, cert_file, timeout)
return server
-
- def getCredential(self):
+ def dbsession(self):
+ if self._dbsession is None:
+ self._dbsession=alchemy.session()
+ return self._dbsession
+
+ def close_dbsession(self):
+ if self._dbsession is None: return
+ alchemy.close_session(self._dbsession)
+ self._dbsession=None
+
+ def getCredential(self, minimumExpiration=0):
"""
- Return a valid credential for this interface.
+ Return a valid credential for this interface.
"""
type = 'authority'
path = self.config.SFA_DATA_DIR
cred = Credential(filename = cred_filename)
# make sure cred isnt expired
if not cred.get_expiration or \
- datetime.datetime.utcnow() < cred.get_expiration():
+ datetime.datetime.utcnow() + datetime.timedelta(seconds=minimumExpiration) < cred.get_expiration():
return cred.save_to_string(save_parents=True)
# get a new credential
if self.interface in ['registry']:
- cred = self.__getCredentialRaw()
+ cred = self._getCredentialRaw()
else:
- cred = self.__getCredential()
+ cred = self._getCredential()
cred.save_to_file(cred_filename, save_parents=True)
return cred.save_to_string(save_parents=True)
delegated_cred = None
for cred in creds:
- if hierarchy.auth_exists(Credential(string=cred).get_gid_caller().get_hrn()):
+ if hierarchy.auth_exists(Credential(cred=cred).get_gid_caller().get_hrn()):
delegated_cred = cred
break
return delegated_cred
- def __getCredential(self):
+ def _getCredential(self):
"""
Get our credential from a remote registry
"""
cred = registry.GetCredential(self_cred, self.hrn, 'authority')
return Credential(string=cred)
- def __getCredentialRaw(self):
+ def _getCredentialRaw(self):
"""
Get our current credential directly from the local registry.
"""
if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = self.auth.get_auth_info(auth_hrn)
- # xxx thgen fixme - use SfaTable hardwired for now
- #table = self.SfaTable()
- table = SfaTable()
- records = table.findObjects({'hrn': hrn, 'type': 'authority+sa'})
- if not records:
- raise RecordNotFound
- record = records[0]
- type = record['type']
+ # xxx although unlikely we might want to check for a potential leak
+ dbsession=self.dbsession()
+ from sfa.storage.model import RegRecord
+ record = dbsession.query(RegRecord).filter_by(type='authority+sa', hrn=hrn).first()
+ if not record:
+ raise RecordNotFound(hrn)
+ type = record.type
object_gid = record.get_gid_object()
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(object_gid)
def get_geni_code(self, result):
code = {
- 'geni_api': 2,
'geni_code': GENICODE.SUCCESS,
'am_type': 'sfa',
'am_code': None,
output = result.faultString
return output
- def prepare_response_v2_am(self, result):
+ def prepare_response_am(self, result):
+ version = version_core()
response = {
+ 'geni_api': 3,
'code': self.get_geni_code(result),
'value': self.get_geni_value(result),
'output': self.get_geni_output(result),
"""
# as of dec 13 2011 we only support API v2
if self.interface.lower() in ['aggregate', 'slicemgr']:
- result = self.prepare_response_v2_am(result)
+ result = self.prepare_response_am(result)
return XmlrpcApi.prepare_response(self, result, method)