X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=cmdline%2Fsfi.py;h=47fb18e63b3c356fafe340120ade97204e697198;hb=9daf9a930b0cdb8bb5d85edaaba0bded462936b7;hp=e121444ccbccfc59ec3ae75e38f0cd07527d5a23;hpb=6e2793c553fa6e02df3d625e9232739d8949528e;p=sfa.git

diff --git a/cmdline/sfi.py b/cmdline/sfi.py
index e121444c..47fb18e6 100755
--- a/cmdline/sfi.py
+++ b/cmdline/sfi.py
@@ -11,7 +11,7 @@ from geni.util.cert import Keypair, Certificate
 from geni.util.credential import Credential
 from geni.util.geniclient import GeniClient, ServerException
 from geni.util.gid import create_uuid
-from geni.util.record import GeniRecord
+from geni.util.record import *
 from geni.util.rspec import Rspec
 from types import StringTypes, ListType
 
@@ -183,6 +183,42 @@ def get_slice_cred(name):
          print "Failed to get slice credential"
          sys.exit(-1)
 
+def delegate_cred(cred, hrn, type = 'authority'):
+    # the gid and hrn of the object we are delegating
+    object_gid = cred.get_gid_object()
+    object_hrn = object_gid.get_hrn()
+    cred.set_delegate(True)
+    if not cred.get_delegate():
+        raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
+       
+
+    records = registry.resolve(cred, hrn)
+    records = filter_records(type, records)
+    
+    if not records:
+        raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
+
+    # the gid of the user who will be delegated too
+    delegee_gid = records[0].get_gid_object()
+    delegee_hrn = delegee_gid.get_hrn()
+    
+    # the key and hrn of the user who will be delegating
+    user_key = Keypair(filename = get_key_file())
+    user_hrn = cred.get_gid_caller().get_hrn()
+
+    dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
+    dcred.set_gid_caller(delegee_gid)
+    dcred.set_gid_object(object_gid)
+    dcred.set_privileges(cred.get_privileges())
+    dcred.set_delegate(True)
+    dcred.set_pubkey(object_gid.get_pubkey())
+    dcred.set_issuer(user_key, user_hrn)
+    dcred.set_parent(cred)
+    dcred.encode()
+    dcred.sign()
+
+    return dcred
+
 def get_rspec_file(rspec):
    if (os.path.isabs(rspec)):
       file = rspec
@@ -219,7 +255,6 @@ def load_publickey_string(fn):
        os.remove(outfn)
 
    return key_string
-
 #
 # Generate sub-command parser
 #
@@ -330,6 +365,7 @@ def main():
    try:
       dispatch(command, cmd_opts, cmd_args)
    except KeyError:
+      raise 
       print "Command not found:", command
       sys.exit(1)
 
@@ -349,7 +385,8 @@ def list(opts, args):
    # filter on person, slice, site, node, etc.  
    # THis really should be in the filter_records funct def comment...
    list = filter_records(opts.type, list)
-   display_records(list)
+   for record in list:
+       print "%s (%s)" % (record['hrn'], record['type'])     
    if opts.file:
        save_records_to_file(opts.file, list)
    return
@@ -362,7 +399,19 @@ def show(opts, args):
    records = filter_records(opts.type, records)
    if not records:
       print "No record of type", opts.type
-   display_records(records, True)
+   for record in records:
+       if record['type'] in ['user']:
+           record = UserRecord(dict = record)
+       elif record['type'] in ['slice']:
+           record = SliceRecord(dict = record)
+       elif record['type'] in ['node']:
+           record = NodeRecord(dict = record)
+       elif record['type'] in ['authority', 'ma', 'sa']:
+           record = AuthorityRecord(dict = record)
+       else:
+           record = GeniRecord(dict = record)
+       record.dump() 
+   
    if opts.file:
        save_records_to_file(opts.file, records)
    return
@@ -390,7 +439,7 @@ def delegate(opts, args):
    records = filter_records("user", records)
 
    if not records:
-       print "Error: Didn't find a user record for", delegee_name
+       print "Error: Didn't find a user record for", args[0]
        return
 
    # the gid of the user who will be delegated too
@@ -435,21 +484,6 @@ def add(opts, args):
    rec_file = get_record_file(args[0])
    record = load_record_from_file(rec_file)
 
-   # check and see if we need to create a gid for this record. The creator
-   # of the record signals this by filling in the create_gid, create_gid_hrn,
-   # and create_gid_key members.
-   # (note: we'd use an unsigned GID in the record instead, but pyOpenSSL is
-   #   broken and has no way for us to get the key back out of the gid)
-   geni_info = record.get_geni_info()
-   if "create_gid" in geni_info:
-       key_string = geni_info["create_gid_key"].replace("|","\n") # XXX smbaker: the rspec kills newlines
-       gid = registry.create_gid(auth_cred, geni_info["create_gid_hrn"], create_uuid(), key_string)
-       record.set_gid(gid)
-
-       del geni_info["create_gid"]
-       del geni_info["create_gid_hrn"]
-       del geni_info["create_gid_key"]
-
    return registry.register(auth_cred, record)
 
 # update named registry entry
@@ -462,17 +496,21 @@ def update(opts, args):
        if record.get_name() == user_cred.get_gid_object().get_hrn():
           cred = user_cred
        else:
-          create = get_auth_cred()
+          cred = get_auth_cred()
    elif record.get_type() in ["slice"]:
        try:
            cred = get_slice_cred(record.get_name())
        except ServerException, e:
-           if "PermissionError" in e.args[0]:
+           # XXX smbaker -- once we have better error return codes, update this
+           # to do something better than a string compare
+           if "Permission error" in e.args[0]:
                cred = get_auth_cred()
            else:
                raise
-   elif record.get_type() in ["sa", "ma", "node"]:
+   elif record.get_type() in ["authority"]:
        cred = get_auth_cred()
+   elif record.get_type() == 'node':
+        cred = get_auth_cred()
    else:
        raise "unknown record type" + record.get_type()
    return registry.update(cred, record)
@@ -519,7 +557,7 @@ def resources(opts, args):
    format = opts.format      
    display_rspec(result, format)
    if (opts.file is not None):
-      save_rspec_to_file(opts.file, result)
+      save_rspec_to_file(result, opts.file)
    return
 
 # created named slice with given rspec
@@ -543,20 +581,23 @@ def delete(opts, args):
 # start named slice
 def start(opts, args):
    global slicemgr
+   slice_hrn = args[0]
    slice_cred = get_slice_cred(args[0])
-   return slicemgr.start_slice(slice_cred)
+   return slicemgr.start_slice(slice_cred, slice_hrn)
 
 # stop named slice
 def stop(opts, args):
    global slicemgr
+   slice_hrn = args[0]
    slice_cred = get_slice_cred(args[0])
-   return slicemgr.stop_slice(slice_cred)
+   return slicemgr.stop_slice(slice_cred, slice_hrn)
 
 # reset named slice
 def reset(opts, args):
    global slicemgr
+   slice_hrn = args[0]
    slice_cred = get_slice_cred(args[0])
-   return slicemgr.reset_slice(slice_cred)
+   return slicemgr.reset_slice(slice_cred, slice_hrn)
 
 #
 #