X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=plugins%2Fsliverauth.py;h=300b6b4049c96524b1ca539d4aaf5e6e8e900200;hb=40659281bdd5e0bd4fab731efb4336129672448d;hp=51f44c9c767a6aed7d4656444e508a957f0772a0;hpb=dd2e4ec887d68533ab1750fceb1ad3f06df666bf;p=nodemanager.git

diff --git a/plugins/sliverauth.py b/plugins/sliverauth.py
index 51f44c9..300b6b4 100644
--- a/plugins/sliverauth.py
+++ b/plugins/sliverauth.py
@@ -1,14 +1,13 @@
 #!/usr/bin/python -tt
 # vim:set ts=4 sw=4 expandtab:
 #
-# $Id$
-# $URL$
-#
 # NodeManager plugin for creating credentials in slivers
 # (*) empower slivers to make API calls throught hmac
 # (*) also create a ssh key - used by the OMF resource controller 
 #     for authenticating itself with its Experiment Controller
-# xxx todo : a config option for turning these 2 things on or off ?
+# in order to avoid spamming the DB with huge amounts of such tags,
+# (*) slices need to have the 'enable_hmac' tag set
+# (*) or the 'omf_control' tag set, respectively
 
 """
 Sliver authentication support for NodeManager.
@@ -46,8 +45,17 @@ def GetSlivers(data, config, plc):
                 logger.log("sliverauth: plc-instantiated slice %s does not yet exist. IGNORING!" % sliver['name'])
             continue
 
-        manage_hmac (plc, sliver)
-        manage_sshkey (plc, sliver)
+        system_slice = False
+        for chunk in sliver['attributes']:
+            if chunk['tagname'] == "system":
+                if chunk['value'] in (True, 1, '1') or chunk['value'].lower() == "true":
+                    system_slice = True
+
+        for chunk in sliver['attributes']:
+            if chunk['tagname']=='enable_hmac' and not system_slice:
+                manage_hmac (plc, sliver)
+            elif chunk['tagname']=='omf_control':
+                manage_sshkey (plc, sliver)
 
 
 def SetSliverTag(plc, slice, tagname, value):
@@ -108,7 +116,7 @@ def generate_sshkey (sliver):
         logger.log_call( [ 'ssh-keygen', '-t', 'rsa', '-N', '', '-f', keyfile , '-C', comment] )
         os.chmod (keyfile, 0400)
         logger.log_call ( [ 'chown', "%s:slices"%(sliver['name']), keyfile, pubfile ] )
-    return file(pubfile).read()
+    return file(pubfile).read().strip()
 
 # a sliver can get created, deleted and re-created
 # the slice having the tag is not sufficient to skip key geneneration