X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfi.py;fp=sfa%2Fclient%2Fsfi.py;h=d299b89bd7c771f909459530c3bab455a749f59d;hb=b4337060a7f0d2373d7429f58d5a93d47fa22b66;hp=e8b3b1a0469762d353d7a177c5ec127d4e830fbf;hpb=430896c90f993b77c80b830ae7d1b349e4ba6d58;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index e8b3b1a0..d299b89b 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -611,13 +611,17 @@ class Sfi: if not object_cred.get_privileges().get_all_delegate(): print "Error: Object credential", object_hrn, "does not have delegate bit set" return - + + # the delegating user's gid + caller_gid = self._get_gid(self.user) + caller_gidfile = os.path.join(self.options.sfi_dir, self.user + ".gid") + # the gid of the user who will be delegated to delegee_gid = self._get_gid(hrn) delegee_hrn = delegee_gid.get_hrn() delegee_gidfile = os.path.join(self.options.sfi_dir, delegee_hrn + ".gid") delegee_gid.save_to_file(filename=delegee_gidfile) - dcred = object_cred.delegate(delegee_gidfile, self.get_key_file()) + dcred = object_cred.delegate(delegee_gidfile, self.get_key_file(), caller_gidfile) return dcred.save_to_string(save_parents=True) # removed named registry record @@ -719,8 +723,10 @@ class Sfi: list instantiated slices """ user_cred = self.get_user_cred().save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority)) + creds = [user_cred, delegated_cred] server = self.get_server_from_opts(opts) - results = server.ListSlices([user_cred]) + results = server.ListSlices(creds) display_list(results) return @@ -741,7 +747,6 @@ class Sfi: delegated_cred = self.delegate_cred(cred, get_authority(self.authority)) creds = [cred, delegated_cred] - #creds = [delegated_cred] result = server.ListResources(creds, call_options) format = opts.format display_rspec(result, format) @@ -758,10 +763,12 @@ class Sfi: slice_urn = hrn_to_urn(slice_hrn, 'slice') user_cred = self.get_user_cred() slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] rspec_file = self.get_rspec_file(args[1]) rspec = open(rspec_file).read() server = self.get_server_from_opts(opts) - result = server.CreateSliver(slice_urn, [slice_cred], rspec, []) + result = server.CreateSliver(slice_urn, creds, rspec, []) print result return result @@ -771,10 +778,12 @@ class Sfi: slice_urn = hrn_to_urn(slice_hrn, 'slice') user_cred = self.get_user_cred() slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] rspec_file = self.get_rspec_file(rspec_path) rspec = open(rspec_file).read() server = self.get_server_from_opts(opts) - ticket_string = server.GetTicket(slice_urn, [slice_cred], rspec, []) + ticket_string = server.GetTicket(slice_urn, creds, rspec, []) file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket") print "writing ticket to ", file ticket = SfaTicket(string=ticket_string) @@ -820,24 +829,30 @@ class Sfi: slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] server = self.get_server_from_opts(opts) - return server.DeleteSliver(slice_urn, [slice_cred]) + return server.DeleteSliver(slice_urn, creds) # start named slice def start(self, opts, args): slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] server = self.get_server_from_opts(opts) - return server.Start(slice_urn, [slice_cred]) + return server.Start(slice_urn, creds) # stop named slice def stop(self, opts, args): slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] server = self.get_server_from_opts(opts) - return server.Stop(slice_urn, [slice_cred]) + return server.Stop(slice_urn, creds) # reset named slice def reset(self, opts, args): @@ -845,29 +860,37 @@ class Sfi: slice_urn = hrn_to_urn(slice_hrn, 'slice') server = self.get_server_from_opts(opts) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - return server.reset_slice(slice_cred, slice_urn) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] + return server.reset_slice(creds, slice_urn) def renew(self, opts, args): slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') server = self.get_server_from_opts(opts) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] time = args[1] - return server.RenewSliver(slice_urn, [slice_cred], time) + return server.RenewSliver(slice_urn, creds, time) def status(self, opts, args): slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + creds = [slice_cred, delegated_cred] server = self.get_server_from_opts(opts) - print server.SliverStatus(slice_urn, [slice_cred]) + print server.SliverStatus(slice_urn, creds) def shutdown(self, opts, args): slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) + delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + server = self.get_server_from_opts(opts) return server.Shutdown(slice_urn, [slice_cred])