X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfi.py;h=8f9682f7614ecd99df61e9e305b3fb074d80fef6;hb=f2282434e40e06365e0fdd3f9bc273a793f41235;hp=c536e61b6b690a83ccb8bcc6b3e7373930f6dfe2;hpb=7c07392f73ae780e78a434292507d5a64a8faa4d;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index c536e61b..8f9682f7 100644 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -1,7 +1,6 @@ # # sfi.py - basic SFA command-line client -# the actual binary in sfa/clientbin essentially runs main() -# this module is used in sfascan +# this module is also used in sfascan # import sys @@ -14,10 +13,12 @@ import datetime import codecs import pickle import json +import shutil from lxml import etree from StringIO import StringIO from optparse import OptionParser from pprint import PrettyPrinter +from tempfile import mkstemp from sfa.trust.certificate import Keypair, Certificate from sfa.trust.gid import GID @@ -41,6 +42,7 @@ from sfa.client.sfaclientlib import SfaClientBootstrap from sfa.client.sfaserverproxy import SfaServerProxy, ServerException from sfa.client.client_helper import pg_users_arg, sfa_users_arg from sfa.client.return_value import ReturnValue +from sfa.client.candidates import Candidates CM_PORT=12346 @@ -113,6 +115,21 @@ def filter_records(type, records): return filtered_records +def credential_printable (credential_string): + credential=Credential(string=credential_string) + result="" + result += credential.get_summary_tostring() + result += "\n" + rights = credential.get_privileges() + result += "rights=%s"%rights + result += "\n" + return result + +def show_credentials (cred_s): + if not isinstance (cred_s,list): cred_s = [cred_s] + for cred in cred_s: + print "Using Credential %s"%credential_printable(cred) + # save methods def save_raw_to_file(var, filename, format="text", banner=None): if filename == "-": @@ -180,6 +197,54 @@ def save_record_to_file(filename, record_dict): f.close() return +# used in sfi list +def terminal_render (records,options): + # sort records by type + grouped_by_type={} + for record in records: + type=record['type'] + if type not in grouped_by_type: grouped_by_type[type]=[] + grouped_by_type[type].append(record) + group_types=grouped_by_type.keys() + group_types.sort() + for type in group_types: + group=grouped_by_type[type] +# print 20 * '-', type + try: renderer=eval('terminal_render_'+type) + except: renderer=terminal_render_default + for record in group: renderer(record,options) + +def render_plural (how_many, name,names=None): + if not names: names="%ss"%name + if how_many<=0: return "No %s"%name + elif how_many==1: return "1 %s"%name + else: return "%d %s"%(how_many,names) + +def terminal_render_default (record,options): + print "%s (%s)" % (record['hrn'], record['type']) +def terminal_render_user (record, options): + print "%s (User)"%record['hrn'], + if record.get('reg-pi-authorities',None): print " [PI at %s]"%(" and ".join(record['reg-pi-authorities'])), + if record.get('reg-slices',None): print " [IN slices %s]"%(" and ".join(record['reg-slices'])), + user_keys=record.get('reg-keys',[]) + if not options.verbose: + print " [has %s]"%(render_plural(len(user_keys),"key")) + else: + print "" + for key in user_keys: print 8*' ',key.strip("\n") + +def terminal_render_slice (record, options): + print "%s (Slice)"%record['hrn'], + if record.get('reg-researchers',None): print " [USERS %s]"%(" and ".join(record['reg-researchers'])), +# print record.keys() + print "" +def terminal_render_authority (record, options): + print "%s (Authority)"%record['hrn'], + if record.get('reg-pis',None): print " [PIS %s]"%(" and ".join(record['reg-pis'])), + print "" +def terminal_render_node (record, options): + print "%s (Node)"%record['hrn'] + # minimally check a key argument def check_ssh_key (key): good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$' @@ -263,8 +328,8 @@ class Sfi: ("version", ""), ("list", "authority"), ("show", "name"), - ("add", "record"), - ("update", "record"), + ("add", "[record]"), + ("update", "[record]"), ("remove", "name"), ("slices", ""), ("resources", "[slice_hrn]"), @@ -278,9 +343,9 @@ class Sfi: ("shutdown", "slice_hrn"), ("get_ticket", "slice_hrn rspec"), ("redeem_ticket", "ticket"), - ("delegate", "name"), - ("create_gid", "[name]"), - ("get_trusted_certs", "cred"), + ("delegate", "to_hrn"), + ("gid", "[name]"), + ("trusted", "cred"), ("config", ""), ] @@ -343,23 +408,22 @@ class Sfi: action="callback", callback=optparse_dictvalue_callback, nargs=1, help="set extra/testbed-dependent flags, e.g. --extra enabled=true") - # user specifies remote aggregate/sm/component - if command in ("resources", "slices", "create", "delete", "start", "stop", - "restart", "shutdown", "get_ticket", "renew", "status"): - parser.add_option("-d", "--delegate", dest="delegate", default=None, - action="store_true", - help="Include a credential delegated to the user's root"+\ - "authority in set of credentials for this call") - + # show_credential option + if command in ("list","resources","create","add","update","remove","slices","delete","status","renew"): + parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False, + help="show credential(s) used in human-readable form") # registy filter option if command in ("list", "show", "remove"): parser.add_option("-t", "--type", dest="type", type="choice", help="type filter ([all]|user|slice|authority|node|aggregate)", choices=("all", "user", "slice", "authority", "node", "aggregate"), default="all") + if command in ("show"): + parser.add_option("-k","--key",dest="keys",action="append",default=[], + help="specify specific keys to be displayed from record") if command in ("resources"): # rspec version - parser.add_option("-r", "--rspec-version", dest="rspec_version", default="GENI", + parser.add_option("-r", "--rspec-version", dest="rspec_version", default="SFA 1", help="schema type and version of resulting RSpec") # disable/enable cached rspecs parser.add_option("-c", "--current", dest="current", default=False, @@ -379,7 +443,7 @@ class Sfi: # 'create' does return the new rspec, makes sense to save that too - if command in ("resources", "show", "list", "create_gid", 'create'): + if command in ("resources", "show", "list", "gid", 'create'): parser.add_option("-o", "--output", dest="file", help="output XML to file", metavar="FILE", default=None) @@ -394,12 +458,22 @@ class Sfi: if command == 'list': parser.add_option("-r", "--recursive", dest="recursive", action='store_true', help="list all child records", default=False) + parser.add_option("-v", "--verbose", dest="verbose", action='store_true', + help="gives details, like user keys", default=False) if command in ("delegate"): parser.add_option("-u", "--user", - action="store_true", dest="delegate_user", default=False, - help="delegate user credential") - parser.add_option("-s", "--slice", dest="delegate_slice", - help="delegate slice credential", metavar="HRN", default=None) + action="store_true", dest="delegate_user", default=False, + help="delegate your own credentials; default if no other option is provided") + parser.add_option("-s", "--slice", dest="delegate_slices",action='append',default=[], + metavar="slice_hrn", help="delegate cred. for slice HRN") + parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[], + metavar='auth_hrn', help="delegate cred for auth HRN") + # this primarily is a shorthand for -a my_hrn^ + parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true', + help="delegate your PI credentials, so s.t. like -a your_hrn^") + parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False, + help="""by default the mandatory argument is expected to be a user, +use this if you mean an authority instead""") if command in ("version"): parser.add_option("-R","--registry-version", @@ -455,14 +529,20 @@ class Sfi: def print_help (self): + print "==================== Generic sfi usage" self.sfi_parser.print_help() + print "==================== Specific command usage" self.command_parser.print_help() # # Main: parse arguments and dispatch to command # def dispatch(self, command, command_options, command_args): - return getattr(self, command)(command_options, command_args) + method=getattr(self, command,None) + if not method: + print "Unknown command %s"%command + return + return method(command_options, command_args) def main(self): self.sfi_parser = self.create_parser() @@ -479,37 +559,59 @@ class Sfi: self.print_command_help(options) return -1 - command = args[0] + # complete / find unique match with command set + command_candidates = Candidates (self.available_names) + input = args[0] + command = command_candidates.only_match(input) + if not command: + self.print_command_help(options) + sys.exit(1) + # second pass options parsing self.command_parser = self.create_command_parser(command) (command_options, command_args) = self.command_parser.parse_args(args[1:]) self.command_options = command_options self.read_config () self.bootstrap () - self.logger.info("Command=%s" % command) + self.logger.debug("Command=%s" % command) try: self.dispatch(command, command_options, command_args) - except KeyError: - self.logger.critical ("Unknown command %s"%command) - raise + except: + self.logger.log_exc ("sfi command %s failed"%command) sys.exit(1) - + return #################### def read_config(self): config_file = os.path.join(self.options.sfi_dir,"sfi_config") + shell_config_file = os.path.join(self.options.sfi_dir,"sfi_config.sh") try: - config = Config (config_file) + if Config.is_ini(config_file): + config = Config (config_file) + else: + # try upgrading from shell config format + fp, fn = mkstemp(suffix='sfi_config', text=True) + config = Config(fn) + # we need to preload the sections we want parsed + # from the shell config + config.add_section('sfi') + config.add_section('sface') + config.load(config_file) + # back up old config + shutil.move(config_file, shell_config_file) + # write new config + config.save(config_file) + except: - self.logger.critical("Failed to read configuration file %s"%config_file) - self.logger.info("Make sure to remove the export clauses and to add quotes") - if self.options.verbose==0: - self.logger.info("Re-run with -v for more details") - else: - self.logger.log_exc("Could not read config file %s"%config_file) - sys.exit(1) + self.logger.critical("Failed to read configuration file %s"%config_file) + self.logger.info("Make sure to remove the export clauses and to add quotes") + if self.options.verbose==0: + self.logger.info("Re-run with -v for more details") + else: + self.logger.log_exc("Could not read config file %s"%config_file) + sys.exit(1) errors = 0 # Set SliceMgr URL @@ -527,7 +629,7 @@ class Sfi: elif hasattr(config, "SFI_REGISTRY"): self.reg_url = config.SFI_REGISTRY else: - self.logger.errors("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file) + self.logger.error("You need to set e.g. SFI_REGISTRY='http://your.registry.url:12345/' in %s" % config_file) errors += 1 # Set user HRN @@ -536,7 +638,7 @@ class Sfi: elif hasattr(config, "SFI_USER"): self.user = config.SFI_USER else: - self.logger.errors("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file) + self.logger.error("You need to set e.g. SFI_USER='plc.princeton.username' in %s" % config_file) errors += 1 # Set authority HRN @@ -578,7 +680,8 @@ class Sfi: # init self-signed cert, user credentials and gid def bootstrap (self): - client_bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir) + client_bootstrap = SfaClientBootstrap (self.user, self.reg_url, self.options.sfi_dir, + logger=self.logger) # if -k is provided, use this to initialize private key if self.options.user_private_key: client_bootstrap.init_private_key_if_missing (self.options.user_private_key) @@ -588,7 +691,7 @@ class Sfi: if not os.path.isfile(client_bootstrap.private_key_filename()): self.logger.info ("private key not found, trying legacy name") try: - legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%get_leaf(self.user)) + legacy_private_key = os.path.join (self.options.sfi_dir, "%s.pkey"%Xrn.unescape(get_leaf(self.user))) self.logger.debug("legacy_private_key=%s"%legacy_private_key) client_bootstrap.init_private_key_if_missing (legacy_private_key) self.logger.info("Copied private key from legacy location %s"%legacy_private_key) @@ -611,30 +714,12 @@ class Sfi: sys.exit(-1) return self.client_bootstrap.authority_credential_string (self.authority) + def authority_credential_string(self, auth_hrn): + return self.client_bootstrap.authority_credential_string (auth_hrn) + def slice_credential_string(self, name): return self.client_bootstrap.slice_credential_string (name) - # xxx should be supported by sfaclientbootstrap as well - def delegate_cred(self, object_cred, hrn, type='authority'): - # the gid and hrn of the object we are delegating - if isinstance(object_cred, str): - object_cred = Credential(string=object_cred) - object_gid = object_cred.get_gid_object() - object_hrn = object_gid.get_hrn() - - if not object_cred.get_privileges().get_all_delegate(): - self.logger.error("Object credential %s does not have delegate bit set"%object_hrn) - return - - # the delegating user's gid - caller_gidfile = self.my_gid() - - # the gid of the user who will be delegated to - delegee_gid = self.client_bootstrap.gid(hrn,type) - delegee_hrn = delegee_gid.get_hrn() - dcred = object_cred.delegate(delegee_gid, self.private_key, caller_gidfile) - return dcred.save_to_string(save_parents=True) - # # Management of the servers # @@ -799,16 +884,17 @@ or version information about sfi itself if options.recursive: opts['recursive'] = options.recursive + if options.show_credential: + show_credentials(self.my_credential_string) try: list = self.registry().List(hrn, self.my_credential_string, options) except IndexError: raise Exception, "Not enough parameters for the 'list' command" # filter on person, slice, site, node, etc. - # THis really should be in the self.filter_records funct def comment... + # This really should be in the self.filter_records funct def comment... list = filter_records(options.type, list) - for record in list: - print "%s (%s)" % (record['hrn'], record['type']) + terminal_render (list, options) if options.file: save_records_to_file(options.file, list, options.fileformat) return @@ -821,10 +907,21 @@ or version information about sfi itself self.print_help() sys.exit(1) hrn = args[0] - record_dicts = self.registry().Resolve(hrn, self.my_credential_string) + # explicitly require Resolve to run in details mode + record_dicts = self.registry().Resolve(hrn, self.my_credential_string, {'details':True}) record_dicts = filter_records(options.type, record_dicts) if not record_dicts: self.logger.error("No record of type %s"% options.type) + return + # user has required to focus on some keys + if options.keys: + def project (record): + projected={} + for key in options.keys: + try: projected[key]=record[key] + except: pass + return projected + record_dicts = [ project (record) for record in record_dicts ] records = [ Record(dict=record_dict) for record_dict in record_dicts ] for record in records: if (options.format == "text"): record.dump(sort=True) @@ -834,8 +931,10 @@ or version information about sfi itself return def add(self, options, args): - "add record into registry from xml file (Register)" + "add record into registry by using the command options (Recommended) or from xml file (Register)" auth_cred = self.my_authority_credential_string() + if options.show_credential: + show_credentials(auth_cred) record_dict = {} if len(args) > 0: record_filepath = args[0] @@ -857,7 +956,7 @@ or version information about sfi itself return self.registry().Register(record_dict, auth_cred) def update(self, options, args): - "update record into registry from xml file (Update)" + "update record into registry by using the command options (Recommended) or from xml file (Update)" record_dict = {} if len(args) > 0: record_filepath = args[0] @@ -893,6 +992,8 @@ or version information about sfi itself cred = self.my_authority_credential_string() else: raise "unknown record type" + record_dict['type'] + if options.show_credential: + show_credentials(cred) return self.registry().Update(record_dict, cred) def remove(self, options, args): @@ -905,6 +1006,8 @@ or version information about sfi itself type = options.type if type in ['all']: type = '*' + if options.show_credential: + show_credentials(auth_cred) return self.registry().Remove(hrn, auth_cred, type) # ================================================================== @@ -916,12 +1019,11 @@ or version information about sfi itself server = self.sliceapi() # creds creds = [self.my_credential_string] - if options.delegate: - delegated_cred = self.delegate_cred(self.my_credential_string, get_authority(self.authority)) - creds.append(delegated_cred) # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() + if options.show_credential: + show_credentials(creds) result = server.ListSlices(creds, *self.ois(server,api_options)) value = ReturnValue.get_value(result) if self.options.raw: @@ -941,11 +1043,13 @@ or with an slice hrn, shows currently provisioned resources # set creds creds = [] if args: - creds.append(self.slice_credential_string(args[0])) + the_credential=self.slice_credential_string(args[0]) + creds.append(the_credential) else: - creds.append(self.my_credential_string) - if options.delegate: - creds.append(self.delegate_cred(cred, get_authority(self.authority))) + the_credential=self.my_credential_string + creds.append(the_credential) + if options.show_credential: + show_credentials(creds) # no need to check if server accepts the options argument since the options has # been a required argument since v1 API @@ -1000,6 +1104,7 @@ or with an slice hrn, shows currently provisioned resources # credentials creds = [self.slice_credential_string(slice_hrn)] + delegated_cred = None server_version = self.get_cached_server_version(server) if server_version.get('interface') == 'slicemgr': @@ -1011,6 +1116,9 @@ or with an slice hrn, shows currently provisioned resources #elif server_version.get('urn'): # delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn'])) + if options.show_credential: + show_credentials(creds) + # rspec rspec_file = self.get_rspec_file(args[1]) rspec = open(rspec_file).read() @@ -1022,10 +1130,14 @@ or with an slice hrn, shows currently provisioned resources # keys: [, ] # }] users = [] + # xxx Thierry 2012 sept. 21 + # contrary to what I was first thinking, calling Resolve with details=False does not yet work properly here + # I am turning details=True on again on a - hopefully - temporary basis, just to get this whole thing to work again slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string]) - if slice_records and 'researcher' in slice_records[0] and slice_records[0]['researcher']!=[]: + # slice_records = self.registry().Resolve(slice_urn, [self.my_credential_string], {'details':True}) + if slice_records and 'reg-researchers' in slice_records[0] and slice_records[0]['reg-researchers']: slice_record = slice_records[0] - user_hrns = slice_record['researcher'] + user_hrns = slice_record['reg-researchers'] user_urns = [hrn_to_urn(hrn, 'user') for hrn in user_hrns] user_records = self.registry().Resolve(user_urns, [self.my_credential_string]) @@ -1069,13 +1181,12 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) # options and call_id when supported api_options = {} api_options ['call_id'] = unique_call_id() + if options.show_credential: + show_credentials(creds) result = server.DeleteSliver(slice_urn, creds, *self.ois(server, api_options ) ) value = ReturnValue.get_value(result) if self.options.raw: @@ -1097,13 +1208,12 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() + if options.show_credential: + show_credentials(creds) result = server.SliverStatus(slice_urn, creds, *self.ois(server,api_options)) value = ReturnValue.get_value(result) if self.options.raw: @@ -1124,9 +1234,6 @@ or with an slice hrn, shows currently provisioned resources # cred slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) # xxx Thierry - does this not need an api_options as well ? result = server.Start(slice_urn, creds) value = ReturnValue.get_value(result) @@ -1147,9 +1254,6 @@ or with an slice hrn, shows currently provisioned resources # cred slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) result = server.Stop(slice_urn, creds) value = ReturnValue.get_value(result) if self.options.raw: @@ -1170,9 +1274,6 @@ or with an slice hrn, shows currently provisioned resources # cred slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) result = server.reset_slice(creds, slice_urn) value = ReturnValue.get_value(result) if self.options.raw: @@ -1186,21 +1287,22 @@ or with an slice hrn, shows currently provisioned resources renew slice (RenewSliver) """ server = self.sliceapi() + if len(args) != 2: + self.print_help() + sys.exit(1) + [ slice_hrn, input_time ] = args # slice urn - slice_hrn = args[0] slice_urn = hrn_to_urn(slice_hrn, 'slice') + # time: don't try to be smart on the time format, server-side will # creds slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) - # time - time = args[1] # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() - result = server.RenewSliver(slice_urn, creds, time, *self.ois(server,api_options)) + if options.show_credential: + show_credentials(creds) + result = server.RenewSliver(slice_urn, creds, input_time, *self.ois(server,api_options)) value = ReturnValue.get_value(result) if self.options.raw: save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) @@ -1220,9 +1322,6 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) result = server.Shutdown(slice_urn, creds) value = ReturnValue.get_value(result) if self.options.raw: @@ -1243,9 +1342,6 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) # rspec rspec_file = self.get_rspec_file(rspec_path) rspec = open(rspec_file).read() @@ -1301,7 +1397,7 @@ or with an slice hrn, shows currently provisioned resources self.logger.log_exc(e.message) return - def create_gid(self, options, args): + def gid(self, options, args): """ Create a GID (CreateGid) """ @@ -1309,7 +1405,8 @@ or with an slice hrn, shows currently provisioned resources self.print_help() sys.exit(1) target_hrn = args[0] - gid = self.registry().CreateGid(self.my_credential_string, target_hrn, self.client_bootstrap.my_gid_string()) + my_gid_string = open(self.client_bootstrap.my_gid()).read() + gid = self.registry().CreateGid(self.my_credential_string, target_hrn, my_gid_string) if options.file: filename = options.file else: @@ -1318,33 +1415,53 @@ or with an slice hrn, shows currently provisioned resources GID(string=gid).save_to_file(filename) - def delegate(self, options, args): + def delegate (self, options, args): """ (locally) create delegate credential for use by given hrn """ - delegee_hrn = args[0] - if options.delegate_user: - cred = self.delegate_cred(self.my_credential_string, delegee_hrn, 'user') - elif options.delegate_slice: - slice_cred = self.slice_credential_string(options.delegate_slice) - cred = self.delegate_cred(slice_cred, delegee_hrn, 'slice') - else: - self.logger.warning("Must specify either --user or --slice ") - return - delegated_cred = Credential(string=cred) - object_hrn = delegated_cred.get_gid_object().get_hrn() + if len(args) != 1: + self.print_help() + sys.exit(1) + to_hrn = args[0] + # support for several delegations in the same call + # so first we gather the things to do + tuples=[] + for slice_hrn in options.delegate_slices: + message="%s.slice"%slice_hrn + original = self.slice_credential_string(slice_hrn) + tuples.append ( (message, original,) ) + if options.delegate_pi: + my_authority=self.authority + message="%s.pi"%my_authority + original = self.my_authority_credential_string() + tuples.append ( (message, original,) ) + for auth_hrn in options.delegate_auths: + message="%s.auth"%auth_hrn + original=self.authority_credential_string(auth_hrn) + tuples.append ( (message, original, ) ) + # if nothing was specified at all at this point, let's assume -u + if not tuples: options.delegate_user=True + # this user cred if options.delegate_user: - dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_" - + get_leaf(object_hrn) + ".cred") - elif options.delegate_slice: - dest_fn = os.path.join(self.options.sfi_dir, get_leaf(delegee_hrn) + "_slice_" - + get_leaf(object_hrn) + ".cred") - - delegated_cred.save_to_file(dest_fn, save_parents=True) - - self.logger.info("delegated credential for %s to %s and wrote to %s"%(object_hrn, delegee_hrn,dest_fn)) + message="%s.user"%self.user + original = self.my_credential_string + tuples.append ( (message, original, ) ) + + # default type for beneficial is user unless -A + if options.delegate_to_authority: to_type='authority' + else: to_type='user' + + # let's now handle all this + # it's all in the filenaming scheme + for (message,original) in tuples: + delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type) + delegated_credential = Credential (string=delegated_string) + filename = os.path.join ( self.options.sfi_dir, + "%s_for_%s.%s.cred"%(message,to_hrn,to_type)) + delegated_credential.save_to_file(filename, save_parents=True) + self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename)) - def get_trusted_certs(self, options, args): + def trusted(self, options, args): """ return uhe trusted certs at this interface (get_trusted_certs) """ @@ -1353,7 +1470,7 @@ or with an slice hrn, shows currently provisioned resources gid = GID(string=trusted_cert) gid.dump() cert = Certificate(string=trusted_cert) - self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject()) + self.logger.debug('Sfi.trusted -> %r'%cert.get_subject()) return def config (self, options, args):