X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfi.py;h=8f9682f7614ecd99df61e9e305b3fb074d80fef6;hb=f2282434e40e06365e0fdd3f9bc273a793f41235;hp=e9e5dd106ffa290231c771128772fc1bad9b9b1d;hpb=b80c9c29deeccc27eb264e810021c1d92b6339bc;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index e9e5dd10..8f9682f7 100644 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -328,8 +328,8 @@ class Sfi: ("version", ""), ("list", "authority"), ("show", "name"), - ("add", "record"), - ("update", "record"), + ("add", "[record]"), + ("update", "[record]"), ("remove", "name"), ("slices", ""), ("resources", "[slice_hrn]"), @@ -343,7 +343,7 @@ class Sfi: ("shutdown", "slice_hrn"), ("get_ticket", "slice_hrn rspec"), ("redeem_ticket", "ticket"), - ("delegate", "name"), + ("delegate", "to_hrn"), ("gid", "[name]"), ("trusted", "cred"), ("config", ""), @@ -408,14 +408,6 @@ class Sfi: action="callback", callback=optparse_dictvalue_callback, nargs=1, help="set extra/testbed-dependent flags, e.g. --extra enabled=true") - # user specifies remote aggregate/sm/component - if command in ("resources", "slices", "create", "delete", "start", "stop", - "restart", "shutdown", "get_ticket", "renew", "status"): - parser.add_option("-d", "--delegate", dest="delegate", default=None, - action="store_true", - help="Include a credential delegated to the user's root "+\ - "authority in set of credentials for this call") - # show_credential option if command in ("list","resources","create","add","update","remove","slices","delete","status","renew"): parser.add_option("-C","--credential",dest='show_credential',action='store_true',default=False, @@ -470,12 +462,17 @@ class Sfi: help="gives details, like user keys", default=False) if command in ("delegate"): parser.add_option("-u", "--user", - action="store_true", dest="delegate_user", default=False, - help="delegate your own credentials") - parser.add_option("-s", "--slice", dest="delegate_slice", - help="delegate slice credential", metavar="HRN", default=None) - parser.add_option("-a", "--authority", dest='delegate_to_authority', default=None, action='store_true', - help="""by default the only argument is expected to be a user, + action="store_true", dest="delegate_user", default=False, + help="delegate your own credentials; default if no other option is provided") + parser.add_option("-s", "--slice", dest="delegate_slices",action='append',default=[], + metavar="slice_hrn", help="delegate cred. for slice HRN") + parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[], + metavar='auth_hrn', help="delegate cred for auth HRN") + # this primarily is a shorthand for -a my_hrn^ + parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true', + help="delegate your PI credentials, so s.t. like -a your_hrn^") + parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False, + help="""by default the mandatory argument is expected to be a user, use this if you mean an authority instead""") if command in ("version"): @@ -717,6 +714,9 @@ use this if you mean an authority instead""") sys.exit(-1) return self.client_bootstrap.authority_credential_string (self.authority) + def authority_credential_string(self, auth_hrn): + return self.client_bootstrap.authority_credential_string (auth_hrn) + def slice_credential_string(self, name): return self.client_bootstrap.slice_credential_string (name) @@ -822,12 +822,6 @@ use this if you mean an authority instead""") else: return [] - #################### dealing with delegated credentials - # most commands have a -d option that means 'delegate to my own authority' - # if is unclear if that is useful at all, but just in case.. - def delegate_to_my_authority (original): - return self.client_bootstrap.delegate_credential_string (original, self.authority, 'authority') - ######################################## miscell utilities def get_rspec_file(self, rspec): if (os.path.isabs(rspec)): @@ -937,7 +931,7 @@ or version information about sfi itself return def add(self, options, args): - "add record into registry from xml file (Register)" + "add record into registry by using the command options (Recommended) or from xml file (Register)" auth_cred = self.my_authority_credential_string() if options.show_credential: show_credentials(auth_cred) @@ -962,7 +956,7 @@ or version information about sfi itself return self.registry().Register(record_dict, auth_cred) def update(self, options, args): - "update record into registry from xml file (Update)" + "update record into registry by using the command options (Recommended) or from xml file (Update)" record_dict = {} if len(args) > 0: record_filepath = args[0] @@ -1025,8 +1019,6 @@ or version information about sfi itself server = self.sliceapi() # creds creds = [self.my_credential_string] - if options.delegate: - creds.append ( self.delegate_to_my_authority(self.my_credential_string) ) # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() @@ -1056,8 +1048,6 @@ or with an slice hrn, shows currently provisioned resources else: the_credential=self.my_credential_string creds.append(the_credential) - if options.delegate: - creds.append(self.delegate_to_my_authority(the_credential)) if options.show_credential: show_credentials(creds) @@ -1191,8 +1181,6 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - creds.append (self.delegate_to_my_authority (slice_cred)) # options and call_id when supported api_options = {} @@ -1220,8 +1208,6 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - creds.append (self.delegate_to_my_authority (slice_cred)) # options and call_id when supported api_options = {} @@ -1248,8 +1234,6 @@ or with an slice hrn, shows currently provisioned resources # cred slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - creds.append (self.delegate_to_my_authority (slice_cred)) # xxx Thierry - does this not need an api_options as well ? result = server.Start(slice_urn, creds) value = ReturnValue.get_value(result) @@ -1270,8 +1254,6 @@ or with an slice hrn, shows currently provisioned resources # cred slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - creds.append (self.delegate_to_my_authority (slice_cred)) result = server.Stop(slice_urn, creds) value = ReturnValue.get_value(result) if self.options.raw: @@ -1292,8 +1274,6 @@ or with an slice hrn, shows currently provisioned resources # cred slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - creds.append (self.delegate_to_my_authority (slice_cred)) result = server.reset_slice(creds, slice_urn) value = ReturnValue.get_value(result) if self.options.raw: @@ -1317,8 +1297,6 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] - if options.delegate: - creds.append (self.delegate_to_my_authority (slice_cred)) # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() @@ -1344,8 +1322,6 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - creds.append (self.delegate_to_my_authority (slice_cred)) result = server.Shutdown(slice_urn, creds) value = ReturnValue.get_value(result) if self.options.raw: @@ -1366,9 +1342,6 @@ or with an slice hrn, shows currently provisioned resources # creds slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] - if options.delegate: - delegated_cred = self.delegate_to_my_authority(slice_cred) - creds.append(delegated_cred) # rspec rspec_file = self.get_rspec_file(rspec_path) rspec = open(rspec_file).read() @@ -1432,7 +1405,8 @@ or with an slice hrn, shows currently provisioned resources self.print_help() sys.exit(1) target_hrn = args[0] - gid = self.registry().CreateGid(self.my_credential_string, target_hrn, self.client_bootstrap.my_gid_string()) + my_gid_string = open(self.client_bootstrap.my_gid()).read() + gid = self.registry().CreateGid(self.my_credential_string, target_hrn, my_gid_string) if options.file: filename = options.file else: @@ -1449,24 +1423,43 @@ or with an slice hrn, shows currently provisioned resources self.print_help() sys.exit(1) to_hrn = args[0] - print 'to_hrn',to_hrn - if options.delegate_to_authority: to_type='authority' - else: to_type='user' + # support for several delegations in the same call + # so first we gather the things to do + tuples=[] + for slice_hrn in options.delegate_slices: + message="%s.slice"%slice_hrn + original = self.slice_credential_string(slice_hrn) + tuples.append ( (message, original,) ) + if options.delegate_pi: + my_authority=self.authority + message="%s.pi"%my_authority + original = self.my_authority_credential_string() + tuples.append ( (message, original,) ) + for auth_hrn in options.delegate_auths: + message="%s.auth"%auth_hrn + original=self.authority_credential_string(auth_hrn) + tuples.append ( (message, original, ) ) + # if nothing was specified at all at this point, let's assume -u + if not tuples: options.delegate_user=True + # this user cred if options.delegate_user: message="%s.user"%self.user original = self.my_credential_string - elif options.delegate_slice: - message="%s.slice"%options.delegate_slice - original = self.slice_credential_string(options.delegate_slice) - else: - self.logger.warning("Must specify either --user or --slice ") - return - delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type) - delegated_credential = Credential (string=delegated_string) - filename = os.path.join ( self.options.sfi_dir, - "%s_for_%s.%s.cred"%(message,to_hrn,to_type)) - delegated_credential.save_to_file(filename, save_parents=True) - self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename)) + tuples.append ( (message, original, ) ) + + # default type for beneficial is user unless -A + if options.delegate_to_authority: to_type='authority' + else: to_type='user' + + # let's now handle all this + # it's all in the filenaming scheme + for (message,original) in tuples: + delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type) + delegated_credential = Credential (string=delegated_string) + filename = os.path.join ( self.options.sfi_dir, + "%s_for_%s.%s.cred"%(message,to_hrn,to_type)) + delegated_credential.save_to_file(filename, save_parents=True) + self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename)) def trusted(self, options, args): """