X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmanagers%2Faggregate_manager_pl.py;h=ae4215a8cee4c06f2ab8cdfb7f9a434c901a2432;hb=eababa96fb603cdd552bc03091813544b099befd;hp=da5c3376e85e2bab18c9d177aeefcc96aa623673;hpb=5ff950d29277c37e531a17b37b13d8e0ac2e8f1e;p=sfa.git diff --git a/sfa/managers/aggregate_manager_pl.py b/sfa/managers/aggregate_manager_pl.py index da5c3376..ae4215a8 100644 --- a/sfa/managers/aggregate_manager_pl.py +++ b/sfa/managers/aggregate_manager_pl.py @@ -5,7 +5,7 @@ import datetime import time import traceback import sys - +import re from types import StringTypes from sfa.util.namespace import * from sfa.util.rspec import * @@ -15,7 +15,6 @@ from sfa.util.record import SfaRecord from sfa.util.policy import Policy from sfa.util.record import * from sfa.util.sfaticket import SfaTicket -from sfa.util.debug import log from sfa.plc.slices import Slices from sfa.trust.credential import Credential import sfa.plc.peers as peers @@ -23,41 +22,6 @@ from sfa.plc.network import * from sfa.plc.api import SfaAPI from sfa.plc.slices import * -""" -Create a new plauth object that the Aggregate Manager can use to execute -plshell commands as the authenticated user. -""" -def __get_user_plauth(api, registry, credential, creds, operation, hrn): - plauth = None - - user_creds = api.auth.checkCredentials(creds, operation, hrn) - user_cred_obj = Credential(string=user_creds[0]) - - # If user cred has a parent then the caller is the parent's cred. - # This is true for delegated creds. - if user_cred_obj.parent: - user_hrn = user_cred_obj.parent.get_gid_caller().get_hrn() - else: - user_hrn = user_cred_obj.get_gid_caller().get_hrn() - - user_record = registry.Resolve(user_hrn, [credential])[0] - email = user_record['email'] - - person = api.plshell.GetPersons(api.plauth, email) - if person: - person_id = person[0]['person_id'] - # Get the user's session if one exists, create one otherwise - session = api.plshell.GetSessions(api.plauth, {'person_id': person_id}) - if not session: - session = api.plshell.AddSession(api.plauth, person_id) - else: - session = session[0]['session_id'] - - # Create new authentication token - plauth = {'Username':email, 'AuthMethod':'session', 'session':session} - - return plauth - def __get_registry_objects(slice_xrn, creds, users): """ @@ -72,26 +36,31 @@ def __get_registry_objects(slice_xrn, creds, users): reg_objects = None if users: + # dont allow special characters in the site login base + #only_alphanumeric = re.compile('[^a-zA-Z0-9]+') + #login_base = only_alphanumeric.sub('', hrn_auth[:20]).lower() + slicename = hrn_to_pl_slicename(hrn) + login_base = slicename.split('_')[0] reg_objects = {} site = {} site['site_id'] = 0 - site['name'] = 'geni.%s' % hrn_auth[:20] + site['name'] = 'geni.%s' % login_base site['enabled'] = True site['max_slices'] = 100 # Note: # Is it okay if this login base is the same as one already at this myplc site? # Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps? - site['login_base'] = hrn_auth[:20] - site['abbreviated_name'] = hrn_auth[:20] + site['login_base'] = login_base + site['abbreviated_name'] = login_base site['max_slivers'] = 1000 reg_objects['site'] = site slice = {} slice['expires'] = int(time.mktime(Credential(string=creds[0]).get_lifetime().timetuple())) slice['hrn'] = hrn - slice['name'] = site['login_base'] + "_" + get_leaf(hrn) + slice['name'] = hrn_to_pl_slicename(hrn) slice['url'] = hrn slice['description'] = hrn slice['pointer'] = 0 @@ -132,6 +101,7 @@ def create_slice(api, slice_xrn, creds, rspec, users): Create the sliver[s] (slice) at this aggregate. Verify HRN and initialize the slice record in PLC if necessary. """ + reg_objects = __get_registry_objects(slice_xrn, creds, users) hrn, type = urn_to_hrn(slice_xrn) @@ -146,12 +116,8 @@ def create_slice(api, slice_xrn, creds, rspec, users): slice_record = slices.verify_slice(registry, credential, hrn, site_id, remote_site_id, peer, sfa_peer, reg_objects) - - user_plauth = __get_user_plauth(api, registry, credential, creds, - "createsliver", hrn) - - # The Network instance will use user_plauth to call the PLCAPI - network = Network(api, user_plauth) + + network = Network(api) slice = network.get_slice(api, hrn) slice.peer_id = slice_record['peer_slice_id'] @@ -170,8 +136,8 @@ def create_slice(api, slice_xrn, creds, rspec, users): if peer: api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice.id, peer) - api.plshell.AddSliceToNodes(user_plauth, slice.name, added_nodes) - api.plshell.DeleteSliceFromNodes(user_plauth, slice.name, deleted_nodes) + api.plshell.AddSliceToNodes(api.plauth, slice.name, added_nodes) + api.plshell.DeleteSliceFromNodes(api.plauth, slice.name, deleted_nodes) network.updateSliceTags() @@ -181,6 +147,7 @@ def create_slice(api, slice_xrn, creds, rspec, users): slice.peer_id) # print network.toxml() + return True @@ -276,13 +243,7 @@ def get_rspec(api, creds, options): if rspec: return rspec - registry = api.registries[api.hrn] - credential = api.getCredential() - user_plauth = __get_user_plauth(api, registry, credential, creds, - "listnodes", hrn) - - # The Network instance will use user_plauth to call the PLCAPI - network = Network(api, user_plauth) + network = Network(api) if (hrn): if network.get_slice(api, hrn): network.addSlice() @@ -292,7 +253,7 @@ def get_rspec(api, creds, options): # cache the result if api.cache and not xrn: api.cache.add('nodes', rspec) - + return rspec