X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmanagers%2Fregistry_manager_openstack.py;h=6340bbe7ad335230ec491eb106d2ff4abe88a36e;hb=223996f1ff5ff62ba56e5e578875f8f5f29e3b84;hp=fc01fd1602d290997fb9cfeb667a7cb19116b1ae;hpb=f1dfee8e2f2f71b96018a8528e6e7035d2592ed8;p=sfa.git

diff --git a/sfa/managers/registry_manager_openstack.py b/sfa/managers/registry_manager_openstack.py
index fc01fd16..6340bbe7 100644
--- a/sfa/managers/registry_manager_openstack.py
+++ b/sfa/managers/registry_manager_openstack.py
@@ -1,5 +1,4 @@
 import types
-import time 
 # for get_key_from_incoming_ip
 import tempfile
 import os
@@ -10,20 +9,22 @@ from sfa.util.faults import RecordNotFound, AccountNotEnabled, PermissionError,
 from sfa.util.sfatime import utcparse, datetime_to_epoch
 from sfa.util.prefixTree import prefixTree
 from sfa.util.xrn import Xrn, get_authority, hrn_to_urn, urn_to_hrn
-from sfa.util.plxrn import hrn_to_pl_login_base
 from sfa.util.version import version_core
 from sfa.util.sfalogging import logger
+
 from sfa.trust.gid import GID 
 from sfa.trust.credential import Credential
 from sfa.trust.certificate import Certificate, Keypair, convert_public_key
 from sfa.trust.gid import create_uuid
-from sfa.storage.record import SfaRecord
-from sfa.storage.table import SfaTable
-from sfa.managers import registry_manager
 
-class RegistryManager(registry_manager.RegistryManager):
+from sfa.storage.model import make_record,RegRecord
+from sfa.storage.alchemy import dbsession
+
+from sfa.managers.registry_manager import RegistryManager
 
-    def GetCredential(self, api, xrn, type, is_self=False):
+class RegistryManager(RegistryManager):
+
+    def GetCredential(self, api, xrn, type, caller_xrn = None):
         # convert xrn to hrn     
         if type:
             hrn = urn_to_hrn(xrn)[0]
@@ -34,36 +35,46 @@ class RegistryManager(registry_manager.RegistryManager):
         auth_hrn = api.auth.get_authority(hrn)
         if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
             auth_hrn = hrn
-        # get record info
         auth_info = api.auth.get_auth_info(auth_hrn)
-        table = SfaTable()
-        records = table.findObjects({'type': type, 'hrn': hrn})
-        if not records:
-            raise RecordNotFound(hrn)
-        record = records[0]
+        # get record info
+        filter = {'hrn': hrn}
+        if type:
+            filter['type'] = type
+        record=dbsession.query(RegRecord).filter_by(**filter).first()
+        if not record:
+            raise RecordNotFound("hrn=%s, type=%s"%(hrn,type))
     
         # verify_cancreate_credential requires that the member lists
         # (researchers, pis, etc) be filled in
-        self.driver.augment_records_with_testbed_info (record)
-        if not self.driver.is_enabled (record):
-              raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email']))
+        logger.debug("get credential before augment dict, keys=%s"%record.__dict__.keys())
+        self.driver.augment_records_with_testbed_info (record.__dict__)
+        logger.debug("get credential after augment dict, keys=%s"%record.__dict__.keys())
+        if not self.driver.is_enabled (record.__dict__):
+              raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record.email))
     
         # get the callers gid
-        # if this is a self cred the record's gid is the caller's gid
-        if is_self:
+        # if caller_xrn is not specified assume the caller is the record
+        # object itself.  
+        if not caller_xrn:
             caller_hrn = hrn
             caller_gid = record.get_gid_object()
         else:
-            caller_gid = api.auth.client_cred.get_gid_caller() 
-            caller_hrn = caller_gid.get_hrn()
+            caller_hrn, caller_type = urn_to_hrn(caller_xrn)
+            caller_filter = {'hrn': caller_hrn}
+            if caller_type:
+                caller_filter['type'] = caller_type 
+            caller_record = dbsession.query(RegRecord).filter_by(**caller_filter).first()
+            if not caller_record:
+                raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type))
+            caller_gid = GID(string=caller_record.gid) 
         
         object_hrn = record.get_gid_object().get_hrn()
-        rights = api.auth.determine_user_rights(caller_hrn, record)
+        rights = api.auth.determine_user_rights(caller_hrn, record.todict())
         # make sure caller has rights to this object
         if rights.is_empty():
-            raise PermissionError(caller_hrn + " has no rights to " + record['name'])
+            raise PermissionError(caller_hrn + " has no rights to " + record.hrn)
     
-        object_gid = GID(string=record['gid'])
+        object_gid = GID(string=record.gid)
         new_cred = Credential(subject = object_gid.get_subject())
         new_cred.set_gid_caller(caller_gid)
         new_cred.set_gid_object(object_gid)
@@ -71,8 +82,8 @@ class RegistryManager(registry_manager.RegistryManager):
         #new_cred.set_pubkey(object_gid.get_pubkey())
         new_cred.set_privileges(rights)
         new_cred.get_privileges().delegate_all_privileges(True)
-        if 'expires' in record:
-            date = utcparse(record['expires'])
+        if hasattr(record,'expires'):
+            date = utcparse(record.expires)
             expires = datetime_to_epoch(date)
             new_cred.set_expiration(int(expires))
         auth_kind = "authority,ma,sa"
@@ -87,21 +98,21 @@ class RegistryManager(registry_manager.RegistryManager):
     # subject_record describes the subject of the relationships
     # ref_record contains the target values for the various relationships we need to manage
     # (to begin with, this is just the slice x person relationship)
-    def update_relations (self, subject_record, ref_record):
-        type=subject_record['type']
+    def update_relations (self, subject_obj, ref_obj):
+        type=subject_obj.type
         if type=='slice':
-            self.update_relation(subject_record, 'researcher', ref_record.get('researcher'), 'user')
+            self.update_relation(subject_obj, 'researcher', ref_obj.researcher, 'user')
         
     # field_key is the name of one field in the record, typically 'researcher' for a 'slice' record
     # hrns is the list of hrns that should be linked to the subject from now on
     # target_type would be e.g. 'user' in the 'slice' x 'researcher' example
-    def update_relation (self, sfa_record, field_key, hrns, target_type):
+    def update_relation (self, record_obj, field_key, hrns, target_type):
         # locate the linked objects in our db
-        subject_type=sfa_record['type']
-        subject_id=sfa_record['pointer']
-        table = SfaTable()
-        link_sfa_records = table.find ({'type':target_type, 'hrn': hrns})
-        link_ids = [ rec.get('pointer') for rec in link_sfa_records ]
+        subject_type=record_obj.type
+        subject_id=record_obj.pointer
+        # get the 'pointer' field of all matching records
+        link_id_tuples = dbsession.query(RegRecord.pointer).filter_by(type=target_type).filter(RegRecord.hrn.in_(hrns)).all()
+        # sqlalchemy returns named tuples for columns
+        link_ids = [ tuple.pointer for tuple in link_id_tuples ]
         self.driver.update_relation (subject_type, target_type, subject_id, link_ids)
-