X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmanagers%2Fregistry_manager_pl.py;h=31496c2b74f60366ce6cecc7a5474c6a29cfba05;hb=dbce495b6f2e7d8dccbfb18c5507907d784c143b;hp=fbf12400df4710e5e14fdc3a1ce224e12372c099;hpb=a6d49c4970315c0ea7f68eacccd12d0cd13a9d79;p=sfa.git diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py index fbf12400..31496c2b 100644 --- a/sfa/managers/registry_manager_pl.py +++ b/sfa/managers/registry_manager_pl.py @@ -1,15 +1,21 @@ import types import time -from sfa.server.registry import Registries from sfa.util.prefixTree import prefixTree from sfa.util.record import SfaRecord from sfa.util.table import SfaTable from sfa.util.record import SfaRecord from sfa.trust.gid import GID -from sfa.util.namespace import * +from sfa.util.namespace import get_leaf, get_authority, hrn_to_urn, hrn_to_pl_login_base, urn_to_hrn from sfa.trust.credential import * from sfa.trust.certificate import * from sfa.util.faults import * +from sfa.trust.gid import create_uuid + +def get_version(api): + version = {} + version['geni_api'] = 1 + version['sfa'] = 1 + return version def get_credential(api, xrn, type, is_self=False): # convert xrn to hrn @@ -17,6 +23,7 @@ def get_credential(api, xrn, type, is_self=False): hrn = urn_to_hrn(xrn)[0] else: hrn, type = urn_to_hrn(xrn) + # Is this a root or sub authority auth_hrn = api.auth.get_authority(hrn) if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN: @@ -32,6 +39,9 @@ def get_credential(api, xrn, type, is_self=False): # verify_cancreate_credential requires that the member lists # (researchers, pis, etc) be filled in api.fill_record_info(record) + if record['type']=='user': + if not record['enabled']: + raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email'])) # get the callers gid # if this is a self cred the record's gid is the caller's gid @@ -52,18 +62,26 @@ def get_credential(api, xrn, type, is_self=False): new_cred = Credential(subject = object_gid.get_subject()) new_cred.set_gid_caller(caller_gid) new_cred.set_gid_object(object_gid) - new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - new_cred.set_pubkey(object_gid.get_pubkey()) + new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename()) + #new_cred.set_pubkey(object_gid.get_pubkey()) new_cred.set_privileges(rights) - new_cred.set_delegate(True) + new_cred.get_privileges().delegate_all_privileges(True) auth_kind = "authority,ma,sa" - new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind)) + # Parent not necessary, verify with certs + #new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind)) new_cred.encode() new_cred.sign() return new_cred.save_to_string(save_parents=True) -def resolve(api, xrns, type=None, origin_hrn=None): + +# The GENI GetVersion call +def GetVersion(): + version = {} + version['geni_api'] = 1 + return version + +def resolve(api, xrns, type=None, full=True): # load all know registry names into a prefix tree and attempt to find # the longest matching prefix @@ -73,7 +91,7 @@ def resolve(api, xrns, type=None, origin_hrn=None): # create a dict whre key is an registry hrn and its value is a # hrns at that registry (determined by the known prefix tree). xrn_dict = {} - registries = Registries(api) + registries = api.registries tree = prefixTree() registry_hrns = registries.keys() tree.load(registry_hrns) @@ -95,7 +113,7 @@ def resolve(api, xrns, type=None, origin_hrn=None): xrns = xrn_dict[registry_hrn] if registry_hrn != api.hrn: credential = api.getCredential() - peer_records = registries[registry_hrn].resolve(credential, xrns, origin_hrn) + peer_records = registries[registry_hrn].Resolve(xrns, credential) records.extend([SfaRecord(dict=record).as_dict() for record in peer_records]) # try resolving the remaining unfound records at the local registry @@ -104,16 +122,11 @@ def resolve(api, xrns, type=None, origin_hrn=None): remaining_hrns = [hrn for hrn in remaining_hrns] table = SfaTable() local_records = table.findObjects({'hrn': remaining_hrns}) - for record in local_records: - try: - api.fill_record_info(record) - records.append(dict(record)) - except PlanetLabRecordDoesNotExist: - # silently drop the ones that are missing in PL - print >> log, "ignoring SFA record ", record['hrn'], \ - " because pl record does not exist" - table.remove(record) - + if full: + api.fill_record_info(local_records) + + # convert local record objects to dicts + records.extend([dict(record) for record in local_records]) if not records: raise RecordNotFound(str(hrns)) @@ -122,17 +135,17 @@ def resolve(api, xrns, type=None, origin_hrn=None): return records -def list(api, xrn): +def list(api, xrn, origin_hrn=None): hrn, type = urn_to_hrn(xrn) # load all know registry names into a prefix tree and attempt to find # the longest matching prefix records = [] - registries = Registries(api) + registries = api.registries registry_hrns = registries.keys() tree = prefixTree() tree.load(registry_hrns) registry_hrn = tree.best_match(hrn) - + #if there was no match then this record belongs to an unknow registry if not registry_hrn: raise MissingAuthority(xrn) @@ -159,7 +172,7 @@ def list(api, xrn): def register(api, record): hrn, type = record['hrn'], record['type'] - + urn = hrn_to_urn(hrn,type) # validate the type if type not in ['authority', 'slice', 'node', 'user']: raise UnknownSfaType(type) @@ -188,7 +201,7 @@ def register(api, record): pub_key = record['key'] pkey = convert_public_key(pub_key) - gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey) + gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey) gid = gid_object.save_to_string(save_parents=True) record['gid'] = gid record.set_gid(gid) @@ -196,7 +209,7 @@ def register(api, record): if type in ["authority"]: # update the tree if not api.auth.hierarchy.auth_exists(hrn): - api.auth.hierarchy.create_auth(hrn) + api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority')) # get the GID from the newly created authority gid = auth_info.get_gid_object() @@ -269,6 +282,7 @@ def update(api, record_dict): new_record = SfaRecord(dict = record_dict) type = new_record['type'] hrn = new_record['hrn'] + urn = hrn_to_urn(hrn,type) api.auth.verify_object_permission(hrn) table = SfaTable() # make sure the record exists @@ -333,7 +347,7 @@ def update(api, record_dict): # update the openssl key and gid pkey = convert_public_key(new_key) uuid = create_uuid() - gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey) + gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey) gid = gid_object.save_to_string(save_parents=True) record['gid'] = gid record = SfaRecord(dict=record) @@ -359,7 +373,7 @@ def remove(api, xrn, type, origin_hrn=None): table = SfaTable() filter = {'hrn': hrn} - if type not in ['all', '*']: + if type and type not in ['all', '*']: filter['type'] = type records = table.find(filter) if not records: @@ -368,7 +382,7 @@ def remove(api, xrn, type, origin_hrn=None): type = record['type'] credential = api.getCredential() - registries = Registries(api) + registries = api.registries # Try to remove the object from the PLCDB of federated agg. # This is attempted before removing the object from the local agg's PLCDB and sfa table