X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_resources.py;h=4c7e466b159b751f317a2a1fb155fd5dc6ca8b15;hb=6f8fbddbe8ba6a0b6304655d80df53ab813d9001;hp=9b52ba7204f1d0d44a8026ebd99a37f53707ea1c;hpb=76c2b016659f66f7e4bec1e3c064a5f16f088473;p=sfa.git diff --git a/sfa/methods/get_resources.py b/sfa/methods/get_resources.py index 9b52ba72..4c7e466b 100644 --- a/sfa/methods/get_resources.py +++ b/sfa/methods/get_resources.py @@ -27,24 +27,35 @@ class get_resources(Method): accepts = [ Parameter(str, "Credential string"), Mixed(Parameter(str, "Human readable name (hrn)"), - Parameter(None, "hrn not specified")) + Parameter(None, "hrn not specified")), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")), + Parameter(str, "Callers credential string") ] returns = Parameter(str, "String representatin of an rspec") - def call(self, cred, hrn=None, caller_cred=None): + def call(self, cred, hrn=None, request_hash = None, caller_cred=None): sfa_aggregate_type = Config().get_aggregate_rspec_type() + # This cred will be an authority cred, not a user, so we cant use it to + # authenticate the caller's request_hash. Let just get the caller's gid + # from the cred and authenticate using that + client_gid = Credential(string=cred).get_gid_caller() + client_gid_str = client_gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(client_gid_str, [cred,hrn], request_hash) self.api.auth.check(cred, 'listnodes') - if caller_cred==None: - caller_cred=cred + if caller_cred==None: + caller_cred=cred #log the call - self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name)) + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name)) # This code needs to be cleaned up so that 'pl' is treated as just another RSpec manager. # The change ought to be straightforward as soon as we define PL's new RSpec. + rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type, + fromlist = ["sfa.rspecs.aggregates"]) if (sfa_aggregate_type == 'pl'): nodes = Nodes(self.api, caller_cred=caller_cred) if hrn: @@ -53,14 +64,17 @@ class get_resources(Method): nodes.refresh() rspec = nodes['rspec'] else: - rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type, fromlist = ["sfa.rspecs.aggregates"]) rspec = rspec_manager.get_rspec(self.api, hrn) - + # Filter the outgoing rspec using sfatables outgoing_rules = SFATablesRules('OUTGOING') - - outgoing_rules.set_user(caller_cred.callerGID.hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target - - filtered_rspec = outgoing_rules.apply(rspec) - - return filtered_rspec + if outgoing_rules.sorted_rule_list: + request_context = rspec_manager.fetch_context( + hrn, + Credential(string=caller_cred).get_gid_caller().get_hrn(), + outgoing_rules.contexts) + outgoing_rules.set_context(request_context) + filtered_rspec = outgoing_rules.apply(rspec) + return filtered_rspec + else: + return rspec