X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_ticket.py;h=188029dbff9f87a10b42387351f8df8d478f45b4;hb=a131427de305f91194e84b6c0b7e99bc529766c7;hp=2bf0959ce6fe5893dd7b191d7940183fe0dfd26d;hpb=0617bf203bd582103e7f45633cd320b1f80d1fb0;p=sfa.git diff --git a/sfa/methods/get_ticket.py b/sfa/methods/get_ticket.py index 2bf0959c..188029db 100644 --- a/sfa/methods/get_ticket.py +++ b/sfa/methods/get_ticket.py @@ -1,11 +1,17 @@ ### $Id$ ### $URL$ - +import time from sfa.util.faults import * from sfa.util.method import Method from sfa.util.parameter import Parameter, Mixed from sfa.trust.auth import Auth +from sfa.util.config import Config +from sfa.trust.credential import Credential +from sfa.util.genitable import GeniTable from sfa.util.sfaticket import SfaTicket +from sfa.plc.slices import Slices +from sfatables.runtime import SFATablesRules +from sfa.util.rspec import * class get_ticket(Method): """ @@ -24,7 +30,7 @@ class get_ticket(Method): @return the string representation of a ticket object """ - interfaces = ['registry'] + interfaces = ['aggregate', 'slicemgr'] accepts = [ Parameter(str, "Credential string"), @@ -40,37 +46,37 @@ class get_ticket(Method): self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash) self.api.auth.check(cred, "getticket") self.api.auth.verify_object_belongs_to_me(hrn) - self.api.auth.verify_object_permission(name) - - # XXX much of this code looks like get_credential... are they so similar - # that they should be combined? - - auth_hrn = self.api.auth.get_authority(hrn) - if not auth_hrn: - auth_hrn = hrn - auth_info = self.api.auth.get_auth_info(auth_hrn) - record = None - table = self.api.auth.get_auth_table(auth_hrn) - record = table.resolve('slice', hrn) - - object_gid = record.get_gid_object() - new_ticket = SfaTicket(subject = object_gid.get_subject()) - new_ticket.set_gid_caller(self.client_gid) - new_ticket.set_gid_object(object_gid) - new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - new_ticket.set_pubkey(object_gid.get_pubkey()) - - self.api.fill_record_info(record) + self.api.auth.verify_object_permission(hrn) + + # set the right outgoing rules + manager_base = 'sfa.managers' + if self.api.interface in ['aggregate']: + outgoing_rules = SFATablesRules('OUTGOING') + mgr_type = self.api.config.SFA_AGGREGATE_TYPE + manager_module = manager_base + ".aggregate_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + elif self.api.interface in ['slicemgr']: + outgoing_rules = SFATablesRules('FORWARD-OUTGOING') + mgr_type = self.api.config.SFA_SM_TYPE + manager_module = manager_base + ".slice_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) - (attributes, rspec) = self.api.record_to_slice_info(record) - - new_ticket.set_attributes(attributes) - new_ticket.set_rspec(rspec) - - new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn)) - - new_ticket.encode() - new_ticket.sign() - - return new_ticket.save_to_string(save_parents=True) + # Filter the incoming rspec using sfatables + incoming_rules = SFATablesRules('INCOMING') + #incoming_rules.set_slice(hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target + contexts = incoming_rules.contexts + caller_hrn = Credential(string=cred).get_gid_caller().get_hrn() + request_context = manager.fetch_context(hrn, caller_hrn, contexts) + incoming_rules.set_context(request_context) + rspec = incoming_rules.apply(rspec) + # remove nodes that are not available at this interface from the rspec + valid_rspec = RSpec(xml=manager.get_rspec(self.api)) + valid_nodes = valid_rspec.getDictsByTagName('NodeSpec') + vaild_hostnames = [node['name'] for node in valid_nodes] + rspec_object = RSpec(xml=rspec) + rspec_object.filter(tagname='NodeSpec', attribute='name', whitelist=valid_hostnames) + rspec = rspec_object.toxml() + ticket = manager.get_ticket(self.api, hrn, rspec) + + return ticket