X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_ticket.py;h=188029dbff9f87a10b42387351f8df8d478f45b4;hb=a131427de305f91194e84b6c0b7e99bc529766c7;hp=f96fe81635e72dd31452ee5d262f5013c1522e10;hpb=c6165173f3a94ea8c20a3f432951deffcf86e580;p=sfa.git diff --git a/sfa/methods/get_ticket.py b/sfa/methods/get_ticket.py index f96fe816..188029db 100644 --- a/sfa/methods/get_ticket.py +++ b/sfa/methods/get_ticket.py @@ -11,6 +11,7 @@ from sfa.util.genitable import GeniTable from sfa.util.sfaticket import SfaTicket from sfa.plc.slices import Slices from sfatables.runtime import SFATablesRules +from sfa.util.rspec import * class get_ticket(Method): """ @@ -29,7 +30,7 @@ class get_ticket(Method): @return the string representation of a ticket object """ - interfaces = ['registry', 'aggregate', 'slicemgr'] + interfaces = ['aggregate', 'slicemgr'] accepts = [ Parameter(str, "Credential string"), @@ -46,56 +47,36 @@ class get_ticket(Method): self.api.auth.check(cred, "getticket") self.api.auth.verify_object_belongs_to_me(hrn) self.api.auth.verify_object_permission(hrn) + + # set the right outgoing rules + manager_base = 'sfa.managers' + if self.api.interface in ['aggregate']: + outgoing_rules = SFATablesRules('OUTGOING') + mgr_type = self.api.config.SFA_AGGREGATE_TYPE + manager_module = manager_base + ".aggregate_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + elif self.api.interface in ['slicemgr']: + outgoing_rules = SFATablesRules('FORWARD-OUTGOING') + mgr_type = self.api.config.SFA_SM_TYPE + manager_module = manager_base + ".slice_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) - # find record info - table = GeniTable() - records = table.findObjects({'hrn': hrn, 'type': 'slice', 'peer_authority': None}) - if not records: - raise RecordNotFound(hrn) - record = records[0] - auth_hrn = record['authority'] - auth_info = self.api.auth.get_auth_info(auth_hrn) - object_gid = record.get_gid_object() - new_ticket = SfaTicket(subject = object_gid.get_subject()) - new_ticket.set_gid_caller(self.api.auth.client_gid) - new_ticket.set_gid_object(object_gid) - new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - new_ticket.set_pubkey(object_gid.get_pubkey()) - - # determine aggregate tyep - sfa_aggregate_type = Config().get_aggregate_rspec_type() - rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type, fromlist = ["sfa.rspecs.aggregates"]) - - # Fukter the incoming rspec using sfatables + # Filter the incoming rspec using sfatables incoming_rules = SFATablesRules('INCOMING') #incoming_rules.set_slice(hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target contexts = incoming_rules.contexts caller_hrn = Credential(string=cred).get_gid_caller().get_hrn() - request_context = rspec_manager.fetch_context(hrn, caller_hrn, contexts) + request_context = manager.fetch_context(hrn, caller_hrn, contexts) incoming_rules.set_context(request_context) rspec = incoming_rules.apply(rspec) - - # get sliver info - slivers = Slices(self.api).get_slivers(hrn) - if not slivers: - raise SliverDoesNotExist(hrn) - sliver = slivers[0] - - # get initscripts - initscripts = None - data = { - 'timestamp': int(time.time()), - 'initscripts': initscripts, - 'slivers': [sliver] - } - - new_ticket.set_attributes(data) - new_ticket.set_rspec(rspec) - - new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn)) - - new_ticket.encode() - new_ticket.sign() - - return new_ticket.save_to_string(save_parents=True) + # remove nodes that are not available at this interface from the rspec + valid_rspec = RSpec(xml=manager.get_rspec(self.api)) + valid_nodes = valid_rspec.getDictsByTagName('NodeSpec') + vaild_hostnames = [node['name'] for node in valid_nodes] + rspec_object = RSpec(xml=rspec) + rspec_object.filter(tagname='NodeSpec', attribute='name', whitelist=valid_hostnames) + rspec = rspec_object.toxml() + ticket = manager.get_ticket(self.api, hrn, rspec) + + return ticket