X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fregister.py;h=863d6c58037bb74bcfe2c55d63d64e74c2bb604c;hb=0d80e430d7aafa9fa5ff206e857a83bf1036f55b;hp=83a21f3a3494d57f638c66222c88b41fcf864514;hpb=a2e21bef1545bbb68c86ec1a84a611bde7f17a45;p=sfa.git diff --git a/sfa/methods/register.py b/sfa/methods/register.py index 83a21f3a..863d6c58 100644 --- a/sfa/methods/register.py +++ b/sfa/methods/register.py @@ -8,9 +8,12 @@ from sfa.util.faults import * from sfa.util.misc import * from sfa.util.method import Method from sfa.util.parameter import Parameter, Mixed -from sfa.trust.auth import Auth from sfa.util.record import GeniRecord +from sfa.util.genitable import GeniTable from sfa.util.debug import log +from sfa.trust.auth import Auth +from sfa.trust.gid import create_uuid +from sfa.trust.credential import Credential class register(Method): """ @@ -33,93 +36,115 @@ class register(Method): returns = Parameter(int, "String representation of gid object") - def call(self, cred, record_dict): + def call(self, cred, record_dict, caller_cred=None): self.api.auth.check(cred, "register") + if caller_cred==None: + caller_cred=cred + + #log the call + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), None, self.name)) record = GeniRecord(dict = record_dict) - type = record.get_type() - name = record.get_name() - self.api.auth.verify_object_permission(name) - auth_name = self.api.auth.get_authority(name) + table = GeniTable() + type = record['type'] + hrn = record['hrn'] + auth_name = get_authority(hrn) + self.api.auth.verify_object_permission(hrn) auth_info = self.api.auth.get_auth_info(auth_name) - table = self.api.auth.get_auth_table(auth_name) - + pub_key = None # make sure record has a gid if 'gid' not in record: uuid = create_uuid() pkey = Keypair(create=True) - if 'keys' in record and record['keys']: - pkey = convert_public_key(record['keys'][0]) + if 'key' in record and record['key']: + if isinstance(record['key'], list): + pub_key = record['key'][0] + else: + pub_key = record['key'] + pkey = convert_public_key(pub_key) - gid_object = self.api.auth.hierarchy.create_gid(name, uuid, pkey) + gid_object = self.api.auth.hierarchy.create_gid(hrn, uuid, pkey) gid = gid_object.save_to_string(save_parents=True) record['gid'] = gid record.set_gid(gid) # check if record already exists - existing_records = table.resolve(type, name) + existing_records = table.find({'type': type, 'hrn': hrn}) if existing_records: - raise ExistingRecord(name) + raise ExistingRecord(hrn) - if (type == "sa") or (type=="ma"): + if type in ["authority"]: # update the tree - if not self.api.auth.hierarchy.auth_exists(name): - self.api.auth.hierarchy.create_auth(name) + if not self.api.auth.hierarchy.auth_exists(hrn): + self.api.auth.hierarchy.create_auth(hrn) # authorities are special since they are managed by the registry # rather than by the caller. We create our own GID for the # authority rather than relying on the caller to supply one. # get the GID from the newly created authority - child_auth_info = self.api.auth.get_auth_info(name) gid = auth_info.get_gid_object() record.set_gid(gid.save_to_string(save_parents=True)) - # if registering a sa, see if a ma already exists - # if registering a ma, see if a sa already exists - if (type == "sa"): - other_rec = table.resolve("ma", record.get_name()) - elif (type == "ma"): - other_rec = table.resolve("sa", record.get_name()) - - if other_rec: - print >> log, "linking ma and sa to the same plc site" - pointer = other_rec[0].get_pointer() - else: - pl_record = self.api.geni_fields_to_pl_fields(type, name, record) - print >> log, "adding site with fields", pl_record + pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record) + sites = self.api.plshell.GetSites(self.api.plauth, [pl_record['login_base']]) + if not sites: pointer = self.api.plshell.AddSite(self.api.plauth, pl_record) + else: + pointer = sites[0]['site_id'] record.set_pointer(pointer) elif (type == "slice"): - pl_record = self.api.geni_fields_to_pl_fields(type, name, record) - pointer = self.api.plshell.AddSlice(self.api.plauth, pl_record) + pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record) + slices = self.api.plshell.GetSlices(self.api.plauth, [pl_record['name']]) + if not slices: + pointer = self.api.plshell.AddSlice(self.api.plauth, pl_record) + else: + pointer = slices[0]['slice_id'] record.set_pointer(pointer) elif (type == "user"): - pointer = self.api.plshell.AddPerson(self.api.plauth, dict(record)) + persons = self.api.plshell.GetPersons(self.api.plauth, [record['email']]) + if not persons: + pointer = self.api.plshell.AddPerson(self.api.plauth, dict(record)) + else: + pointer = persons[0]['person_id'] + if 'enabled' in record and record['enabled']: self.api.plshell.UpdatePerson(self.api.plauth, pointer, {'enabled': record['enabled']}) - login_base = get_leaf(auth_info.hrn) - self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base) + + # add this persons to the site only if he is being added for the first + # time by sfa and doesont already exist in plc + if not persons or not persons[0]['site_ids']: + login_base = get_leaf(auth_name) + self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base) + # What roles should this user have? self.api.plshell.AddRoleToPerson(self.api.plauth, 'user', pointer) record.set_pointer(pointer) - # Add the user's key - if record['keys']: - self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type' : 'ssh', 'key' : record['keys'][0]}) + # Add the user's key + if pub_key: + self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key}) elif (type == "node"): - pl_record = self.api.geni_fields_to_pl_fields(type, name, record) + pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record) login_base = hrn_to_pl_login_base(auth_name) - pointer = self.api.plshell.AddNode(self.api.plauth, login_base, pl_record) + nodes = self.api.plshell.GetNodes(self.api.plauth, [pl_record['hostname']]) + if not nodes: + pointer = self.api.plshell.AddNode(self.api.plauth, login_base, pl_record) + else: + pointer = nodes[0]['node_id'] record.set_pointer(pointer) else: raise UnknownGeniType(type) - table.insert(record) + # SFA upcalls may exist in PLCAPI and they could have already added the + # record for us. Lets check if the record already exists + existing_records = table.find({'type': type, 'hrn': hrn}) + if not existing_records: + table.insert(record) # update membership for researchers, pis, owners, operators self.api.update_membership(None, record)