X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fregister.py;h=863d6c58037bb74bcfe2c55d63d64e74c2bb604c;hb=0d80e430d7aafa9fa5ff206e857a83bf1036f55b;hp=a27cedfdca7ea7dbd4160647758984e91dfeca9a;hpb=35cf792a57a2e5680340ec3ff6a8c934059d523c;p=sfa.git diff --git a/sfa/methods/register.py b/sfa/methods/register.py index a27cedfd..863d6c58 100644 --- a/sfa/methods/register.py +++ b/sfa/methods/register.py @@ -9,10 +9,11 @@ from sfa.util.misc import * from sfa.util.method import Method from sfa.util.parameter import Parameter, Mixed from sfa.util.record import GeniRecord +from sfa.util.genitable import GeniTable from sfa.util.debug import log - from sfa.trust.auth import Auth from sfa.trust.gid import create_uuid +from sfa.trust.credential import Credential class register(Method): """ @@ -35,15 +36,20 @@ class register(Method): returns = Parameter(int, "String representation of gid object") - def call(self, cred, record_dict): + def call(self, cred, record_dict, caller_cred=None): self.api.auth.check(cred, "register") + if caller_cred==None: + caller_cred=cred + + #log the call + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), None, self.name)) record = GeniRecord(dict = record_dict) - type = record.get_type() - name = record.get_name() - self.api.auth.verify_object_permission(name) - auth_name = self.api.auth.get_authority(name) + table = GeniTable() + type = record['type'] + hrn = record['hrn'] + auth_name = get_authority(hrn) + self.api.auth.verify_object_permission(hrn) auth_info = self.api.auth.get_auth_info(auth_name) - table = self.api.auth.get_auth_table(auth_name) pub_key = None # make sure record has a gid if 'gid' not in record: @@ -56,31 +62,30 @@ class register(Method): pub_key = record['key'] pkey = convert_public_key(pub_key) - gid_object = self.api.auth.hierarchy.create_gid(name, uuid, pkey) + gid_object = self.api.auth.hierarchy.create_gid(hrn, uuid, pkey) gid = gid_object.save_to_string(save_parents=True) record['gid'] = gid record.set_gid(gid) # check if record already exists - existing_records = table.resolve(type, name) + existing_records = table.find({'type': type, 'hrn': hrn}) if existing_records: - raise ExistingRecord(name) + raise ExistingRecord(hrn) if type in ["authority"]: # update the tree - if not self.api.auth.hierarchy.auth_exists(name): - self.api.auth.hierarchy.create_auth(name) + if not self.api.auth.hierarchy.auth_exists(hrn): + self.api.auth.hierarchy.create_auth(hrn) # authorities are special since they are managed by the registry # rather than by the caller. We create our own GID for the # authority rather than relying on the caller to supply one. # get the GID from the newly created authority - child_auth_info = self.api.auth.get_auth_info(name) gid = auth_info.get_gid_object() record.set_gid(gid.save_to_string(save_parents=True)) - pl_record = self.api.geni_fields_to_pl_fields(type, name, record) + pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record) sites = self.api.plshell.GetSites(self.api.plauth, [pl_record['login_base']]) if not sites: pointer = self.api.plshell.AddSite(self.api.plauth, pl_record) @@ -90,7 +95,7 @@ class register(Method): record.set_pointer(pointer) elif (type == "slice"): - pl_record = self.api.geni_fields_to_pl_fields(type, name, record) + pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record) slices = self.api.plshell.GetSlices(self.api.plauth, [pl_record['name']]) if not slices: pointer = self.api.plshell.AddSlice(self.api.plauth, pl_record) @@ -107,18 +112,23 @@ class register(Method): if 'enabled' in record and record['enabled']: self.api.plshell.UpdatePerson(self.api.plauth, pointer, {'enabled': record['enabled']}) - login_base = get_leaf(auth_info.hrn) - self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base) + + # add this persons to the site only if he is being added for the first + # time by sfa and doesont already exist in plc + if not persons or not persons[0]['site_ids']: + login_base = get_leaf(auth_name) + self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base) + # What roles should this user have? self.api.plshell.AddRoleToPerson(self.api.plauth, 'user', pointer) record.set_pointer(pointer) - # Add the user's key + # Add the user's key if pub_key: self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key}) elif (type == "node"): - pl_record = self.api.geni_fields_to_pl_fields(type, name, record) + pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record) login_base = hrn_to_pl_login_base(auth_name) nodes = self.api.plshell.GetNodes(self.api.plauth, [pl_record['hostname']]) if not nodes: @@ -132,7 +142,7 @@ class register(Method): # SFA upcalls may exist in PLCAPI and they could have already added the # record for us. Lets check if the record already exists - existing_records = table.resolve(type, name) + existing_records = table.find({'type': type, 'hrn': hrn}) if not existing_records: table.insert(record)