X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fupdate.py;h=2a1be732f70507feeb16b5249aa0e0374606d445;hb=3d7237fa0b5f2b4a60cb97c7fb3b6aecfd94558a;hp=b4b0f60a4a6ecd397738377140c8a672f095db47;hpb=087fe20b9e7919903c197f208d46d4432ee6380d;p=sfa.git diff --git a/sfa/methods/update.py b/sfa/methods/update.py index b4b0f60a..2a1be732 100644 --- a/sfa/methods/update.py +++ b/sfa/methods/update.py @@ -1,19 +1,17 @@ ### $Id$ ### $URL$ +import time from sfa.util.faults import * from sfa.util.method import Method from sfa.util.parameter import Parameter, Mixed -from sfa.trust.auth import Auth -from sfa.util.record import GeniRecord -from sfa.trust.certificate import Keypair, convert_public_key -from sfa.trust.gid import * from sfa.util.debug import log +from sfa.trust.credential import Credential class update(Method): """ Update an object in the registry. Currently, this only updates the - PLC information associated with the record. The Geni fields (name, type, + PLC information associated with the record. The SFA fields (name, type, GID) are fixed. @param cred credential string specifying rights of the caller @@ -26,103 +24,28 @@ class update(Method): accepts = [ Parameter(str, "Credential string"), - Parameter(dict, "Record dictionary to be updated") + Parameter(dict, "Record dictionary to be updated"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Parameter(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, record_dict): + def call(self, cred, record_dict, origin_hrn=None): + user_cred = Credential(string=cred) + + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name)) + + # validate the cred self.api.auth.check(cred, "update") - record = GeniRecord(dict = record_dict) - type = record.get_type() - self.api.auth.verify_object_permission(record.get_name()) - auth_name = self.api.auth.get_authority(record.get_name()) - if not auth_name: - auth_name = record.get_name() - table = self.api.auth.get_auth_table(auth_name) - - # make sure the record exists - existing_record_list = table.resolve(type, record.get_name()) - if not existing_record_list: - raise RecordNotFound(record.get_name()) - existing_record = existing_record_list[0] - - # Update_membership needs the membership lists in the existing record - # filled in, so it can see if members were added or removed - self.api.fill_record_info(existing_record) - - # Use the pointer from the existing record, not the one that the user - # gave us. This prevents the user from inserting a forged pointer - pointer = existing_record.get_pointer() - - # update the PLC information that was specified with the record - - if (type == "authority"): - self.api.plshell.UpdateSite(self.api.plauth, pointer, record) - - elif type == "slice": - hrn=record.get_name() - pl_record=self.api.geni_fields_to_pl_fields(type, hrn, record) - self.api.plshell.UpdateSlice(self.api.plauth, pointer, pl_record) - - elif type == "user": - # SMBAKER: UpdatePerson only allows a limited set of fields to be - # updated. Ideally we should have a more generic way of doing - # this. I copied the field names from UpdatePerson.py... - update_fields = {} - all_fields = record - for key in all_fields.keys(): - if key in ['first_name', 'last_name', 'title', 'email', - 'password', 'phone', 'url', 'bio', 'accepted_aup', - 'enabled']: - update_fields[key] = all_fields[key] - self.api.plshell.UpdatePerson(self.api.plauth, pointer, update_fields) - - if 'key' in record and record['key']: - # must check this key against the previous one if it exists - persons = self.api.plshell.GetPersons(self.api.plauth, [pointer], ['key_ids']) - person = persons[0] - keys = person['key_ids'] - keys = self.api.plshell.GetKeys(self.api.plauth, person['key_ids']) - key_exists = False - if isinstance(record['key'], list): - new_key = record['key'][0] - else: - new_key = record['key'] - - # Delete all stale keys - for key in keys: - if record['key'] != key['key']: - self.api.plshell.DeleteKey(self.api.plauth, key['key_id']) - else: - key_exists = True - if not key_exists: - self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type': 'ssh', 'key': new_key}) - - # find the existing geni record - hrn = record['hrn'] - auth_name = self.api.auth.get_authority(hrn) - auth_info = self.api.auth.get_auth_info(auth_name) - table = self.api.auth.get_auth_table(auth_name) - person_records = table.resolve('user', hrn) - person_record = person_records[0] - - # update the openssl key and gid - pkey = convert_public_key(new_key) - uuid = create_uuid() - gid_object = self.api.auth.hierarchy.create_gid(hrn, uuid, pkey) - gid = gid_object.save_to_string(save_parents=True) - record['gid'] = gid - record.set_gid(gid) - table.update(record) - - elif type == "node": - self.api.plshell.UpdateNode(self.api.plauth, pointer, record) - - else: - raise UnknownGeniType(type) - - # update membership for researchers, pis, owners, operators - self.api.update_membership(existing_record, record) + + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + return manager.update(self.api, record_dict) - return 1