X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=trunk%2FPLC%2FMethods%2FGetSliceTicket.py;fp=trunk%2FPLC%2FMethods%2FGetSliceTicket.py;h=cd73f7b6eaa5778d26cf55cb1e97f32e2e6956d6;hb=5a4c1b1278ffa01e630fde47f7c54888ed20a576;hp=0000000000000000000000000000000000000000;hpb=cee5ab52df1c9f38b6eaff2dd354cb22f59028c7;p=plcapi.git

diff --git a/trunk/PLC/Methods/GetSliceTicket.py b/trunk/PLC/Methods/GetSliceTicket.py
new file mode 100644
index 0000000..cd73f7b
--- /dev/null
+++ b/trunk/PLC/Methods/GetSliceTicket.py
@@ -0,0 +1,77 @@
+import time
+
+from PLC.Faults import *
+from PLC.Method import Method
+from PLC.Parameter import Parameter, Mixed
+from PLC.Slices import Slice, Slices
+from PLC.Auth import Auth
+from PLC.GPG import gpg_sign, gpg_verify
+from PLC.InitScripts import InitScript, InitScripts
+
+from PLC.Methods.GetSlivers import get_slivers
+
+class GetSliceTicket(Method):
+    """
+    Returns a ticket for, or signed representation of, the specified
+    slice. Slice tickets may be used to manually instantiate or update
+    a slice on a node. Present this ticket to the local Node Manager
+    interface to redeem it.
+
+    If the slice has not been added to a node with AddSliceToNodes,
+    and the ticket is redeemed on that node, it will be deleted the
+    next time the Node Manager contacts the API.
+
+    Users may only obtain tickets for slices of which they are
+    members. PIs may obtain tickets for any of the slices at their
+    sites, or any slices of which they are members. Admins may obtain
+    tickets for any slice.
+
+    Returns 1 if successful, faults otherwise.
+    """
+
+    roles = ['admin', 'pi', 'user', 'peer']
+
+    accepts = [
+        Auth(),
+        Mixed(Slice.fields['slice_id'],
+              Slice.fields['name']),
+        ]
+
+    returns = Parameter(str, 'Signed slice ticket')
+
+    def call(self, auth, slice_id_or_name):
+        slices = Slices(self.api, [slice_id_or_name])
+        if not slices:
+            raise PLCInvalidArgument, "No such slice"
+        slice = slices[0]
+
+        # Allow peers to obtain tickets for their own slices
+        if slice['peer_id'] is not None:
+            if not isinstance(self.caller, Peer):
+                raise PLCInvalidArgument, "Not a local slice"
+            elif slice['peer_id'] != self.caller['peer_id']:
+                raise PLCInvalidArgument, "Only the authoritative peer may obtain tickets for that slice"
+
+        # Tickets are the canonicalized XML-RPC methodResponse
+        # representation of a partial GetSlivers() response, i.e.,
+	
+	initscripts = InitScripts(self.api, {'enabled': True})
+
+        data = {
+            'timestamp': int(time.time()),
+	    'initscripts': initscripts,
+            'slivers': get_slivers(self.api, [slice['slice_id']]),
+            }
+
+        # Sign ticket
+        signed_ticket = gpg_sign((data,),
+                                 self.api.config.PLC_ROOT_GPG_KEY,
+                                 self.api.config.PLC_ROOT_GPG_KEY_PUB,
+                                 methodresponse = True,
+                                 detach_sign = False)
+
+        # Verify ticket
+        gpg_verify(signed_ticket,
+                   self.api.config.PLC_ROOT_GPG_KEY_PUB)
+
+        return signed_ticket