git://git.onelab.eu
/
sfa.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
bdc21c7
)
Generalize credentials argument
author
Tony Mack
<tmack@paris.CS.Princeton.EDU>
Sat, 20 Oct 2012 03:05:31 +0000
(23:05 -0400)
committer
Tony Mack
<tmack@paris.CS.Princeton.EDU>
Sat, 20 Oct 2012 03:05:31 +0000
(23:05 -0400)
sfa/client/sfi.py
patch
|
blob
|
history
sfa/methods/Allocate.py
patch
|
blob
|
history
sfa/methods/Delete.py
patch
|
blob
|
history
sfa/methods/Describe.py
patch
|
blob
|
history
sfa/methods/ListResources.py
patch
|
blob
|
history
sfa/methods/Provision.py
patch
|
blob
|
history
sfa/methods/Renew.py
patch
|
blob
|
history
sfa/methods/Shutdown.py
patch
|
blob
|
history
sfa/trust/auth.py
patch
|
blob
|
history
sfa/trust/credential.py
patch
|
blob
|
history
diff --git
a/sfa/client/sfi.py
b/sfa/client/sfi.py
index
20d4b99
..
16a4878
100644
(file)
--- a/
sfa/client/sfi.py
+++ b/
sfa/client/sfi.py
@@
-115,14
+115,15
@@
def filter_records(type, records):
return filtered_records
return filtered_records
-def credential_printable (cred
ential_string
):
- credential=Credential(
string=credential_string
)
+def credential_printable (cred):
+ credential=Credential(
cred=cred
)
result=""
result += credential.get_summary_tostring()
result += "\n"
rights = credential.get_privileges()
result=""
result += credential.get_summary_tostring()
result += "\n"
rights = credential.get_privileges()
- result += "rights=%s"%rights
- result += "\n"
+ result += "type=%s\n" % credential.type
+ result += "version=%s\n" % credential.version
+ result += "rights=%s\n"%rights
return result
def show_credentials (cred_s):
return result
def show_credentials (cred_s):
@@
-650,6
+651,9
@@
class Sfi:
# extract what's needed
self.private_key = client_bootstrap.private_key()
self.my_credential_string = client_bootstrap.my_credential_string ()
# extract what's needed
self.private_key = client_bootstrap.private_key()
self.my_credential_string = client_bootstrap.my_credential_string ()
+ self.my_credential = {'geni_type': 'geni_sfa',
+ 'geni_version': '3.0',
+ 'geni_value': self.my_credential_string}
self.my_gid = client_bootstrap.my_gid ()
self.client_bootstrap = client_bootstrap
self.my_gid = client_bootstrap.my_gid ()
self.client_bootstrap = client_bootstrap
@@
-663,6
+667,11
@@
class Sfi:
def slice_credential_string(self, name):
return self.client_bootstrap.slice_credential_string (name)
def slice_credential_string(self, name):
return self.client_bootstrap.slice_credential_string (name)
+ def slice_credential(self, name):
+ return {'geni_type': 'geni_sfa',
+ 'geni_version': '3.0',
+ 'geni_value': self.slice_credential_string(name)}
+
# xxx should be supported by sfaclientbootstrap as well
def delegate_cred(self, object_cred, hrn, type='authority'):
# the gid and hrn of the object we are delegating
# xxx should be supported by sfaclientbootstrap as well
def delegate_cred(self, object_cred, hrn, type='authority'):
# the gid and hrn of the object we are delegating
@@
-988,7
+997,7
@@
or version information about sfi itself
creds.append(delegated_cred)
# options and call_id when supported
api_options = {}
creds.append(delegated_cred)
# options and call_id when supported
api_options = {}
- api_options['call_id']=unique_call_id()
+
api_options['call_id']=unique_call_id()
if options.show_credential:
show_credentials(creds)
result = server.ListSlices(creds, *self.ois(server,api_options))
if options.show_credential:
show_credentials(creds)
result = server.ListSlices(creds, *self.ois(server,api_options))
@@
-1008,7
+1017,7
@@
or with an slice hrn, shows currently provisioned resources
server = self.sliceapi()
# set creds
server = self.sliceapi()
# set creds
- creds = [self.my_credential
_string
]
+ creds = [self.my_credential]
if options.delegate:
creds.append(self.delegate_cred(cred, get_authority(self.authority)))
if options.show_credential:
if options.delegate:
creds.append(self.delegate_cred(cred, get_authority(self.authority)))
if options.show_credential:
@@
-1058,7
+1067,7
@@
or with an slice hrn, shows currently provisioned resources
server = self.sliceapi()
# set creds
server = self.sliceapi()
# set creds
- creds = [self.slice_credential
_string
(args[0])]
+ creds = [self.slice_credential(args[0])]
if options.delegate:
creds.append(self.delegate_cred(cred, get_authority(self.authority)))
if options.show_credential:
if options.delegate:
creds.append(self.delegate_cred(cred, get_authority(self.authority)))
if options.show_credential:
@@
-1172,7
+1181,7
@@
or with an slice hrn, shows currently provisioned resources
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# creds
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# creds
- slice_cred = self.slice_credential
_string
(slice_hrn)
+ slice_cred = self.slice_credential(slice_hrn)
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@
-1198,7
+1207,7
@@
or with an slice hrn, shows currently provisioned resources
slice_urn = Xrn(slice_hrn, type='slice').get_urn()
# credentials
slice_urn = Xrn(slice_hrn, type='slice').get_urn()
# credentials
- creds = [self.slice_credential
_string
(slice_hrn)]
+ creds = [self.slice_credential(slice_hrn)]
delegated_cred = None
if server_version.get('interface') == 'slicemgr':
delegated_cred = None
if server_version.get('interface') == 'slicemgr':
@@
-1263,7
+1272,7
@@
or with an slice hrn, shows currently provisioned resources
slice_urn = Xrn(slice_hrn, type='slice').get_urn()
# credentials
slice_urn = Xrn(slice_hrn, type='slice').get_urn()
# credentials
- creds = [self.slice_credential
_string
(slice_hrn)]
+ creds = [self.slice_credential(slice_hrn)]
delegated_cred = None
if server_version.get('interface') == 'slicemgr':
# delegate our cred to the slice manager
delegated_cred = None
if server_version.get('interface') == 'slicemgr':
# delegate our cred to the slice manager
@@
-1300,7
+1309,7
@@
or with an slice hrn, shows currently provisioned resources
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# creds
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# creds
- slice_cred = self.slice_credential
_string
(slice_hrn)
+ slice_cred = self.slice_credential(slice_hrn)
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@
-1377,7
+1386,7
@@
or with an slice hrn, shows currently provisioned resources
action = args[1]
slice_urn = Xrn(slice_hrn, type='slice').get_urn()
# cred
action = args[1]
slice_urn = Xrn(slice_hrn, type='slice').get_urn()
# cred
- slice_cred = self.slice_credential
_string
(args[0])
+ slice_cred = self.slice_credential(args[0])
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@
-1404,7
+1413,7
@@
or with an slice hrn, shows currently provisioned resources
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# time: don't try to be smart on the time format, server-side will
# creds
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# time: don't try to be smart on the time format, server-side will
# creds
- slice_cred = self.slice_credential
_string
(args[0])
+ slice_cred = self.slice_credential(args[0])
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@
-1432,7
+1441,7
@@
or with an slice hrn, shows currently provisioned resources
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# creds
slice_hrn = args[0]
slice_urn = hrn_to_urn(slice_hrn, 'slice')
# creds
- slice_cred = self.slice_credential
_string
(slice_hrn)
+ slice_cred = self.slice_credential(slice_hrn)
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
creds = [slice_cred]
if options.delegate:
delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
diff --git
a/sfa/methods/Allocate.py
b/sfa/methods/Allocate.py
index
565d859
..
b549fd6
100644
(file)
--- a/
sfa/methods/Allocate.py
+++ b/
sfa/methods/Allocate.py
@@
-51,7
+51,8
@@
class Allocate(Method):
elif self.api.interface in ['slicemgr']:
chain_name = 'FORWARD-INCOMING'
self.api.logger.debug("Allocate: sfatables on chain %s"%chain_name)
elif self.api.interface in ['slicemgr']:
chain_name = 'FORWARD-INCOMING'
self.api.logger.debug("Allocate: sfatables on chain %s"%chain_name)
- origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+ origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
rspec = run_sfatables(chain_name, xrn.get_hrn(), origin_hrn, rspec)
slivers = RSpec(rspec).version.get_nodes_with_slivers()
if not slivers:
rspec = run_sfatables(chain_name, xrn.get_hrn(), origin_hrn, rspec)
slivers = RSpec(rspec).version.get_nodes_with_slivers()
if not slivers:
diff --git
a/sfa/methods/Delete.py
b/sfa/methods/Delete.py
index
8233fb7
..
88990e1
100644
(file)
--- a/
sfa/methods/Delete.py
+++ b/
sfa/methods/Delete.py
@@
-27,7
+27,7
@@
class Delete(Method):
valid_creds = self.api.auth.checkCredentials(creds, 'deletesliver', xrns)
#log the call
valid_creds = self.api.auth.checkCredentials(creds, 'deletesliver', xrns)
#log the call
- origin_hrn = Credential(
string
=valid_creds[0]).get_gid_caller().get_hrn()
+ origin_hrn = Credential(
cred
=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
return self.api.manager.Delete(self.api, xrns, creds, options)
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
return self.api.manager.Delete(self.api, xrns, creds, options)
diff --git
a/sfa/methods/Describe.py
b/sfa/methods/Describe.py
index
b261512
..
ff3765d
100644
(file)
--- a/
sfa/methods/Describe.py
+++ b/
sfa/methods/Describe.py
@@
-43,7
+43,7
@@
class Describe(Method):
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
if not origin_hrn:
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
if not origin_hrn:
- origin_hrn = Credential(
string
=valid_creds[0]).get_gid_caller().get_hrn()
+ origin_hrn = Credential(
cred
=valid_creds[0]).get_gid_caller().get_hrn()
desc = self.api.manager.Describe(self.api, creds, urns, options)
# filter rspec through sfatables
desc = self.api.manager.Describe(self.api, creds, urns, options)
# filter rspec through sfatables
diff --git
a/sfa/methods/ListResources.py
b/sfa/methods/ListResources.py
index
c05d697
..
b7ac0b7
100644
(file)
--- a/
sfa/methods/ListResources.py
+++ b/
sfa/methods/ListResources.py
@@
-39,7
+39,7
@@
class ListResources(Method):
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
if not origin_hrn:
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
if not origin_hrn:
- origin_hrn = Credential(
string
=valid_creds[0]).get_gid_caller().get_hrn()
+ origin_hrn = Credential(
cred
=valid_creds[0]).get_gid_caller().get_hrn()
rspec = self.api.manager.ListResources(self.api, creds, options)
# filter rspec through sfatables
rspec = self.api.manager.ListResources(self.api, creds, options)
# filter rspec through sfatables
diff --git
a/sfa/methods/Provision.py
b/sfa/methods/Provision.py
index
00c5a43
..
5a857ec
100644
(file)
--- a/
sfa/methods/Provision.py
+++ b/
sfa/methods/Provision.py
@@
-33,6
+33,7
@@
class Provision(Method):
# Find the valid credentials
valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', xrns)
# Find the valid credentials
valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', xrns)
- origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+ origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
result = self.api.manager.Provision(self.api, xrns, creds, options)
return result
result = self.api.manager.Provision(self.api, xrns, creds, options)
return result
diff --git
a/sfa/methods/Renew.py
b/sfa/methods/Renew.py
index
ea4bb33
..
ca412bd
100644
(file)
--- a/
sfa/methods/Renew.py
+++ b/
sfa/methods/Renew.py
@@
-38,7
+38,7
@@
class Renew(Method):
# Validate that the time does not go beyond the credential's expiration time
requested_time = utcparse(expiration_time)
max_renew_days = int(self.api.config.SFA_MAX_SLICE_RENEW)
# Validate that the time does not go beyond the credential's expiration time
requested_time = utcparse(expiration_time)
max_renew_days = int(self.api.config.SFA_MAX_SLICE_RENEW)
- if requested_time > Credential(
string
=valid_creds[0]).get_expiration():
+ if requested_time > Credential(
cred
=valid_creds[0]).get_expiration():
raise InsufficientRights('Renewsliver: Credential expires before requested expiration time')
if requested_time > datetime.datetime.utcnow() + datetime.timedelta(days=max_renew_days):
raise Exception('Cannot renew > %s days from now' % max_renew_days)
raise InsufficientRights('Renewsliver: Credential expires before requested expiration time')
if requested_time > datetime.datetime.utcnow() + datetime.timedelta(days=max_renew_days):
raise Exception('Cannot renew > %s days from now' % max_renew_days)
diff --git
a/sfa/methods/Shutdown.py
b/sfa/methods/Shutdown.py
index
53c406d
..
e97738c
100644
(file)
--- a/
sfa/methods/Shutdown.py
+++ b/
sfa/methods/Shutdown.py
@@
-21,7
+21,7
@@
class Shutdown(Method):
valid_creds = self.api.auth.checkCredentials(creds, 'stopslice', xrn)
#log the call
valid_creds = self.api.auth.checkCredentials(creds, 'stopslice', xrn)
#log the call
- origin_hrn = Credential(
string
=valid_creds[0]).get_gid_caller().get_hrn()
+ origin_hrn = Credential(
cred
=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrn, self.name))
return self.api.manager.Shutdown(self.api, xrn, creds)
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrn, self.name))
return self.api.manager.Shutdown(self.api, xrn, creds)
diff --git
a/sfa/trust/auth.py
b/sfa/trust/auth.py
index
e787fe4
..
449f1cf
100644
(file)
--- a/
sfa/trust/auth.py
+++ b/
sfa/trust/auth.py
@@
-52,7
+52,7
@@
class Auth:
self.check(cred, operation, hrn)
valid.append(cred)
except:
self.check(cred, operation, hrn)
valid.append(cred)
except:
- cred_obj=Credential(
string
=cred)
+ cred_obj=Credential(
cred
=cred)
logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
error = sys.exc_info()[:2]
continue
logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
error = sys.exc_info()[:2]
continue
@@
-63,7
+63,7
@@
class Auth:
return valid
return valid
- def check(self, cred
_string
, operation, hrn = None):
+ def check(self, cred
ential
, operation, hrn = None):
"""
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
"""
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
@@
-71,7
+71,7
@@
class Auth:
trusted cert and check if the credential is allowed to perform
the specified operation.
"""
trusted cert and check if the credential is allowed to perform
the specified operation.
"""
- cred = Credential(
string = cred_string
)
+ cred = Credential(
cred=credential
)
self.client_cred = cred
logger.debug("Auth.check: handling hrn=%s and credential=%s"%\
(hrn,cred.get_summary_tostring()))
self.client_cred = cred
logger.debug("Auth.check: handling hrn=%s and credential=%s"%\
(hrn,cred.get_summary_tostring()))
diff --git
a/sfa/trust/credential.py
b/sfa/trust/credential.py
index
9ccf18f
..
34cc7e4
100644
(file)
--- a/
sfa/trust/credential.py
+++ b/
sfa/trust/credential.py
@@
-237,7
+237,7
@@
class Credential(object):
# @param string If string!=None, load the credential from the string
# @param filename If filename!=None, load the credential from the file
# FIXME: create and subject are ignored!
# @param string If string!=None, load the credential from the string
# @param filename If filename!=None, load the credential from the file
# FIXME: create and subject are ignored!
- def __init__(self, create=False, subject=None, string=None, filename=None):
+ def __init__(self, create=False, subject=None, string=None, filename=None
, cred=None
):
self.gidCaller = None
self.gidObject = None
self.expiration = None
self.gidCaller = None
self.gidObject = None
self.expiration = None
@@
-250,6
+250,17
@@
class Credential(object):
self.xml = None
self.refid = None
self.legacy = None
self.xml = None
self.refid = None
self.legacy = None
+ self.type = None
+ self.version = None
+
+ if cred:
+ if isinstance(cred, StringTypes):
+ string = cred
+ elif isinstance(cred, dict):
+ string = cred['geni_value']
+ self.type = cred['geni_type']
+ self.version = cred['geni_version']
+
# Check if this is a legacy credential, translate it if so
if string or filename:
# Check if this is a legacy credential, translate it if so
if string or filename: