-from sfa.util.faults import *
+from sfa.util.faults import RecordNotFound, AccountNotEnabled, PermissionError, MissingAuthority, \
+ UnknownSfaType, ExistingRecord
from sfa.util.prefixTree import prefixTree
from sfa.util.record import SfaRecord
from sfa.senslab.table_slab import SfaTable
from sfa.util.prefixTree import prefixTree
from sfa.util.record import SfaRecord
from sfa.senslab.table_slab import SfaTable
from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn, urn_to_hrn
from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn, urn_to_hrn
-
- peers =dict ([ (peername,v._ServerProxy__host) for (peername,v) in myapi.registries.iteritems()
- if peername != myapi.hrn])
- xrn=Xrn(myapi.hrn)
+ peers =dict ([ (peername,v._ServerProxy__host) for (peername,v) in api.registries.iteritems()
+ if peername != api.hrn])
+ xrn=Xrn(api.hrn)
print>> sys.stderr , " \r\n REGISTRY get_credential auth_hrn:" , auth_hrn,"hrn : ", hrn, " Type : ", type, "is self : " , is_self,"<<"
print>> sys.stderr , " \r\n REGISTRY get_credential auth_hrn:" , auth_hrn,"hrn : ", hrn, " Type : ", type, "is self : " , is_self,"<<"
table = SfaTable()
print >> sys.stderr , " findObject ", type, hrn
records = table.findObjects({'type': type, 'hrn': hrn})
table = SfaTable()
print >> sys.stderr , " findObject ", type, hrn
records = table.findObjects({'type': type, 'hrn': hrn})
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
record['enabled'] = True
print>> sys.stderr , " \r\n ++ REGISTRY get_credential hrn %s record['enabled'] %s is_self %s" %(hrn, record['enabled'], is_self)
if record['type']=='user':
record['enabled'] = True
print>> sys.stderr , " \r\n ++ REGISTRY get_credential hrn %s record['enabled'] %s is_self %s" %(hrn, record['enabled'], is_self)
if record['type']=='user':
print>>sys.stderr, " \r\n REGISTRY IS SELF OK caller_hrn %s--- \r\n caller_gid %s---------" %(caller_hrn,caller_gid)
else:
print>> sys.stderr , " \r\n ++ ELSE "
print>>sys.stderr, " \r\n REGISTRY IS SELF OK caller_hrn %s--- \r\n caller_gid %s---------" %(caller_hrn,caller_gid)
else:
print>> sys.stderr , " \r\n ++ ELSE "
print>> sys.stderr , " \r\n ++ ELSE caller_gid %s record %s" %(caller_gid, record)
caller_hrn = caller_gid.get_hrn()
print>> sys.stderr , " \r\n ++ ELSE caller_hrn %s " %(caller_hrn)
print>> sys.stderr , " \r\n ++ ELSE caller_gid %s record %s" %(caller_gid, record)
caller_hrn = caller_gid.get_hrn()
print>> sys.stderr , " \r\n ++ ELSE caller_hrn %s " %(caller_hrn)
object_hrn = record.get_gid_object().get_hrn()
print>> sys.stderr , " \r\n ++ ELSE object_hrn %s " %(object_hrn)
object_hrn = record.get_gid_object().get_hrn()
print>> sys.stderr , " \r\n ++ ELSE object_hrn %s " %(object_hrn)
print>> sys.stderr , " \r\n ++ After rights record: %s \r\n ====RIGHTS %s " %(record , rights)
# make sure caller has rights to this object
print>> sys.stderr , " \r\n ++ After rights record: %s \r\n ====RIGHTS %s " %(record , rights)
# make sure caller has rights to this object
new_cred.set_expiration(int(record['expires']))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
new_cred.set_expiration(int(record['expires']))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
def resolve(api, xrns, type=None, full=True):
# load all known registry names into a prefix tree and attempt to find
def resolve(api, xrns, type=None, full=True):
# load all known registry names into a prefix tree and attempt to find
print >>sys.stderr , '\t\t REGISTRY MANAGER : resolve=========xrns ', xrns
if not isinstance(xrns, types.ListType):
if not type:
print >>sys.stderr , '\t\t REGISTRY MANAGER : resolve=========xrns ', xrns
if not isinstance(xrns, types.ListType):
if not type:
# hrns at that registry (determined by the known prefix tree).
xrn_dict = {}
print >>sys.stderr, '\r\n REGISTRY MANAGER : resolve xrns ' , xrns #api.__dict__.keys()
# hrns at that registry (determined by the known prefix tree).
xrn_dict = {}
print >>sys.stderr, '\r\n REGISTRY MANAGER : resolve xrns ' , xrns #api.__dict__.keys()
tree = prefixTree()
registry_hrns = registries.keys()
print >>sys.stderr, '\r\n \t\t REGISTRY MANAGER registry_hrns' , registry_hrns
tree = prefixTree()
registry_hrns = registries.keys()
print >>sys.stderr, '\r\n \t\t REGISTRY MANAGER registry_hrns' , registry_hrns
xrn_dict[registry_hrn].append(xrn)
print >>sys.stderr, '\t\tREGISTRY MANAGER *****xrn_dict[registry_hrn] ',xrn_dict[registry_hrn]
records = []
xrn_dict[registry_hrn].append(xrn)
print >>sys.stderr, '\t\tREGISTRY MANAGER *****xrn_dict[registry_hrn] ',xrn_dict[registry_hrn]
records = []
# if the best match (longest matching hrn) is not the local registry,
# forward the request
xrns = xrn_dict[registry_hrn]
# if the best match (longest matching hrn) is not the local registry,
# forward the request
xrns = xrn_dict[registry_hrn]
- if registry_hrn != myapi.hrn:
- credential = myapi.getCredential()
- peer_records = registries[registry_hrn].Resolve(xrns, credential)
+ if registry_hrn != api.hrn:
+ credential = api.getCredential()
+ interface = api.registries[registry_hrn]
+ server = api.server_proxy(interface, credential)
+ peer_records = server.Resolve(xrns, credential)
print >>sys.stderr , '\t\t peer_records ', peer_records
records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
print >>sys.stderr,'\t\t hrns ' , hrns
# try resolving the remaining unfound records at the local registry
remaining_hrns = set(hrns).difference([record['hrn'] for record in records])
print >>sys.stderr , '\t\t peer_records ', peer_records
records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
print >>sys.stderr,'\t\t hrns ' , hrns
# try resolving the remaining unfound records at the local registry
remaining_hrns = set(hrns).difference([record['hrn'] for record in records])
# convert set to list
remaining_hrns = [hrn for hrn in remaining_hrns]
print >>sys.stderr, '\t\t remaining_hrns', remaining_hrns
# convert set to list
remaining_hrns = [hrn for hrn in remaining_hrns]
print >>sys.stderr, '\t\t remaining_hrns', remaining_hrns
- print >>sys.stderr, '\r\n \r\n REGISTRY:_FULL', myapi
- myapi.fill_record_info(local_records)
-
-
+ print >>sys.stderr, '\r\n \r\n REGISTRY:_FULL', api
+ api.driver.fill_record_info(local_records)
+
# convert local record objects to dicts
records.extend([dict(record) for record in local_records])
print >>sys.stderr, "\r\n \t\t records extends %s" %(records)
# convert local record objects to dicts
records.extend([dict(record) for record in local_records])
print >>sys.stderr, "\r\n \t\t records extends %s" %(records)
- #record_list = registries[registry_hrn].List(xrn, credential)
-
- interface=registries[registry_hrn]
- server=api.get_server(interface,credential)
- records= server.List(xrn,credential)
-
+ interface = api.registries[registry_hrn]
+ server = api.server_proxy(interface, credential)
+ record_list = server.List(xrn, credential)
records = [SfaRecord(dict=record).as_dict() for record in record_list]
# if we still have not found the record yet, try the local registry
if not records:
records = [SfaRecord(dict=record).as_dict() for record in record_list]
# if we still have not found the record yet, try the local registry
if not records:
- type_of_rec = str( record['type']).strip("['']")
-
-
- urn = hrn_to_urn(hrn,type_of_rec)
+ type = str( record['type']).strip("['']")
+ urn = hrn_to_urn(hrn,type)
-
- if type_of_rec not in ['authority', 'slice', 'node', 'user']:
- raise UnknownSfaType(type_of_rec)
+ if type not in ['authority', 'slice', 'node', 'user']:
+ raise UnknownSfaType(type)
- myapi.auth.verify_object_permission( record['hrn'])
- auth_info = myapi.auth.get_auth_info(record['authority'])
-
-
-
+ api.auth.verify_object_permission( record['hrn'])
+ auth_info = api.auth.get_auth_info(record['authority'])
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY record['gid'] %s" %(record['gid'])
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY record['gid'] %s" %(record['gid'])
- print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY register type_of_rec %s"%(type_of_rec)
-
- if type_of_rec in ["authority"]:
+ print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY register type %s"%(type)
- if not myapi.auth.hierarchy.auth_exists(hrn):
- myapi.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
+ if not api.auth.hierarchy.auth_exists(hrn):
+ api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
# get the GID from the newly created authority
gid = auth_info.get_gid_object()
record.set_gid(gid.save_to_string(save_parents=True))
# get the GID from the newly created authority
gid = auth_info.get_gid_object()
record.set_gid(gid.save_to_string(save_parents=True))
- #pl_record = myapi.sfa_fields_to_pl_fields(type, hrn, record)
- print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY register : type_of_rec in [authority ] sfa_fields_to_pl_fields FIELDS A CHANGER"
+ #pl_record = api.driver.sfa_fields_to_pl_fields(type, hrn, record)
+ print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY register : type in [authority ] sfa_fields_to_pl_fields FIELDS A CHANGER"
- sites = myapi.oar.GetSites( [pl_record['login_base']])
+ # thierry: ideally we'd like to be able to write api.driver.GetSites
+ # in which case the code would become mostly the same as for pl
+ sites = api.driver.GetSites([pl_record['login_base']])
else:
pointer = sites[0]['site_id']
record.set_pointer(pointer)
record['pointer'] = pointer
else:
pointer = sites[0]['site_id']
record.set_pointer(pointer)
record['pointer'] = pointer
acceptable_fields=['url', 'instantiation', 'name', 'description']
acceptable_fields=['url', 'instantiation', 'name', 'description']
print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY register slice pl_record %s"%(pl_record)
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
print>>sys.stderr, " \r\n \r\n ----------- REGISTRY_MANAGER_SLAB.PY register slice pl_record %s"%(pl_record)
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
else:
pointer = slices[0]['slice_id']
record.set_pointer(pointer)
record['pointer'] = pointer
else:
pointer = slices[0]['slice_id']
record.set_pointer(pointer)
record['pointer'] = pointer
# add this persons to the site only if he is being added for the first
# time by sfa and doesont already exist in plc
if not persons or not persons[0]['site_ids']:
login_base = get_leaf(record['authority'])
# add this persons to the site only if he is being added for the first
# time by sfa and doesont already exist in plc
if not persons or not persons[0]['site_ids']:
login_base = get_leaf(record['authority'])
#record['record_id'] = record_id
# update membership for researchers, pis, owners, operators
#record['record_id'] = record_id
# update membership for researchers, pis, owners, operators
type = new_record['type']
hrn = new_record['hrn']
urn = hrn_to_urn(hrn,type)
type = new_record['type']
hrn = new_record['hrn']
urn = hrn_to_urn(hrn,type)
table = SfaTable()
# make sure the record exists
records = table.findObjects({'type': type, 'hrn': hrn})
table = SfaTable()
# make sure the record exists
records = table.findObjects({'type': type, 'hrn': hrn})
# Update_membership needs the membership lists in the existing record
# filled in, so it can see if members were added or removed
# Update_membership needs the membership lists in the existing record
# filled in, so it can see if members were added or removed
# Use the pointer from the existing record, not the one that the user
# gave us. This prevents the user from inserting a forged pointer
# Use the pointer from the existing record, not the one that the user
# gave us. This prevents the user from inserting a forged pointer
'password', 'phone', 'url', 'bio', 'accepted_aup',
'enabled']:
update_fields[key] = all_fields[key]
'password', 'phone', 'url', 'bio', 'accepted_aup',
'enabled']:
update_fields[key] = all_fields[key]
if 'key' in new_record and new_record['key']:
# must check this key against the previous one if it exists
if 'key' in new_record and new_record['key']:
# must check this key against the previous one if it exists
key_exists = False
if isinstance(new_record['key'], types.ListType):
new_key = new_record['key'][0]
key_exists = False
if isinstance(new_record['key'], types.ListType):
new_key = new_record['key'][0]
else:
raise UnknownSfaType(type)
# update membership for researchers, pis, owners, operators
else:
raise UnknownSfaType(type)
# update membership for researchers, pis, owners, operators
# Try to remove the object from the PLCDB of federated agg.
# This is attempted before removing the object from the local agg's PLCDB and sfa table
# Try to remove the object from the PLCDB of federated agg.
# This is attempted before removing the object from the local agg's PLCDB and sfa table
# only delete this person if he has site ids. if he doesnt, it probably means
# he was just removed from a site, not actually deleted
if persons and persons[0]['site_ids']:
# only delete this person if he has site ids. if he doesnt, it probably means
# he was just removed from a site, not actually deleted
if persons and persons[0]['site_ids']: