# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
- #api.fill_record_info(record)
+ api.fill_record_info(record)
record['enabled'] = True
print>> sys.stderr , " \r\n ++ REGISTRY get_credential hrn %s record['enabled'] %s is_self %s" %(hrn, record['enabled'], is_self)
if record['type']=='user':
if is_self:
caller_hrn = hrn
caller_gid = record.get_gid_object()
+ print>>sys.stderr, " \r\n REGISTRY IS SELF OK caller_hrn %s--- \r\n caller_gid %s---------" %(caller_hrn,caller_gid)
else:
print>> sys.stderr , " \r\n ++ ELSE "
caller_gid = api.auth.client_cred.get_gid_caller()
print>> sys.stderr , " \r\n ++ ELSE object_hrn %s " %(object_hrn)
rights = api.auth.determine_user_rights(caller_hrn, record)
- print>> sys.stderr , " \r\n ++ After rights record: %s " %(record )
+ print>> sys.stderr , " \r\n ++ After rights record: %s \r\n ====RIGHTS %s " %(record , rights)
# make sure caller has rights to this object
if rights.is_empty():
def register(api, record):
- print>>sys.stderr, " \r\n \r\n ----------- registry_manager_sl register hrn %s"%(hrn)
+
hrn, type = record['hrn'], record['type']
urn = hrn_to_urn(hrn,type)
# validate the type
+ print>>sys.stderr, " \r\n \r\n ----------- registry_manager_sl register hrn %s"%(hrn)
if type not in ['authority', 'slice', 'node', 'user']:
raise UnknownSfaType(type)
gid = auth_info.get_gid_object()
record.set_gid(gid.save_to_string(save_parents=True))
pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
- sites = api.plshell.GetSites(api.plauth, [pl_record['login_base']])
+ sites = api.oar.GetSites( [pl_record['login_base']])
if not sites:
- pointer = api.plshell.AddSite(api.plauth, pl_record)
+ pointer = api.oar.AddSite( pl_record)
else:
pointer = sites[0]['site_id']
elif (type == "slice"):
acceptable_fields=['url', 'instantiation', 'name', 'description']
pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
+ print>>sys.stderr, " \r\n \r\n ----------- registry_manager_slab register slice pl_record %s"%(pl_record)
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
- slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
+ slices = api.users.GetSlices( [pl_record['name']])
if not slices:
- pointer = api.plshell.AddSlice(api.plauth, pl_record)
+ pointer = api.users.AddSlice(pl_record)
else:
pointer = slices[0]['slice_id']
record.set_pointer(pointer)
record['pointer'] = pointer
elif (type == "user"):
- persons = api.plshell.GetPersons(api.plauth, [record['email']])
- if not persons:
- pointer = api.plshell.AddPerson(api.plauth, dict(record))
- else:
- pointer = persons[0]['person_id']
+ persons = api.users.GetPersons( [record['email']])
+ if not persons:
+ print>>sys.stderr, " \r\n \r\n ----------- registry_manager_slab register NO PERSON ADD TO LDAP?"
+
+ #if not persons:
+ #pointer = api.users.AddPerson( dict(record))
+ #else:
+ #pointer = persons[0]['person_id']
if 'enabled' in record and record['enabled']:
- api.plshell.UpdatePerson(api.plauth, pointer, {'enabled': record['enabled']})
+ api.users.UpdatePerson( pointer, {'enabled': record['enabled']})
# add this persons to the site only if he is being added for the first
# time by sfa and doesont already exist in plc
if not persons or not persons[0]['site_ids']:
login_base = get_leaf(record['authority'])
- api.plshell.AddPersonToSite(api.plauth, pointer, login_base)
+ api.users.AddPersonToSite( pointer, login_base)
# What roles should this user have?
- api.plshell.AddRoleToPerson(api.plauth, 'user', pointer)
+ api.users.AddRoleToPerson( 'user', pointer)
# Add the user's key
if pub_key:
- api.plshell.AddPersonKey(api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key})
-
- elif (type == "node"):
- pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
- login_base = hrn_to_pl_login_base(record['authority'])
- nodes = api.plshell.GetNodes(api.plauth, [pl_record['hostname']])
- if not nodes:
- pointer = api.plshell.AddNode(api.plauth, login_base, pl_record)
- else:
- pointer = nodes[0]['node_id']
-
- record['pointer'] = pointer
- record.set_pointer(pointer)
+ api.users.AddPersonKey( pointer, {'key_type' : 'ssh', 'key' : pub_key})
+
+ #elif (type == "node"):
+ #pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
+ #login_base = hrn_to_pl_login_base(record['authority'])
+ #nodes = api.oar.GetNodes( [pl_record['hostname']])
+ #if not nodes:
+ #pointer = api.oar.AddNode(login_base, pl_record)
+ #else:
+ #pointer = nodes[0]['node_id']
+
+ ##record['pointer'] = pointer
+ ##record.set_pointer(pointer)
record_id = table.insert(record)
record['record_id'] = record_id
# update the PLC information that was specified with the record
if (type == "authority"):
- api.plshell.UpdateSite(api.plauth, pointer, new_record)
+ api.oar.UpdateSite( pointer, new_record)
elif type == "slice":
pl_record=api.sfa_fields_to_pl_fields(type, hrn, new_record)
if 'name' in pl_record:
pl_record.pop('name')
- api.plshell.UpdateSlice(api.plauth, pointer, pl_record)
+ api.users.UpdateSlice( pointer, pl_record)
elif type == "user":
# SMBAKER: UpdatePerson only allows a limited set of fields to be
'password', 'phone', 'url', 'bio', 'accepted_aup',
'enabled']:
update_fields[key] = all_fields[key]
- api.plshell.UpdatePerson(api.plauth, pointer, update_fields)
+ api.users.UpdatePerson( pointer, update_fields)
if 'key' in new_record and new_record['key']:
# must check this key against the previous one if it exists
- persons = api.plshell.GetPersons(api.plauth, [pointer], ['key_ids'])
+ persons = api.users.GetPersons( [pointer], ['key_ids'])
person = persons[0]
keys = person['key_ids']
- keys = api.plshell.GetKeys(api.plauth, person['key_ids'])
+ keys = api.users.GetKeys( person['key_ids'])
key_exists = False
if isinstance(new_record['key'], types.ListType):
new_key = new_record['key'][0]
# Delete all stale keys
for key in keys:
if new_record['key'] != key['key']:
- api.plshell.DeleteKey(api.plauth, key['key_id'])
+ api.users.DeleteKey( key['key_id'])
else:
key_exists = True
if not key_exists:
- api.plshell.AddPersonKey(api.plauth, pointer, {'key_type': 'ssh', 'key': new_key})
+ api.users.AddPersonKey( pointer, {'key_type': 'ssh', 'key': new_key})
# update the openssl key and gid
pkey = convert_public_key(new_key)
table.update(record)
elif type == "node":
- api.plshell.UpdateNode(api.plauth, pointer, new_record)
+ api.oar.UpdateNode( pointer, new_record)
else:
raise UnknownSfaType(type)
except:
pass
if type == "user":
- persons = api.plshell.GetPersons(api.plauth, record['pointer'])
+ persons = api.users.GetPersons(record['pointer'])
# only delete this person if he has site ids. if he doesnt, it probably means
# he was just removed from a site, not actually deleted
if persons and persons[0]['site_ids']:
- api.plshell.DeletePerson(api.plauth, record['pointer'])
+ api.users.DeletePerson(record['pointer'])
elif type == "slice":
- if api.plshell.GetSlices(api.plauth, record['pointer']):
- api.plshell.DeleteSlice(api.plauth, record['pointer'])
+ if api.users.GetSlices( record['pointer']):
+ api.users.DeleteSlice( record['pointer'])
elif type == "node":
- if api.plshell.GetNodes(api.plauth, record['pointer']):
- api.plshell.DeleteNode(api.plauth, record['pointer'])
+ if api.oar.GetNodes( record['pointer']):
+ api.oar.DeleteNode( record['pointer'])
elif type == "authority":
- if api.plshell.GetSites(api.plauth, record['pointer']):
- api.plshell.DeleteSite(api.plauth, record['pointer'])
+ if api.oar.GetSites( record['pointer']):
+ api.oar.DeleteSite( record['pointer'])
else:
raise UnknownSfaType(type)