Merge remote branch 'origin/master'

diff --git a/sfa/managers/aggregate_manager_pl.py b/sfa/managers/aggregate_manager_pl.py
index 05beae9..fe4e53d 100644 (file)
--- a/sfa/managers/aggregate_manager_pl.py
+++ b/sfa/managers/aggregate_manager_pl.py
@@ -5,7 +5,7 @@ import datetime
 import time
 import traceback
 import sys
-
+import re
 from types import StringTypes
 from sfa.util.namespace import *
 from sfa.util.rspec import *
@@ -37,19 +37,23 @@ def __get_registry_objects(slice_xrn, creds, users):
     reg_objects = None
 
     if users:
+        # dont allow special characters in the site login base
+        only_alphanumeric = re.compile('[^a-zA-Z0-9]+')
+        login_base = only_alphanumeric.sub('', hrn_auth[:20]).lower()
+  
         reg_objects = {}
 
         site = {}
         site['site_id'] = 0
-        site['name'] = 'geni.%s' % hrn_auth[:20]
+        site['name'] = 'geni.%s' % login_base 
         site['enabled'] = True
         site['max_slices'] = 100
 
         # Note:
         # Is it okay if this login base is the same as one already at this myplc site?
         # Do we need uniqueness?  Should use hrn_auth instead of just the leaf perhaps?
-        site['login_base'] = hrn_auth[:20]
-        site['abbreviated_name'] = hrn_auth[:20]
+        site['login_base'] = login_base
+        site['abbreviated_name'] = login_base
         site['max_slivers'] = 1000
         reg_objects['site'] = site
 

diff --git a/sfa/managers/slice_manager_pl.py b/sfa/managers/slice_manager_pl.py
index 6eaf82a..05cd043 100644 (file)
--- a/sfa/managers/slice_manager_pl.py
+++ b/sfa/managers/slice_manager_pl.py
@@ -61,8 +61,8 @@ def create_slice(api, xrn, creds, rspec, users):
             raise InvalidRSpec(message)
 
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'createsliver', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()
+    valid_cred = api.auth.checkCredentials(creds, 'createsliver', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -72,7 +72,7 @@ def create_slice(api, xrn, creds, rspec, users):
     for aggregate in api.aggregates:
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM 
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
             
         # Just send entire RSpec to each aggregate
@@ -85,8 +85,8 @@ def create_slice(api, xrn, creds, rspec, users):
 
 def renew_slice(api, xrn, creds, expiration_time):
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'renewesliver', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()
+    valid_cred = api.auth.checkCredentials(creds, 'renewesliver', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -96,7 +96,7 @@ def renew_slice(api, xrn, creds, expiration_time):
     for aggregate in api.aggregates:
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
 
         server = api.aggregates[aggregate]
@@ -115,8 +115,8 @@ def get_ticket(api, xrn, creds, rspec, users):
         aggregate_rspecs[aggregate_hrn] = rspec 
 
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'getticket', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()
+    valid_cred = api.auth.checkCredentials(creds, 'getticket', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -126,7 +126,7 @@ def get_ticket(api, xrn, creds, rspec, users):
     for aggregate, aggregate_rspec in aggregate_rspecs.items():
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
         server = None
         if aggregate in api.aggregates:
@@ -184,8 +184,8 @@ def get_ticket(api, xrn, creds, rspec, users):
 
 def delete_slice(api, xrn, creds):
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'deletesliver', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()    
+    valid_cred = api.auth.checkCredentials(creds, 'deletesliver', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -195,7 +195,7 @@ def delete_slice(api, xrn, creds):
     for aggregate in api.aggregates:
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
         server = api.aggregates[aggregate]
         threads.run(server.DeleteSliver, xrn, credential)
@@ -204,8 +204,8 @@ def delete_slice(api, xrn, creds):
 
 def start_slice(api, xrn, creds):
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'startslice', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()    
+    valid_cred = api.auth.checkCredentials(creds, 'startslice', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -215,7 +215,7 @@ def start_slice(api, xrn, creds):
     for aggregate in api.aggregates:
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
         server = api.aggregates[aggregate]
         threads.run(server.Start, xrn, credential)
@@ -224,8 +224,8 @@ def start_slice(api, xrn, creds):
  
 def stop_slice(api, xrn, creds):
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'stopslice', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()    
+    valid_cred = api.auth.checkCredentials(creds, 'stopslice', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -235,7 +235,7 @@ def stop_slice(api, xrn, creds):
     for aggregate in api.aggregates:
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
         server = api.aggregates[aggregate]
         threads.run(server.Stop, xrn, credential)
@@ -269,8 +269,8 @@ def get_slices(api, creds):
             return slices    
 
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'listslices', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()
+    valid_cred = api.auth.checkCredentials(creds, 'listslices', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -281,7 +281,7 @@ def get_slices(api, creds):
     for aggregate in api.aggregates:
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
         server = api.aggregates[aggregate]
         threads.run(server.ListSlices, credential)
@@ -319,8 +319,8 @@ def get_rspec(api, creds, options):
     rspec = None
 
     # get the callers hrn
-    valid_cred = self.api.auth.checkCredentials(creds, 'listnodes', hrn)[0]
-    caller_hrn = valid_cred.get_gid_caller().get_hrn()
+    valid_cred = api.auth.checkCredentials(creds, 'listnodes', hrn)[0]
+    caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
 
     # attempt to use delegated credential first
     credential = api.getDelegatedCredential(creds)
@@ -330,7 +330,7 @@ def get_rspec(api, creds, options):
     for aggregate in api.aggregates:
         # prevent infinite loop. Dont send request back to caller
         # unless the caller is the aggregate's SM
-        if caller_hrn == aggrgate and aggregate =! api.hrn:
+        if caller_hrn == aggregate and aggregate != api.hrn:
             continue
         # get the rspec from the aggregate
         server = api.aggregates[aggregate]

diff --git a/sfa/util/namespace.py b/sfa/util/namespace.py
index f53808c..512f398 100644 (file)
--- a/sfa/util/namespace.py
+++ b/sfa/util/namespace.py
@@ -1,6 +1,6 @@
 ### $Id$
 ### $URL$
-
+import re
 from sfa.util.faults import *
 URN_PREFIX = "urn:publicid:IDN"
 
@@ -57,6 +57,9 @@ def urn_to_hrn(urn):
     """
     convert a urn to hrn
     return a tuple (hrn, type)
+    Warning: urn_to_hrn() replces some special characters that 
+    are not replaced in hrn_to_urn(). Due to this, 
+    urn_to_hrn() -> hrn_to_urn() may not return the original urn
     """
 
     # if this is already a hrn dont do anything
@@ -66,16 +69,20 @@ def urn_to_hrn(urn):
     name = urn[len(URN_PREFIX):]
     hrn_parts = name.split("+")
     type = hrn_parts.pop(2)
-
+    
+         
     # Remove the authority name (e.g. '.sa')
     if type == 'authority':
         hrn_parts = hrn_parts[:-1]
 
     # convert hrn_parts (list) into hrn (str) by doing the following    
+    # dont allow special characters (except ':') in the site login base
     # remove blank elements
     # replace ':' with '.'
     # join list elements using '.'
-    hrn = '.'.join([part.replace(':', '.') for part in hrn_parts if part]) 
+    only_alphanum = re.compile('[^a-zA-Z0-9:]+')
+    valid_chars = lambda x: only_alphanum.sub('', x).replace(':', '.')
+    hrn = '.'.join([valid_chars(part) for part in hrn_parts if part]) 
     
     return str(hrn), str(type)