From: Tony Mack Date: Fri, 23 Oct 2009 15:28:03 +0000 (+0000) Subject: request hash argument is optional for now X-Git-Tag: sfa-0.9-6~140 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=0617bf203bd582103e7f45633cd320b1f80d1fb0;p=sfa.git request hash argument is optional for now --- diff --git a/sfa/methods/create_gid.py b/sfa/methods/create_gid.py index df2fa6d3..66404109 100644 --- a/sfa/methods/create_gid.py +++ b/sfa/methods/create_gid.py @@ -32,13 +32,15 @@ class create_gid(Method): Mixed(Parameter(str, "Unique identifier for new GID (uuid)"), Parameter(None, "Unique identifier (uuid) not specified")), Parameter(str, "public-key string"), - Parameter(str, "Request hash"), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(str, "String represeneation of a GID object") - def call(self, cred, hrn, uuid, request_hash, pubkey_str): - self.api.auth.authenticateCred(cred, [cred, hrn, uuid], request_hash) + def call(self, cred, hrn, uuid, pubkey_str, request_hash=None): + # request hash is optional + self.api.auth.authenticateCred(cred, [cred, hrn, uuid, pubkey_str], request_hash) self.api.auth.check(cred, "getcredential") self.api.auth.verify_object_belongs_to_me(hrn) self.api.auth.verify_object_permission(hrn) diff --git a/sfa/methods/create_slice.py b/sfa/methods/create_slice.py index 576ac0ab..1a4e580f 100644 --- a/sfa/methods/create_slice.py +++ b/sfa/methods/create_slice.py @@ -30,12 +30,13 @@ class create_slice(Method): Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), Parameter(str, "Resource specification"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, requested_rspec, request_hash, caller_cred=None): + def call(self, cred, hrn, requested_rspec, request_hash=None, caller_cred=None): if caller_cred==None: caller_cred=cred diff --git a/sfa/methods/delete_slice.py b/sfa/methods/delete_slice.py index 2591a6a7..1601da1d 100644 --- a/sfa/methods/delete_slice.py +++ b/sfa/methods/delete_slice.py @@ -24,12 +24,13 @@ class delete_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to delete"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, request_hash, caller_cred=None): + def call(self, cred, hrn, request_hash=None, caller_cred=None): if caller_cred==None: caller_cred=cred diff --git a/sfa/methods/get_aggregates.py b/sfa/methods/get_aggregates.py index 57ef2590..703bd5c2 100644 --- a/sfa/methods/get_aggregates.py +++ b/sfa/methods/get_aggregates.py @@ -24,7 +24,8 @@ class get_aggregates(Method): Mixed(Parameter(str, "Human readable name (hrn)"), Parameter(None, "hrn not specified")), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = [Parameter(dict, "Aggregate interface information")] diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py index f127d47d..347e63b4 100644 --- a/sfa/methods/get_credential.py +++ b/sfa/methods/get_credential.py @@ -30,16 +30,16 @@ class get_credential(Method): Mixed(Parameter(str, "credential"), Parameter(None, "No credential")), Parameter(str, "Human readable name (hrn)"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(str, "String representation of a credential object") - def call(self, cred, type, hrn, request_hash): + def call(self, cred, type, hrn, request_hash=None): if not cred: return self.get_self_credential(type, hrn, request_hash) - # authenticate the cred self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash) self.api.auth.check(cred, 'getcredential') self.api.auth.verify_object_belongs_to_me(hrn) diff --git a/sfa/methods/get_gid.py b/sfa/methods/get_gid.py index bae5a747..5a25b028 100644 --- a/sfa/methods/get_gid.py +++ b/sfa/methods/get_gid.py @@ -26,13 +26,14 @@ class get_gid(Method): accepts = [ Parameter(str, "Certificate string"), - Parameter(str, "Human readable name (hrn)"), - Parameter(str, "Request hash") + Parameter(str, "Human readable name (hrn)"), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = [Parameter(dict, "Aggregate interface information")] - def call(self, cert, hrn, type, requestHash): + def call(self, cert, hrn, type, request_hash=None): self.api.auth.verify_object_belongs_to_me(hrn) certificate = Certificate(string=cert) @@ -48,6 +49,6 @@ class get_gid(Method): raise ConnectionKeyGIDMismatch(gid.get_subject()) # authenticate the gid - self.api.auth.authenticateGid(gidStr, [cert, hrn, type], requestHash) + self.api.auth.authenticateGid(gidStr, [cert, hrn, type], request_hash) return gidStr diff --git a/sfa/methods/get_registries.py b/sfa/methods/get_registries.py index df65616b..a6f864b6 100644 --- a/sfa/methods/get_registries.py +++ b/sfa/methods/get_registries.py @@ -24,7 +24,8 @@ class get_registries(Method): Mixed(Parameter(str, "Human readable name (hrn)"), Parameter(None, "hrn not specified")), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = [Parameter(dict, "Registry interface information")] @@ -46,4 +47,3 @@ class get_registries(Method): interfaces = [interface for interface in registries.interfaces if interface['hrn'] in hrn_list] return interfaces - return registries.interfaces diff --git a/sfa/methods/get_resources.py b/sfa/methods/get_resources.py index 7ded9399..6ee7bb3c 100644 --- a/sfa/methods/get_resources.py +++ b/sfa/methods/get_resources.py @@ -28,7 +28,8 @@ class get_resources(Method): Parameter(str, "Credential string"), Mixed(Parameter(str, "Human readable name (hrn)"), Parameter(None, "hrn not specified")), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(str, "String representatin of an rspec") diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py index bccee168..b5840230 100644 --- a/sfa/methods/get_self_credential.py +++ b/sfa/methods/get_self_credential.py @@ -27,12 +27,13 @@ class get_self_credential(Method): accepts = [ Parameter(str, "certificate"), Parameter(str, "Human readable name (hrn)"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(str, "String representation of a credential object") - def call(self, cert, type, hrn, request_hash): + def call(self, cert, type, hrn, request_hash=None): """ get_self_credential a degenerate version of get_credential used by a client to get his initial credential when de doesnt have one. This is the same as @@ -72,9 +73,10 @@ class get_self_credential(Method): raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name()) # authenticate the gid - gid = record.get_gid_object() - gid_str = gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash) + if request_hash: + gid = record.get_gid_object() + gid_str = gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash) # authenticate the certificate certificate = Certificate(string=cert) diff --git a/sfa/methods/get_slices.py b/sfa/methods/get_slices.py index aaf30f78..63c8d787 100644 --- a/sfa/methods/get_slices.py +++ b/sfa/methods/get_slices.py @@ -20,12 +20,14 @@ class get_slices(Method): accepts = [ Parameter(str, "Credential string"), - Parameter(str, "Request hash") + Parameter(str, "Request hash"), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = [Parameter(str, "Human readable slice name (hrn)")] - def call(self, cred, request_hash): + def call(self, cred, request_hash=None): self.api.auth.authenticateCred(cred, [cred], request_hash) self.api.auth.check(cred, 'listslices') slices = Slices(self.api) diff --git a/sfa/methods/get_ticket.py b/sfa/methods/get_ticket.py index 7cea8d75..2bf0959c 100644 --- a/sfa/methods/get_ticket.py +++ b/sfa/methods/get_ticket.py @@ -29,12 +29,15 @@ class get_ticket(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"), - Parameter(str, "Resource specification (rspec)") + Parameter(str, "Resource specification (rspec)"), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(str, "String represeneation of a ticket object") - def call(self, cred, hrn, rspec): + def call(self, cred, hrn, rspec, request_hash=None): + self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash) self.api.auth.check(cred, "getticket") self.api.auth.verify_object_belongs_to_me(hrn) self.api.auth.verify_object_permission(name) diff --git a/sfa/methods/list.py b/sfa/methods/list.py index 75327f22..0a3a8fc1 100644 --- a/sfa/methods/list.py +++ b/sfa/methods/list.py @@ -24,12 +24,13 @@ class list(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name (hrn)"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = [GeniRecord] - def call(self, cred, hrn, request_hash, caller_cred=None): + def call(self, cred, hrn, request_hash=None, caller_cred=None): self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) self.api.auth.check(cred, 'list') if caller_cred==None: diff --git a/sfa/methods/register.py b/sfa/methods/register.py index 029db0a8..bf4bac61 100644 --- a/sfa/methods/register.py +++ b/sfa/methods/register.py @@ -32,12 +32,13 @@ class register(Method): accepts = [ Parameter(str, "Credential string"), Parameter(dict, "Record dictionary containing record fields"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "String representation of gid object") - def call(self, cred, record_dict, request_hash, caller_cred=None): + def call(self, cred, record_dict, request_hash=None, caller_cred=None): # This cred will be an authority cred, not a user, so we cant use it to # authenticate the caller's request_hash. Let just get the caller's gid # from the cred and authenticate using that diff --git a/sfa/methods/register_peer_object.py b/sfa/methods/register_peer_object.py index 2268bc61..359e1bc4 100644 --- a/sfa/methods/register_peer_object.py +++ b/sfa/methods/register_peer_object.py @@ -31,13 +31,14 @@ class register_peer_object(Method): accepts = [ Parameter(str, "Credential string"), - Parameter(dict, "Record dictionary containing record fields") - Parameter(str, "Request hash") + Parameter(dict, "Record dictionary containing record fields"), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, record_dict, request_hash, caller_cred=None): + def call(self, cred, record_dict, request_hash=None, caller_cred=None): self.api.auth.authenticateCred(cred, [cred], request_hash) self.api.auth.check(cred, "register") if caller_cred==None: diff --git a/sfa/methods/remove.py b/sfa/methods/remove.py index 0321bdb2..fb8f820d 100644 --- a/sfa/methods/remove.py +++ b/sfa/methods/remove.py @@ -29,12 +29,13 @@ class remove(Method): Parameter(str, "Credential string"), Parameter(str, "Record type"), Parameter(str, "Human readable name (hrn) of record to be removed"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, type, hrn, request_hash, caller_cred=None): + def call(self, cred, type, hrn, request_hash=None, caller_cred=None): if caller_cred==None: caller_cred=cred diff --git a/sfa/methods/remove_peer_object.py b/sfa/methods/remove_peer_object.py index b9b337fe..51fb658f 100644 --- a/sfa/methods/remove_peer_object.py +++ b/sfa/methods/remove_peer_object.py @@ -26,13 +26,14 @@ class remove_peer_object(Method): accepts = [ Parameter(str, "Credential string"), - Parameter(dict, "Record dictionary") - Parameter(str, "Request hash"), + Parameter(dict, "Record dictionary"), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, record, request_hash, caller_cred=None): + def call(self, cred, record, request_hash=None, caller_cred=None): if caller_cred==None: caller_cred=cred #log the call diff --git a/sfa/methods/reset_slices.py b/sfa/methods/reset_slices.py index 88d85fae..f389bb1e 100644 --- a/sfa/methods/reset_slices.py +++ b/sfa/methods/reset_slices.py @@ -22,12 +22,13 @@ class reset_slices(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, request_hash): + def call(self, cred, hrn, request_hash=None): # This cred will be an authority cred, not a user, so we cant use it to # authenticate the caller's request_hash. Let just get the caller's gid # from the cred and authenticate using that diff --git a/sfa/methods/resolve.py b/sfa/methods/resolve.py index acf6ec08..c1d87143 100644 --- a/sfa/methods/resolve.py +++ b/sfa/methods/resolve.py @@ -26,12 +26,13 @@ class resolve(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name (hrn)"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = [GeniRecord] - def call(self, cred, hrn, request_hash, caller_cred=None): + def call(self, cred, hrn, request_hash=None, caller_cred=None): self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) self.api.auth.check(cred, 'resolve') diff --git a/sfa/methods/start_slice.py b/sfa/methods/start_slice.py index a34461ab..78181b30 100644 --- a/sfa/methods/start_slice.py +++ b/sfa/methods/start_slice.py @@ -22,12 +22,13 @@ class start_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = [Parameter(int, "1 if successful")] - def call(self, cred, hrn, request_hash): + def call(self, cred, hrn, request_hash=None): # This cred will be an slice cred, not a user, so we cant use it to # authenticate the caller's request_hash. Let just get the caller's gid # from the cred and authenticate using that diff --git a/sfa/methods/stop_slice.py b/sfa/methods/stop_slice.py index ba2b78c0..e4a1b18a 100644 --- a/sfa/methods/stop_slice.py +++ b/sfa/methods/stop_slice.py @@ -22,12 +22,13 @@ class stop_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, request_hash): + def call(self, cred, hrn, request_hash=None): # This cred will be an slice cred, not a user, so we cant use it to # authenticate the caller's request_hash. Let just get the caller's gid # from the cred and authenticate using that diff --git a/sfa/methods/update.py b/sfa/methods/update.py index ddaaf182..4076e977 100644 --- a/sfa/methods/update.py +++ b/sfa/methods/update.py @@ -30,12 +30,13 @@ class update(Method): accepts = [ Parameter(str, "Credential string"), Parameter(dict, "Record dictionary to be updated"), - Parameter(str, "Request hash") + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, record_dict, request_hash, caller_cred=None): + def call(self, cred, record_dict, request_hash=None, caller_cred=None): if caller_cred==None: caller_cred=cred diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index efbe659a..f3609b3f 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -101,16 +101,20 @@ class Auth: if object_gid: object_gid.verify_chain(self.trusted_cert_list) - def authenticateGid(self, gidStr, argList, requestHash): + def authenticateGid(self, gidStr, argList, requestHash=None): gid = GID(string = gidStr) self.validateGid(gid) - self.verifyGidRequestHash(gid, requestHash, argList) + # request_hash is optional + if requestHash: + self.verifyGidRequestHash(gid, requestHash, argList) return gid - def authenticateCred(self, credStr, argList, requestHash): + def authenticateCred(self, credStr, argList, requestHash=None): cred = Credential(string = credStr) self.validateCred(cred) - self.verifyCredRequestHash(cred, requestHash, argList) + # request hash is optional + if requestHash: + self.verifyCredRequestHash(cred, requestHash, argList) return cred def authenticateCert(self, certStr, requestHash):