From: Tony Mack <tmack@cs.princeton.edu>
Date: Tue, 14 Apr 2009 21:26:15 +0000 (+0000)
Subject: check slice policy before creating slices
X-Git-Tag: sfa-0.9-0@14641~470
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=3cab2aca3a56c288fe3f4af8737180a96a993413;hp=93abb578f77bb7b5545759632b27feeacb86132b;p=sfa.git

check slice policy before creating slices
---

diff --git a/geni/util/slices.py b/geni/util/slices.py
index f3655633..a62fce94 100644
--- a/geni/util/slices.py
+++ b/geni/util/slices.py
@@ -5,6 +5,7 @@ from geni.util.rspec import *
 from geni.util.specdict import *
 from geni.util.excep import *
 from geni.util.storage import *
+from geni.util.policy import Policy
 from geni.util.debug import log
 from geni.aggregate import Aggregates
 from geni.registry import Registries
@@ -17,6 +18,7 @@ class Slices(SimpleStorage):
         self.threshold = None
         self.slices_file = os.sep.join([self.api.server_basedir, self.api.interface +'.'+ self.api.hrn + '.slices'])
         SimpleStorage.__init__(self, self.slices_file)
+        self.policy = Policy(self.api)    
         self.load()
 
 
@@ -100,6 +102,15 @@ class Slices(SimpleStorage):
             aggregates[aggregate].delete_slice(credential, hrn)
 
     def create_slice(self, hrn, rspec):
+        # check our slice policy before we procede
+        whitelist = self.policy['slice_whitelist']     
+        blacklist = self.policy['slice_blacklist']
+        
+        if whitelist and hrn not in whitelist or \
+           blacklist and hrn in blacklist:
+            policy_file = self.policy.policy_file
+            print >> log, "Slice %(hrn)s not allowed by policy %(policy_file)s" % locals()
+            return 1
         if self.api.interface in ['aggregate']:     
             self.create_slice_aggregate(hrn, rspec)
         elif self.api.interface in ['slicemgr']: