From: Tony Mack Date: Mon, 27 Feb 2012 21:02:31 +0000 (-0500) Subject: modified sfa.manager.registry_manager.RegistryManager.GetCredential(), replaced boole... X-Git-Tag: sfa-2.1-4~95 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=9ed5b7e791e0672730538a5ddc7bcb0e0de25519;hp=40a495f8641262cbeeed64f19b9c3e3198d93c14;p=sfa.git modified sfa.manager.registry_manager.RegistryManager.GetCredential(), replaced boolean 'is_local' parameter with string 'caller_xrn' parameter --- diff --git a/sfa/managers/registry_manager.py b/sfa/managers/registry_manager.py index 331a0f94..db4348d6 100644 --- a/sfa/managers/registry_manager.py +++ b/sfa/managers/registry_manager.py @@ -37,7 +37,7 @@ class RegistryManager: 'urn':xrn.get_urn(), 'peers':peers}) - def GetCredential(self, api, xrn, type, is_self=False): + def GetCredential(self, api, xrn, type, caller_xrn=None): # convert xrn to hrn if type: hrn = urn_to_hrn(xrn)[0] @@ -63,14 +63,20 @@ class RegistryManager: raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record.email)) # get the callers gid - # if this is a self cred the record's gid is the caller's gid - if is_self: + # if caller_xrn is not specified assume the caller is the record + # object itself. + if not caller_xrn: caller_hrn = hrn caller_gid = record.get_gid_object() else: - caller_gid = api.auth.client_cred.get_gid_caller() - caller_hrn = caller_gid.get_hrn() - + caller_hrn, caller_type = urn_to_hrn(caller_xrn) + caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn).first() + if caller_type: + caller_record = caller_record.filter_by(type=caller_type) + if not caller_record: + raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type)) + caller_gid = GID(string=caller_record.gid) + object_hrn = record.get_gid_object().get_hrn() rights = api.auth.determine_user_rights(caller_hrn, record.__dict__) # make sure caller has rights to this object diff --git a/sfa/managers/registry_manager_openstack.py b/sfa/managers/registry_manager_openstack.py index 6e210faf..c940e15f 100644 --- a/sfa/managers/registry_manager_openstack.py +++ b/sfa/managers/registry_manager_openstack.py @@ -25,7 +25,7 @@ from sfa.managers.registry_manager import RegistryManager class RegistryManager(RegistryManager): - def GetCredential(self, api, xrn, type, is_self=False): + def GetCredential(self, api, xrn, type, caller_xrn = None): # convert xrn to hrn if type: hrn = urn_to_hrn(xrn)[0] @@ -38,7 +38,9 @@ class RegistryManager(RegistryManager): auth_hrn = hrn auth_info = api.auth.get_auth_info(auth_hrn) # get record info - record=dbsession.query(RegRecord).filter_by(type=type,hrn=hrn).first() + record=dbsession.query(RegRecord).filter_by(hrn=hrn).first() + if type: + record = record.filter_by(type=type) if not record: raise RecordNotFound("hrn=%s, type=%s"%(hrn,type)) @@ -51,13 +53,19 @@ class RegistryManager(RegistryManager): raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record.email)) # get the callers gid - # if this is a self cred the record's gid is the caller's gid - if is_self: + # if caller_xrn is not specified assume the caller is the record + # object itself. + if not caller_xrn: caller_hrn = hrn caller_gid = record.get_gid_object() else: - caller_gid = api.auth.client_cred.get_gid_caller() - caller_hrn = caller_gid.get_hrn() + caller_hrn, caller_type = urn_to_hrn(caller_xrn) + caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn).first() + if caller_type: + caller_record = caller_record.filter_by(type=caller_type) + if not caller_record: + raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type)) + caller_gid = GID(string=caller_record.gid) object_hrn = record.get_gid_object().get_hrn() rights = api.auth.determine_user_rights(caller_hrn, record.__dict__) diff --git a/sfa/methods/GetCredential.py b/sfa/methods/GetCredential.py index 50525c20..f5344a27 100644 --- a/sfa/methods/GetCredential.py +++ b/sfa/methods/GetCredential.py @@ -44,5 +44,5 @@ class GetCredential(Method): origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - return self.api.manager.GetCredential(self.api, xrn, type) + return self.api.manager.GetCredential(self.api, xrn, self.api.auth.client_gid.get_urn()) diff --git a/sfa/methods/GetSelfCredential.py b/sfa/methods/GetSelfCredential.py index 073ae94e..c67bf4be 100644 --- a/sfa/methods/GetSelfCredential.py +++ b/sfa/methods/GetSelfCredential.py @@ -84,4 +84,4 @@ class GetSelfCredential(Method): self.api.logger.debug("ConnectionKeyGIDMismatch, %s filename: %s"%(name,obj.filename)) raise ConnectionKeyGIDMismatch(gid.get_subject()) - return self.api.manager.GetCredential(self.api, xrn, type, is_self=True) + return self.api.manager.GetCredential(self.api, xrn, type)