From: Thierry Parmentelat Date: Thu, 2 Dec 2010 23:11:00 +0000 (+0100) Subject: Merge branch 'master' of ssh://git.onelab.eu/git/plcapi X-Git-Tag: plcapi-5.0-20~1 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=e75410b79d688f5bc44e15df26a079807c183f59;hp=4fe4060c9742365aead10c1d653166b4441e101f;p=plcapi.git Merge branch 'master' of ssh://git.onelab.eu/git/plcapi --- diff --git a/PLC/Accessors/Accessors_sliverauth.py b/PLC/Accessors/Accessors_sliverauth.py index e8ca0c2..6debf3d 100644 --- a/PLC/Accessors/Accessors_sliverauth.py +++ b/PLC/Accessors/Accessors_sliverauth.py @@ -13,6 +13,7 @@ from PLC.Accessors.Factory import define_accessors, admin_roles, all_roles, tech import sys current_module = sys.modules[__name__] +# this is how to request the features define_accessors(current_module, Slice, "OmfControl","omf_control", "slice/usertools","Pre-install and configure OMF Resource Controller in slice if set", set_roles=all_roles, expose_in_api=True) @@ -21,3 +22,18 @@ define_accessors(current_module, Slice, "OmfControl","omf_control", define_accessors(current_module, Slice, "SliverHMAC","enable_hmac", "slice/usertools","Create HMAC keys for node in slice (slivers)", set_roles=all_roles, expose_in_api=True) + +# this is where the crypto stuff gets stored +# this ends up in a sliver tag - the node creates that +# the accessors engine does not know how to create sliver accessors +# like e.g. GetSliverHmac(node,slice) +# but they are mentioned here as they are related to the above + +# Security capability to empower a slice to make an authenticated API call, set by silverauth NM plugin. +define_accessors(current_module, Slice, "Hmac","hmac", + "slice/auth", "Sliver authorization key, for authenticated API call", + set_roles=['admin','node']) +# sliver-dependant ssh key, used to authenticate the experimental plane with OMF tools +define_accessors(current_module, Slice, "SshKey", "ssh_key", + 'slice/auth', "Sliver public ssh key", + set_roles= ['admin','node']) diff --git a/db-config.d/010-slice_tags b/db-config.d/010-slice_tags index 9910217..040fa60 100644 --- a/db-config.d/010-slice_tags +++ b/db-config.d/010-slice_tags @@ -101,17 +101,6 @@ slicetag_types = \ 'category' : 'slice/rspec', 'roles' : ['admin','pi','user']}, - # Security capability to empower a slice to make an authenticated API call, set by silverauth NM plugin. - {'tagname': "hmac", - 'description': "Sliver authorization key.", - 'category' : 'slice/auth', - 'roles': ['admin','pi']}, - - {'tagname': "ssh_key", - 'description': "Sliver public ssh key.", - 'category' : 'slice/auth', - 'roles': ['admin','pi']}, - # Capability to give a sliver access to unused raw disk {'tagname': "rawdisk", 'description': "map unused raw disk devices into the slice", @@ -127,10 +116,6 @@ slicetag_types = \ 'description': "Is a default Distributed Rate Limiting slice (1) or not (0 or unset)", 'category' : 'slice/general'}, - # OMF controlled slice - {'tagname': "omf_control", - 'description': "Pre-install and configure OMF Resource Controller in slice if set", - 'category' : 'slice/usertools'}, ] # add in the platform supported rlimits to the default_attribute_types