From b80c9c29deeccc27eb264e810021c1d92b6339bc Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Tue, 27 Nov 2012 16:48:20 +0100 Subject: [PATCH] last (cleaned up) version with the -d/--delegate option that was broken and very unclear about its purpose --- sfa/client/sfi.py | 34 ++++++++++++++++------------------ sfa/trust/credential.py | 6 ++++-- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index c0677efc..e9e5dd10 100644 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -822,6 +822,12 @@ use this if you mean an authority instead""") else: return [] + #################### dealing with delegated credentials + # most commands have a -d option that means 'delegate to my own authority' + # if is unclear if that is useful at all, but just in case.. + def delegate_to_my_authority (original): + return self.client_bootstrap.delegate_credential_string (original, self.authority, 'authority') + ######################################## miscell utilities def get_rspec_file(self, rspec): if (os.path.isabs(rspec)): @@ -1020,8 +1026,7 @@ or version information about sfi itself # creds creds = [self.my_credential_string] if options.delegate: - delegated_cred = self.delegate_cred(self.my_credential_string, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append ( self.delegate_to_my_authority(self.my_credential_string) ) # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() @@ -1052,7 +1057,7 @@ or with an slice hrn, shows currently provisioned resources the_credential=self.my_credential_string creds.append(the_credential) if options.delegate: - creds.append(self.delegate_cred(the_credential, get_authority(self.authority))) + creds.append(self.delegate_to_my_authority(the_credential)) if options.show_credential: show_credentials(creds) @@ -1187,8 +1192,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append (self.delegate_to_my_authority (slice_cred)) # options and call_id when supported api_options = {} @@ -1217,8 +1221,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append (self.delegate_to_my_authority (slice_cred)) # options and call_id when supported api_options = {} @@ -1246,8 +1249,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append (self.delegate_to_my_authority (slice_cred)) # xxx Thierry - does this not need an api_options as well ? result = server.Start(slice_urn, creds) value = ReturnValue.get_value(result) @@ -1269,8 +1271,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append (self.delegate_to_my_authority (slice_cred)) result = server.Stop(slice_urn, creds) value = ReturnValue.get_value(result) if self.options.raw: @@ -1292,8 +1293,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append (self.delegate_to_my_authority (slice_cred)) result = server.reset_slice(creds, slice_urn) value = ReturnValue.get_value(result) if self.options.raw: @@ -1318,8 +1318,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(args[0]) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append (self.delegate_to_my_authority (slice_cred)) # options and call_id when supported api_options = {} api_options['call_id']=unique_call_id() @@ -1346,8 +1345,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds.append(delegated_cred) + creds.append (self.delegate_to_my_authority (slice_cred)) result = server.Shutdown(slice_urn, creds) value = ReturnValue.get_value(result) if self.options.raw: @@ -1369,7 +1367,7 @@ or with an slice hrn, shows currently provisioned resources slice_cred = self.slice_credential_string(slice_hrn) creds = [slice_cred] if options.delegate: - delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) + delegated_cred = self.delegate_to_my_authority(slice_cred) creds.append(delegated_cred) # rspec rspec_file = self.get_rspec_file(rspec_path) diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index cb02d864..290fb1d2 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -661,8 +661,10 @@ class Credential(object): # Call out to xmlsec1 to sign it ref = 'Sig_%s' % self.get_refid() filename = self.save_to_random_tmp_file() - signed = os.popen('%s --sign --node-id "%s" --privkey-pem %s,%s %s' \ - % (self.xmlsec_path, ref, self.issuer_privkey, ",".join(gid_files), filename)).read() + command='%s --sign --node-id "%s" --privkey-pem %s,%s %s' \ + % (self.xmlsec_path, ref, self.issuer_privkey, ",".join(gid_files), filename) +# print 'command',command + signed = os.popen(command).read() os.remove(filename) for gid_file in gid_files: -- 2.43.0