From 8ac2c3678f9752125f9ab5bb50663126104f62c3 Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Fri, 3 Dec 2010 00:10:48 +0100 Subject: [PATCH] move sliverauth-related tags from db-config.d to accessors - fixed roles --- PLC/Accessors/Accessors_sliverauth.py | 16 ++++++++++++++++ db-config.d/010-slice_tags | 15 --------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/PLC/Accessors/Accessors_sliverauth.py b/PLC/Accessors/Accessors_sliverauth.py index e8ca0c2e..6debf3d4 100644 --- a/PLC/Accessors/Accessors_sliverauth.py +++ b/PLC/Accessors/Accessors_sliverauth.py @@ -13,6 +13,7 @@ from PLC.Accessors.Factory import define_accessors, admin_roles, all_roles, tech import sys current_module = sys.modules[__name__] +# this is how to request the features define_accessors(current_module, Slice, "OmfControl","omf_control", "slice/usertools","Pre-install and configure OMF Resource Controller in slice if set", set_roles=all_roles, expose_in_api=True) @@ -21,3 +22,18 @@ define_accessors(current_module, Slice, "OmfControl","omf_control", define_accessors(current_module, Slice, "SliverHMAC","enable_hmac", "slice/usertools","Create HMAC keys for node in slice (slivers)", set_roles=all_roles, expose_in_api=True) + +# this is where the crypto stuff gets stored +# this ends up in a sliver tag - the node creates that +# the accessors engine does not know how to create sliver accessors +# like e.g. GetSliverHmac(node,slice) +# but they are mentioned here as they are related to the above + +# Security capability to empower a slice to make an authenticated API call, set by silverauth NM plugin. +define_accessors(current_module, Slice, "Hmac","hmac", + "slice/auth", "Sliver authorization key, for authenticated API call", + set_roles=['admin','node']) +# sliver-dependant ssh key, used to authenticate the experimental plane with OMF tools +define_accessors(current_module, Slice, "SshKey", "ssh_key", + 'slice/auth', "Sliver public ssh key", + set_roles= ['admin','node']) diff --git a/db-config.d/010-slice_tags b/db-config.d/010-slice_tags index 9910217d..040fa607 100644 --- a/db-config.d/010-slice_tags +++ b/db-config.d/010-slice_tags @@ -101,17 +101,6 @@ slicetag_types = \ 'category' : 'slice/rspec', 'roles' : ['admin','pi','user']}, - # Security capability to empower a slice to make an authenticated API call, set by silverauth NM plugin. - {'tagname': "hmac", - 'description': "Sliver authorization key.", - 'category' : 'slice/auth', - 'roles': ['admin','pi']}, - - {'tagname': "ssh_key", - 'description': "Sliver public ssh key.", - 'category' : 'slice/auth', - 'roles': ['admin','pi']}, - # Capability to give a sliver access to unused raw disk {'tagname': "rawdisk", 'description': "map unused raw disk devices into the slice", @@ -127,10 +116,6 @@ slicetag_types = \ 'description': "Is a default Distributed Rate Limiting slice (1) or not (0 or unset)", 'category' : 'slice/general'}, - # OMF controlled slice - {'tagname': "omf_control", - 'description': "Pre-install and configure OMF Resource Controller in slice if set", - 'category' : 'slice/usertools'}, ] # add in the platform supported rlimits to the default_attribute_types -- 2.47.0