From 97e9aec93643d0f8d3f19acbcd45b6b1d919996a Mon Sep 17 00:00:00 2001
From: Josh Karlin <jkarlin@bbn.com>
Date: Wed, 21 Apr 2010 13:24:09 +0000
Subject: [PATCH] Added get_geni_aggregates so that clients can figure out
 which aggs to connect to

---
 sfa/methods/SliverStatus.py | 15 ++++++++-------
 sfa/server/interface.py     |  7 ++++---
 sfa/trust/rights.py         |  8 ++++----
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/sfa/methods/SliverStatus.py b/sfa/methods/SliverStatus.py
index 2d4164ed..6b900964 100644
--- a/sfa/methods/SliverStatus.py
+++ b/sfa/methods/SliverStatus.py
@@ -2,37 +2,38 @@ from sfa.util.faults import *
 from sfa.util.namespace import *
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter
+from sfa.server.aggregate import Aggregates
 
 class SliverStatus(Method):
     """
     Get the status of a sliver
     
     @param slice_urn (string) URN of slice to allocate to
-    @param credentials ([string]) of credentials
     
     """
     interfaces = ['geni_am']
     accepts = [
         Parameter(str, "Slice URN"),
-        Parameter(type([str]), "List of credentials"),
         ]
     returns = Parameter(bool, "Success or Failure")
 
     def call(self, slice_xrn, creds):
         hrn, type = urn_to_hrn(slice_xrn)
+        
+        # Make sure that this is a geni_aggregate talking to us
+        geni_aggs = Aggregates(self.api, '/etc/sfa/geni_aggregates.xml')
+        if not hrn in [agg['hrn'] for agg in geni_aggs]:
+            raise SfaPermissionDenied("Only GENI Aggregates may make this call")
 
-        self.api.logger.info("interface: %s\ttarget-hrn: %s\tcaller-creds: %s\tmethod-name: %s"%(self.api.interface, hrn, creds, self.name))
+        self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name))
 
-        # Find the valid credentials
-        ValidCreds = self.api.auth.checkCredentials(creds, 'sliverstatus', hrn)
-        
         manager_base = 'sfa.managers'
 
         if self.api.interface in ['geni_am']:
             mgr_type = self.api.config.SFA_GENI_AGGREGATE_TYPE
             manager_module = manager_base + ".geni_am_%s" % mgr_type
             manager = __import__(manager_module, fromlist=[manager_base])
-            return manager.SliverStatus(self.api, slice_xrn, ValidCreds)
+            return manager.SliverStatus(self.api, slice_xrn)
 
         return ''
     
diff --git a/sfa/server/interface.py b/sfa/server/interface.py
index 17f37c55..b01c87e7 100644
--- a/sfa/server/interface.py
+++ b/sfa/server/interface.py
@@ -13,7 +13,7 @@ from sfa.util.record import SfaRecord
 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
 import sfa.util.soapprotocol as soapprotocol
 
- 
+
 # GeniLight client support is optional
 try:
     from egeni.geniLight_client import *
@@ -164,14 +164,15 @@ class Interfaces(dict):
         required_fields = self.default_fields.keys()
         if not isinstance(interfaces, list):
             interfaces = [interfaces]
+
         for interface in interfaces:
             # make sure the required fields are present and not null
             if not all([interface.get(key) for key in required_fields]):
                 continue
-
+            
             hrn, address, port = interface['hrn'], interface['addr'], interface['port']
             url = 'http://%(address)s:%(port)s' % locals()
-
+            
             # check which client we should use
             # sfa.util.xmlrpcprotocol is default
             client_type = 'xmlrpcprotocol'
diff --git a/sfa/trust/rights.py b/sfa/trust/rights.py
index fa5c043c..ee840143 100644
--- a/sfa/trust/rights.py
+++ b/sfa/trust/rights.py
@@ -19,12 +19,12 @@
 privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
                    "refresh": ["remove", "update"],
                    "resolve": ["resolve", "list", "getcredential", "getversion"],
-                   "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice", 
+                   "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice",  
                           "getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
-                          "deleteslice", "resetslice", "listslices", "listnodes", "getpolicy", "createsliver", "sliverestatus"],
-                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver",  "deleteslice", "updateslice", "getsliceresources", "shutdown"],
+                          "deleteslice", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
+                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice",  "deleteslice", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
                    "bind": ["getticket", "loanresources", "redeemticket"],
-                   "control": ["updateslice", "createslice", "createsliver", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources", "getgids"],
+                   "control": ["updateslice", "createslice", "sliverstatus", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources", "getgids"],
                    "info": ["listslices", "listnodes", "getpolicy"],
                    "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
                    "operator": ["gettrustedcerts", "getgids"]}
-- 
2.47.0