From ab1db6daf8727d5c48789b1677662a0f3d96fd24 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Wed, 4 Aug 2010 14:28:12 +0000 Subject: [PATCH] RenewSliver supported at aggregate and slicemanager interfaces --- sfa/managers/aggregate_manager_pl.py | 236 ++++++++++++++------------- sfa/managers/slice_manager_pl.py | 12 ++ sfa/methods/RenewSliver.py | 21 +-- 3 files changed, 146 insertions(+), 123 deletions(-) diff --git a/sfa/managers/aggregate_manager_pl.py b/sfa/managers/aggregate_manager_pl.py index 4b5679fe..5cb2d3cc 100644 --- a/sfa/managers/aggregate_manager_pl.py +++ b/sfa/managers/aggregate_manager_pl.py @@ -23,6 +23,64 @@ from sfa.plc.network import * from sfa.plc.api import SfaAPI from sfa.plc.slices import * + +def __get_registry_objects(slice_xrn, creds, users): + """ + + """ + hrn, type = urn_to_hrn(slice_xrn) + + hrn_auth = get_authority(hrn) + + # Build up objects that an SFA registry would return if SFA + # could contact the slice's registry directly + reg_objects = None + + if users: + reg_objects = {} + + site = {} + site['site_id'] = 0 + site['name'] = 'geni.%s' % hrn_auth + site['enabled'] = True + site['max_slices'] = 100 + + # Note: + # Is it okay if this login base is the same as one already at this myplc site? + # Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps? + site['login_base'] = get_leaf(hrn_auth) + site['abbreviated_name'] = hrn + site['max_slivers'] = 1000 + reg_objects['site'] = site + + slice = {} + slice['expires'] = int(mktime(Credential(string=creds[0]).get_lifetime().timetuple())) + slice['hrn'] = hrn + slice['name'] = site['login_base'] + "_" + get_leaf(hrn) + slice['url'] = hrn + slice['description'] = hrn + slice['pointer'] = 0 + reg_objects['slice_record'] = slice + + reg_objects['users'] = {} + for user in users: + user['key_ids'] = [] + hrn, _ = urn_to_hrn(user['urn']) + user['email'] = hrn + "@geni.net" + user['first_name'] = hrn + user['last_name'] = hrn + reg_objects['users'][user['email']] = user + + return reg_objects + +def __get_hostnames(nodes): + hostnames = [] + for node in nodes: + hostnames.append(node.hostname) + return hostnames + + + def get_version(): version = {} version['geni_api'] = 1 @@ -35,12 +93,6 @@ def slice_status(api, slice_xrn, creds): result['geni_resources'] = {} return result -def __get_hostnames(nodes): - hostnames = [] - for node in nodes: - hostnames.append(node.hostname) - return hostnames - def create_slice(api, slice_xrn, creds, rspec, users): """ Create the sliver[s] (slice) at this aggregate. @@ -93,110 +145,16 @@ def create_slice(api, slice_xrn, creds, rspec, users): return True -def __get_registry_objects(slice_xrn, creds, users): - """ - - """ - hrn, type = urn_to_hrn(slice_xrn) - - hrn_auth = get_authority(hrn) - - # Build up objects that an SFA registry would return if SFA - # could contact the slice's registry directly - reg_objects = None - - if users: - reg_objects = {} - - site = {} - site['site_id'] = 0 - site['name'] = 'geni.%s' % hrn_auth - site['enabled'] = True - site['max_slices'] = 100 - - # Note: - # Is it okay if this login base is the same as one already at this myplc site? - # Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps? - site['login_base'] = get_leaf(hrn_auth) - site['abbreviated_name'] = hrn - site['max_slivers'] = 1000 - reg_objects['site'] = site - - slice = {} - slice['expires'] = int(mktime(Credential(string=creds[0]).get_lifetime().timetuple())) - slice['hrn'] = hrn - slice['name'] = site['login_base'] + "_" + get_leaf(hrn) - slice['url'] = hrn - slice['description'] = hrn - slice['pointer'] = 0 - reg_objects['slice_record'] = slice - - reg_objects['users'] = {} - for user in users: - user['key_ids'] = [] - hrn, _ = urn_to_hrn(user['urn']) - user['email'] = hrn + "@geni.net" - user['first_name'] = hrn - user['last_name'] = hrn - reg_objects['users'][user['email']] = user - - return reg_objects - -def get_ticket(api, xrn, rspec, origin_hrn=None, reg_objects=None): - - slice_hrn, type = urn_to_hrn(xrn) - slices = Slices(api) - peer = slices.get_peer(slice_hrn) - sfa_peer = slices.get_sfa_peer(slice_hrn) - - # get the slice record - registry = api.registries[api.hrn] - credential = api.getCredential() - records = registry.resolve(credential, xrn) - - # similar to create_slice, we must verify that the required records exist - # at this aggregate before we can issue a ticket - site_id, remote_site_id = slices.verify_site(registry, credential, slice_hrn, - peer, sfa_peer, reg_objects) - slice = slices.verify_slice(registry, credential, slice_hrn, site_id, - remote_site_id, peer, sfa_peer, reg_objects) - - # make sure we get a local slice record - record = None - for tmp_record in records: - if tmp_record['type'] == 'slice' and \ - not tmp_record['peer_authority']: - record = SliceRecord(dict=tmp_record) - if not record: - raise RecordNotFound(slice_hrn) - - # get sliver info - slivers = Slices(api).get_slivers(slice_hrn) - if not slivers: - raise SliverDoesNotExist(slice_hrn) - - # get initscripts - initscripts = [] - data = { - 'timestamp': int(time.time()), - 'initscripts': initscripts, - 'slivers': slivers - } - - # create the ticket - object_gid = record.get_gid_object() - new_ticket = SfaTicket(subject = object_gid.get_subject()) - new_ticket.set_gid_caller(api.auth.client_gid) - new_ticket.set_gid_object(object_gid) - new_ticket.set_issuer(key=api.key, subject=api.hrn) - new_ticket.set_pubkey(object_gid.get_pubkey()) - new_ticket.set_attributes(data) - new_ticket.set_rspec(rspec) - #new_ticket.set_parent(api.auth.hierarchy.get_auth_ticket(auth_hrn)) - new_ticket.encode() - new_ticket.sign() - - return new_ticket.save_to_string(save_parents=True) +def renew_slice(api, xrn, creds, exipration_time): + hrn, type = urn_to_hrn(xrn) + slicename = hrn_to_pl_slicename(hrn) + slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id']) + if not slices: + raise RecordNotFound(hrn) + slice = slices[0] + slice['expires'] = expiration_time + api.plshell.UpdateSlice(api.plauth, slice['slice_id'], slice) + return 1 def start_slice(api, xrn): hrn, type = urn_to_hrn(xrn) @@ -292,6 +250,64 @@ def get_rspec(api, creds, options): return rspec +def get_ticket(api, xrn, rspec, origin_hrn=None, reg_objects=None): + + slice_hrn, type = urn_to_hrn(xrn) + slices = Slices(api) + peer = slices.get_peer(slice_hrn) + sfa_peer = slices.get_sfa_peer(slice_hrn) + + # get the slice record + registry = api.registries[api.hrn] + credential = api.getCredential() + records = registry.resolve(credential, xrn) + + # similar to create_slice, we must verify that the required records exist + # at this aggregate before we can issue a ticket + site_id, remote_site_id = slices.verify_site(registry, credential, slice_hrn, + peer, sfa_peer, reg_objects) + slice = slices.verify_slice(registry, credential, slice_hrn, site_id, + remote_site_id, peer, sfa_peer, reg_objects) + + # make sure we get a local slice record + record = None + for tmp_record in records: + if tmp_record['type'] == 'slice' and \ + not tmp_record['peer_authority']: + record = SliceRecord(dict=tmp_record) + if not record: + raise RecordNotFound(slice_hrn) + + # get sliver info + slivers = Slices(api).get_slivers(slice_hrn) + if not slivers: + raise SliverDoesNotExist(slice_hrn) + + # get initscripts + initscripts = [] + data = { + 'timestamp': int(time.time()), + 'initscripts': initscripts, + 'slivers': slivers + } + + # create the ticket + object_gid = record.get_gid_object() + new_ticket = SfaTicket(subject = object_gid.get_subject()) + new_ticket.set_gid_caller(api.auth.client_gid) + new_ticket.set_gid_object(object_gid) + new_ticket.set_issuer(key=api.key, subject=api.hrn) + new_ticket.set_pubkey(object_gid.get_pubkey()) + new_ticket.set_attributes(data) + new_ticket.set_rspec(rspec) + #new_ticket.set_parent(api.auth.hierarchy.get_auth_ticket(auth_hrn)) + new_ticket.encode() + new_ticket.sign() + + return new_ticket.save_to_string(save_parents=True) + + + def main(): api = SfaAPI() """ diff --git a/sfa/managers/slice_manager_pl.py b/sfa/managers/slice_manager_pl.py index 08d3e189..cc0f6b5d 100644 --- a/sfa/managers/slice_manager_pl.py +++ b/sfa/managers/slice_manager_pl.py @@ -72,6 +72,18 @@ def create_slice(api, xrn, creds, rspec, users): threads.get_results() return 1 +def renew_slice(api, xrn, creds, expiration_time): + # XX + # XX TODO: Should try to use delegated credential first + # XX + credential = api.getCredential() + threads = ThreadManager() + for aggregate in api.aggregates: + server = api.aggregates[aggregate] + threads.run(server.RenewSliver, xrn, credential, expiration_time) + threads.get_results() + return 1 + def get_ticket(api, xrn, rspec, origin_hrn=None): slice_hrn, type = urn_to_hrn(xrn) # get the netspecs contained within the clients rspec diff --git a/sfa/methods/RenewSliver.py b/sfa/methods/RenewSliver.py index bce8a495..7233d0f7 100644 --- a/sfa/methods/RenewSliver.py +++ b/sfa/methods/RenewSliver.py @@ -13,7 +13,7 @@ class RenewSliver(Method): @param expiration_time (string) requested time of expiration """ - interfaces = ['geni_am'] + interfaces = ['aggregate', 'slicemgr', 'geni_am'] accepts = [ Parameter(str, "Slice URN"), Parameter(type([str]), "List of credentials"), @@ -27,20 +27,15 @@ class RenewSliver(Method): self.api.logger.info("interface: %s\ttarget-hrn: %s\tcaller-creds: %s\tmethod-name: %s"%(self.api.interface, hrn, creds, self.name)) # Find the valid credentials - ValidCreds = self.api.auth.checkCredentials(creds, 'renewsliver', hrn) + valid_creds = self.api.auth.checkCredentials(creds, 'renewsliver', hrn) # Validate that the time does not go beyond the credential's expiration time requested_time = parse(expiration_time) - if requested_time > Credential(string=ValidCreds[0]).get_lifetime(): + if requested_time > Credential(string=valid_creds[0]).get_lifetime(): raise InsufficientRights('SliverStatus: Credential expires before requested expiration time') - - manager_base = 'sfa.managers' - - if self.api.interface in ['geni_am']: - mgr_type = self.api.config.SFA_GENI_AGGREGATE_TYPE - manager_module = manager_base + ".geni_am_%s" % mgr_type - manager = __import__(manager_module, fromlist=[manager_base]) - return manager.RenewSliver(self.api, slice_xrn, ValidCreds, expiration_time) - - return '' + + manager = self.api.get_interface_manager() + manager.renew_slice(self.api, xrn, valid_creds, requested_time) + + return 1 -- 2.43.0