From acae426433020998d0d45ed25584ebed0591d036 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Thu, 31 Dec 2009 20:39:32 +0000 Subject: [PATCH] remove request_hash argument --- sfa/client/sfi.py | 124 ++++++--------------------- sfa/managers/aggregate_manager_pl.py | 2 +- sfa/managers/slice_manager_pl.py | 102 +++++----------------- sfa/methods/create_gid.py | 9 +- sfa/methods/create_slice.py | 19 ++-- sfa/methods/delete_slice.py | 22 ++--- sfa/methods/get_aggregates.py | 8 +- sfa/methods/get_credential.py | 7 +- sfa/methods/get_gid.py | 10 +-- sfa/methods/get_gids.py | 8 +- sfa/methods/get_registries.py | 8 +- sfa/methods/get_resources.py | 21 ++--- sfa/methods/get_slices.py | 12 +-- sfa/methods/get_ticket.py | 14 +-- sfa/methods/get_trusted_certs.py | 10 +-- sfa/methods/list.py | 24 ++---- sfa/methods/reboot.py | 6 +- sfa/methods/redeem_ticket.py | 29 ++----- sfa/methods/register.py | 17 ++-- sfa/methods/register_peer_object.py | 18 ++-- sfa/methods/remove.py | 25 ++---- sfa/methods/remove_peer_object.py | 11 ++- sfa/methods/reset_slice.py | 12 +-- sfa/methods/resolve.py | 25 ++---- sfa/methods/start_slice.py | 17 ++-- sfa/methods/stop_slice.py | 17 ++-- sfa/methods/update.py | 22 +++-- sfa/plc/api.py | 8 +- sfa/plc/nodes.py | 13 +-- sfa/plc/slices.py | 52 +++-------- sfa/server/sfa-clean-peer-records.py | 9 +- 31 files changed, 195 insertions(+), 486 deletions(-) diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index 6372438b..a600033a 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -359,10 +359,7 @@ class Sfi: return gid else: cert_str = self.cert.save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([cert_str, self.user, "user"]) - gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash) + gid_str = self.registry.get_gid(cert_str, self.user, "user") gid = GID(string=gid_str) if self.options.verbose: print "Writing user gid to", file @@ -378,13 +375,12 @@ class Sfi: else: # bootstrap user credential cert_string = self.cert.save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([cert_string, "user", self.user]) - user_name=self.user.replace(self.authority+".", '') - if user_name.count(".") > 0: - user_name = user_name.replace(".", '_') - self.user=self.authority + "." + user_name + request_hash = self.key.compute_hash([cert_string, "user", self.user]) + user_name=self.user.replace(self.authority+".", '') + if user_name.count(".") > 0: + user_name = user_name.replace(".", '_') + self.user=self.authority + "." + user_name + user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash) if user_cred: cred = Credential(string=user_cred) @@ -408,10 +404,7 @@ class Sfi: else: # bootstrap authority credential from user credential user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash = None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, "authority", self.authority]) - auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash) + auth_cred = self.registry.get_credential(user_cred, "authority", self.authority) if auth_cred: cred = Credential(string=auth_cred) cred.save_to_file(file, save_parents=True) @@ -431,10 +424,7 @@ class Sfi: # bootstrap slice credential from user credential user_cred = self.get_user_cred().save_to_string(save_parents=True) arg_list = [user_cred, "slice", name] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash(arg_list) - slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash) + slice_cred_str = self.registry.get_credential(user_cred, "slice", name) if slice_cred_str: slice_cred = Credential(string=slice_cred_str) slice_cred.save_to_file(file, save_parents=True) @@ -523,8 +513,7 @@ class Sfi: def get_component_server_from_hrn(self, hrn): # direct connection to the nodes component manager interface user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash = self.key.compute_hash([user_cred, hrn]) - records = self.registry.resolve(user_cred, hrn, request_hash) + records = self.registry.resolve(user_cred, hrn) records = filter_records('node', records) if not records: print "No such component:", opts.component @@ -551,11 +540,8 @@ class Sfi: def list(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = args[0] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, hrn]) try: - list = self.registry.list(user_cred, hrn, request_hash) + list = self.registry.list(user_cred, hrn) except IndexError: raise Exception, "Not enough parameters for the 'list' command" @@ -575,10 +561,7 @@ class Sfi: def show(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = args[0] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, hrn]) - records = self.registry.resolve(user_cred, hrn, request_hash) + records = self.registry.resolve(user_cred, hrn) records = filter_records(opts.type, records) if not records: print "No record of type", opts.type @@ -668,11 +651,7 @@ class Sfi: type = opts.type if type in ['all']: type = '*' - request_hash=None - if self.hashrequest: - arg_list = [auth_cred, type, hrn] - request_hash = self.key.compute_hash(arg_list) - return self.registry.remove(auth_cred, type, hrn, request_hash) + return self.registry.remove(auth_cred, type, hrn) # add named registry record def add(self,opts, args): @@ -680,11 +659,7 @@ class Sfi: record_filepath = args[0] rec_file = self.get_record_file(record_filepath) record = load_record_from_file(rec_file).as_dict() - request_hash=None - if self.hashrequest: - arg_list = [auth_cred] - request_hash = self.key.compute_hash(arg_list) - return self.registry.register(auth_cred, record, request_hash) + return self.registry.register(auth_cred, record) # update named registry entry def update(self,opts, args): @@ -713,11 +688,7 @@ class Sfi: else: raise "unknown record type" + record.get_type() record = record.as_dict() - request_hash=None - if self.hashrequest: - arg_list = [cred] - request_hash = self.key.compute_hash(arg_list) - return self.registry.update(cred, record, request_hash) + return self.registry.update(cred, record) def get_trusted_certs(self, opts, args): """ @@ -737,11 +708,7 @@ class Sfi: hrn = None if args: hrn = args[0] - request_hash=None - if self.hashrequest: - arg_list = [user_cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = self.registry.get_aggregates(user_cred, hrn, request_hash) + result = self.registry.get_aggregates(user_cred, hrn) display_list(result) return @@ -753,11 +720,7 @@ class Sfi: hrn = None if args: hrn = args[0] - request_hash=None - if self.hashrequest: - arg_list = [user_cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = self.registry.get_registries(user_cred, hrn, request_hash) + result = self.registry.get_registries(user_cred, hrn) display_list(result) return @@ -771,16 +734,11 @@ class Sfi: # list instantiated slices def slices(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [user_cred] - request_hash = self.key.compute_hash(arg_list) - server = self.slicemgr # direct connection to the nodes component manager interface if opts.component: server = self.get_component_server_from_hrn(opts.component) - results = server.get_slices(user_cred, request_hash) + results = server.get_slices(user_cred) display_list(results) return @@ -790,9 +748,7 @@ class Sfi: server = self.slicemgr if opts.aggregate: agg_hrn = opts.aggregate - arg_list = [user_cred, agg_hrn] - request_hash = self.key.compute_hash(arg_list) - aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash) + aggregates = self.registry.get_aggregates(user_cred, agg_hrn) if not aggregates: raise Exception, "No such aggregate %s" % agg_hrn aggregate = aggregates[0] @@ -805,11 +761,7 @@ class Sfi: cred = user_cred hrn = None - request_hash=None - if self.hashrequest: - arg_list = [cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = server.get_resources(cred, hrn, request_hash) + result = server.get_resources(cred, hrn) format = opts.format display_rspec(result, format) @@ -835,11 +787,7 @@ class Sfi: aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn, rspec] - request_hash = self.key.compute_hash(arg_list) - return server.create_slice(slice_cred, slice_hrn, rspec, request_hash) + return server.create_slice(slice_cred, slice_hrn, rspec) # get a ticket for the specified slice def get_ticket(self, opts, args): @@ -856,11 +804,7 @@ class Sfi: aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn, rspec] - request_hash = self.key.compute_hash(arg_list) - ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec, request_hash) + ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec) file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket") print "writing ticket to ", file ticket = SfaTicket(string=ticket_string) @@ -911,11 +855,7 @@ class Sfi: server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.delete_slice(slice_cred, slice_hrn, request_hash) + return server.delete_slice(slice_cred, slice_hrn) # start named slice def start(self,opts, args): @@ -926,11 +866,7 @@ class Sfi: server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.start_slice(slice_cred, slice_hrn, request_hash) + return server.start_slice(slice_cred, slice_hrn) # stop named slice def stop(self,opts, args): @@ -941,11 +877,7 @@ class Sfi: server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.stop_slice(slice_cred, slice_hrn, request_hash) + return server.stop_slice(slice_cred, slice_hrn) # reset named slice def reset(self,opts, args): @@ -955,11 +887,7 @@ class Sfi: if opts.component: server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.reset_slice(slice_cred, slice_hrn, request_hash) + return server.reset_slice(slice_cred, slice_hrn) # # Main: parse arguments and dispatch to command diff --git a/sfa/managers/aggregate_manager_pl.py b/sfa/managers/aggregate_manager_pl.py index c608342f..e6c6a300 100644 --- a/sfa/managers/aggregate_manager_pl.py +++ b/sfa/managers/aggregate_manager_pl.py @@ -43,7 +43,7 @@ def create_slice(api, hrn, rspec): slices = Slices(api) slices.create_slice_aggregate(hrn, rspec) -def get_ticket(api, slice_hrn, rspec, gid_origin_caller=None): +def get_ticket(api, slice_hrn, rspec, origin_hrn=None): # the the slice record registries = Registries(api) registry = registries[api.hrn] diff --git a/sfa/managers/slice_manager_pl.py b/sfa/managers/slice_manager_pl.py index 0a2f48e0..72f39e59 100644 --- a/sfa/managers/slice_manager_pl.py +++ b/sfa/managers/slice_manager_pl.py @@ -21,34 +21,21 @@ from sfa.server.registry import Registries from sfa.server.aggregate import Aggregates import sfa.plc.peers as peers -def delete_slice(api, hrn, gid_origin_caller=None): +def delete_slice(api, hrn, origin_hrn=None): credential = api.getCredential() - credential.set_gid_origin_caller(gid_origin_caller) aggregates = Aggregates(api) for aggregate in aggregates: success = False # request hash is optional so lets try the call without it try: - request_hash=None - aggregates[aggregate].delete_slice(credential, hrn, request_hash, origin_hrn) + aggregates[aggregate].delete_slice(credential, hrn, origin_hrn) success = True except: print >> log, "%s" % (traceback.format_exc()) print >> log, "Error calling delete slice at aggregate %s" % aggregate - - # try sending the request hash if the previous call failed - if not success: - try: - arg_list = [credential, hrn] - request_hash = api.key.compute_hash(arg_list) - aggregates[aggregate].delete_slice(credential, hrn, request_hash) - success = True - except: - print >> log, "%s" % (traceback.format_exc()) - print >> log, "Error calling list nodes at aggregate %s" % aggregate return 1 -def create_slice(api, hrn, rspec, gid_origin_caller=None): +def create_slice(api, hrn, rspec, origin_hrn=None): spec = RSpec() tempspec = RSpec() spec.parseString(rspec) @@ -63,7 +50,6 @@ def create_slice(api, hrn, rspec, gid_origin_caller=None): rspecs = {} aggregates = Aggregates(api) credential = api.getCredential() - credential.set_gid_origin_caller(gid_origin_caller) # split the netspecs into individual rspecs netspecs = spec.getDictsByTagName('NetSpec') for netspec in netspecs: @@ -84,44 +70,18 @@ def create_slice(api, hrn, rspec, gid_origin_caller=None): if net_hrn in aggregates: # send the whloe rspec to the local aggregate if net_hrn in [api.hrn]: - try: - request_hash = None - aggregates[net_hrn].create_slice(credential, hrn, \ - rspec, request_hash) - except: - arg_list = [credential,hrn,rspec] - request_hash = api.key.compute_hash(arg_list) - aggregates[net_hrn].create_slice(credential, hrn, \ - rspec, request_hash) + aggregates[net_hrn].create_slice(credential, hrn, rspec, \ + origin_hrn) else: - try: - request_hash = None - aggregates[net_hrn].create_slice(credential, hrn, \ - rspecs[net_hrn], request_hash) - except: - arg_list = [credential,hrn,rspecs[net_hrn]] - request_hash = api.key.compute_hash(arg_list) - aggregates[net_hrn].create_slice(credential, hrn, \ - rspecs[net_hrn], request_hash) + aggregates[net_hrn].create_slice(credential, hrn, \ + rspecs[net_hrn], origin_hrn) else: # lets forward this rspec to a sm that knows about the network - arg_list = [credential, net_hrn] - request_hash = api.key.compute_hash(arg_list) for aggregate in aggregates: - try: - network_found = aggregates[aggregate].get_aggregates(credential, net_hrn) - except: - network_found = aggregates[aggregate].get_aggregates(credential, net_hrn, request_hash) + network_found = aggregates[aggregate].get_aggregates(credential, net_hrn) if network_found: - try: - request_hash = None - aggregates[aggregate].create_slice(credential, hrn, \ - rspecs[net_hrn], request_hash, origin_hrn) - except: - arg_list = [credential, hrn, rspecs[net_hrn]] - request_hash = api.key.compute_hash(arg_list) - aggregates[aggregate].create_slice(credential, hrn, \ - rspecs[net_hrn], request_hash, origin_hrn) + aggregates[aggregate].create_slice(credential, hrn, \ + rspecs[net_hrn], origin_hrn) except: print >> log, "Error creating slice %(hrn)s at aggregate %(net_hrn)s" % \ @@ -129,7 +89,7 @@ def create_slice(api, hrn, rspec, gid_origin_caller=None): traceback.print_exc() return 1 -def get_ticket(api, slice_hrn, rspec, gid_origin_caller=None): +def get_ticket(api, slice_hrn, rspec, origin_hrn=None): # get the netspecs contained within the clients rspec client_rspec = RSpec(xml=rspec) @@ -149,7 +109,6 @@ def get_ticket(api, slice_hrn, rspec, gid_origin_caller=None): # send the rspec to the appropiate aggregate/sm aggregates = Aggregates(api) credential = api.getCredential() - credential.set_gid_origin_caller(gid_origin_caller) tickets = {} for net_hrn in rspecs: try: @@ -157,38 +116,17 @@ def get_ticket(api, slice_hrn, rspec, gid_origin_caller=None): # send them the request. if not, then we may be connected to an sm # thats connected to the aggregate if net_hrn in aggregates: - try: - ticket = aggregates[net_hrn].get_ticket(credential, slice_hrn, \ - rspecs[net_hrn], None) - tickets[net_hrn] = ticket - except: - arg_list = [credential,hrn,rspecs[net_hrn]] - request_hash = api.key.compute_hash(arg_list) - ticket = aggregates[net_hrn].get_ticket(credential, slice_hrn, \ - rspecs[net_hrn], request_hash) - tickets[net_hrn] = ticket + ticket = aggregates[net_hrn].get_ticket(credential, slice_hrn, \ + rspecs[net_hrn], origin_hrn) + tickets[net_hrn] = ticket else: # lets forward this rspec to a sm that knows about the network - arg_list = [credential, net_hrn] - request_hash = api.key.compute_hash(arg_list) for agg in aggregates: - try: - network_found = aggregates[agg].get_aggregates(credential, \ - net_hrn) - except: - network_found = aggregates[agg].get_aggregates(credential, \ - net_hrn, request_hash) + network_found = aggregates[agg].get_aggregates(credential, net_hrn) if network_found: - try: - ticket = aggregates[aggregate].get_ticket(credential, \ - slice_hrn, rspecs[net_hrn], None) - tickets[aggregate] = ticket - except: - arg_list = [credential, hrn, rspecs[net_hrn]] - request_hash = api.key.compute_hash(arg_list) - aggregates[aggregate].get_ticket(credential, slice_hrn, \ - rspecs[net_hrn], request_hash) - tickets[aggregate] = ticket + ticket = aggregates[aggregate].get_ticket(credential, \ + slice_hrn, rspecs[net_hrn], origin_hrn) + tickets[aggregate] = ticket except: print >> log, "Error getting ticket for %(slice_hrn)s at aggregate %(net_hrn)s" % \ locals() @@ -257,9 +195,9 @@ def get_slices(api): slices.refresh() return slices['hrn'] -def get_rspec(api, hrn=None, origin_gid_caller=None): +def get_rspec(api, hrn=None, origin_hrn=None): from sfa.plc.nodes import Nodes - nodes = Nodes(api, origin_gid_caller=origin_gid_caller) + nodes = Nodes(api, origin_hrn=origin_hrn) if hrn: rspec = nodes.get_rspec(hrn) else: diff --git a/sfa/methods/create_gid.py b/sfa/methods/create_gid.py index 66404109..f5eaeda2 100644 --- a/sfa/methods/create_gid.py +++ b/sfa/methods/create_gid.py @@ -31,16 +31,13 @@ class create_gid(Method): Parameter(str, "Human readable name (hrn)"), Mixed(Parameter(str, "Unique identifier for new GID (uuid)"), Parameter(None, "Unique identifier (uuid) not specified")), - Parameter(str, "public-key string"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(str, "public-key string") ] returns = Parameter(str, "String represeneation of a GID object") - def call(self, cred, hrn, uuid, pubkey_str, request_hash=None): - # request hash is optional - self.api.auth.authenticateCred(cred, [cred, hrn, uuid, pubkey_str], request_hash) + def call(self, cred, hrn, uuid, pubkey_str): + # validate the credential self.api.auth.check(cred, "getcredential") self.api.auth.verify_object_belongs_to_me(hrn) self.api.auth.verify_object_permission(hrn) diff --git a/sfa/methods/create_slice.py b/sfa/methods/create_slice.py index ca37b06c..6f171770 100644 --- a/sfa/methods/create_slice.py +++ b/sfa/methods/create_slice.py @@ -30,26 +30,21 @@ class create_slice(Method): Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), Parameter(str, "Resource specification"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, requested_rspec, request_hash=None): + def call(self, cred, hrn, requested_rspec, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = user_cred.get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn, requested_rspec], request_hash) + # validate the credential self.api.auth.check(cred, 'createslice') sfa_aggregate_type = Config().get_aggregate_rspec_type() @@ -86,6 +81,6 @@ class create_slice(Method): mgr_type = self.api.config.SFA_SM_TYPE manager_module = manager_base + ".slice_manager_%s" % mgr_type manager = __import__(manager_module, fromlist=[manager_base]) - manager.create_slice(self.api, hrn, rspec, gid_origin_caller) + manager.create_slice(self.api, hrn, rspec, origin_hrn) return 1 diff --git a/sfa/methods/delete_slice.py b/sfa/methods/delete_slice.py index 1ec06376..11b9124e 100644 --- a/sfa/methods/delete_slice.py +++ b/sfa/methods/delete_slice.py @@ -22,29 +22,23 @@ class delete_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to delete"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, request_hash=None): + def call(self, cred, hrn, origin_hrn=None): user_cred = Credential(string=cred) - + #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = user_cred.get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) + # validate the credential self.api.auth.check(cred, 'deleteslice') - # send the call to the right manager manager_base = 'sfa.managers' if self.api.interface in ['component']: @@ -61,6 +55,6 @@ class delete_slice(Method): mgr_type = self.api.config.SFA_SM_TYPE manager_module = manager_base + ".slice_manager_%s" % mgr_type manager = __import__(manager_module, fromlist=[manager_base]) - manager.delete_slice(self.api, hrn, gid_origin_caller) + manager.delete_slice(self.api, hrn, origin_hrn) return 1 diff --git a/sfa/methods/get_aggregates.py b/sfa/methods/get_aggregates.py index 703bd5c2..0625431e 100644 --- a/sfa/methods/get_aggregates.py +++ b/sfa/methods/get_aggregates.py @@ -21,17 +21,13 @@ class get_aggregates(Method): accepts = [ Parameter(str, "Credential string"), - Mixed(Parameter(str, "Human readable name (hrn)"), - Parameter(None, "hrn not specified")), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(None, "hrn not specified")) ] returns = [Parameter(dict, "Aggregate interface information")] - def call(self, cred, hrn = None, request_hash=None): - self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) + def call(self, cred, hrn = None): self.api.auth.check(cred, 'list') aggregates = Aggregates(self.api) hrn_list = [] diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py index 5d3003a0..cc11cab0 100644 --- a/sfa/methods/get_credential.py +++ b/sfa/methods/get_credential.py @@ -29,16 +29,13 @@ class get_credential(Method): accepts = [ Mixed(Parameter(str, "credential"), Parameter(None, "No credential")), - Parameter(str, "Human readable name (hrn)"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(str, "Human readable name (hrn)") ] returns = Parameter(str, "String representation of a credential object") - def call(self, cred, type, hrn, request_hash=None): + def call(self, cred, type, hrn): - self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash) self.api.auth.check(cred, 'getcredential') self.api.auth.verify_object_belongs_to_me(hrn) auth_hrn = self.api.auth.get_authority(hrn) diff --git a/sfa/methods/get_gid.py b/sfa/methods/get_gid.py index 5a25b028..06faf603 100644 --- a/sfa/methods/get_gid.py +++ b/sfa/methods/get_gid.py @@ -27,13 +27,12 @@ class get_gid(Method): accepts = [ Parameter(str, "Certificate string"), Parameter(str, "Human readable name (hrn)"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(str, "Object type") ] - returns = [Parameter(dict, "Aggregate interface information")] + returns = Parameter(str, "GID string") - def call(self, cert, hrn, type, request_hash=None): + def call(self, cert, hrn, type): self.api.auth.verify_object_belongs_to_me(hrn) certificate = Certificate(string=cert) @@ -48,7 +47,4 @@ class get_gid(Method): if not certificate.is_pubkey(gid.get_pubkey()): raise ConnectionKeyGIDMismatch(gid.get_subject()) - # authenticate the gid - self.api.auth.authenticateGid(gidStr, [cert, hrn, type], request_hash) - return gidStr diff --git a/sfa/methods/get_gids.py b/sfa/methods/get_gids.py index 119b7834..b4912f8a 100644 --- a/sfa/methods/get_gids.py +++ b/sfa/methods/get_gids.py @@ -29,15 +29,13 @@ class get_gids(Method): accepts = [ Parameter(str, "Certificate string"), Mixed(Parameter(str, "Human readable name (hrn)"), - Parameter(type([str]), "List of Human readable names (hrn)")), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(type([str]), "List of Human readable names (hrn)")) ] returns = [Parameter(dict, "Dictionary of gids keyed on hrn")] - def call(self, cred, hrns, request_hash=None): - self.api.auth.authenticateCred(cred, [cred, hrns], request_hash) + def call(self, cred, hrns): + # validate the credential self.api.auth.check(cred, 'getgids') table = GeniTable() if not isinstance(hrns, list): diff --git a/sfa/methods/get_registries.py b/sfa/methods/get_registries.py index a6f864b6..13055d3a 100644 --- a/sfa/methods/get_registries.py +++ b/sfa/methods/get_registries.py @@ -21,17 +21,13 @@ class get_registries(Method): accepts = [ Parameter(str, "Credential string"), - Mixed(Parameter(str, "Human readable name (hrn)"), - Parameter(None, "hrn not specified")), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(None, "hrn not specified")) ] returns = [Parameter(dict, "Registry interface information")] - def call(self, cred, hrn = None, request_hash=None): - self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) + def call(self, cred, hrn = None): self.api.auth.check(cred, 'list') registries = Registries(self.api) hrn_list = [] diff --git a/sfa/methods/get_resources.py b/sfa/methods/get_resources.py index f5870a19..42745179 100644 --- a/sfa/methods/get_resources.py +++ b/sfa/methods/get_resources.py @@ -28,26 +28,21 @@ class get_resources(Method): Parameter(str, "Credential string"), Mixed(Parameter(str, "Human readable name (hrn)"), Parameter(None, "hrn not specified")), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(str, "String representatin of an rspec") - def call(self, cred, hrn=None, request_hash = None): + def call(self, cred, hrn=None, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - # This cred will be an authority cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = user_cred.get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred,hrn], request_hash) + # validate the cred self.api.auth.check(cred, 'listnodes') # send the call to the right manager @@ -56,13 +51,13 @@ class get_resources(Method): mgr_type = self.api.config.SFA_AGGREGATE_TYPE manager_module = manager_base + ".aggregate_manager_%s" % mgr_type manager = __import__(manager_module, fromlist=[manager_base]) - rspec = manager.get_rspec(self.api, hrn, gid_origin_caller) + rspec = manager.get_rspec(self.api, hrn, origin_hrn) outgoing_rules = SFATablesRules('OUTGOING') elif self.api.interface in ['slicemgr']: mgr_type = self.api.config.SFA_SM_TYPE manager_module = manager_base + ".slice_manager_%s" % mgr_type manager = __import__(manager_module, fromlist=[manager_base]) - rspec = manager.get_rspec(self.api, hrn, gid_origin_caller) + rspec = manager.get_rspec(self.api, hrn, origin_hrn) outgoing_rules = SFATablesRules('FORWARD-OUTGOING') filtered_rspec = rspec diff --git a/sfa/methods/get_slices.py b/sfa/methods/get_slices.py index 2c50e2b7..5c0f40e7 100644 --- a/sfa/methods/get_slices.py +++ b/sfa/methods/get_slices.py @@ -21,20 +21,20 @@ class get_slices(Method): accepts = [ Parameter(str, "Credential string"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = [Parameter(str, "Human readable slice name (hrn)")] - def call(self, cred, request_hash=None): + def call(self, cred, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn(), None, self.name)) - self.api.auth.authenticateCred(cred, [cred], request_hash) + # validate the cred self.api.auth.check(cred, 'listslices') slices = [] diff --git a/sfa/methods/get_ticket.py b/sfa/methods/get_ticket.py index 62e0d30d..8211a1e3 100644 --- a/sfa/methods/get_ticket.py +++ b/sfa/methods/get_ticket.py @@ -36,21 +36,21 @@ class get_ticket(Method): Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"), Parameter(str, "Resource specification (rspec)"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(str, "String represeneation of a ticket object") - def call(self, cred, hrn, rspec, request_hash=None): + def call(self, cred, hrn, rspec, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash) + # validate the cred self.api.auth.check(cred, "getticket") # set the right outgoing rules @@ -81,7 +81,7 @@ class get_ticket(Method): rspec_object = RSpec(xml=rspec) rspec_object.filter(tagname='NodeSpec', attribute='name', whitelist=valid_hostnames) rspec = rspec_object.toxml() - ticket = manager.get_ticket(self.api, hrn, rspec, gid_origin_caller) + ticket = manager.get_ticket(self.api, hrn, rspec, origin_hrn) return ticket diff --git a/sfa/methods/get_trusted_certs.py b/sfa/methods/get_trusted_certs.py index 2a80560e..9aaca122 100644 --- a/sfa/methods/get_trusted_certs.py +++ b/sfa/methods/get_trusted_certs.py @@ -11,25 +11,19 @@ from sfa.trust.credential import Credential class get_trusted_certs(Method): """ @param cred credential string specifying the rights of the caller - @param request_hash hash of the request @return 1 is successful, faults otherwise """ interfaces = ['registry'] accepts = [ - Parameter(str, "Credential string"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(str, "Credential string") ] returns = Parameter(int, "1 if successful") - def call(self, cred, request_hash=None): + def call(self, cred): # authenticate the cred - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred], request_hash) self.api.auth.check(cred, 'gettrustedcerts') trusted_cert_strings = [gid.save_to_string(save_parents=True) for \ diff --git a/sfa/methods/list.py b/sfa/methods/list.py index dad65357..89354294 100644 --- a/sfa/methods/list.py +++ b/sfa/methods/list.py @@ -24,18 +24,19 @@ class list(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name (hrn)"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = [GeniRecord] - def call(self, cred, hrn, request_hash=None): + def call(self, cred, hrn, origin_hrn=None): #log the call - origin_hrn=Credential(string=cred).get_gid_origin_caller().get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - - self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) + + # validate the cred self.api.auth.check(cred, 'list') # load all know registry names into a prefix tree and attempt to find @@ -55,15 +56,8 @@ class list(Method): # forward the request if registry_hrn != self.api.hrn: credential = self.api.getCredential() - try: - request_hash=None - record_list = registries[registry_hrn].list(credential, hrn, request_hash) - records = [GeniRecord(dict=record).as_dict() for record in record_list] - except: - arg_list = [credential, hrn] - request_hash = self.api.key.compute_hash(arg_list) - record_list = registries[registry_hrn].list(credential, hrn, request_hash) - records = [GeniRecord(dict=record).as_dict() for record in record_list] + record_list = registries[registry_hrn].list(credential, hrn, origin_hrn) + records = [GeniRecord(dict=record).as_dict() for record in record_list] if records: return records diff --git a/sfa/methods/reboot.py b/sfa/methods/reboot.py index bed4d0b9..3136be3b 100644 --- a/sfa/methods/reboot.py +++ b/sfa/methods/reboot.py @@ -22,10 +22,8 @@ class reboot(Method): returns = None - def call(self, cred, request_hash=None): - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred], request_hash) + def call(self, cred): + # validate the cred self.api.auth.check(cred, 'reboot') # send the call to the right manager manager_base = 'sfa.managers' diff --git a/sfa/methods/redeem_ticket.py b/sfa/methods/redeem_ticket.py index 3aec71d7..4ea1dba5 100644 --- a/sfa/methods/redeem_ticket.py +++ b/sfa/methods/redeem_ticket.py @@ -19,32 +19,19 @@ class redeem_ticket(Method): accepts = [ Parameter(str, "Credential string representation of SFA credential"), - Parameter(str, "Ticket string representation of SFA ticket"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(str, "Ticket string representation of SFA ticket") ] returns = [Parameter(int, "1 if successful")] - def call(self, cred, ticket, request_hash=None): - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) + def call(self, cred, ticket): self.api.auth.check(cred, 'redeemticket') self.api.auth.check_ticket(ticket) - ticket = SfaTicket(string=ticket) - ticket.decode() - hrn = ticket.attributes['slivers'][0]['hrn'] - slicename = hrn_to_pl_slicename(hrn) - if not self.api.sliver_exists(slicename): - raise SliverDoesNotExist(slicename) - - # convert ticket to format nm is used to - nm_ticket = xmlrpclib.dumps((ticket.attributes,), methodresponse=True) - self.api.nodemanager.AdminTicket(nm_ticket) - + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_CM_TYPE + manager_module = manager_base + ".component_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + manager.redeem_ticket(self.api, ticket) return 1 diff --git a/sfa/methods/register.py b/sfa/methods/register.py index 4ca7973c..8339afe3 100644 --- a/sfa/methods/register.py +++ b/sfa/methods/register.py @@ -31,27 +31,20 @@ class register(Method): accepts = [ Parameter(str, "Credential string"), - Parameter(dict, "Record dictionary containing record fields"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(dict, "Record dictionary containing record fields") ] returns = Parameter(int, "String representation of gid object") - def call(self, cred, record_dict, request_hash=None): + def call(self, cred, record_dict, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - # This cred will be an authority cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred], request_hash) + # validate the cred self.api.auth.check(cred, "register") record = GeniRecord(dict = record_dict) diff --git a/sfa/methods/register_peer_object.py b/sfa/methods/register_peer_object.py index be1349a3..df1fa943 100644 --- a/sfa/methods/register_peer_object.py +++ b/sfa/methods/register_peer_object.py @@ -23,7 +23,6 @@ class register_peer_object(Method): @param cred credential string @param record_dict dictionary containing record fields - @return gid string representation """ @@ -32,23 +31,22 @@ class register_peer_object(Method): accepts = [ Parameter(str, "Credential string"), Parameter(dict, "Record dictionary containing record fields"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, record_dict, request_hash=None): + def call(self, cred, record_dict, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name)) - self.api.auth.authenticateCred(cred, [cred], request_hash) + # validate the cred self.api.auth.check(cred, "register") - # make sure this is a peer record if 'peer_authority' not in record_dict or \ @@ -69,7 +67,7 @@ class register_peer_object(Method): if existing_record['pointer'] != record['pointer']: record['record_id'] = existing_record['record_id'] table.update(record) - return 1 - record_id = table.insert(record) + else: + record_id = table.insert(record) return 1 diff --git a/sfa/methods/remove.py b/sfa/methods/remove.py index 5b77253a..33113c21 100644 --- a/sfa/methods/remove.py +++ b/sfa/methods/remove.py @@ -28,27 +28,22 @@ class remove(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Record type"), - Parameter(str, "Human readable name (hrn) of record to be removed"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(str, "Human readable name of slice to instantiate"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, type, hrn, request_hash=None): + def call(self, cred, type, hrn, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - # This cred will be an authority cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, type, hrn], request_hash) + # validate the cred self.api.auth.check(cred, "remove") self.api.auth.verify_object_permission(hrn) @@ -63,7 +58,6 @@ class remove(Method): type = record['type'] credential = self.api.getCredential() - credential.set_gid_origin_caller(gid_origin_caller) registries = Registries(self.api) # Try to remove the object from the PLCDB of federated agg. @@ -71,10 +65,7 @@ class remove(Method): if hrn.startswith(self.api.hrn) and type in ['user', 'slice', 'authority']: for registry in registries: if registry not in [self.api.hrn]: - try: - request_hash=None - result=registries[registry].remove_peer_object(credential, record, request_hash) - except: + result=registries[registry].remove_peer_object(credential, record, origin_hrn) pass if type == "user": persons = self.api.plshell.GetPersons(self.api.plauth, record['pointer']) diff --git a/sfa/methods/remove_peer_object.py b/sfa/methods/remove_peer_object.py index ab55ed87..9ce27277 100644 --- a/sfa/methods/remove_peer_object.py +++ b/sfa/methods/remove_peer_object.py @@ -27,21 +27,20 @@ class remove_peer_object(Method): accepts = [ Parameter(str, "Credential string"), Parameter(dict, "Record dictionary"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, record, request_hash=None): + def call(self, cred, record, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - self.api.auth.authenticateCred(cred, [cred], request_hash) self.api.auth.check(cred, "remove") # Only allow the local interface or record owner to delete peer_records diff --git a/sfa/methods/reset_slice.py b/sfa/methods/reset_slice.py index f8795151..57216dab 100644 --- a/sfa/methods/reset_slice.py +++ b/sfa/methods/reset_slice.py @@ -22,19 +22,13 @@ class reset_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, request_hash=None): - # This cred will be an authority cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) + def call(self, cred, hrn, origin_hrn=None): self.api.auth.check(cred, 'resetslice') # send the call to the right manager manager_base = 'sfa.managers' diff --git a/sfa/methods/resolve.py b/sfa/methods/resolve.py index 11ec8c69..ba785d69 100644 --- a/sfa/methods/resolve.py +++ b/sfa/methods/resolve.py @@ -25,22 +25,20 @@ class resolve(Method): accepts = [ Parameter(str, "Credential string"), - Parameter(str, "Human readable name (hrn)"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Parameter(str, "Human readable name (hrn)") ] returns = [GeniRecord] - def call(self, cred, hrn, request_hash=None): + def call(self, cred, hrn, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) + # validate the cred self.api.auth.check(cred, 'resolve') # load all know registry names into a prefix tree and attempt to find @@ -60,17 +58,8 @@ class resolve(Method): # forward the request if registry_hrn != self.api.hrn: credential = self.api.getCredential() - credential.set_gid_origin_caller(gid_origin_caller) - try: - request_hash=None - records = registries[registry_hrn].resolve(credential, hrn, request_hash) - good_records = [GeniRecord(dict=record).as_dict() for record in records] - except: - arg_list = [credential, hrn] - request_hash=self.api.key.compute_hash(arg_list) - records = registries[registry_hrn].resolve(credential, hrn, request_hash) - good_records = [GeniRecord(dict=record).as_dict() for record in records] - + records = registries[registry_hrn].resolve(credential, hrn, origin_hrn) + good_records = [GeniRecord(dict=record).as_dict() for record in records] if good_records: return good_records diff --git a/sfa/methods/start_slice.py b/sfa/methods/start_slice.py index ae3ecf8c..446215c7 100644 --- a/sfa/methods/start_slice.py +++ b/sfa/methods/start_slice.py @@ -22,26 +22,21 @@ class start_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = [Parameter(int, "1 if successful")] - def call(self, cred, hrn, request_hash=None): + def call(self, cred, hrn, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) + # validate the cred self.api.auth.check(cred, 'startslice') # send the call to the right manager diff --git a/sfa/methods/stop_slice.py b/sfa/methods/stop_slice.py index 93a43f8e..291ac626 100644 --- a/sfa/methods/stop_slice.py +++ b/sfa/methods/stop_slice.py @@ -22,26 +22,21 @@ class stop_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, request_hash=None): + def call(self, cred, hrn, origin_hrn=None): user_cred = Credential(string=cred) #log the call - gid_origin_caller = user_cred.get_gid_origin_caller() - origin_hrn = gid_origin_caller.get_hrn() + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - # This cred will be an slice cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) + # validate the cred self.api.auth.check(cred, 'stopslice') # send the call to the right manager diff --git a/sfa/methods/update.py b/sfa/methods/update.py index 01ef6399..23b74c8f 100644 --- a/sfa/methods/update.py +++ b/sfa/methods/update.py @@ -30,25 +30,23 @@ class update(Method): accepts = [ Parameter(str, "Credential string"), Parameter(dict, "Record dictionary to be updated"), - Mixed(Parameter(str, "Request hash"), - Parameter(None, "Request hash not specified")) + Mixed(Parameter(str, "Human readable name of the original caller"), + Paramater(None, "Origin hrn not specified")) ] returns = Parameter(int, "1 if successful") - def call(self, cred, record_dict, request_hash=None, origin_hrn=None): - if origin_hrn==None: - origin_hrn=Credential(string=cred).get_gid_caller().get_hrn() - + def call(self, cred, record_dict, origin_hrn=None): + user_cred = Credential(string=cred) + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name)) - # This cred might be an authority cred, not a user, so we cant use it to - # authenticate the caller's request_hash. Let just get the caller's gid - # from the cred and authenticate using that - client_gid = Credential(string=cred).get_gid_caller() - client_gid_str = client_gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(client_gid_str, [cred], request_hash) + + # validate the cred self.api.auth.check(cred, "update") + new_record = GeniRecord(dict = record_dict) type = new_record['type'] hrn = new_record['hrn'] diff --git a/sfa/plc/api.py b/sfa/plc/api.py index 7407f9a9..0801527d 100644 --- a/sfa/plc/api.py +++ b/sfa/plc/api.py @@ -115,13 +115,9 @@ class GeniAPI(BaseAPI): registry = registries[self.hrn] cert_string=self.cert.save_to_string(save_parents=True) # get self credential - arg_list = [cert_string,type,self.hrn] - request_hash=self.key.compute_hash(arg_list) - self_cred = registry.get_self_credential(cert_string, type, self.hrn, request_hash) + self_cred = registry.get_self_credential(cert_string, type, self.hrn) # get credential - arg_list = [self_cred,type,self.hrn] - request_hash=self.key.compute_hash(arg_list) - cred = registry.get_credential(self_cred, type, self.hrn, request_hash) + cred = registry.get_credential(self_cred, type, self.hrn) # save cred to file Credential(string=cred).save_to_file(cred_filename, save_parents=True) diff --git a/sfa/plc/nodes.py b/sfa/plc/nodes.py index b78d5ec6..e04c7707 100644 --- a/sfa/plc/nodes.py +++ b/sfa/plc/nodes.py @@ -20,7 +20,7 @@ from sfa.server.aggregate import Aggregates class Nodes(SimpleStorage): - def __init__(self, api, ttl = 1, origin_gid_caller=None): + def __init__(self, api, ttl = 1, origin_hrn=None): self.api = api self.ttl = ttl self.threshold = None @@ -31,7 +31,7 @@ class Nodes(SimpleStorage): SimpleStorage.__init__(self, self.nodes_file) self.policy = Policy(api) self.load() - self.origin_gid_caller = origin_gid_caller + self.origin_hrn = origin_hrn def refresh(self): @@ -111,18 +111,11 @@ class Nodes(SimpleStorage): networks = [] rspec = RSpec() credential = self.api.getCredential() - credential.set_gid_origin_caller(self.gid_origin_caller) for aggregate in aggregates: if aggregate not in [self.api.auth.client_cred.get_gid_caller().get_hrn()]: try: # get the rspec from the aggregate - try: - request_hash=None - agg_rspec = aggregates[aggregate].get_resources(credential, hrn, request_hash) - except: - arg_list = [credential, hrn] - request_hash = self.api.key.compute_hash(arg_list) - agg_rspec = aggregates[aggregate].get_resources(credential, hrn, request_hash) + agg_rspec = aggregates[aggregate].get_resources(credential, hrn, origin_hrn) # extract the netspec from each aggregates rspec rspec.parseString(agg_rspec) networks.extend([{'NetSpec': rspec.getDictsByTagName('NetSpec')}]) diff --git a/sfa/plc/slices.py b/sfa/plc/slices.py index b714bdbf..622c0e92 100644 --- a/sfa/plc/slices.py +++ b/sfa/plc/slices.py @@ -25,7 +25,7 @@ class Slices(SimpleStorage): rspec_to_slice_tag = {'max_rate':'net_max_rate'} - def __init__(self, api, ttl = .5, gid_origin_caller=None): + def __init__(self, api, ttl = .5, origin_hrn=None): self.api = api self.ttl = ttl self.threshold = None @@ -36,7 +36,7 @@ class Slices(SimpleStorage): SimpleStorage.__init__(self, self.slices_file) self.policy = Policy(self.api) self.load() - self.gid_origin_caller=gid_origin_caller + self.origin_hrn = origin_hrn def get_slivers(self, hrn, node=None): @@ -214,8 +214,7 @@ class Slices(SimpleStorage): success = False # request hash is optional so lets try the call without it try: - request_hash=None - slices = aggregates[aggregate].get_slices(credential, request_hash) + slices = aggregates[aggregate].get_slices(credential) slice_hrns.extend(slices) success = True except: @@ -225,9 +224,8 @@ class Slices(SimpleStorage): # try sending the request hash if the previous call failed if not success: arg_list = [credential] - request_hash = self.api.key.compute_hash(arg_list) try: - slices = aggregates[aggregate].get_slices(credential, request_hash) + slices = aggregates[aggregate].get_slices(credential) slice_hrns.extend(slices) success = True except: @@ -251,12 +249,7 @@ class Slices(SimpleStorage): def verify_site(self, registry, credential, slice_hrn, peer, sfa_peer): authority = get_authority(slice_hrn) - try: - site_records = registry.resolve(credential, authority) - except: - arg_list = [credential, authority] - request_hash = self.api.key.compute_hash(arg_list) - site_records = registry.resolve(credential, authority, request_hash) + site_records = registry.resolve(credential, authority) site = {} for site_record in site_records: @@ -275,12 +268,7 @@ class Slices(SimpleStorage): # mark this site as an sfa peer record if sfa_peer: peer_dict = {'type': 'authority', 'hrn': authority, 'peer_authority': sfa_peer, 'pointer': site_id} - try: - registry.register_peer_object(credential, peer_dict) - except: - arg_list = [credential] - request_hash = self.api.key.compute_hash(arg_list) - registry.register_peer_object(credential, peer_dict, request_hash) + registry.register_peer_object(credential, peer_dict) else: site_id = sites[0]['site_id'] remote_site_id = sites[0]['peer_site_id'] @@ -292,12 +280,7 @@ class Slices(SimpleStorage): slice = {} slice_record = None authority = get_authority(slice_hrn) - try: - slice_records = registry.resolve(credential, slice_hrn) - except: - arg_list = [credential, slice_hrn] - request_hash = self.api.key.compute_hash(arg_list) - slice_records = registry.resolve(credential, slice_hrn, request_hash) + slice_records = registry.resolve(credential, slice_hrn) for record in slice_records: if record['type'] in ['slice']: @@ -323,12 +306,7 @@ class Slices(SimpleStorage): # mark this slice as an sfa peer record if sfa_peer: peer_dict = {'type': 'slice', 'hrn': slice_hrn, 'peer_authority': sfa_peer, 'pointer': slice_id} - try: - registry.register_peer_object(credential, peer_dict) - except: - arg_list = [credential] - request_hash = self.api.key.compute_hash(arg_list) - registry.register_peer_object(credential, peer_dict, request_hash) + registry.register_peer_object(credential, peer_dict) #this belongs to a peer if peer: @@ -353,12 +331,7 @@ class Slices(SimpleStorage): researchers = slice_record.get('researcher', []) for researcher in researchers: person_record = {} - try: - person_records = registry.resolve(credential, researcher) - except: - arg_list = [credential, researcher] - request_hash = self.api.key.compute_hash(arg_list) - person_records = registry.resolve(credential, researcher, request_hash) + person_records = registry.resolve(credential, researcher) for record in person_records: if record['type'] in ['user']: person_record = record @@ -384,12 +357,7 @@ class Slices(SimpleStorage): # mark this person as an sfa peer record if sfa_peer: peer_dict = {'type': 'user', 'hrn': researcher, 'peer_authority': sfa_peer, 'pointer': person_id} - try: - registry.register_peer_object(credential, peer_dict) - except: - arg_list = [credential] - request_hash = self.api.key.compute_hash(arg_list) - registry.register_peer_object(credential, peer_dict, request_hash) + registry.register_peer_object(credential, peer_dict) if peer: self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer']) diff --git a/sfa/server/sfa-clean-peer-records.py b/sfa/server/sfa-clean-peer-records.py index 5cf9905a..235ddaf0 100644 --- a/sfa/server/sfa-clean-peer-records.py +++ b/sfa/server/sfa-clean-peer-records.py @@ -48,15 +48,12 @@ def main(): try: peer_record_hrn = peer_record['hrn'] arg_list = [credential, peer_record_hrn] - request_hash = key.compute_hash(arg_list) - records = registries[peer_auth].resolve(credential, peer_record_hrn, request_hash) + records = registries[peer_auth].resolve(credential, peer_record_hrn) except ServerException: # an exception will be thrown if the record doenst exist # if so remove the record from the local registry - arg_list = [credential] - request_hash = key.compute_hash(arg_list) - registries[sfa_api.hrn].remove_peer_object(credential, peer_record, request_hash) + registries[sfa_api.hrn].remove_peer_object(credential, peer_record) except: - traceback.print_exc() + traceback.print_exc() if __name__ == '__main__': main() -- 2.47.0