move sliverauth-related tags from db-config.d to accessors - fixed roles

diff --git a/PLC/Accessors/Accessors_sliverauth.py b/PLC/Accessors/Accessors_sliverauth.py
index e8ca0c2..6debf3d 100644 (file)
--- a/PLC/Accessors/Accessors_sliverauth.py
+++ b/PLC/Accessors/Accessors_sliverauth.py
@@ -13,6 +13,7 @@ from PLC.Accessors.Factory import define_accessors, admin_roles, all_roles, tech
 import sys
 current_module = sys.modules[__name__]
 
+# this is how to request the features
 define_accessors(current_module, Slice, "OmfControl","omf_control",
                  "slice/usertools","Pre-install and configure OMF Resource Controller in slice if set",
                  set_roles=all_roles, expose_in_api=True)
@@ -21,3 +22,18 @@ define_accessors(current_module, Slice, "OmfControl","omf_control",
 define_accessors(current_module, Slice, "SliverHMAC","enable_hmac",
                  "slice/usertools","Create HMAC keys for node in slice (slivers)",
                  set_roles=all_roles, expose_in_api=True)
+
+# this is where the crypto stuff gets stored 
+# this ends up in a sliver tag - the node creates that
+# the accessors engine does not know how to create sliver accessors
+# like e.g. GetSliverHmac(node,slice)
+# but they are mentioned here as they are related to the above
+
+# Security capability to empower a slice to make an authenticated API call, set by silverauth NM plugin.
+define_accessors(current_module, Slice, "Hmac","hmac",
+                 "slice/auth", "Sliver authorization key, for authenticated API call",
+                 set_roles=['admin','node'])
+# sliver-dependant ssh key, used to authenticate the experimental plane with OMF tools
+define_accessors(current_module, Slice, "SshKey", "ssh_key",
+                 'slice/auth', "Sliver public ssh key",
+                 set_roles= ['admin','node'])

diff --git a/db-config.d/010-slice_tags b/db-config.d/010-slice_tags
index 9910217..040fa60 100644 (file)
--- a/db-config.d/010-slice_tags
+++ b/db-config.d/010-slice_tags
@@ -101,17 +101,6 @@ slicetag_types = \
      'category' : 'slice/rspec',
      'roles' : ['admin','pi','user']},
 
-    # Security capability to empower a slice to make an authenticated API call, set by silverauth NM plugin.
-    {'tagname': "hmac",
-     'description': "Sliver authorization key.",
-     'category' : 'slice/auth',
-     'roles': ['admin','pi']},
-
-    {'tagname': "ssh_key",
-     'description': "Sliver public ssh key.",
-     'category' : 'slice/auth',
-     'roles': ['admin','pi']},
-
     # Capability to give a sliver access to unused raw disk
     {'tagname': "rawdisk",
      'description': "map unused raw disk devices into the slice",
@@ -127,10 +116,6 @@ slicetag_types = \
      'description': "Is a default Distributed Rate Limiting slice (1) or not (0 or unset)",
      'category' : 'slice/general'},
 
-    # OMF controlled slice
-    {'tagname': "omf_control",
-     'description': "Pre-install and configure OMF Resource Controller in slice if set",
-     'category' : 'slice/usertools'},
 ]
 
 # add in the platform supported rlimits to the default_attribute_types