sfa/methods/get_ticket.py

   1 ### $Id$
   2 ### $URL$
   3
   4 from sfa.util.faults import *
   5 from sfa.util.method import Method
   6 from sfa.util.parameter import Parameter, Mixed
   7 from sfa.trust.auth import Auth
   8 from sfa.util.genitable import GeniTable
   9 from sfa.util.sfaticket import SfaTicket
  10 from sfa.util.slices import Slices
  11 from sfatables.runtime import SFATablesRules
  12
  13 class get_ticket(Method):
  14     """
  15     Retrieve a ticket. This operation is currently implemented on PLC
  16     only (see SFA, engineering decisions); it is not implemented on
  17     components.
  18
  19     The ticket is filled in with information from the PLC database. This
  20     information includes resources, and attributes such as user keys and
  21     initscripts.
  22
  23     @param cred credential string
  24     @param name name of the slice to retrieve a ticket for
  25     @param rspec resource specification dictionary
  26
  27     @return the string representation of a ticket object
  28     """
  29
  30     interfaces = ['registry', 'aggregate', 'slicemgr']
  31
  32     accepts = [
  33         Parameter(str, "Credential string"),
  34         Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"),
  35         Parameter(str, "Resource specification (rspec)"),
  36         Mixed(Parameter(str, "Request hash"),
  37               Parameter(None, "Request hash not specified"))
  38         ]
  39
  40     returns = Parameter(str, "String represeneation of a ticket object")
  41
  42     def call(self, cred, hrn, rspec, request_hash=None):
  43         self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
  44         self.api.auth.check(cred, "getticket")
  45         self.api.auth.verify_object_belongs_to_me(hrn)
  46         self.api.auth.verify_object_permission(hrn)
  47
  48         # find record info
  49         table = GeniTable()
  50         records = table.findObjects({'hrn': hrn, 'type': 'slice'})
  51         if not records:
  52             raise RecordNotFound(hrn)
  53         record = records
  54         object_gid = record.get_gid_object()
  55         new_ticket = SfaTicket(subject = object_gid.get_subject())
  56         new_ticket.set_gid_caller(self.client_gid)
  57         new_ticket.set_gid_object(object_gid)
  58         new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
  59         new_ticket.set_pubkey(object_gid.get_pubkey())
  60
  61         # determine aggregate tyep
  62         sfa_aggregate_type = Config().get_aggregate_rspec_type()
  63         rspec_manager = __import__("sfa.rspecs.aggregates.rspec_manager_"+sfa_aggregate_type, fromlist = ["sfa.rspecs.aggregates"])
  64
  65         # Fukter the incoming rspec using sfatables
  66         incoming_rules = SFATablesRules('INCOMING')
  67         #incoming_rules.set_slice(hrn) # This is a temporary kludge. Eventually, we'd like to fetch the context requested by the match/target
  68         contexts = incoming_rules.contexts
  69         caller_hrn = Credential(string=caller_cred).get_gid_caller().get_hrn())
  70         request_context = rspec_manager.fetch_context(hrn, caller_hrn, contexts)
  71         incoming_rules.set_context(request_context)
  72         rspec = incoming_rules.apply(requested_rspec)
  73
  74         # get sliver info
  75         slivers = Slices(self.api).get_slivers(hrn)
  76         if not slivers:
  77             raise SliverDoesNotExist(hrn)
  78         sliver = slivers[0]
  79
  80         # get initscripts
  81         initscripts = None
  82         sliver['initscripts'] = initscripts
  83
  84         new_ticket.set_attributes(sliver)
  85         new_ticket.set_rspec(rspec)
  86
  87         new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
  88
  89         new_ticket.encode()
  90         new_ticket.sign()
  91
  92         return new_ticket.save_to_string(save_parents=True)
  93