sfa/methods/get_ticket.py

   1 ### $Id$
   2 ### $URL$
   3
   4 from sfa.util.faults import *
   5 from sfa.util.method import Method
   6 from sfa.util.parameter import Parameter, Mixed
   7 from sfa.trust.auth import Auth
   8 from sfa.util.sfaticket import SfaTicket
   9 from sfa.util.slices import
  10
  11 class get_ticket(Method):
  12     """
  13     Retrieve a ticket. This operation is currently implemented on PLC
  14     only (see SFA, engineering decisions); it is not implemented on
  15     components.
  16
  17     The ticket is filled in with information from the PLC database. This
  18     information includes resources, and attributes such as user keys and
  19     initscripts.
  20
  21     @param cred credential string
  22     @param name name of the slice to retrieve a ticket for
  23     @param rspec resource specification dictionary
  24
  25     @return the string representation of a ticket object
  26     """
  27
  28     interfaces = ['registry']
  29
  30     accepts = [
  31         Parameter(str, "Credential string"),
  32         Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"),
  33         Parameter(str, "Resource specification (rspec)"),
  34         Mixed(Parameter(str, "Request hash"),
  35               Parameter(None, "Request hash not specified"))
  36         ]
  37
  38     returns = Parameter(str, "String represeneation of a ticket object")
  39
  40     def call(self, cred, hrn, request_hash=None):
  41         self.api.auth.authenticateCred(cred, [cred, hrn], request_hash)
  42         self.api.auth.check(cred, "getticket")
  43         self.api.auth.verify_object_belongs_to_me(hrn)
  44         self.api.auth.verify_object_permission(name)
  45
  46         # XXX much of this code looks like get_credential... are they so similar
  47         # that they should be combined?
  48
  49         auth_hrn = self.api.auth.get_authority(hrn)
  50         if not auth_hrn:
  51             auth_hrn = hrn
  52         auth_info = self.api.auth.get_auth_info(auth_hrn)
  53         record = None
  54         table = self.api.auth.get_auth_table(auth_hrn)
  55         record = table.resolve('slice', hrn)
  56
  57         object_gid = record.get_gid_object()
  58         new_ticket = SfaTicket(subject = object_gid.get_subject())
  59         new_ticket.set_gid_caller(self.client_gid)
  60         new_ticket.set_gid_object(object_gid)
  61         new_ticket.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
  62         new_ticket.set_pubkey(object_gid.get_pubkey())
  63
  64         # get sliver info
  65         slivers = Slices(self.api).get_slivers(hrn)
  66         if not slivers:
  67             raise SliverDoesNotExist(hrn)
  68         sliver = slivers[0]
  69
  70         # get rspec info
  71         rspec = None
  72
  73         new_ticket.set_attributes(sliver)
  74         new_ticket.set_rspec(rspec)
  75
  76         new_ticket.set_parent(self.api.auth.hierarchy.get_auth_ticket(auth_hrn))
  77
  78         new_ticket.encode()
  79         new_ticket.sign()
  80
  81         return new_ticket.save_to_string(save_parents=True)
  82