sfa/methods/update.py

   1 ### $Id$
   2 ### $URL$
   3
   4 import time
   5 from sfa.util.faults import *
   6 from sfa.util.method import Method
   7 from sfa.util.parameter import Parameter, Mixed
   8 from sfa.trust.auth import Auth
   9 from sfa.util.record import GeniRecord
  10 from sfa.util.genitable import GeniTable
  11 from sfa.trust.certificate import Keypair, convert_public_key
  12 from sfa.trust.gid import *
  13 from sfa.util.debug import log
  14 from sfa.trust.credential import Credential
  15
  16 class update(Method):
  17     """
  18     Update an object in the registry. Currently, this only updates the
  19     PLC information associated with the record. The Geni fields (name, type,
  20     GID) are fixed.
  21
  22     @param cred credential string specifying rights of the caller
  23     @param record a record dictionary to be updated
  24
  25     @return 1 if successful, faults otherwise
  26     """
  27
  28     interfaces = ['registry']
  29
  30     accepts = [
  31         Parameter(str, "Credential string"),
  32         Parameter(dict, "Record dictionary to be updated"),
  33         Mixed(Parameter(str, "Human readable name of the original caller"),
  34               Parameter(None, "Origin hrn not specified"))
  35         ]
  36
  37     returns = Parameter(int, "1 if successful")
  38
  39     def call(self, cred, record_dict, origin_hrn=None):
  40         user_cred = Credential(string=cred)
  41
  42             #log the call
  43         if not origin_hrn:
  44             origin_hrn = user_cred.get_gid_caller().get_hrn()
  45         self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name))
  46
  47         # validate the cred
  48         self.api.auth.check(cred, "update")
  49
  50         new_record = GeniRecord(dict = record_dict)
  51         type = new_record['type']
  52         hrn = new_record['hrn']
  53         self.api.auth.verify_object_permission(hrn)
  54         table = GeniTable()
  55         # make sure the record exists
  56         records = table.findObjects({'type': type, 'hrn': hrn})
  57         if not records:
  58             raise RecordNotFound(hrn)
  59         record = records[0]
  60         record['last_updated'] = time.gmtime()
  61
  62         # Update_membership needs the membership lists in the existing record
  63         # filled in, so it can see if members were added or removed
  64         self.api.fill_record_info(record)
  65
  66          # Use the pointer from the existing record, not the one that the user
  67         # gave us. This prevents the user from inserting a forged pointer
  68         pointer = record['pointer']
  69
  70         # update the PLC information that was specified with the record
  71
  72         if (type == "authority"):
  73             self.api.plshell.UpdateSite(self.api.plauth, pointer, new_record)
  74
  75         elif type == "slice":
  76             pl_record=self.api.geni_fields_to_pl_fields(type, hrn, new_record)
  77             if 'name' in pl_record:
  78                 pl_record.pop('name')
  79             self.api.plshell.UpdateSlice(self.api.plauth, pointer, pl_record)
  80
  81         elif type == "user":
  82             # SMBAKER: UpdatePerson only allows a limited set of fields to be
  83             #    updated. Ideally we should have a more generic way of doing
  84             #    this. I copied the field names from UpdatePerson.py...
  85             update_fields = {}
  86             all_fields = new_record
  87             for key in all_fields.keys():
  88                 if key in ['first_name', 'last_name', 'title', 'email',
  89                            'password', 'phone', 'url', 'bio', 'accepted_aup',
  90                            'enabled']:
  91                     update_fields[key] = all_fields[key]
  92             self.api.plshell.UpdatePerson(self.api.plauth, pointer, update_fields)
  93
  94             if 'key' in new_record and new_record['key']:
  95                 # must check this key against the previous one if it exists
  96                 persons = self.api.plshell.GetPersons(self.api.plauth, [pointer], ['key_ids'])
  97                 person = persons[0]
  98                 keys = person['key_ids']
  99                 keys = self.api.plshell.GetKeys(self.api.plauth, person['key_ids'])
 100                 key_exists = False
 101                 if isinstance(new_record['key'], list):
 102                     new_key = new_record['key'][0]
 103                 else:
 104                     new_key = new_record['key']
 105
 106                 # Delete all stale keys
 107                 for key in keys:
 108                     if new_record['key'] != key['key']:
 109                         self.api.plshell.DeleteKey(self.api.plauth, key['key_id'])
 110                     else:
 111                         key_exists = True
 112                 if not key_exists:
 113                     self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type': 'ssh', 'key': new_key})
 114
 115                 # update the openssl key and gid
 116                 pkey = convert_public_key(new_key)
 117                 uuid = create_uuid()
 118                 gid_object = self.api.auth.hierarchy.create_gid(hrn, uuid, pkey)
 119                 gid = gid_object.save_to_string(save_parents=True)
 120                 record['gid'] = gid
 121                 record = GeniRecord(dict=record)
 122                 table.update(record)
 123
 124         elif type == "node":
 125             self.api.plshell.UpdateNode(self.api.plauth, pointer, new_record)
 126
 127         else:
 128             raise UnknownGeniType(type)
 129
 130         # update membership for researchers, pis, owners, operators
 131         self.api.update_membership(record, new_record)
 132
 133         return 1