import types
import time
-from sfa.server.registry import Registries
+
+from sfa.util.faults import *
from sfa.util.prefixTree import prefixTree
from sfa.util.record import SfaRecord
from sfa.util.table import SfaTable
from sfa.util.record import SfaRecord
from sfa.trust.gid import GID
-from sfa.util.namespace import *
-from sfa.trust.credential import *
-from sfa.trust.certificate import *
-from sfa.util.faults import *
-
-def get_credential(api, hrn, type, is_self=False):
+from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn, urn_to_hrn
+from sfa.util.plxrn import hrn_to_pl_login_base
+from sfa.trust.credential import Credential
+from sfa.trust.certificate import Certificate, Keypair
+from sfa.trust.gid import create_uuid
+
+def get_version(api):
+ version = {}
+ version['geni_api'] = 1
+ version['sfa'] = 1
+ return version
+
+def get_credential(api, xrn, type, is_self=False):
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
+
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
api.fill_record_info(record)
+ if record['type']=='user':
+ if not record['enabled']:
+ raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email']))
# get the callers gid
# if this is a self cred the record's gid is the caller's gid
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
- new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
- new_cred.set_pubkey(object_gid.get_pubkey())
+ new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
+ #new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
- new_cred.set_delegate(True)
+ new_cred.get_privileges().delegate_all_privileges(True)
+ if 'expires' in record:
+ new_cred.set_expiration(int(record['expires']))
auth_kind = "authority,ma,sa"
- new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
+ # Parent not necessary, verify with certs
+ #new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
-def resolve(api, hrns, type=None, origin_hrn=None):
+
+# The GENI GetVersion call
+def GetVersion():
+ version = {}
+ version['geni_api'] = 1
+ return version
+
+def resolve(api, xrns, type=None, full=True):
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
- if not isinstance(hrns, types.ListType):
- hrns = [hrns]
-
+ if not isinstance(xrns, types.ListType):
+ xrns = [xrns]
+ hrns = [urn_to_hrn(xrn)[0] for xrn in xrns]
# create a dict whre key is an registry hrn and its value is a
# hrns at that registry (determined by the known prefix tree).
- hrn_dict = {}
- registries = Registries(api)
+ xrn_dict = {}
+ registries = api.registries
tree = prefixTree()
registry_hrns = registries.keys()
tree.load(registry_hrns)
- for hrn in hrns:
- registry_hrn = tree.best_match(hrn)
- if registry_hrn not in hrn_dict:
- hrn_dict[registry_hrn] = []
- hrn_dict[registry_hrn].append(hrn)
+ for xrn in xrns:
+ registry_hrn = tree.best_match(urn_to_hrn(xrn)[0])
+ if registry_hrn not in xrn_dict:
+ xrn_dict[registry_hrn] = []
+ xrn_dict[registry_hrn].append(xrn)
records = []
- for registry_hrn in hrn_dict:
+ for registry_hrn in xrn_dict:
# skip the hrn without a registry hrn
# XX should we let the user know the authority is unknown?
if not registry_hrn:
# if the best match (longest matching hrn) is not the local registry,
# forward the request
- hrns = hrn_dict[registry_hrn]
+ xrns = xrn_dict[registry_hrn]
if registry_hrn != api.hrn:
credential = api.getCredential()
- peer_records = registries[registry_hrn].resolve(credential, hrn, origin_hrn)
+ peer_records = registries[registry_hrn].Resolve(xrns, credential)
records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
# try resolving the remaining unfound records at the local registry
remaining_hrns = set(hrns).difference([record['hrn'] for record in records])
+ # convert set to list
remaining_hrns = [hrn for hrn in remaining_hrns]
table = SfaTable()
local_records = table.findObjects({'hrn': remaining_hrns})
- for record in local_records:
- try:
- api.fill_record_info(record)
- records.append(dict(record))
- except PlanetLabRecordDoesNotExist:
- # silently drop the ones that are missing in PL
- print >> log, "ignoring SFA record ", record['hrn'], \
- " because pl record does not exist"
- table.remove(record)
-
+ if full:
+ api.fill_record_info(local_records)
+
+ # convert local record objects to dicts
+ records.extend([dict(record) for record in local_records])
if not records:
raise RecordNotFound(str(hrns))
return records
-def list(api, hrn):
+def list(api, xrn, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
records = []
- registries = Registries(api)
- hrns = registries.keys()
+ registries = api.registries
+ registry_hrns = registries.keys()
tree = prefixTree()
- tree.load(hrns)
+ tree.load(registry_hrns)
registry_hrn = tree.best_match(hrn)
-
+
#if there was no match then this record belongs to an unknow registry
if not registry_hrn:
- raise MissingAuthority(hrn)
+ raise MissingAuthority(xrn)
# if the best match (longest matching hrn) is not the local registry,
# forward the request
records = []
if registry_hrn != api.hrn:
credential = api.getCredential()
- record_list = registries[registry_hrn].list(credential, hrn, origin_hrn)
+ record_list = registries[registry_hrn].list(credential, xrn, origin_hrn)
records = [SfaRecord(dict=record).as_dict() for record in record_list]
- # if we still havnt found the record yet, try the local registry
+ # if we still have not found the record yet, try the local registry
if not records:
if not api.auth.hierarchy.auth_exists(hrn):
raise MissingAuthority(hrn)
def register(api, record):
hrn, type = record['hrn'], record['type']
-
+ urn = hrn_to_urn(hrn,type)
# validate the type
if type not in ['authority', 'slice', 'node', 'user']:
raise UnknownSfaType(type)
pub_key = record['key']
pkey = convert_public_key(pub_key)
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
if type in ["authority"]:
# update the tree
if not api.auth.hierarchy.auth_exists(hrn):
- api.auth.hierarchy.create_auth(hrn)
+ api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
# get the GID from the newly created authority
gid = auth_info.get_gid_object()
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
- slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
- if not slices:
- pointer = api.plshell.AddSlice(api.plauth, pl_record)
- else:
- pointer = slices[0]['slice_id']
- record.set_pointer(pointer)
- record['pointer'] = pointer
+ slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
+ if not slices:
+ pointer = api.plshell.AddSlice(api.plauth, pl_record)
+ else:
+ pointer = slices[0]['slice_id']
+ record.set_pointer(pointer)
+ record['pointer'] = pointer
elif (type == "user"):
persons = api.plshell.GetPersons(api.plauth, [record['email']])
new_record = SfaRecord(dict = record_dict)
type = new_record['type']
hrn = new_record['hrn']
+ urn = hrn_to_urn(hrn,type)
api.auth.verify_object_permission(hrn)
table = SfaTable()
# make sure the record exists
# update the openssl key and gid
pkey = convert_public_key(new_key)
uuid = create_uuid()
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record = SfaRecord(dict=record)
return 1
-def remove(api, hrn, type, origin_hrn=None):
+# expecting an Xrn instance
+def remove(api, xrn, origin_hrn=None):
+
table = SfaTable()
- filter = {'hrn': hrn}
- if type not in ['all', '*']:
+ filter = {'hrn': xrn.get_hrn()}
+ hrn=xrn.get_hrn()
+ type=xrn.get_type()
+ if type and type not in ['all', '*']:
filter['type'] = type
+
records = table.find(filter)
- if not records:
- raise RecordNotFound(hrn)
+ if not records: raise RecordNotFound(hrn)
record = records[0]
type = record['type']
credential = api.getCredential()
- registries = Registries(api)
+ registries = api.registries
# Try to remove the object from the PLCDB of federated agg.
# This is attempted before removing the object from the local agg's PLCDB and sfa table
git://git.onelab.eu / sfa.git / blobdiff