import types
import time
-from sfa.server.registry import Registries
from sfa.util.prefixTree import prefixTree
from sfa.util.record import SfaRecord
from sfa.util.table import SfaTable
from sfa.trust.certificate import *
from sfa.util.faults import *
+
+
def get_credential(api, xrn, type, is_self=False):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
+
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
api.fill_record_info(record)
+ if record['type']=='user':
+ if not record['enabled']:
+ raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email']))
# get the callers gid
# if this is a self cred the record's gid is the caller's gid
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
- new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
- new_cred.set_pubkey(object_gid.get_pubkey())
+ new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
+ #new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
- new_cred.set_delegate(True)
+ new_cred.get_privileges().delegate_all_privileges(True)
auth_kind = "authority,ma,sa"
- new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
+ # Parent not necessary, verify with certs
+ #new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
-def resolve(api, xrns, type=None, origin_hrn=None):
+
+# The GENI GetVersion call
+def GetVersion():
+ version = {}
+ version['geni_api'] = 1
+ return version
+
+
+
+# The GENI resolve call
+def Resolve(api, xrn, creds):
+ records = resolve(api, xrn)
+
+ if len(records) == 0:
+ return {}
+
+ record = records[0]
+ if record.type == 'slice':
+ return {'geni_urn': xrn, 'geni_creator': " ".join(record.PI)}
+ if record.type == 'user':
+ return {'geni_urn': xrn, 'geni_certificate': record.gid}
+
+
+
+def resolve(api, xrns, type=None, origin_hrn=None, full=True):
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
# create a dict whre key is an registry hrn and its value is a
# hrns at that registry (determined by the known prefix tree).
xrn_dict = {}
- registries = Registries(api)
+ registries = api.registries
tree = prefixTree()
registry_hrns = registries.keys()
tree.load(registry_hrns)
# convert set to list
remaining_hrns = [hrn for hrn in remaining_hrns]
table = SfaTable()
-
- print remaining_hrns
local_records = table.findObjects({'hrn': remaining_hrns})
- for record in local_records:
- try:
- api.fill_record_info(record)
- records.append(dict(record))
- except PlanetLabRecordDoesNotExist:
- # silently drop the ones that are missing in PL
- print >> log, "ignoring SFA record ", record['hrn'], \
- " because pl record does not exist"
- table.remove(record)
-
+ if full:
+ api.fill_record_info(local_records)
+
+ # convert local record objects to dicts
+ records.extend([dict(record) for record in local_records])
if not records:
raise RecordNotFound(str(hrns))
return records
-def list(api, xrn):
+def list(api, xrn, origin_hrn=None):
hrn, type = urn_to_hrn(xrn)
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
records = []
- registries = Registries(api)
+ registries = api.registries
registry_hrns = registries.keys()
tree = prefixTree()
tree.load(registry_hrns)
registry_hrn = tree.best_match(hrn)
-
+
#if there was no match then this record belongs to an unknow registry
if not registry_hrn:
raise MissingAuthority(xrn)
def register(api, record):
hrn, type = record['hrn'], record['type']
-
+ urn = hrn_to_urn(hrn,type)
# validate the type
if type not in ['authority', 'slice', 'node', 'user']:
raise UnknownSfaType(type)
pub_key = record['key']
pkey = convert_public_key(pub_key)
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
if type in ["authority"]:
# update the tree
if not api.auth.hierarchy.auth_exists(hrn):
- api.auth.hierarchy.create_auth(hrn)
+ api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
# get the GID from the newly created authority
gid = auth_info.get_gid_object()
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
- slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
- if not slices:
- pointer = api.plshell.AddSlice(api.plauth, pl_record)
- else:
- pointer = slices[0]['slice_id']
- record.set_pointer(pointer)
- record['pointer'] = pointer
+ slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
+ if not slices:
+ pointer = api.plshell.AddSlice(api.plauth, pl_record)
+ else:
+ pointer = slices[0]['slice_id']
+ record.set_pointer(pointer)
+ record['pointer'] = pointer
elif (type == "user"):
persons = api.plshell.GetPersons(api.plauth, [record['email']])
new_record = SfaRecord(dict = record_dict)
type = new_record['type']
hrn = new_record['hrn']
+ urn = hrn_to_urn(hrn,type)
api.auth.verify_object_permission(hrn)
table = SfaTable()
# make sure the record exists
# update the openssl key and gid
pkey = convert_public_key(new_key)
uuid = create_uuid()
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record = SfaRecord(dict=record)
type = record['type']
credential = api.getCredential()
- registries = Registries(api)
+ registries = api.registries
# Try to remove the object from the PLCDB of federated agg.
# This is attempted before removing the object from the local agg's PLCDB and sfa table