from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.util.record import GeniRecord
+from sfa.util.genitable import GeniTable
from sfa.util.debug import log
+from sfa.trust.credential import Credential
+from sfa.server.registry import Registries
class remove(Method):
"""
accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Record type"),
- Parameter(str, "Human readable name (hrn) of record to be removed")
+ Parameter(str, "Human readable name (hrn) of record to be removed"),
+ Mixed(Parameter(str, "Request hash"),
+ Parameter(None, "Request hash not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, type, hrn):
+ def call(self, cred, type, hrn, request_hash=None, origin_hrn=None):
+ # This cred will be an authority cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred, type, hrn], request_hash)
self.api.auth.check(cred, "remove")
self.api.auth.verify_object_permission(hrn)
- auth_name = self.api.auth.get_authority(hrn)
- table = self.api.auth.get_auth_table(auth_name)
- record_list = table.resolve(type, hrn)
- if not record_list:
+
+ if origin_hrn==None:
+ origin_hrn=Credential(string=cred).get_gid_caller().get_hrn()
+
+ #log the call
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+ table = GeniTable()
+ filter = {'hrn': hrn}
+ if type not in ['all', '*']:
+ filter['type'] = type
+ records = table.find(filter)
+ if not records:
raise RecordNotFound(hrn)
- record = record_list[0]
-
+ record = records[0]
type = record['type']
+
+ credential = self.api.getCredential()
+ registries = Registries(self.api)
+
+ # Try to remove the object from the PLCDB of federated agg.
+ # This is attempted before removing the object from the local agg's PLCDB and sfa table
+ if hrn.startswith(self.api.hrn) and type in ['user', 'slice', 'authority']:
+ for registry in registries:
+ if registry not in [self.api.hrn]:
+ try:
+ request_hash=None
+ result=registries[registry].remove_peer_object(credential, record, request_hash, origin_hrn)
+ except:
+ pass
if type == "user":
- if self.api.plshell.GetPersons(self.api.plauth, record.get_pointer()):
- self.api.plshell.DeletePerson(self.api.plauth, record.get_pointer())
+ persons = self.api.plshell.GetPersons(self.api.plauth, record['pointer'])
+ # only delete this person if he has site ids. if he doesnt, it probably means
+ # he was just removed from a site, not actually deleted
+ if persons and persons[0]['site_ids']:
+ self.api.plshell.DeletePerson(self.api.plauth, record['pointer'])
elif type == "slice":
- if self.api.plshell.GetSlices(self.api.plauth, record.get_pointer()):
- self.api.plshell.DeleteSlice(self.api.plauth, record.get_pointer())
+ if self.api.plshell.GetSlices(self.api.plauth, record['pointer']):
+ self.api.plshell.DeleteSlice(self.api.plauth, record['pointer'])
elif type == "node":
- if self.api.plshell.GetNodes(self.api.plauth, record.get_pointer()):
- self.api.plshell.DeleteNode(self.api.plauth, record.get_pointer())
+ if self.api.plshell.GetNodes(self.api.plauth, record['pointer']):
+ self.api.plshell.DeleteNode(self.api.plauth, record['pointer'])
elif type == "authority":
- if self.api.plshell.GetSites(self.api.plauth, record.get_pointer()):
- self.api.plshell.DeleteSite(self.api.plauth, record.get_pointer())
+ if self.api.plshell.GetSites(self.api.plauth, record['pointer']):
+ self.api.plshell.DeleteSite(self.api.plauth, record['pointer'])
else:
raise UnknownGeniType(type)
table.remove(record)
+
+ # forward the call after replacing the root hrn
return 1
git://git.onelab.eu / sfa.git / blobdiff