X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=blobdiff_plain;f=sfa%2Fmethods%2FGetSelfCredential.py;h=a528cb14eed1f5ea0ba7f8eace033abbe0b9b068;hp=647e6369da6e60e755d9aede6f77f2c04b9f2184;hb=fd395e1944dcd49f10a4d5b27ce4983ad389fb96;hpb=99e9f96209b9ebfd1853e7b8902a1a0fe893eaa2 diff --git a/sfa/methods/GetSelfCredential.py b/sfa/methods/GetSelfCredential.py index 647e6369..a528cb14 100644 --- a/sfa/methods/GetSelfCredential.py +++ b/sfa/methods/GetSelfCredential.py @@ -1,31 +1,31 @@ - -from sfa.util.faults import * -from sfa.util.namespace import urn_to_hrn +from sfa.util.faults import RecordNotFound, ConnectionKeyGIDMismatch +from sfa.util.xrn import urn_to_hrn from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed -from sfa.util.record import SfaRecord -from sfa.trust.credential import Credential +from sfa.util.sfalogging import logger + from sfa.trust.certificate import Certificate -from sfa.trust.rights import Right, Rights + +from sfa.storage.parameter import Parameter, Mixed + class GetSelfCredential(Method): """ Retrive a credential for an object - @param cert certificate string + @param cert certificate string @param type type of object (user | slice | sa | ma | node) @param hrn human readable name of object (hrn or urn) - @return the string representation of a credential object + @return the string representation of a credential object """ interfaces = ['registry'] - + accepts = [ Parameter(str, "certificate"), Parameter(str, "Human readable name (hrn or urn)"), Mixed(Parameter(str, "Record type"), Parameter(None, "Type not specified")), - ] + ] returns = Parameter(str, "String representation of a credential object") @@ -48,30 +48,44 @@ class GetSelfCredential(Method): if type: hrn = urn_to_hrn(xrn)[0] else: - hrn, type = urn_to_hrn(xrn) + hrn, type = urn_to_hrn(xrn) self.api.auth.verify_object_belongs_to_me(hrn) origin_hrn = Certificate(string=cert).get_subject() - self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - - manager = self.api.get_interface_manager() - + logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s" % + (self.api.interface, origin_hrn, hrn, self.name)) + # authenticate the gid - records = manager.resolve(self.api, xrn, type) + # import here so we can load this module at build-time for sfa2wsdl + #from sfa.storage.alchemy import dbsession + from sfa.storage.model import RegRecord + + # xxx-local - the current code runs Resolve, which would forward to + # another registry if needed + # I wonder if this is truly the intention, or shouldn't we instead + # only look in the local db ? + records = self.api.manager.Resolve(self.api, xrn, type, details=False) if not records: raise RecordNotFound(hrn) - record = SfaRecord(dict=records[0]) - gid = record.get_gid_object() + + record_obj = RegRecord(dict=records[0]) + # xxx-local the local-only version would read + #record_obj = dbsession.query(RegRecord).filter_by(hrn=hrn).first() + #if not record_obj: raise RecordNotFound(hrn) + gid = record_obj.get_gid_object() gid_str = gid.save_to_string(save_parents=True) self.api.auth.authenticateGid(gid_str, [cert, type, hrn]) # authenticate the certificate against the gid in the db certificate = Certificate(string=cert) if not certificate.is_pubkey(gid.get_pubkey()): - for (obj,name) in [ (certificate,"CERT"), (gid,"GID"), ]: - self.api.logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s"%(name,obj.get_pubkey().get_pubkey_string())) - self.api.logger.debug("ConnectionKeyGIDMismatch, %s dump: %s"%(name,obj.dump_string())) - if hasattr (obj,'filename'): - self.api.logger.debug("ConnectionKeyGIDMismatch, %s filename: %s"%(name,obj.filename)) + for (obj, name) in [(certificate, "CERT"), (gid, "GID"), ]: + logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s" % ( + name, obj.get_pubkey().get_pubkey_string())) + logger.debug( + "ConnectionKeyGIDMismatch, %s dump: %s" % (name, obj.dump_string())) + if hasattr(obj, 'filename'): + logger.debug( + "ConnectionKeyGIDMismatch, %s filename: %s" % (name, obj.filename)) raise ConnectionKeyGIDMismatch(gid.get_subject()) - - return manager.get_credential(self.api, xrn, type, is_self=True) + + return self.api.manager.GetCredential(self.api, xrn, type)