X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=blobdiff_plain;f=sfa%2Fmethods%2FGetSelfCredential.py;h=a528cb14eed1f5ea0ba7f8eace033abbe0b9b068;hp=efad1804c1d8d364f676323022531888bb4c3686;hb=HEAD;hpb=2f1f135574b837d17507d69b901a72e1fcdcdce6 diff --git a/sfa/methods/GetSelfCredential.py b/sfa/methods/GetSelfCredential.py index efad1804..a528cb14 100644 --- a/sfa/methods/GetSelfCredential.py +++ b/sfa/methods/GetSelfCredential.py @@ -1,29 +1,31 @@ - from sfa.util.faults import RecordNotFound, ConnectionKeyGIDMismatch from sfa.util.xrn import urn_to_hrn from sfa.util.method import Method -from sfa.util.parameter import Parameter, Mixed -from sfa.util.record import SfaRecord +from sfa.util.sfalogging import logger + from sfa.trust.certificate import Certificate +from sfa.storage.parameter import Parameter, Mixed + + class GetSelfCredential(Method): """ Retrive a credential for an object - @param cert certificate string + @param cert certificate string @param type type of object (user | slice | sa | ma | node) @param hrn human readable name of object (hrn or urn) - @return the string representation of a credential object + @return the string representation of a credential object """ interfaces = ['registry'] - + accepts = [ Parameter(str, "certificate"), Parameter(str, "Human readable name (hrn or urn)"), Mixed(Parameter(str, "Record type"), Parameter(None, "Type not specified")), - ] + ] returns = Parameter(str, "String representation of a credential object") @@ -46,29 +48,44 @@ class GetSelfCredential(Method): if type: hrn = urn_to_hrn(xrn)[0] else: - hrn, type = urn_to_hrn(xrn) + hrn, type = urn_to_hrn(xrn) self.api.auth.verify_object_belongs_to_me(hrn) origin_hrn = Certificate(string=cert).get_subject() - self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) - - + logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s" % + (self.api.interface, origin_hrn, hrn, self.name)) + # authenticate the gid - records = self.api.manager.Resolve(self.api, xrn, type) + # import here so we can load this module at build-time for sfa2wsdl + #from sfa.storage.alchemy import dbsession + from sfa.storage.model import RegRecord + + # xxx-local - the current code runs Resolve, which would forward to + # another registry if needed + # I wonder if this is truly the intention, or shouldn't we instead + # only look in the local db ? + records = self.api.manager.Resolve(self.api, xrn, type, details=False) if not records: raise RecordNotFound(hrn) - record = SfaRecord(dict=records[0]) - gid = record.get_gid_object() + + record_obj = RegRecord(dict=records[0]) + # xxx-local the local-only version would read + #record_obj = dbsession.query(RegRecord).filter_by(hrn=hrn).first() + #if not record_obj: raise RecordNotFound(hrn) + gid = record_obj.get_gid_object() gid_str = gid.save_to_string(save_parents=True) self.api.auth.authenticateGid(gid_str, [cert, type, hrn]) # authenticate the certificate against the gid in the db certificate = Certificate(string=cert) if not certificate.is_pubkey(gid.get_pubkey()): - for (obj,name) in [ (certificate,"CERT"), (gid,"GID"), ]: - self.api.logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s"%(name,obj.get_pubkey().get_pubkey_string())) - self.api.logger.debug("ConnectionKeyGIDMismatch, %s dump: %s"%(name,obj.dump_string())) - if hasattr (obj,'filename'): - self.api.logger.debug("ConnectionKeyGIDMismatch, %s filename: %s"%(name,obj.filename)) + for (obj, name) in [(certificate, "CERT"), (gid, "GID"), ]: + logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s" % ( + name, obj.get_pubkey().get_pubkey_string())) + logger.debug( + "ConnectionKeyGIDMismatch, %s dump: %s" % (name, obj.dump_string())) + if hasattr(obj, 'filename'): + logger.debug( + "ConnectionKeyGIDMismatch, %s filename: %s" % (name, obj.filename)) raise ConnectionKeyGIDMismatch(gid.get_subject()) - - return self.api.manager.GetCredential(self.api, xrn, type, is_self=True) + + return self.api.manager.GetCredential(self.api, xrn, type)