git://git.onelab.eu / sfa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9384852)
request hash argument is optional for now
authorTony Mack <tmack@cs.princeton.edu>
Fri, 23 Oct 2009 15:28:03 +0000 (15:28 +0000)
committerTony Mack <tmack@cs.princeton.edu>
Fri, 23 Oct 2009 15:28:03 +0000 (15:28 +0000)
22 files changed:
sfa/methods/create_gid.py patch | blob | history
sfa/methods/create_slice.py patch | blob | history
sfa/methods/delete_slice.py patch | blob | history
sfa/methods/get_aggregates.py patch | blob | history
sfa/methods/get_credential.py patch | blob | history
sfa/methods/get_gid.py patch | blob | history
sfa/methods/get_registries.py patch | blob | history
sfa/methods/get_resources.py patch | blob | history
sfa/methods/get_self_credential.py patch | blob | history
sfa/methods/get_slices.py patch | blob | history
sfa/methods/get_ticket.py patch | blob | history
sfa/methods/list.py patch | blob | history
sfa/methods/register.py patch | blob | history
sfa/methods/register_peer_object.py patch | blob | history
sfa/methods/remove.py patch | blob | history
sfa/methods/remove_peer_object.py patch | blob | history
sfa/methods/reset_slices.py patch | blob | history
sfa/methods/resolve.py patch | blob | history
sfa/methods/start_slice.py patch | blob | history
sfa/methods/stop_slice.py patch | blob | history
sfa/methods/update.py patch | blob | history
sfa/trust/auth.py patch | blob | history

diff --git a/sfa/methods/create_gid.py b/sfa/methods/create_gid.py
index df2fa6d..6640410 100644 (file)
--- a/sfa/methods/create_gid.py
+++ b/sfa/methods/create_gid.py
@@ -32,13 +32,15 @@ class create_gid(Method):
         Mixed(Parameter(str, "Unique identifier for new GID (uuid)"),
               Parameter(None, "Unique identifier (uuid) not specified")),   
         Parameter(str, "public-key string"),
-        Parameter(str, "Request hash"),
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String represeneation of a GID object")
     
-    def call(self, cred, hrn, uuid, request_hash, pubkey_str):
-        self.api.auth.authenticateCred(cred, [cred, hrn, uuid], request_hash)
+    def call(self, cred, hrn, uuid, pubkey_str, request_hash=None):
+        # request hash is optional 
+        self.api.auth.authenticateCred(cred, [cred, hrn, uuid, pubkey_str], request_hash)
         self.api.auth.check(cred, "getcredential")
         self.api.auth.verify_object_belongs_to_me(hrn)
         self.api.auth.verify_object_permission(hrn)
diff --git a/sfa/methods/create_slice.py b/sfa/methods/create_slice.py
index 576ac0a..1a4e580 100644 (file)
--- a/sfa/methods/create_slice.py
+++ b/sfa/methods/create_slice.py
@@ -30,12 +30,13 @@ class create_slice(Method):
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name of slice to instantiate"),
         Parameter(str, "Resource specification"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, hrn, requested_rspec, request_hash, caller_cred=None):
+    def call(self, cred, hrn, requested_rspec, request_hash=None, caller_cred=None):
         if caller_cred==None:
             caller_cred=cred
         
diff --git a/sfa/methods/delete_slice.py b/sfa/methods/delete_slice.py
index 2591a6a..1601da1 100644 (file)
--- a/sfa/methods/delete_slice.py
+++ b/sfa/methods/delete_slice.py
@@ -24,12 +24,13 @@ class delete_slice(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name of slice to delete"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, hrn, request_hash, caller_cred=None):
+    def call(self, cred, hrn, request_hash=None, caller_cred=None):
        
         if caller_cred==None:
             caller_cred=cred
diff --git a/sfa/methods/get_aggregates.py b/sfa/methods/get_aggregates.py
index 57ef259..703bd5c 100644 (file)
--- a/sfa/methods/get_aggregates.py
+++ b/sfa/methods/get_aggregates.py
@@ -24,7 +24,8 @@ class get_aggregates(Method):
         
         Mixed(Parameter(str, "Human readable name (hrn)"),
               Parameter(None, "hrn not specified")),
-        Parameter(str, "Request hash")  
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = [Parameter(dict, "Aggregate interface information")]
diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py
index f127d47..347e63b 100644 (file)
--- a/sfa/methods/get_credential.py
+++ b/sfa/methods/get_credential.py
@@ -30,16 +30,16 @@ class get_credential(Method):
         Mixed(Parameter(str, "credential"),
               Parameter(None, "No credential")),  
         Parameter(str, "Human readable name (hrn)"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cred, type, hrn, request_hash):
+    def call(self, cred, type, hrn, request_hash=None):
         if not cred:
             return self.get_self_credential(type, hrn, request_hash)
 
-        # authenticate the cred
         self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
         self.api.auth.check(cred, 'getcredential')
         self.api.auth.verify_object_belongs_to_me(hrn)
diff --git a/sfa/methods/get_gid.py b/sfa/methods/get_gid.py
index bae5a74..5a25b02 100644 (file)
--- a/sfa/methods/get_gid.py
+++ b/sfa/methods/get_gid.py
@@ -26,13 +26,14 @@ class get_gid(Method):
     
     accepts = [
         Parameter(str, "Certificate string"),
-        Parameter(str, "Human readable name (hrn)"),  
-        Parameter(str, "Request hash")  
+        Parameter(str, "Human readable name (hrn)"), 
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified")) 
         ]
 
     returns = [Parameter(dict, "Aggregate interface information")]
     
-    def call(self, cert, hrn, type, requestHash):
+    def call(self, cert, hrn, type, request_hash=None):
       
         self.api.auth.verify_object_belongs_to_me(hrn)
         certificate = Certificate(string=cert) 
@@ -48,6 +49,6 @@ class get_gid(Method):
             raise ConnectionKeyGIDMismatch(gid.get_subject())
         
         # authenticate the gid
-        self.api.auth.authenticateGid(gidStr, [cert, hrn, type], requestHash)
+        self.api.auth.authenticateGid(gidStr, [cert, hrn, type], request_hash)
         
         return gidStr 
diff --git a/sfa/methods/get_registries.py b/sfa/methods/get_registries.py
index df65616..a6f864b 100644 (file)
--- a/sfa/methods/get_registries.py
+++ b/sfa/methods/get_registries.py
@@ -24,7 +24,8 @@ class get_registries(Method):
         
         Mixed(Parameter(str, "Human readable name (hrn)"),
               Parameter(None, "hrn not specified")),
-        Parameter(str, "Request hash")  
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = [Parameter(dict, "Registry interface information")]
@@ -46,4 +47,3 @@ class get_registries(Method):
             interfaces = [interface for interface in registries.interfaces if interface['hrn'] in hrn_list]
 
         return interfaces
-        return registries.interfaces
diff --git a/sfa/methods/get_resources.py b/sfa/methods/get_resources.py
index 7ded939..6ee7bb3 100644 (file)
--- a/sfa/methods/get_resources.py
+++ b/sfa/methods/get_resources.py
@@ -28,7 +28,8 @@ class get_resources(Method):
         Parameter(str, "Credential string"),
         Mixed(Parameter(str, "Human readable name (hrn)"),
               Parameter(None, "hrn not specified")),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String representatin of an rspec")
diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py
index bccee16..b584023 100644 (file)
--- a/sfa/methods/get_self_credential.py
+++ b/sfa/methods/get_self_credential.py
@@ -27,12 +27,13 @@ class get_self_credential(Method):
     accepts = [
         Parameter(str, "certificate"),
         Parameter(str, "Human readable name (hrn)"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cert, type, hrn, request_hash):
+    def call(self, cert, type, hrn, request_hash=None):
         """
         get_self_credential a degenerate version of get_credential used by a client
         to get his initial credential when de doesnt have one. This is the same as
@@ -72,9 +73,10 @@ class get_self_credential(Method):
             raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
        
         # authenticate the gid
-        gid = record.get_gid_object()
-        gid_str = gid.save_to_string(save_parents=True)
-        self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
+        if request_hash:
+            gid = record.get_gid_object()
+            gid_str = gid.save_to_string(save_parents=True)
+            self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
         
         # authenticate the certificate
         certificate = Certificate(string=cert)
diff --git a/sfa/methods/get_slices.py b/sfa/methods/get_slices.py
index aaf30f7..63c8d78 100644 (file)
--- a/sfa/methods/get_slices.py
+++ b/sfa/methods/get_slices.py
@@ -20,12 +20,14 @@ class get_slices(Method):
     
     accepts = [
         Parameter(str, "Credential string"),
-        Parameter(str, "Request hash")
+        Parameter(str, "Request hash"),
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = [Parameter(str, "Human readable slice name (hrn)")]
     
-    def call(self, cred, request_hash):
+    def call(self, cred, request_hash=None):
         self.api.auth.authenticateCred(cred, [cred], request_hash) 
         self.api.auth.check(cred, 'listslices')
         slices = Slices(self.api)
diff --git a/sfa/methods/get_ticket.py b/sfa/methods/get_ticket.py
index 7cea8d7..2bf0959 100644 (file)
--- a/sfa/methods/get_ticket.py
+++ b/sfa/methods/get_ticket.py
@@ -29,12 +29,15 @@ class get_ticket(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"),
-        Parameter(str, "Resource specification (rspec)")
+        Parameter(str, "Resource specification (rspec)"),
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String represeneation of a ticket object")
     
-    def call(self, cred, hrn, rspec):
+    def call(self, cred, hrn, rspec, request_hash=None):
+        self.api.auth.authenticateCred(cred, [cred, hrn, rspec], request_hash)
         self.api.auth.check(cred, "getticket")
         self.api.auth.verify_object_belongs_to_me(hrn)
         self.api.auth.verify_object_permission(name)
diff --git a/sfa/methods/list.py b/sfa/methods/list.py
index 75327f2..0a3a8fc 100644 (file)
--- a/sfa/methods/list.py
+++ b/sfa/methods/list.py
@@ -24,12 +24,13 @@ class list(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name (hrn)"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = [GeniRecord]
     
-    def call(self, cred, hrn, request_hash, caller_cred=None):
+    def call(self, cred, hrn, request_hash=None, caller_cred=None):
         self.api.auth.authenticateCred(cred, [cred, hrn], request_hash)
         self.api.auth.check(cred, 'list')
         if caller_cred==None:
diff --git a/sfa/methods/register.py b/sfa/methods/register.py
index 029db0a..bf4bac6 100644 (file)
--- a/sfa/methods/register.py
+++ b/sfa/methods/register.py
@@ -32,12 +32,13 @@ class register(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(dict, "Record dictionary containing record fields"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "String representation of gid object")
     
-    def call(self, cred, record_dict, request_hash, caller_cred=None):
+    def call(self, cred, record_dict, request_hash=None, caller_cred=None):
         # This cred will be an authority cred, not a user, so we cant use it to 
         # authenticate the caller's request_hash. Let just get the caller's gid
         # from the cred and authenticate using that 
diff --git a/sfa/methods/register_peer_object.py b/sfa/methods/register_peer_object.py
index 2268bc6..359e1bc 100644 (file)
--- a/sfa/methods/register_peer_object.py
+++ b/sfa/methods/register_peer_object.py
@@ -31,13 +31,14 @@ class register_peer_object(Method):
     
     accepts = [
         Parameter(str, "Credential string"),
-        Parameter(dict, "Record dictionary containing record fields")
-        Parameter(str, "Request hash")
+        Parameter(dict, "Record dictionary containing record fields"),
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, record_dict, request_hash, caller_cred=None):
+    def call(self, cred, record_dict, request_hash=None, caller_cred=None):
         self.api.auth.authenticateCred(cred, [cred], request_hash)
         self.api.auth.check(cred, "register")
         if caller_cred==None:
diff --git a/sfa/methods/remove.py b/sfa/methods/remove.py
index 0321bdb..fb8f820 100644 (file)
--- a/sfa/methods/remove.py
+++ b/sfa/methods/remove.py
@@ -29,12 +29,13 @@ class remove(Method):
         Parameter(str, "Credential string"),
         Parameter(str, "Record type"),
         Parameter(str, "Human readable name (hrn) of record to be removed"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, type, hrn, request_hash, caller_cred=None):
+    def call(self, cred, type, hrn, request_hash=None, caller_cred=None):
 
         if caller_cred==None:
             caller_cred=cred
diff --git a/sfa/methods/remove_peer_object.py b/sfa/methods/remove_peer_object.py
index b9b337f..51fb658 100644 (file)
--- a/sfa/methods/remove_peer_object.py
+++ b/sfa/methods/remove_peer_object.py
@@ -26,13 +26,14 @@ class remove_peer_object(Method):
     
     accepts = [
         Parameter(str, "Credential string"),
-        Parameter(dict, "Record dictionary")
-        Parameter(str, "Request hash"),
+        Parameter(dict, "Record dictionary"),
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, record, request_hash, caller_cred=None):
+    def call(self, cred, record, request_hash=None, caller_cred=None):
         if caller_cred==None:
             caller_cred=cred
         #log the call
diff --git a/sfa/methods/reset_slices.py b/sfa/methods/reset_slices.py
index 88d85fa..f389bb1 100644 (file)
--- a/sfa/methods/reset_slices.py
+++ b/sfa/methods/reset_slices.py
@@ -22,12 +22,13 @@ class reset_slices(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name of slice to instantiate"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, hrn, request_hash):
+    def call(self, cred, hrn, request_hash=None):
         # This cred will be an authority cred, not a user, so we cant use it to
         # authenticate the caller's request_hash. Let just get the caller's gid
         # from the cred and authenticate using that
diff --git a/sfa/methods/resolve.py b/sfa/methods/resolve.py
index acf6ec0..c1d8714 100644 (file)
--- a/sfa/methods/resolve.py
+++ b/sfa/methods/resolve.py
@@ -26,12 +26,13 @@ class resolve(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name (hrn)"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = [GeniRecord]
     
-    def call(self, cred, hrn, request_hash, caller_cred=None):
+    def call(self, cred, hrn, request_hash=None, caller_cred=None):
         
         self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) 
         self.api.auth.check(cred, 'resolve')
diff --git a/sfa/methods/start_slice.py b/sfa/methods/start_slice.py
index a34461a..78181b3 100644 (file)
--- a/sfa/methods/start_slice.py
+++ b/sfa/methods/start_slice.py
@@ -22,12 +22,13 @@ class start_slice(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name of slice to instantiate"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = [Parameter(int, "1 if successful")]
     
-    def call(self, cred, hrn, request_hash):
+    def call(self, cred, hrn, request_hash=None):
         # This cred will be an slice cred, not a user, so we cant use it to
         # authenticate the caller's request_hash. Let just get the caller's gid
         # from the cred and authenticate using that
diff --git a/sfa/methods/stop_slice.py b/sfa/methods/stop_slice.py
index ba2b78c..e4a1b18 100644 (file)
--- a/sfa/methods/stop_slice.py
+++ b/sfa/methods/stop_slice.py
@@ -22,12 +22,13 @@ class stop_slice(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Human readable name of slice to instantiate"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, hrn, request_hash):
+    def call(self, cred, hrn, request_hash=None):
         # This cred will be an slice cred, not a user, so we cant use it to
         # authenticate the caller's request_hash. Let just get the caller's gid
         # from the cred and authenticate using that
diff --git a/sfa/methods/update.py b/sfa/methods/update.py
index ddaaf18..4076e97 100644 (file)
--- a/sfa/methods/update.py
+++ b/sfa/methods/update.py
@@ -30,12 +30,13 @@ class update(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(dict, "Record dictionary to be updated"),
-        Parameter(str, "Request hash")
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, record_dict, request_hash, caller_cred=None):
+    def call(self, cred, record_dict, request_hash=None, caller_cred=None):
         if caller_cred==None:
                caller_cred=cred
 
diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index efbe659..f3609b3 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -101,16 +101,20 @@ class Auth:
             if object_gid:
                 object_gid.verify_chain(self.trusted_cert_list)
 
-    def authenticateGid(self, gidStr, argList, requestHash):
+    def authenticateGid(self, gidStr, argList, requestHash=None):
         gid = GID(string = gidStr)
         self.validateGid(gid)
-        self.verifyGidRequestHash(gid, requestHash, argList)
+        # request_hash is optional
+        if requestHash:
+            self.verifyGidRequestHash(gid, requestHash, argList)
         return gid
 
-    def authenticateCred(self, credStr, argList, requestHash):
+    def authenticateCred(self, credStr, argList, requestHash=None):
         cred = Credential(string = credStr)
         self.validateCred(cred)
-        self.verifyCredRequestHash(cred, requestHash, argList)
+        # request hash is optional
+        if requestHash:
+            self.verifyCredRequestHash(cred, requestHash, argList)
         return cred
 
     def authenticateCert(self, certStr, requestHash):
sfa