some methods seem to need this addition too but for now I'd rather not mix both issues
self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, xrn.get_hrn(), self.name))
# Find the valid credentials
- valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', xrn.get_hrn(), options=options)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'createsliver', xrn.get_hrn(), options=options)
the_credential = Credential(cred=valid_creds[0])
# use the expiration from the first valid credential to determine when
returns = Parameter(int, "1 if successful")
def call(self, xrns, creds, options):
- (speaking_for, _) = urn_to_hrn(options.get('geni_speaking_for'))
- valid_creds = self.api.auth.checkCredentials(creds, 'deletesliver', xrns,
- check_sliver_callback = self.api.driver.check_sliver_credentials,
- speaking_for_hrn=speaking_for)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'deletesliver', xrns,
+ check_sliver_callback = self.api.driver.check_sliver_credentials,
+ options=options)
#log the call
origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
options['geni_rspec_version'] = options['rspec_version']
else:
raise SfaInvalidArgument('Must specify an rspec version option. geni_rspec_version cannot be null')
- (speaking_for, _) = urn_to_hrn(options.get('geni_speaking_for'))
- valid_creds = self.api.auth.checkCredentials(creds, 'listnodes', urns, \
- check_sliver_callback = self.api.driver.check_sliver_credentials,
- speaking_for_hrn=speaking_for)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'listnodes', urns,
+ check_sliver_callback = self.api.driver.check_sliver_credentials,
+ options=options)
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
raise SfaInvalidArgument('Must specify an rspec version option. geni_rspec_version cannot be null')
# Find the valid credentials
- valid_creds = self.api.auth.checkCredentials(creds, 'listnodes', options=options)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'listnodes', options=options)
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
(speaking_for, _) = urn_to_hrn(options.get('geni_speaking_for'))
# Find the valid credentials
- valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', xrns,
- check_sliver_callback = self.api.driver.check_sliver_credentials,
- speaking_for_hrn=speaking_for)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'createsliver', xrns,
+ check_sliver_callback = self.api.driver.check_sliver_credentials,
+ options=options)
origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
result = self.api.manager.PerformOperationalAction(self.api, xrns, creds, action, options)
def call(self, xrns, creds, options):
self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, xrns, self.name))
- (speaking_for, _) = urn_to_hrn(options.get('geni_speaking_for'))
-
# Find the valid credentials
- valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', xrns,
- check_sliver_callback = self.api.driver.check_sliver_credentials,
- options=options)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'createsliver', xrns,
+ check_sliver_callback = self.api.driver.check_sliver_credentials,
+ options=options)
origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
result = self.api.manager.Provision(self.api, xrns, creds, options)
self.api.logger.info("interface: %s\ttarget-hrn: %s\tcaller-creds: %s\tmethod-name: %s"%(self.api.interface, urns, creds, self.name))
# Find the valid credentials
- valid_creds = self.api.auth.checkCredentials(creds, 'renewsliver', urns,
- check_sliver_callback = self.api.driver.check_sliver_credentials,
- options=options)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'renewsliver', urns,
+ check_sliver_callback = self.api.driver.check_sliver_credentials,
+ options=options)
# Validate that the time does not go beyond the credential's expiration time
requested_time = utcparse(expiration_time)
def call(self, xrn, creds):
valid_creds = self.api.auth.checkCredentials(creds, 'stopslice', xrn,
- check_sliver_callback = self.api.driver.check_sliver_credentials)
+ check_sliver_callback = self.api.driver.check_sliver_credentials)
#log the call
origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrn, self.name))
returns = Parameter(dict, "Status details")
def call(self, xrns, creds, options):
- valid_creds = self.api.auth.checkCredentials(creds, 'sliverstatus', xrns,
- check_sliver_callback = self.api.driver.check_sliver_credentials,
- options=options)
+ valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'sliverstatus', xrns,
+ check_sliver_callback = self.api.driver.check_sliver_credentials,
+ options=options)
self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, xrns, self.name))
return self.api.manager.Status(self.api, xrns, creds, options)
self.trusted_cert_list = TrustedRoots(self.config.get_trustedroots_dir()).get_list()
self.trusted_cert_file_list = TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
+ # this convenience methods extracts speaking_for_xrn from the passed options using 'geni_speaking_for'
+ def checkCredentialsSpeaksFor (self, *args, **kwds):
+ if 'options' not in kwds:
+ logger.error ("checkCredentialsSpeaksFor was not passed options=options")
+ return
+ # remove the options arg
+ options=kwds['options']; del kwds['options']
+ # compute the speaking_for_xrn arg and pass it to checkCredentials
+ if options is None: speaking_for_xrn=None
+ else: speaking_for_xrn=options.get('geni_speaking_for',None)
+ kwds['speaking_for_xrn']=speaking_for_xrn
+ return self.checkCredentials (*args, **kwds)
+
# do not use mutable as default argument
# http://docs.python-guide.org/en/latest/writing/gotchas/#mutable-default-arguments
def checkCredentials(self, creds, operation, xrns=None,
- check_sliver_callback=None, options=None):
+ check_sliver_callback=None,
+ speaking_for_xrn=None):
if xrns is None: xrns=[]
def log_invalid_cred(cred):
cred_obj=Credential(string=cred)
if not hrns: hrns = [None]
error=[None,None]
- # if speaks for gid matches caller cert then we've found a valid
- # speaks for credential
- speaks_for_gid = determine_speaks_for(logger, creds, self.peer_cert, \
- options, self.trusted_cert_list)
+ speaks_for_gid = determine_speaks_for(logger, creds, self.peer_cert,
+ speaking_for_xrn, self.trusted_cert_list)
if self.peer_cert and \
not self.peer_cert.is_pubkey(speaks_for_gid.get_pubkey()):
# trusted_roots is a list of Certificate objects from the system
# trusted_root directory
# Optionally, provide an XML schema against which to validate the credential
-def determine_speaks_for(logger, credentials, caller_gid, options,
- trusted_roots, schema=None):
- if options and 'geni_speaking_for' in options:
- speaking_for_urn = options['geni_speaking_for'].strip()
+def determine_speaks_for(logger, credentials, caller_gid, speaking_for_xrn, trusted_roots, schema=None):
+ if speaking_for_xrn:
+ speaking_for_urn = Xrn (speaking_for_xrn.strip()).get_urn()
for cred in credentials:
# Skip things that aren't ABAC credentials
if type(cred) == dict:
git://git.onelab.eu / sfa.git / commitdiff