from sfa.plc.slices import Slices
import sfa.plc.peers as peers
-def delete_slice(api, hrn):
+def delete_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename})
if not slices:
api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
return 1
-def create_slice(api, hrn, rspec):
+def create_slice(api, xrn, rspec):
+ hrn, type = urn_to_hrn(xrn)
# XX just import the legacy module and excute that until
# we transition the code to this module
from sfa.plc.slices import Slices
slices = Slices(api)
slices.create_slice_aggregate(hrn, rspec)
-def get_ticket(api, slice_hrn, rspec, origin_hrn=None):
+def get_ticket(api, xrn, rspec, origin_hrn=None):
+ slice_hrn, type = urn_to_hrn(xrn)
# the the slice record
registries = Registries(api)
registry = registries[api.hrn]
credential = api.getCredential()
- records = registry.resolve(credential, slice_hrn)
+ records = registry.resolve(credential, xrn)
# make sure we get a local slice record
record = None
return new_ticket.save_to_string(save_parents=True)
-def start_slice(api, hrn):
+def start_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
return 1
-def stop_slice(api, hrn):
+def stop_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
api.plshell.UpdateSliceTag(api.plauth, attribute_id, "0")
return 1
-def reset_slice(api, hrn):
+def reset_slice(api, xrn):
# XX not implemented at this interface
return 1
from sfa.plc.slices import Slices
slices = Slices(api)
slices.refresh()
- return slices['hrn']
+ return [hrn_to_urn(slice_hrn, 'slice') for slice_hrn in slices['hrn']]
-def get_rspec(api, hrn=None, origin_hrn=None):
+def get_rspec(api, xrn=None, origin_hrn=None):
from sfa.plc.nodes import Nodes
nodes = Nodes(api, origin_hrn=origin_hrn)
if hrn:
- rspec = nodes.get_rspec(hrn)
+ rspec = nodes.get_rspec(xrn)
else:
nodes.refresh()
rspec = nodes['rspec']
to refer to "contexts", which is the information that sfatables is requesting. But for now, we just
return the basic information needed in a dict.
"""
-def fetch_context(slice_hrn, user_hrn, contexts):
+def fetch_context(slice_xrn, user_xrn, contexts):
+ slice_hrn = urn_to_hrn(slice_xrn)[0]
+ user_hrn = urn_to_hrn(user_xrn)[0]
base_context = {'sfa':{'user':{'hrn':user_hrn}}}
return base_context
-def start_slice(api, slicename):
+def start_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
+ slicename = hrn_to_pl_slicename(hrn)
api.nodemanger.Start(slicename)
-def stop_slice(api, slicename):
+def stop_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
+ slicename = hrn_to_pl_slicename(hrn)
api.nodemanager.Stop(slicename)
-def delete_slice(api, slicename):
+def delete_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
+ slicename = hrn_to_pl_slicename(hrn)
api.nodemanager.Destroy(slicename)
-def reset_slice(api, slicename):
+def reset_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
+ slicename = hrn_to_pl_slicename(hrn)
if not api.sliver_exists(slicename):
raise SliverDoesNotExist(slicename)
api.nodemanager.ReCreate(slicename)
from sfa.trust.certificate import *
from sfa.util.faults import *
-def get_credential(api, hrn, type, is_self=False):
+def get_credential(api, xrn, type, is_self=False):
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
return new_cred.save_to_string(save_parents=True)
-def resolve(api, hrns, type=None, origin_hrn=None):
+def resolve(api, xrns, type=None, origin_hrn=None):
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
if not isinstance(hrns, types.ListType):
- hrns = [hrns]
+ xrns = [xrns]
# create a dict whre key is an registry hrn and its value is a
# hrns at that registry (determined by the known prefix tree).
- hrn_dict = {}
+ xrn_dict = {}
registries = Registries(api)
tree = prefixTree()
registry_hrns = registries.keys()
tree.load(registry_hrns)
- for hrn in hrns:
- registry_hrn = tree.best_match(hrn)
+ for xrn in xrns:
+ registry_hrn = tree.best_match(urn_to_hrn(xrn)[0])
if registry_hrn not in hrn_dict:
- hrn_dict[registry_hrn] = []
- hrn_dict[registry_hrn].append(hrn)
+ xrn_dict[registry_hrn] = []
+ xrn_dict[registry_hrn].append(xrn)
records = []
- for registry_hrn in hrn_dict:
+ for registry_hrn in xrn_dict:
# skip the hrn without a registry hrn
# XX should we let the user know the authority is unknown?
if not registry_hrn:
# if the best match (longest matching hrn) is not the local registry,
# forward the request
- hrns = hrn_dict[registry_hrn]
+ xrns = xrn_dict[registry_hrn]
if registry_hrn != api.hrn:
credential = api.getCredential()
- peer_records = registries[registry_hrn].resolve(credential, hrn, origin_hrn)
+ peer_records = registries[registry_hrn].resolve(credential, xrns, origin_hrn)
records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
# try resolving the remaining unfound records at the local registry
return records
-def list(api, hrn):
+def list(api, xrn):
+ hrn, type = hrn_to_urn(xrn)
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
records = []
registries = Registries(api)
- hrns = registries.keys()
+ registry_hrns = registries.keys()
tree = prefixTree()
- tree.load(hrns)
+ tree.load(registry_hrns)
registry_hrn = tree.best_match(hrn)
#if there was no match then this record belongs to an unknow registry
if not registry_hrn:
- raise MissingAuthority(hrn)
+ raise MissingAuthority(xrn)
# if the best match (longest matching hrn) is not the local registry,
# forward the request
records = []
if registry_hrn != api.hrn:
credential = api.getCredential()
- record_list = registries[registry_hrn].list(credential, hrn, origin_hrn)
+ record_list = registries[registry_hrn].list(credential, xrn, origin_hrn)
records = [SfaRecord(dict=record).as_dict() for record in record_list]
# if we still havnt found the record yet, try the local registry
return 1
-def remove(api, hrn, type, origin_hrn=None):
+def remove(api, xrn, type, origin_hrn=None):
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
+
table = SfaTable()
filter = {'hrn': hrn}
if type not in ['all', '*']:
from sfa.server.aggregate import Aggregates
import sfa.plc.peers as peers
-def delete_slice(api, hrn, origin_hrn=None):
+def delete_slice(api, xrn, origin_hrn=None):
credential = api.getCredential()
aggregates = Aggregates(api)
for aggregate in aggregates:
success = False
# request hash is optional so lets try the call without it
try:
- aggregates[aggregate].delete_slice(credential, hrn, origin_hrn)
+ aggregates[aggregate].delete_slice(credential, xrn, origin_hrn)
success = True
except:
print >> log, "%s" % (traceback.format_exc())
print >> log, "Error calling delete slice at aggregate %s" % aggregate
return 1
-def create_slice(api, hrn, rspec, origin_hrn=None):
+def create_slice(api, xrn, rspec, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
spec = RSpec()
tempspec = RSpec()
spec.parseString(rspec)
#print "aggregates:", aggregates.keys()
# send each rspec to the appropriate aggregate/sm
for net_hrn in rspecs:
+ net_urn = hrn_to_urn(net_hrn, 'authority')
try:
# if we are directly connected to the aggregate then we can just
# send them the rspec. if not, then we may be connected to an sm
if net_hrn in aggregates:
# send the whloe rspec to the local aggregate
if net_hrn in [api.hrn]:
- aggregates[net_hrn].create_slice(credential, hrn, rspec, \
+ aggregates[net_hrn].create_slice(credential, xrn, rspec, \
origin_hrn)
else:
- aggregates[net_hrn].create_slice(credential, hrn, \
+ aggregates[net_hrn].create_slice(credential, xrn, \
rspecs[net_hrn], origin_hrn)
else:
# lets forward this rspec to a sm that knows about the network
for aggregate in aggregates:
network_found = aggregates[aggregate].get_aggregates(credential, net_hrn)
if network_found:
- aggregates[aggregate].create_slice(credential, hrn, \
+ aggregates[aggregate].create_slice(credential, xrn, \
rspecs[net_hrn], origin_hrn)
except:
traceback.print_exc()
return 1
-def get_ticket(api, slice_hrn, rspec, origin_hrn=None):
-
+def get_ticket(api, xrn, rspec, origin_hrn=None):
+ slice_hrn, type = urn_to_hrn(xrn)
# get the netspecs contained within the clients rspec
client_rspec = RSpec(xml=rspec)
netspecs = client_rspec.getDictsByTagName('NetSpec')
aggregates = Aggregates(api)
credential = api.getCredential()
tickets = {}
- for net_hrn in rspecs:
+ for net_hrn in rspecs:
+ net_urn = urn_to_hrn(net_hrn, 'authority')
try:
# if we are directly connected to the aggregate then we can just
# send them the request. if not, then we may be connected to an sm
# thats connected to the aggregate
if net_hrn in aggregates:
- ticket = aggregates[net_hrn].get_ticket(credential, slice_hrn, \
+ ticket = aggregates[net_hrn].get_ticket(credential, xrn, \
rspecs[net_hrn], origin_hrn)
tickets[net_hrn] = ticket
else:
# lets forward this rspec to a sm that knows about the network
for agg in aggregates:
- network_found = aggregates[agg].get_aggregates(credential, net_hrn)
+ network_found = aggregates[agg].get_aggregates(credential, )net_urn
if network_found:
ticket = aggregates[aggregate].get_ticket(credential, \
slice_hrn, rspecs[net_hrn], origin_hrn)
new_ticket.sign()
return new_ticket.save_to_string(save_parents=True)
-def start_slice(api, hrn):
+def start_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
return 1
-def stop_slice(api, hrn):
+def stop_slice(api, xrn):
+ hrn, type = urn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
api.plshell.UpdateSliceTag(api.plauth, attribute_id, "0")
return 1
-def reset_slice(api, hrn):
+def reset_slice(api, xrn):
# XX not implemented at this interface
return 1
from sfa.plc.slices import Slices
slices = Slices(api)
slices.refresh()
- return slices['hrn']
+ return [hrn_to_urn(slice_hrn, 'slice') for slice_hrn in slices['hrn']]
-def get_rspec(api, hrn=None, origin_hrn=None):
+def get_rspec(api, xrn=None, origin_hrn=None):
+
from sfa.plc.nodes import Nodes
nodes = Nodes(api, origin_hrn=origin_hrn)
if hrn:
- rspec = nodes.get_rspec(hrn)
+ rspec = nodes.get_rspec(xrn)
else:
nodes.refresh()
rspec = nodes['rspec']
return the basic information needed in a dict.
"""
def fetch_context(slice_hrn, user_hrn, contexts):
+ slice_hrn = urn_to_hrn(slice_xrn)[0]
+ user_hrn = urn_to_hrn(user_xrn)[0]
base_context = {'sfa':{'user':{'hrn':user_hrn}}}
return base_context
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name (hrn) or (urn)"),
+ Parameter(str, "Human readable name (hrn or urn)"),
Mixed(Parameter(str, "Unique identifier for new GID (uuid)"),
Parameter(None, "Unique identifier (uuid) not specified")),
Parameter(str, "public-key string")
returns = Parameter(str, "String represeneation of a GID object")
- def call(self, cred, hrn_or_urn, uuid, pubkey_str):
+ def call(self, cred, xrn, uuid, pubkey_str):
# convert urn to hrn
- hrn, type = hrn_to_urn(hrn_or_urn)
+ hrn, type = hrn_to_urn(xrn)
# validate the credential
self.api.auth.check(cred, "getcredential")
pkey = Keypair()
pkey.load_pubkey_from_string(pubkey_str)
- gid = self.api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid = self.api.auth.hierarchy.create_gid(xrn, uuid, pkey)
return gid.save_to_string(save_parents=True)
### $URL$
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
Instantiate the specified slice according to whats defined in the specified rspec
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param hrn human readable name of slice to instantiate (hrn or xrn)
@param rspec resource specification
@return 1 is successful, faults otherwise
"""
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (hrn or xrn)"),
Parameter(str, "Resource specification"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, requested_rspec, origin_hrn=None):
+ def call(self, cred, xrn, requested_rspec, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
user_cred = Credential(string=cred)
-
#log the call
if not origin_hrn:
origin_hrn = user_cred.get_gid_caller().get_hrn()
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.create_slice(self.api, hrn, rspec)
+ manager.create_slice(self.api, xrn, rspec)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.create_slice(self.api, hrn, rspec, origin_hrn)
+ manager.create_slice(self.api, xrn, rspec, origin_hrn)
return 1
### $URL$
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
Remove the slice from all nodes.
@param cred credential string specifying the rights of the caller
- @param hrn human readable name specifying the slice to delete
+ @param xrn human readable name specifying the slice to delete (hrn or urn)
@return 1 if successful, faults otherwise
"""
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to delete"),
+ Parameter(str, "Human readable name of slice to delete (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.delete_slice(self.api, hrn)
+ manager.delete_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.delete_slice(self.api, hrn)
+ manager.delete_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.delete_slice(self.api, hrn, origin_hrn)
+ manager.delete_slice(self.api, xrn, origin_hrn)
return 1
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_aggregates.py $
from types import StringTypes
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
Get a list of connection information for all known aggregates.
@param cred credential string specifying the rights of the caller
- @param a Human readable name (hrn), or list of hrns or None
+ @param a Human readable name (hrn or urn), or list of hrns or None
@return list of dictionaries with aggregate information.
"""
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (hrn or urn)"),
Parameter(None, "hrn not specified"))
]
returns = [Parameter(dict, "Aggregate interface information")]
- def call(self, cred, hrn = None):
+ def call(self, cred, xrn = None):
+ hrn, type = urn_to_hrn(xrn)
self.api.auth.check(cred, 'list')
aggregates = Aggregates(self.api)
hrn_list = []
from sfa.trust.credential import *
from sfa.trust.rights import *
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.debug import log
@param cred credential object specifying rights of the caller
@param type type of object (user | slice | sa | ma | node)
- @param hrn human readable name of object
+ @param hrn human readable name of object (hrn or urn)
@return the string representation of a credential object
"""
accepts = [
Mixed(Parameter(str, "credential"),
Parameter(None, "No credential")),
- Parameter(str, "Human readable name (hrn)")
+ Parameter(str, "Human readable name (hrn or urn)")
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cred, type, hrn):
+ def call(self, cred, type, xrn):
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
self.api.auth.check(cred, 'getcredential')
self.api.auth.verify_object_belongs_to_me(hrn)
mgr_type = self.api.config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- return manager.get_credential(self.api, hrn, type)
+ return manager.get_credential(self.api, xrn, type)
# raise ConnectionKeyGIDMismatch(gid.get_subject())
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
Returns the client's gid if one exists
@param cert certificate string
+ @param xrn human readable name (hrn or urn)
+ @param type object type
@return client gid
"""
accepts = [
Parameter(str, "Certificate string"),
- Parameter(str, "Human readable name (hrn)"),
+ Parameter(str, "Human readable name (hrn or urn)"),
Parameter(str, "Object type")
]
returns = Parameter(str, "GID string")
- def call(self, cert, hrn, type):
-
+ def call(self, cert, xrn, type):
+
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
+
self.api.auth.verify_object_belongs_to_me(hrn)
# resolve the record
mgr_type = self.api.config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- records = manager.resolve(self.api, hrn, type, origin_hrn=hrn)
+ records = manager.resolve(self.api, xrn, type, origin_hrn=hrn)
if not records:
raise RecordNotFound(hrn)
record = records[0]
accepts = [
Parameter(str, "Certificate string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
- Parameter(type([str]), "List of Human readable names (hrn)"))
+ Mixed(Parameter(str, "Human readable name (hrn or xrn)"),
+ Parameter(type([str]), "List of Human readable names (hrn or xrn)"))
]
returns = [Parameter(dict, "Dictionary of gids keyed on hrn")]
- def call(self, cred, hrns):
+ def call(self, cred, xrns):
# validate the credential
self.api.auth.check(cred, 'getgids')
user_cred = Credential(string=cred)
mgr_type = self.api.config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- records = manager.resolve(self.api, hrns, None, origin_hrn=origin_hrn)
+ records = manager.resolve(self.api, xrns, None, origin_hrn=origin_hrn)
if not records:
raise RecordNotFound(hrns)
# generate a new keypair and gid
uuid = create_uuid()
pkey = Keypair(create=True)
- gid_object = self.api.auth.hierarchy.create_gid(record['hrn'], uuid, pkey)
+ urn = hrn_to_urn(record['hrn'], record['type'])
+ gid_object = self.api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_registries.py $
from types import StringTypes
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
Get a list of connection information for all known registries.
@param cred credential string specifying the rights of the caller
- @param a Human readable name (hrn), or list of hrns or None
+ @param a Human readable name (hrn or urn), or list of names or None
@return list of dictionaries with aggregate information.
"""
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (hrn or urn)"),
Parameter(None, "hrn not specified"))
]
returns = [Parameter(dict, "Registry interface information")]
- def call(self, cred, hrn = None):
+ def call(self, cred, xrn = None):
+ hrn, type = urn_to_hrn(xrn)
self.api.auth.check(cred, 'list')
registries = Registries(self.api)
hrn_list = []
### $URL$
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (hrn or urn)"),
Parameter(None, "hrn not specified")),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
returns = Parameter(str, "String representatin of an rspec")
- def call(self, cred, hrn=None, origin_hrn=None):
+ def call(self, cred, xrn=None, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- rspec = manager.get_rspec(self.api, hrn, origin_hrn)
+ rspec = manager.get_rspec(self.api, xrn, origin_hrn)
outgoing_rules = SFATablesRules('OUTGOING')
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- rspec = manager.get_rspec(self.api, hrn, origin_hrn)
+ rspec = manager.get_rspec(self.api, xrn, origin_hrn)
outgoing_rules = SFATablesRules('FORWARD-OUTGOING')
filtered_rspec = rspec
from sfa.trust.credential import *
from sfa.trust.rights import *
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
Retrive a credential for an object
@param cert certificate string
@param type type of object (user | slice | sa | ma | node)
- @param hrn human readable name of object
+ @param hrn human readable name of object (hrn or urn)
@return the string representation of a credential object
"""
accepts = [
Parameter(str, "certificate"),
- Parameter(str, "Human readable name (hrn)"),
+ Parameter(str, "Human readable name (hrn or urn)"),
Mixed(Parameter(str, "Request hash"),
Parameter(None, "Request hash not specified"))
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cert, type, hrn, request_hash=None):
+ def call(self, cert, type, xrn, request_hash=None):
"""
get_self_credential a degenerate version of get_credential used by a client
to get his initial credential when de doesnt have one. This is the same as
@param hrn human readable name of authority to list
@return string representation of a credential object
"""
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
self.api.auth.verify_object_belongs_to_me(hrn)
# send the call to the right manager
manager = __import__(manager_module, fromlist=[manager_base])
# authenticate the gid
- records = manager.resolve(self.api, hrn, type)
+ records = manager.resolve(self.api, xrn, type)
if not records:
raise RecordNotFound(hrn)
record = SfaRecord(dict=records[0])
if not certificate.is_pubkey(gid.get_pubkey()):
raise ConnectionKeyGIDMismatch(gid.get_subject())
- return manager.get_credential(self.api, hrn, type, is_self=True)
+ return manager.get_credential(self.api, xrn, type, is_self=True)
### $URL$
import time
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
initscripts.
@param cred credential string
- @param name name of the slice to retrieve a ticket for
+ @param name name of the slice to retrieve a ticket for (hrn or urn)
@param rspec resource specification dictionary
@return the string representation of a ticket object
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"),
+ Parameter(str, "Human readable name of slice to retrive a ticket for (hrn or urn)"),
Parameter(str, "Resource specification (rspec)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
returns = Parameter(str, "String represeneation of a ticket object")
- def call(self, cred, hrn, rspec, origin_hrn=None):
+ def call(self, cred, xrn, rspec, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
rspec_object = RSpec(xml=rspec)
rspec_object.filter(tagname='NodeSpec', attribute='name', whitelist=valid_hostnames)
rspec = rspec_object.toxml()
- ticket = manager.get_ticket(self.api, hrn, rspec, origin_hrn)
+ ticket = manager.get_ticket(self.api, xrn, rspec, origin_hrn)
return ticket
### $URL$
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
List the records in an authority.
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of authority to list
+ @param hrn human readable name of authority to list (hrn or urn)
@return list of record dictionaries
"""
interfaces = ['registry']
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name (hrn)"),
+ Parameter(str, "Human readable name (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = [SfaRecord]
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
if not origin_hrn:
mgr_type = self.api.config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- return manager.list(self.api, hrn)
+ return manager.list(self.api, xrn)
### $URL$
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.debug import log
@param cred credential string
@param type record type
- @param hrn human readable name of record to remove
+ @param xrn human readable name of record to remove (hrn or urn)
@return 1 if successful, faults otherwise
"""
accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Record type"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, type, hrn, origin_hrn=None):
+ def call(self, cred, type, xrn, origin_hrn=None):
user_cred = Credential(string=cred)
-
+
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
+
#log the call
if not origin_hrn:
origin_hrn = user_cred.get_gid_caller().get_hrn()
mgr_type = self.api.config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- return manager.remove(self.api, hrn, type, origin_hrn)
+ return manager.remove(self.api, xrn, type, origin_hrn)
hrn, type = record['hrn'], record['type']
records = table.find({'hrn': hrn, 'type': type })
for record in records:
- if record['peer_authority']:
- self.remove_plc_record(record)
- table.remove(record)
+ if record['peer_authority']:
+ self.remove_plc_record(record)
+ table.remove(record)
return 1
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/reset_slices.py $
from sfa.util.faults import *
+from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
Reset the specified slice
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param xrn human readable name of slice to instantiate (hrn or urn)
@return 1 is successful, faults otherwise
"""
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
self.api.auth.check(cred, 'resetslice')
# send the call to the right manager
manager_base = 'sfa.managers'
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.reset_slice(self.api, hrn)
+ manager.reset_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.reset_slice(self.api, hrn)
+ manager.reset_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.reset_slice(self.api, hrn)
+ manager.reset_slice(self.api, xrn)
return 1
Resolve a record.
@param cred credential string authorizing the caller
- @param hrn human readable name to resolve
+ @param hrn human readable name to resolve (hrn or urn)
@return a list of record dictionaries or empty list
"""
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (hrn or urn)"),
Parameter(list, "List of Human readable names ([hrn])"))
]
returns = [SfaRecord]
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
user_cred = Credential(string=cred)
#log the call
mgr_type = self.api.config.SFA_REGISTRY_TYPE
manager_module = manager_base + ".registry_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- return manager.resolve(self.api, hrn, origin_hrn=origin_hrn)
+ return manager.resolve(self.api, xrn, origin_hrn=origin_hrn)
Start the specified slice
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param hrn human readable name of slice to instantiate (urn or hrn)
@return 1 is successful, faults otherwise
"""
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (urn or hrn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = [Parameter(int, "1 if successful")]
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
user_cred = Credential(string=cred)
#log the call
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.start_slice(self.api, hrn)
+ manager.start_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.start_slice(self.api, hrn)
+ manager.start_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.start_slice(self.api, hrn)
+ manager.start_slice(self.api, xrn)
return 1
Stop the specified slice
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param xrn human readable name of slice to instantiate (hrn or urn)
@return 1 is successful, faults otherwise
"""
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.stop_slice(self.api, hrn)
+ manager.stop_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.stop_slice(self.api, hrn)
+ manager.stop_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.stop_slice(self.api, hrn)
+ manager.stop_slice(self.api, xrn)
return 1
self.update(node_details)
self.write()
- def get_remote_resources(self, hrn = None):
+ def get_rspec_smgr(self, xrn = None):
+ hrn, type = urn_to_hrn(xrn)
# convert and threshold to ints
if self.has_key('timestamp') and self['timestamp']:
hr_timestamp = self['timestamp']
if aggregate not in [self.api.auth.client_cred.get_gid_caller().get_hrn()]:
try:
# get the rspec from the aggregate
- agg_rspec = aggregates[aggregate].get_resources(credential, hrn, origin_hrn)
+ agg_rspec = aggregates[aggregate].get_resources(credential, xrn, origin_hrn)
# extract the netspec from each aggregates rspec
rspec.parseString(agg_rspec)
networks.extend([{'NetSpec': rspec.getDictsByTagName('NetSpec')}])
resourceDict = {'RSpec': resources}
# convert rspec dict to xml
rspec.parseDict(resourceDict)
- return rspec
+ return rspec.toxml()
def refresh_nodes_smgr(self):
self.update(nodedict)
self.write()
- def get_rspec(self, hrn = None):
+ def get_rspec(self, xrn = None):
if self.api.interface in ['slicemgr']:
- return self.get_rspec_smgr(hrn)
+ return self.get_rspec_smgr(xrn)
elif self.api.interface in ['aggregate']:
- return self.get_rspec_aggregate(hrn)
+ return self.get_rspec_aggregate(xrn)
- def get_rspec_smgr(self, hrn = None):
-
- rspec = self.get_remote_resources(hrn)
- return rspec.toxml()
-
- def get_rspec_aggregate(self, hrn = None):
+ def get_rspec_aggregate(self, xrn = None):
"""
Get resource information from PLC
"""
-
+ hrn, type = urn_to_hrn(xrn)
slicename = None
# Get the required nodes
if not hrn:
sfaImporter.create_top_level_auth_records(level1_auth)
import_auth = level1_auth
- trace("Import: adding" + import_auth + "to trusted list", logger)
+ trace("Import: adding " + import_auth + " to trusted list", logger)
authority = AuthHierarchy.get_auth_info(import_auth)
TrustedRoots.add_gid(authority.get_gid_object())
self.load()
self.origin_hrn = origin_hrn
- def get_slivers(self, hrn, node=None):
+ def get_slivers(self, xrn, node=None):
+ hrn, type = urn_to_hrn(xrn)
slice_name = hrn_to_pl_slicename(hrn)
# XX Should we just call PLCAPI.GetSliceTicket(slice_name) instead
return slivers
- def get_peer(self, hrn):
+ def get_peer(self, xrn):
+ hrn, type = urn_to_hrn(xrn)
# Becaues of myplc federation, we first need to determine if this
# slice belongs to out local plc or a myplc peer. We will assume it
# is a local site, unless we find out otherwise
return peer
- def get_sfa_peer(self, hrn):
+ def get_sfa_peer(self, xrn):
+ hrn, type = urn_to_hrn(xrn)
+
# return the authority for this hrn or None if we are the authority
sfa_peer = None
slice_authority = get_authority(hrn)
def verify_site(self, registry, credential, slice_hrn, peer, sfa_peer):
authority = get_authority(slice_hrn)
- site_records = registry.resolve(credential, authority)
+ authority_urn = hrn_to_urn(authority, 'authority')
+ site_records = registry.resolve(credential, authority_urn)
site = {}
for site_record in site_records:
except: pass
- def create_slice_aggregate(self, hrn, rspec):
-
+ def create_slice_aggregate(self, xrn, rspec):
+ hrn, type = urn_to_hrn(xrn)
# Determine if this is a peer slice
peer = self.get_peer(hrn)
sfa_peer = self.get_sfa_peer(hrn)
import uuid
from sfa.trust.certificate import Certificate
-
+from sfa.util.namespace import *
##
# Create a new uuid. Returns the UUID as a string.
# HRN is a human readable name. It is a dotted form similar to a backward domain
# name. For example, planetlab.us.arizona.bakers.
#
+# URN is a human readable identifier of form:
+# "urn:publicid:IDN+toplevelauthority[:sub-auth.]*[\res. type]\ +object name"
+# For example, urn:publicid:IDN+planetlab:us:arizona+user+bakers
+#
# PUBLIC_KEY is the public key of the principal identified by the UUID/HRN.
# It is a Keypair object as defined in the cert.py module.
#
class GID(Certificate):
uuid = None
hrn = None
+ urn = None
##
# Create a new GID object
# @param string If string!=None, load the GID from a string
# @param filename If filename!=None, load the GID from a file
- def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None):
+ def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None, urn=None):
+
Certificate.__init__(self, create, subject, string, filename)
if uuid:
self.uuid = uuid
if hrn:
self.hrn = hrn
+ if urn:
+ self.urn = urn
+ self.hrn, type = urn_to_hrn(urn)
def set_uuid(self, uuid):
self.uuid = uuid
self.decode()
return self.hrn
+ def set_urn(self, urn):
+ self.urn = urn
+ self.hrn, type = urn_to_hrn(urn)
+
+ def get_urn(self):
+ if not self.urn:
+ self.decode()
+ return self.urn
+
##
# Encode the GID fields and package them into the subject-alt-name field
# of the X509 certificate. This must be called prior to signing the
def encode(self):
dict = {"uuid": self.uuid,
- "hrn": self.hrn}
+ "hrn": self.hrn,
+ "urn": self.urn}
str = xmlrpclib.dumps((dict,))
self.set_data(str)
self.uuid = dict.get("uuid", None)
self.hrn = dict.get("hrn", None)
+ self.urn = dict.get("urn", None)
##
# Dump the credential to stdout.
def dump(self, indent=0, dump_parents=False):
print " "*indent, " hrn:", self.get_hrn()
+ print " "*indent, " urn:", self.get_urn()
print " "*indent, "uuid:", self.get_uuid()
if self.parent and dump_parents:
##
# Initialize and authority object.
#
- # @param hrn the human readable name of the authority
+ # @param xrn the human readable name of the authority (urn will be converted to hrn)
# @param gid_filename the filename containing the GID
# @param privkey_filename the filename containing the private key
# @param dbinfo_filename the filename containing the database info
- def __init__(self, hrn, gid_filename, privkey_filename, dbinfo_filename):
+ def __init__(self, xrn, gid_filename, privkey_filename, dbinfo_filename):
+ hrn, type = urn_to_hrn(xrn)
self.hrn = hrn
self.set_gid_filename(gid_filename)
self.privkey_filename = privkey_filename
# Given a hrn, return the filenames of the GID, private key, and dbinfo
# files.
#
- # @param hrn the human readable name of the authority
+ # @param xrn the human readable name of the authority (urn will be convertd to hrn)
- def get_auth_filenames(self, hrn):
+ def get_auth_filenames(self, xrn):
+ hrn, type = urn_to_hrn(xrn)
leaf = get_leaf(hrn)
parent_hrn = get_authority(hrn)
directory = os.path.join(self.basedir, hrn.replace(".", "/"))
#
# @param the human readable name of the authority to check
- def auth_exists(self, hrn):
+ def auth_exists(self, xrn):
+ hrn, type = urn_to_hrn(xrn)
(directory, gid_filename, privkey_filename, dbinfo_filename) = \
self.get_auth_filenames(hrn)
# Create an authority. A private key for the authority and the associated
# GID are created and signed by the parent authority.
#
- # @param hrn the human readable name of the authority to create
+ # @param xrn the human readable name of the authority to create (urn will be converted to hrn)
# @param create_parents if true, also create the parents if they do not exist
- def create_auth(self, hrn, create_parents=False):
+ def create_auth(self, xrn, create_parents=False):
+ hrn, type = urn_to_hrn(xrn)
trace("Hierarchy: creating authority: " + hrn)
# create the parent authority if necessary
# does not exist, then an exception is thrown. As a side effect, disk files
# and a subdirectory may be created to store the authority.
#
- # @param hrn the human readable name of the authority to create.
+ # @param xrn the human readable name of the authority to create (urn will be converted to hrn).
- def get_auth_info(self, hrn):
+ def get_auth_info(self, xrn):
+
#trace("Hierarchy: getting authority: " + hrn)
-
+ hrn, type = urn_to_hrn(xrn)
if not self.auth_exists(hrn):
raise MissingAuthority(hrn)
# @param uuid the unique identifier to store in the GID
# @param pkey the public key to store in the GID
- def create_gid(self, hrn, uuid, pkey):
- gid = GID(subject=hrn, uuid=uuid, hrn=hrn)
+ def create_gid(self, xrn, uuid, pkey):
+ hrn, type = urn_to_hrn(xrn)
+ # Using hrn_to_urn() here to make sure the urn is in the right format
+ # If xrn was a hrn instead of a urn, then the gid's urn will be
+ # of type None
+ urn = hrn_to_urn(hrn, type)
+ gid = GID(subject=hrn, uuid=uuid, hrn=hrn, urn=urn)
parent_hrn = get_authority(hrn)
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# @param uuid if !=None, change the uuid
# @param pubkey if !=None, change the public key
- def refresh_gid(self, gid, hrn=None, uuid=None, pubkey=None):
+ def refresh_gid(self, gid, xrn=None, uuid=None, pubkey=None):
# TODO: compute expiration time of GID, refresh it if necessary
gid_is_expired = False
# update the gid if we need to
- if gid_is_expired or hrn or uuid or pubkey:
- if not hrn:
- hrn = gid.get_hrn()
+ if gid_is_expired or xrn or uuid or pubkey:
+
+ if not xrn:
+ xrn = gid.get_urn()
if not uuid:
uuid = gid.get_uuid()
if not pubkey:
pubkey = gid.get_pubkey()
- gid = self.create_gid(hrn, uuid, pubkey)
+ gid = self.create_gid(xrn, uuid, pubkey)
return gid
# credential will contain the authority privilege and will be signed by
# the authority's parent.
#
- # @param hrn the human readable name of the authority
+ # @param hrn the human readable name of the authority (urn is converted to hrn)
# @param authority type of credential to return (authority | sa | ma)
- def get_auth_cred(self, hrn, kind="authority"):
+ def get_auth_cred(self, xrn, kind="authority"):
+ hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
# This looks almost the same as get_auth_cred, but works for tickets
# XXX does similarity imply there should be more code re-use?
#
- # @param hrn the human readable name of the authority
+ # @param xrn the human readable name of the authority (urn is converted to hrn)
- def get_auth_ticket(self, hrn):
+ def get_auth_ticket(self, xrn):
+ hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
git://git.onelab.eu / sfa.git / commitdiff