if args:
xrn = args[0]
cred = self.get_slice_cred(xrn).save_to_string(save_parents=True)
-
if xrn:
call_options['geni_slice_urn'] = xrn
- rspec = server.ListResources([user_cred], call_options)
+ rspec = server.ListResources([cred], call_options)
rspec = zlib.decompress(rspec.decode('base64'))
print rspec
def CreateSliver(self, opts, args):
slice_xrn = args[0]
- user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_xrn).save_to_string(save_parents=True)
rspec_file = self.get_rspec_file(args[1])
rspec = open(rspec_file).read()
def DeleteSliver(self, opts, args):
slice_xrn = args[0]
- user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_xrn).save_to_string(save_parents=True)
server = self.geni_am
return server.DeleteSliver(slice_xrn, [slice_cred])
+
+ def SliverStatus(self, opts, args):
+ slice_xrn = args[0]
+ slice_cred = self.get_slice_cred(slice_xrn).save_to_string(save_parents=True)
+ server = self.geni_am
+ return server.SliverStatus(slice_xrn, [slice_cred])
+
+ def RenewSliver(self, opts, args):
+ slice_xrn = args[0]
+ slice_cred = self.get_slice_cred(slice_xrn).save_to_string(save_parents=True)
+ time = args[1]
+ server = self.geni_am
+ return server.RenewSliver(slice_xrn, [slice_cred], time)
+
+ def Shutdown(self, opts, args):
+ slice_xrn = args[0]
+ slice_cred = self.get_slice_cred(slice_xrn).save_to_string(save_parents=True)
+ server = self.geni_am
+ return server.Shutdown(slice_xrn, [slice_cred])
#
# Main: parse arguments and dispatch to command
raise RecordNotFound(hrn)
slice_id = slices[0]
attributes = api.plshell.GetSliceTags(api.plauth, {'slice_id': slice_id, 'name': 'enabled'}, ['slice_attribute_id'])
- attribute_id = attreibutes[0]['slice_attribute_id']
+ attribute_id = attributes[0]['slice_attribute_id']
api.plshell.UpdateSliceTag(api.plauth, attribute_id, "1" )
return 1
from sfa.trust.certificate import *
from sfa.util.faults import *
+def GetVersion():
+ version = {}
+ version['geni_api'] = 1
+ return version
+
+
+
+
def get_credential(api, xrn, type, is_self=False):
# convert xrn to hrn
if type:
return new_cred.save_to_string(save_parents=True)
+# The GENI resolve call
+def Resolve(api, xrn, creds):
+ records = resolve(api, xrn)
+
+ if len(records) == 0:
+ return {}
+
+ record = records[0]
+ if record.type == 'slice':
+ return {'geni_urn': xrn, 'geni_creator': record.gid}
+ if record.type == 'user':
+ return {'geni_urn': xrn, 'geni_certificate': record.gid}
+
+
+
def resolve(api, xrns, type=None, origin_hrn=None, full=True):
# load all know registry names into a prefix tree and attempt to find
from sfa.util.sfalogging import logger
import sfa.plc.peers as peers
+
def delete_slice(api, xrn, origin_hrn=None):
credential = api.getCredential()
aggregates = api.aggregates
from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter
+from sfatables.runtime import SFATablesRules
+import sys
+from sfa.trust.credential import Credential
class CreateSliver(Method):
"""
]
returns = Parameter(str, "Allocated RSpec")
+ def __run_sfatables(self, manager, rules, hrn, origin_hrn, rspec):
+ if rules.sorted_rule_list:
+ contexts = rules.contexts
+ request_context = manager.fetch_context(hrn, origin_hrn, contexts)
+ rules.set_context(request_context)
+ newrspec = rules.apply(rspec)
+ else:
+ newrspec = rspec
+ return newrspec
+
+
def call(self, slice_xrn, creds, rspec):
hrn, type = urn_to_hrn(slice_xrn)
for cred in creds:
try:
self.api.auth.check(cred, 'createslice')
+ origin_hrn = Credential(string=cred).get_gid_caller().get_hrn()
found = True
break
except:
+ error = sys.exc_info()[:2]
continue
if not found:
- raise InsufficientRights('CreateSliver: Credentials either did not verify, were no longer valid, or did not have appropriate privileges')
-
+ raise InsufficientRights('CreateSliver: Access denied: %s -- %s' % (error[0],error[1]))
+
manager_base = 'sfa.managers'
mgr_type = self.api.config.SFA_GENI_AGGREGATE_TYPE
manager_module = manager_base + ".geni_am_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
+ rspec = self.__run_sfatables(manager, SFATablesRules('INCOMING'),
+ hrn, origin_hrn, rspec)
return manager.CreateSliver(self.api, slice_xrn, creds, rspec)
return ''
Returns this GENI Aggregate Manager's Version Information
@return version
"""
- interfaces = ['geni_am']
+ interfaces = ['geni_am','registry']
accepts = []
returns = Parameter(dict, "Version information")
manager_module = manager_base + ".geni_am_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
return manager.GetVersion()
+ if self.api.interface in ['registry']:
+ mgr_type = self.api.config.SFA_REGISTRY_TYPE
+ manager_module = manager_base + ".slice_manager_%s" % mgr_type
+ manager = __import__(manager_module, fromlist=[manager_base])
+ return manager.GetVersion()
+
return {}
from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
+from sfa.trust.credential import Credential
+from sfatables.runtime import SFATablesRules
+import sys
+
class ListResources(Method):
"""
def call(self, creds, options):
self.api.logger.info("interface: %s\tmethod-name: %s" % (self.api.interface, self.name))
-
+
# Validate that at least one of the credentials is good enough
found = False
for cred in creds:
try:
- self.api.auth.check(cred, 'ListResources')
+ self.api.auth.check(cred, 'listnodes')
found = True
+ user_cred = Credential(string=cred)
break
except:
+ error = sys.exc_info()[:2]
continue
if not found:
- raise InsufficientRights('ListResources: Credentials either did not verify, were no longer valid, or did not have appropriate privileges')
+ raise InsufficientRights('ListResources: Access denied: %s -- %s' % (error[0],error[1]))
+ origin_hrn = user_cred.get_gid_caller().get_hrn()
+
manager_base = 'sfa.managers'
if self.api.interface in ['geni_am']:
mgr_type = self.api.config.SFA_GENI_AGGREGATE_TYPE
manager_module = manager_base + ".geni_am_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- return manager.ListResources(self.api, creds, options)
+ rspec = manager.ListResources(self.api, creds, options)
+ outgoing_rules = SFATablesRules('OUTGOING')
+
+
+ filtered_rspec = rspec
+ if outgoing_rules.sorted_rule_list:
+ context = {'sfa':{'user':{'hrn':origin_hrn}, 'slice':{'hrn':None}}}
+ outgoing_rules.set_context(context)
+ filtered_rspec = outgoing_rules.apply(rspec)
- return ''
+ return filtered_rspec
+
SliverStatus
RenewSliver
Shutdown
+Resolve
""".split()
def toxml(self, xml):
if not (self.public and self.enabled and self.node_ids):
return
+
with xml.site(id = self.idtag):
with xml.name:
xml << self.name
from OpenSSL import crypto
import M2Crypto
from M2Crypto import X509
-from M2Crypto import EVP
-from random import randint
+from tempfile import mkstemp
from sfa.util.faults import *
# Save the certificate to a file.
# @param save_parents If save_parents==True, then also save the parent certificates.
- def save_to_file(self, filename, save_parents=True):
+ def save_to_file(self, filename, save_parents=True, filep=None):
string = self.save_to_string(save_parents=save_parents)
- open(filename, 'w').write(string)
+ if filep:
+ f = filep
+ else:
+ f = open(filename, 'w')
+ f.write(string)
+ f.close()
+
##
# Save the certificate to a random file in /tmp/
- # @param save_parents If save_parents==True, then also save the parent certificates.
- def save_to_random_tmp_file(self, save_parents=True):
- while True:
- filename = "/tmp/cred_%d" % randint(0,999999999)
- if not os.path.isfile(filename):
- break
- self.save_to_file(filename, save_parents)
- return filename
+ # @param save_parents If save_parents==True, then also save the parent certificates.
+ def save_to_random_tmp_file(self, save_parents=True):
+ fp, filename = mkstemp(suffix='cert', text=True)
+ fp = os.fdopen(fp, "w")
+ self.save_to_file(filename, save_parents=True, filep=fp)
+ return filename
+
##
# Sets the issuer private key and name
# @param key Keypair object containing the private key of the issuer
import os
import datetime
-from random import randint
from xml.dom.minidom import Document, parseString
+from tempfile import mkstemp
from sfa.trust.credential_legacy import CredentialLegacy
from sfa.trust.rights import *
self.xml = doc.toxml()
- def save_to_random_tmp_file(self):
- while True:
- filename = "/tmp/cred_%d" % randint(0,999999999)
- if not os.path.isfile(filename):
- break
-
- self.save_to_file(filename)
+ def save_to_random_tmp_file(self):
+ fp, filename = mkstemp(suffix='cred', text=True)
+ fp = os.fdopen(fp, "w")
+ self.save_to_file(filename, save_parents=True, filep=fp)
return filename
- def save_to_file(self, filename, save_parents=True):
+ def save_to_file(self, filename, save_parents=True, filep=None):
if not self.xml:
self.encode()
- f = open(filename, "w")
+ if filep:
+ f = filep
+ else:
+ f = open(filename, "w")
f.write(self.xml)
f.close()
privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
"refresh": ["remove", "update"],
- "resolve": ["resolve", "list", "getcredential", "listresources", "getversion"],
+ "resolve": ["resolve", "list", "getcredential", "getversion"],
"sa": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice",
"getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
"deleteslice", "resetslice", "listslices", "listnodes", "getpolicy", "createsliver", "sliverestatus"],