Updated privileges for geni calls

author Josh Karlin <jkarlin@bbn.com>

Wed, 26 May 2010 15:53:37 +0000 (15:53 +0000)

committer Josh Karlin <jkarlin@bbn.com>

Wed, 26 May 2010 15:53:37 +0000 (15:53 +0000)
author Josh Karlin <jkarlin@bbn.com>
Wed, 26 May 2010 15:53:37 +0000 (15:53 +0000)
committer Josh Karlin <jkarlin@bbn.com>
Wed, 26 May 2010 15:53:37 +0000 (15:53 +0000)
diff --git a/sfa/methods/ListResources.py b/sfa/methods/ListResources.py

index 6f8611d..b017381 100644 (file)
--- a/sfa/methods/ListResources.py
+++ b/sfa/methods/ListResources.py
@@ -30,7 +30,7 @@ class ListResources(Method):
              xrn = options['geni_slice_urn']
              hrn, _ = urn_to_hrn(xrn)        
              
-        ValidCreds = self.api.auth.checkCredentials(creds, 'listresources', hrn)
+        ValidCreds = self.api.auth.checkCredentials(creds, '', hrn)
          origin_hrn = Credential(string=ValidCreds[0]).get_gid_caller().get_hrn()
              
                      
diff --git a/sfa/trust/rights.py b/sfa/trust/rights.py

index cb34f31..59324e8 100644 (file)
--- a/sfa/trust/rights.py
+++ b/sfa/trust/rights.py
@@ -15,19 +15,22 @@
  ##
  # privilege_table is a list of priviliges and what operations are allowed
  # per privilege.
+# Note that "*" is a privilege granted by ProtoGENI slice authorities, and we
+# give it access to the GENI AM calls
  
-privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "listresources", "getcredential", "*"],
+privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
                     "refresh": ["remove", "update"],
-                   "resolve": ["resolve", "list", "listresources", "getcredential", "getversion"],
+                   "resolve": ["resolve", "list", "getcredential"],
                     "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",
                            "getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
                            "deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
                     "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice", "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
                     "bind": ["getticket", "loanresources", "redeemticket"],
                     "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice", "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
-                   "info": ["listslices", "listnodes", "getpolicy","listresources"],
+                   "info": ["listslices", "listnodes", "getpolicy"],
                     "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
-                   "operator": ["gettrustedcerts", "getgids"]}
+                   "operator": ["gettrustedcerts", "getgids"],                   
+                   "*": ["createsliver", "deletesliver", "sliverstatus", "renewsliver", "shutdown"]}
author	Josh Karlin <jkarlin@bbn.com>
	Wed, 26 May 2010 15:53:37 +0000 (15:53 +0000)
committer	Josh Karlin <jkarlin@bbn.com>
	Wed, 26 May 2010 15:53:37 +0000 (15:53 +0000)
sfa/methods/ListResources.py		patch \| blob \| history
sfa/trust/rights.py		patch \| blob \| history