+##
+# Geni Registry Wrapper
+#
+# This wrapper implements the Geni Registry
+##
+
import tempfile
import os
import time
from genitable import *
from geniticket import *
+##
+# Convert geni fields to PLC fields for use when registering up updating
+# registry record in the PLC database
+#
+# @params type type of record (user, slice, ...)
+# @params hrn human readable name
+# @params geni_fields dictionary of geni fields
+# @params pl_fields dictionary of PLC fields (output)
+
def geni_fields_to_pl_fields(type, hrn, geni_fields, pl_fields):
if type == "user":
if not "email" in pl_fields:
if not "is_public" in pl_fields:
pl_fields["is_public"] = True
+##
+# Registry is a GeniServer that serves registry requests. It also serves
+# component and slice operations that are implemented on the registry
+# due to SFA engineering decisions
+#
+
class Registry(GeniServer):
def __init__(self, ip, port, key_file, cert_file):
GeniServer.__init__(self, ip, port, key_file, cert_file)
else:
self.connect_local_shell()
+ ##
+ # Connect to a remote shell via XMLRPC
+
def connect_remote_shell(self):
import remoteshell
self.shell = remoteshell.RemoteShell()
+ ##
+ # Connect to a local shell via local API functions
+
def connect_local_shell(self):
import PLC.Shell
self.shell = PLC.Shell.Shell(globals = globals())
+ ##
+ # Register the server RPCs for the registry
+
def register_functions(self):
GeniServer.register_functions(self)
# registry interface
# component interface
self.server.register_function(self.get_ticket)
- def get_auth_info(self, name):
- return AuthHierarchy.get_auth_info(name)
+ ##
+ # Given an authority name, return the information for that authority. This
+ # is basically a stub that calls the hierarchy module.
+ #
+ # @param auth_hrn human readable name of authority
+
+ def get_auth_info(self, auth_hrn):
+ return AuthHierarchy.get_auth_info(auth_hrn)
+
+ ##
+ # Given an authority name, return the database table for that authority. If
+ # the database table does not exist, then one will be automatically
+ # created.
+ #
+ # @param auth_name human readable name of authority
def get_auth_table(self, auth_name):
auth_info = self.get_auth_info(auth_name)
return table
+ ##
+ # Verify that an authority belongs to this registry. This is basically left
+ # up to the implementation of the hierarchy module. If the specified name
+ # does not belong to this registry, an exception is thrown indicating the
+ # caller should contact someone else.
+ #
+ # @param auth_name human readable name of authority
+
def verify_auth_belongs_to_me(self, name):
# get_auth_info will throw an exception if the authority does not
# exist
self.get_auth_info(name)
+ ##
+ # Verify that an object belongs to this registry. By extension, this implies
+ # that the authority that owns the object belongs to this registry. If the
+ # object does not belong to this registry, then an exception is thrown.
+ #
+ # @param name human readable name of object
+
def verify_object_belongs_to_me(self, name):
auth_name = get_authority(name)
if not auth_name:
return
self.verify_auth_belongs_to_me(auth_name)
+ ##
+ # Verify that the object_gid that was specified in the credential allows
+ # permission to the object 'name'. This is done by a simple prefix test.
+ # For example, an object_gid for planetlab.us.arizona would match the
+ # objects planetlab.us.arizona.slice1 and planetlab.us.arizona.
+ #
+ # @param name human readable name to test
+
def verify_object_permission(self, name):
object_hrn = self.object_gid.get_hrn()
if object_hrn == name:
return
raise PermissionError(name)
+ ##
+ # Fill in the planetlab-specific fields of a Geni record. This involves
+ # calling the appropriate PLC methods to retrieve the database record for
+ # the object.
+ #
+ # PLC data is filled into the pl_info field of the record.
+ #
+ # @param record record to fill in fields (in/out param)
+
def fill_record_pl_info(self, record):
type = record.get_type()
pointer = record.get_pointer()
record.set_pl_info(pl_res[0])
+ def lookup_users(self, auth_table, user_id_list, role="*"):
+ record_list = []
+ for person_id in user_id_list:
+ user_records = auth_table.find("user", person_id, "pointer")
+ for user_record in user_records:
+ self.fill_record_info(user_record)
+
+ user_roles = user_record.get_pl_info().get("roles")
+ if (role=="*") or (role in user_roles):
+ record_list.append(user_record.get_name())
+ return record_list
+
+ ##
+ # Fill in the geni-specific fields of the record.
+ #
+ # Note: It is assumed the fill_record_pl_info() has already been performed
+ # on the record.
+
def fill_record_geni_info(self, record):
- pass
+ geni_info = {}
+ type = record.get_type()
+
+ if (type == "slice"):
+ auth_table = self.get_auth_table(get_authority(record.get_name()))
+ person_ids = record.pl_info.get("person_ids", [])
+ researchers = self.lookup_users(auth_table, person_ids)
+ geni_info['researcher'] = researchers
+
+ elif (type == "sa"):
+ auth_table = self.get_auth_table(record.get_name())
+ person_ids = record.pl_info.get("person_ids", [])
+ pis = self.lookup_users(auth_table, person_ids, "pi")
+ geni_info['pi'] = pis
+
+ elif (type == "ma"):
+ auth_table = self.get_auth_table(record.get_name())
+ person_ids = record.pl_info.get("person_ids", [])
+ operators = self.lookup_users(auth_table, person_ids, "tech")
+ geni_info['operator'] = operators
+
+ auth_table = self.get_auth_table(record.get_name())
+ person_ids = record.pl_info.get("person_ids", [])
+ owners = self.lookup_users(auth_table, person_ids, "admin")
+ geni_info['owner'] = owners
+ pass
+
+ record.set_geni_info(geni_info)
def fill_record_info(self, record):
self.fill_record_pl_info(record)
git://git.onelab.eu / sfa.git / commitdiff