def aggregates(self, opts, args):
- user_cred = self.get_user_cred()
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
hrn = None
if args:
hrn = args[0]
-
- result = self.registry.get_aggregates(user_cred, hrn)
+ arg_list = [user_cred, hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ result = self.registry.get_aggregates(user_cred, hrn, request_hash)
self.display_list(result)
return
def registries(self, opts, args):
- user_cred = self.get_user_cred()
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
hrn = None
if args:
hrn = args[0]
-
- result = self.registry.get_registries(user_cred, hrn)
+ arg_list = [user_cred, hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ result = self.registry.get_registries(user_cred, hrn, request_hash)
self.display_list(result)
return
# show rspec for named slice
def resources(self,opts, args):
- user_cred = self.get_user_cred()
- server = self.slicemgr
- if opts.aggregate:
- aggregates = self.registry.get_aggregates(user_cred, opts.aggregate)
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ server = self.slicemgr
+ if opts.aggregate:
+ agg_hrn = opts.aggregate
+ arg_list = [user_cred, arg_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash)
if not aggregates:
- raise Exception, "No such aggregate %s" % opts.aggregate
+ raise Exception, "No such aggregate %s" % agg_hrn
aggregate = aggregates[0]
url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
- server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
- if args:
- slice_cred = self.get_slice_cred(args[0])
- result = server.get_resources(slice_cred, args[0])
- else:
- result = server.get_resources(user_cred)
- format = opts.format
+ server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
+ if args:
+ cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ hrn = args[0]
+ else:
+ cred = user_cred
+ hrn = None
+
+ arg_list = [cred, hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ result = server.get_resources(cred, hrn, request_hash)
+ format = opts.format
- self.display_rspec(result, format)
- if (opts.file is not None):
- self.save_rspec_to_file(result, opts.file)
- return
+ self.display_rspec(result, format)
+ if (opts.file is not None):
+ self.save_rspec_to_file(result, opts.file)
+ return
# created named slice with given rspec
def create(self,opts, args):
slice_hrn = args[0]
user_cred = self.get_user_cred()
- slice_cred = self.get_slice_cred(slice_hrn)
+ slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
rspec_file = self.get_rspec_file(args[1])
rspec=open(rspec_file).read()
server = self.slicemgr
aggregate = aggregates[0]
url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
- return server.create_slice(slice_cred, slice_hrn, rspec)
+ arg_list = [slice_cred, slice_hrn, rspec]
+ request_hash = self.key.compute_hash(arg_list)
+ return server.create_slice(slice_cred, slice_hrn, rspec, request_hash)
# delete named slice
def delete(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(slice_hrn)
-
- return self.slicemgr.delete_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.delete_slice(slice_cred, slice_hrn, request_hash)
# start named slice
def start(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- return self.slicemgr.start_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(args[0])
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.start_slice(slice_cred, slice_hrn, request_hash)
# stop named slice
def stop(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- return self.slicemgr.stop_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.stop_slice(slice_cred, slice_hrn, request_hash)
# reset named slice
def reset(self,opts, args):
- slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- return self.slicemgr.reset_slice(slice_cred, slice_hrn)
+ slice_hrn = args[0]
+ slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ arg_list = [slice_cred, slice_hrn]
+ request_hash = self.key.compute_hash(arg_list)
+ return self.slicemgr.reset_slice(slice_cred, slice_hrn, request_hash)
#
#
Parameter(str, "Human readable name (hrn)"),
Mixed(Parameter(str, "Unique identifier for new GID (uuid)"),
Parameter(None, "Unique identifier (uuid) not specified")),
- Parameter(str, "public-key string")
+ Parameter(str, "public-key string"),
+ Parameter(str, "Request hash"),
]
returns = Parameter(str, "String represeneation of a GID object")
- def call(self, cred, hrn, uuid, pubkey_str):
+ def call(self, cred, hrn, uuid, request_hash, pubkey_str):
+ self.api.auth.authenticateCred(cred, [cred, hrn, uuid], request_hash)
self.api.auth.check(cred, "getcredential")
self.api.auth.verify_object_belongs_to_me(hrn)
self.api.auth.verify_object_permission(hrn)
Parameter(str, "Credential string"),
Parameter(str, "Human readable name of slice to instantiate"),
Parameter(str, "Resource specification"),
+ Parameter(str, "Request hash")
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, requested_rspec, caller_cred=None):
+ def call(self, cred, hrn, requested_rspec, request_hash, caller_cred=None):
if caller_cred==None:
caller_cred=cred
+ # This cred will be an slice cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred, hrn, requested_rspec], request_hash)
self.api.auth.check(cred, 'createslice')
#log the call
accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Human readable name of slice to delete"),
+ Parameter(str, "Request hash")
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, caller_cred=None):
+ def call(self, cred, hrn, request_hash, caller_cred=None):
- if caller_cred==None:
- caller_cred=cred
- #log the call
+ if caller_cred==None:
+ caller_cred=cred
+ #log the call
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name))
+ # This cred will be an slice cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash)
self.api.auth.check(cred, 'deleteslice')
slices = Slices(self.api, caller_cred=caller_cred)
slices.delete_slice(hrn)
Parameter(str, "Credential string"),
Mixed(Parameter(str, "Human readable name (hrn)"),
- Parameter(None, "hrn not specified"))
+ Parameter(None, "hrn not specified")),
+ Parameter(str, "Request hash")
]
returns = [Parameter(dict, "Aggregate interface information")]
- def call(self, cred, hrn = None):
-
+ def call(self, cred, hrn = None, request_hash=None):
+ self.api.auth.authenticateCred(cred, [cred, hrn], request_hash)
self.api.auth.check(cred, 'list')
aggregates = Aggregates(self.api)
hrn_list = []
Parameter(str, "Credential string"),
Mixed(Parameter(str, "Human readable name (hrn)"),
- Parameter(None, "hrn not specified"))
+ Parameter(None, "hrn not specified")),
+ Parameter(str, "Request hash")
]
returns = [Parameter(dict, "Registry interface information")]
- def call(self, cred, hrn = None):
-
+ def call(self, cred, hrn = None, request_hash=None):
+ self.api.auth.authenticateCred(cred, [cred, hrn], request_hash)
self.api.auth.check(cred, 'list')
registries = Registries(self.api)
hrn_list = []
accepts = [
Parameter(str, "Credential string"),
Mixed(Parameter(str, "Human readable name (hrn)"),
- Parameter(None, "hrn not specified"))
+ Parameter(None, "hrn not specified")),
+ Parameter(str, "Request hash")
]
returns = Parameter(str, "String representatin of an rspec")
- def call(self, cred, hrn=None, caller_cred=None):
+ def call(self, cred, hrn=None, request_hash = None, caller_cred=None):
sfa_aggregate_type = Config().get_aggregate_rspec_type()
+ # This cred will be an authority cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred,hrn], request_hash)
self.api.auth.check(cred, 'listnodes')
if caller_cred==None:
caller_cred=cred
accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Request hash")
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn):
-
+ def call(self, cred, hrn, request_hash):
+ # This cred will be an authority cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash)
self.api.auth.check(cred, 'resetslice')
## XX Not yet implemented
accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Request hash")
]
returns = [Parameter(int, "1 if successful")]
- def call(self, cred, hrn):
-
+ def call(self, cred, hrn, request_hash):
+ # This cred will be an slice cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash)
self.api.auth.check(cred, 'startslice')
slices = Slices(self.api)
slices.start_slice(hrn)
accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Request hash")
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn):
-
+ def call(self, cred, hrn, request_hash):
+ # This cred will be an slice cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash)
self.api.auth.check(cred, 'stopslice')
slices = Slices(self.api)
slices.stop_slice(hrn)