@param cred credential object specifying rights of the caller
@param type type of object (user | slice | sa | ma | node)
@param hrn human readable name of object
- @param origin_hrn human readable name of calls origin
@return the string representation of a credential object
"""
Parameter(None, "No credential")),
Parameter(str, "Human readable name (hrn)"),
Mixed(Parameter(str, "Request hash"),
- Parameter(None, "Request hash not specified")),
- Parameter(str, "Human readable name (hrn)"),
+ Parameter(None, "Request hash not specified"))
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cred, type, hrn, origin_hrn=None, request_hash=None):
+ def call(self, cred, type, hrn, request_hash=None):
self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
self.api.auth.check(cred, 'getcredential')
raise RecordNotFound(hrn)
record = records[0]
- # get the origin caller's gid (this is the caller's gid by default)
- if origin_hrn:
- orgin_records = table.find({'hrn': origin_hrn})
- if not origin_records:
- raise RecordNotFound(origin_hrn)
- origin_record = origin_records[0]
- origin_caller_gid_object = GID(string = record['gid'])
- else:
- origin_caller_gid_object = self.api.auth.client_gid
-
-
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
self.api.fill_record_info(record)
if rights.is_empty():
raise PermissionError(object_hrn + " has no rights to " + record['name'])
- # make sure origin caller is either the caller or a child of the caller
- if not origin_hrn.startswith(caller_hrn):
- raise PermissionError("origin caller (%s) is not a child of actual caller (%s)" % (origin_hrn, caller_hrn)
-
gid = record['gid']
gid_object = GID(string=gid)
new_cred = Credential(subject = gid_object.get_subject())
new_cred.set_gid_caller(self.api.auth.client_gid)
- new_cred.set_gid_origin_caller(origin_caller_gid_object)
new_cred.set_gid_object(gid_object)
new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
new_cred.set_pubkey(gid_object.get_pubkey())
return '4.2'
- def getCredential(self, origin_hrn=None):
+ def getCredential(self):
if self.interface in ['registry']:
- return self.getCredentialFromLocalRegistry(origin_hrn)
+ return self.getCredentialFromLocalRegistry()
else:
- return self.getCredentialFromRegistry(origin_hrn)
+ return self.getCredentialFromRegistry()
- def getCredentialFromRegistry(self, origin_hrn=None):
+ def getCredentialFromRegistry(self):
"""
Get our credential from a remote registry using a geniclient connection
"""
request_hash=self.key.compute_hash(arg_list)
self_cred = registry.get_self_credential(cert_string, type, self.hrn, request_hash)
# get credential
- arg_list = [self_cred,type,self.hrn,origin_hrn]
+ arg_list = [self_cred,type,self.hrn]
request_hash=self.key.compute_hash(arg_list)
- cred = registry.get_credential(self_cred, type, self.hrn, origin_hrn, request_hash)
+ cred = registry.get_credential(self_cred, type, self.hrn, request_hash)
# save cred to file
Credential(string=cred).save_to_file(cred_filename, save_parents=True)
return cred
- def getCredentialFromLocalRegistry(self, origin_hrn=None):
+ def getCredentialFromLocalRegistry(self):
"""
Get our current credential directly from the local registry.
"""
record = records[0]
type = record['type']
object_gid = record.get_gid_object()
-
- # get the origin caller's gid (this is the caller's gid by default)
- if origin_hrn:
- orgin_records = table.find({'hrn': origin_hrn})
- if not origin_records:
- raise RecordNotFound(origin_hrn)
- origin_record = origin_records[0]
- origin_caller_gid_object = GID(string = record['gid'])
- else:
- origin_caller_gid_object = object_gid
-
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(object_gid)
new_cred.set_gid_object(object_gid)
git://git.onelab.eu / sfa.git / commitdiff