git://git.onelab.eu / sfa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d272356)
Updated rights so that each GENI AM call has a specific right associated with it.
authorJosh Karlin <jkarlin@bbn.com>
Mon, 26 Apr 2010 18:23:34 +0000 (18:23 +0000)
committerJosh Karlin <jkarlin@bbn.com>
Mon, 26 Apr 2010 18:23:34 +0000 (18:23 +0000)
sfa/client/sfi.py patch | blob | history
sfa/managers/geni_am_pl.py patch | blob | history
sfa/methods/CreateSliver.py patch | blob | history
sfa/methods/DeleteSliver.py patch | blob | history
sfa/methods/ListResources.py patch | blob | history
sfa/methods/SliverStatus.py patch | blob | history
sfa/trust/rights.py patch | blob | history

diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py
index 550edcf..98abafa 100755 (executable)
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -947,6 +947,7 @@ class Sfi:
         if args:
             xrn = args[0]
             cred = self.get_slice_cred(xrn).save_to_string(save_parents=True)
+
         if xrn:
             call_options['geni_slice_urn'] = xrn
             
diff --git a/sfa/managers/geni_am_pl.py b/sfa/managers/geni_am_pl.py
index 26e73f4..01abcef 100644 (file)
--- a/sfa/managers/geni_am_pl.py
+++ b/sfa/managers/geni_am_pl.py
@@ -70,7 +70,7 @@ def DeleteSliver(api, slice_xrn, creds):
     allocated = manager.delete_slice(api, slice_xrn)
     return allocated
 
-def SliverStatus(api, slice_xrn):
+def SliverStatus(api, slice_xrn, creds):
     result = {}
     result['geni_urn'] = slice_xrn
     result['geni_status'] = 'unknown'
diff --git a/sfa/methods/CreateSliver.py b/sfa/methods/CreateSliver.py
index 7415a73..920ecfb 100644 (file)
--- a/sfa/methods/CreateSliver.py
+++ b/sfa/methods/CreateSliver.py
@@ -44,7 +44,7 @@ class CreateSliver(Method):
         self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name))
 
         # Find the valid credentials
-        ValidCreds = self.api.auth.checkCredentials(creds, 'createslice', hrn)
+        ValidCreds = self.api.auth.checkCredentials(creds, 'createsliver', hrn)
 
         origin_hrn = Credential(string=ValidCreds[0]).get_gid_caller().get_hrn()
 
diff --git a/sfa/methods/DeleteSliver.py b/sfa/methods/DeleteSliver.py
index 94e9cfd..ed09a95 100644 (file)
--- a/sfa/methods/DeleteSliver.py
+++ b/sfa/methods/DeleteSliver.py
@@ -25,7 +25,7 @@ class DeleteSliver(Method):
         self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name))
 
         # Find the valid credentials
-        ValidCreds = self.api.auth.checkCredentials(creds, 'deleteslice', hrn)
+        ValidCreds = self.api.auth.checkCredentials(creds, 'deletesliver', hrn)
         
         manager_base = 'sfa.managers'
 
diff --git a/sfa/methods/ListResources.py b/sfa/methods/ListResources.py
index ffc57cf..6f8611d 100644 (file)
--- a/sfa/methods/ListResources.py
+++ b/sfa/methods/ListResources.py
@@ -30,7 +30,7 @@ class ListResources(Method):
             xrn = options['geni_slice_urn']
             hrn, _ = urn_to_hrn(xrn)        
             
-        ValidCreds = self.api.auth.checkCredentials(creds, 'listnodes', hrn)
+        ValidCreds = self.api.auth.checkCredentials(creds, 'listresources', hrn)
         origin_hrn = Credential(string=ValidCreds[0]).get_gid_caller().get_hrn()
             
                     
diff --git a/sfa/methods/SliverStatus.py b/sfa/methods/SliverStatus.py
index 6b90096..24d6ff2 100644 (file)
--- a/sfa/methods/SliverStatus.py
+++ b/sfa/methods/SliverStatus.py
@@ -2,7 +2,6 @@ from sfa.util.faults import *
 from sfa.util.namespace import *
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter
-from sfa.server.aggregate import Aggregates
 
 class SliverStatus(Method):
     """
@@ -20,10 +19,7 @@ class SliverStatus(Method):
     def call(self, slice_xrn, creds):
         hrn, type = urn_to_hrn(slice_xrn)
         
-        # Make sure that this is a geni_aggregate talking to us
-        geni_aggs = Aggregates(self.api, '/etc/sfa/geni_aggregates.xml')
-        if not hrn in [agg['hrn'] for agg in geni_aggs]:
-            raise SfaPermissionDenied("Only GENI Aggregates may make this call")
+        ValidCreds = self.api.auth.checkCredentials(creds, 'sliverstatus', hrn)
 
         self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name))
 
@@ -33,7 +29,7 @@ class SliverStatus(Method):
             mgr_type = self.api.config.SFA_GENI_AGGREGATE_TYPE
             manager_module = manager_base + ".geni_am_%s" % mgr_type
             manager = __import__(manager_module, fromlist=[manager_base])
-            return manager.SliverStatus(self.api, slice_xrn)
+            return manager.SliverStatus(self.api, slice_xrn, ValidCreds)
 
         return ''
     
diff --git a/sfa/trust/rights.py b/sfa/trust/rights.py
index ee84014..3c12df4 100644 (file)
--- a/sfa/trust/rights.py
+++ b/sfa/trust/rights.py
@@ -16,16 +16,16 @@
 # privilege_table is a list of priviliges and what operations are allowed
 # per privilege.
 
-privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
+privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "listresources", "getcredential", "*"],
                    "refresh": ["remove", "update"],
-                   "resolve": ["resolve", "list", "getcredential", "getversion"],
-                   "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice",  
+                   "resolve": ["resolve", "list", "listresources", "getcredential", "getversion"],
+                   "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",  
                           "getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
-                          "deleteslice", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
-                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice",  "deleteslice", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
+                          "deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
+                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver",  "deleteslice", "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
                    "bind": ["getticket", "loanresources", "redeemticket"],
-                   "control": ["updateslice", "createslice", "sliverstatus", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources", "getgids"],
-                   "info": ["listslices", "listnodes", "getpolicy"],
+                   "control": ["updateslice", "createslice", "createsliver", "sliverstatus", "stopslice", "startslice", "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
+                   "info": ["listslices", "listnodes", "getpolicy","listresources"],
                    "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
                    "operator": ["gettrustedcerts", "getgids"]}
 
sfa