doc:
- pythondoc.py ../util/cert.py ../util/credential.py ../util/gid.py ../util/rights.py ../util/config.py
+ pythondoc.py ../util/cert.py ../util/credential.py ../util/gid.py \
+ ../util/rights.py ../util/config.py ../util/hierarchy.py \
+ ../util/record.py ../util/geniclient.py \
+ ../util/geniserver.py
+
+ pythondoc.py ../registry/registry.py ../registry/import.py \
+ ../registry/nuke.py
<p>Verify that a chain of credentials is valid (see cert.py:verify). In
addition to the checks for ordinary certificates, verification also
ensures that the delegate bit was set by each parent in the chain. If
-a delegate bit was not set, then an exception is thrown.</p>
+a delegate bit was not set, then an exception is thrown.
+
+Each credential must be a subset of the rights of the parent.</p>
</dd>
</dl>
</body></html>
--- /dev/null
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
+<title>The geniclient Module</title>
+</head>
+<body>
+<h1>The geniclient Module</h1>
+<p>This module implements the client-side of the Geni API. Stubs are provided
+that convert the supplied parameters to the necessary format and send them
+via XMLRPC to a Geni Server.
+
+TODO: Investigate ways to combine this with existing PLC API?</p>
+<dl>
+<dt><b>GeniClient(url, key_file, cert_file)</b> (class) [<a href='#geniclient.GeniClient-class'>#</a>]</dt>
+<dd>
+<p>The GeniClient class provides stubs for executing Geni operations.</p>
+<p>For more information about this class, see <a href='#geniclient.GeniClient-class'><i>The GeniClient Class</i></a>.</p>
+</dd>
+<dt><b>GeniTransport</b> (class) [<a href='#geniclient.GeniTransport-class'>#</a>]</dt>
+<dd>
+<p>For more information about this class, see <a href='#geniclient.GeniTransport-class'><i>The GeniTransport Class</i></a>.</p>
+</dd>
+<dt><b>ServerException</b> (class) [<a href='#geniclient.ServerException-class'>#</a>]</dt>
+<dd>
+<p>ServerException, ExceptionUnmarshaller
+
+Used to convert server exception strings back to an exception.</p>
+<p>For more information about this class, see <a href='#geniclient.ServerException-class'><i>The ServerException Class</i></a>.</p>
+</dd>
+</dl>
+<h2><a id='geniclient.GeniClient-class' name='geniclient.GeniClient-class'>The GeniClient Class</a></h2>
+<dl>
+<dt><b>GeniClient(url, key_file, cert_file)</b> (class) [<a href='#geniclient.GeniClient-class'>#</a>]</dt>
+<dd>
+<p>The GeniClient class provides stubs for executing Geni operations. A given
+client object connects to one server. To connect to multiple servers, create
+multiple GeniClient objects.
+
+The Geni protocol uses an HTTPS connection, and the client's side of the
+connection uses his private key. Generally, this private key must match the
+public key that is containing in the GID that the client is providing for
+those functions that take a GID.</p>
+</dd>
+<dt><a id='geniclient.GeniClient.create_gid-method' name='geniclient.GeniClient.create_gid-method'><b>create_gid(cred, name, uuid, pkey_string)</b></a> [<a href='#geniclient.GeniClient.create_gid-method'>#</a>]</dt>
+<dd>
+<p>Create a new GID. For MAs and SAs that are physically located on the
+registry, this allows a owner/operator/PI to create a new GID and have it
+signed by his respective authority.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential of caller</dd>
+<dt><i>name</i></dt>
+<dd>
+hrn for new GID</dd>
+<dt><i>uuid</i></dt>
+<dd>
+unique identifier for new GID</dd>
+<dt><i>pkey_string</i></dt>
+<dd>
+public-key string (TODO: why is this a string and not a keypair object?)</dd>
+<dt>Returns:</dt>
+<dd>
+a GID object</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.delete_slice-method' name='geniclient.GeniClient.delete_slice-method'><b>delete_slice(cred)</b></a> [<a href='#geniclient.GeniClient.delete_slice-method'>#</a>]</dt>
+<dd>
+<p>Delete a slice.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+a credential identifying the caller (callerGID) and the slice
+ (objectGID)</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.get_credential-method' name='geniclient.GeniClient.get_credential-method'><b>get_credential(cred, type, name)</b></a> [<a href='#geniclient.GeniClient.get_credential-method'>#</a>]</dt>
+<dd>
+<p>Retrieve a credential for an object.
+
+If cred==None, then the behavior reverts to get_self_credential()</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object specifying rights of the caller</dd>
+<dt><i>type</i></dt>
+<dd>
+type of object (user | slice | sa | ma | node)</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name of object</dd>
+<dt>Returns:</dt>
+<dd>
+a credental object</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.get_gid-method' name='geniclient.GeniClient.get_gid-method'><b>get_gid(name)</b></a> [<a href='#geniclient.GeniClient.get_gid-method'>#</a>]</dt>
+<dd>
+<p>Retrieve the GID for an object. This function looks up a record in the
+registry and returns the GID of the record if it exists.
+TODO: Is this function needed? It's a shortcut for Resolve()</p>
+<dl>
+<dt><i>name</i></dt>
+<dd>
+hrn to look up</dd>
+<dt>Returns:</dt>
+<dd>
+a GID object</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.get_self_credential-method' name='geniclient.GeniClient.get_self_credential-method'><b>get_self_credential(type, name)</b></a> [<a href='#geniclient.GeniClient.get_self_credential-method'>#</a>]</dt>
+<dd>
+<p>Get_self_credential a degenerate version of get_credential used by a
+client to get his initial credential when he doesn't have one. This is
+the same as get_credential(..., cred=None,...).
+
+The registry ensures that the client is the principal that is named by
+(type, name) by comparing the public key in the record's GID to the
+private key used to encrypt the client-side of the HTTPS connection. Thus
+it is impossible for one principal to retrieve another principal's
+credential without having the appropriate private key.</p>
+<dl>
+<dt><i>type</i></dt>
+<dd>
+type of object (user | slice | sa | ma | node</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name of object</dd>
+<dt>Returns:</dt>
+<dd>
+a credential object</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.get_ticket-method' name='geniclient.GeniClient.get_ticket-method'><b>get_ticket(cred, name, rspec)</b></a> [<a href='#geniclient.GeniClient.get_ticket-method'>#</a>]</dt>
+<dd>
+<p>Retrieve a ticket. This operation is currently implemented on the
+registry (see SFA, engineering decisions), and is not implemented on
+components.
+
+The ticket is filled in with information from the PLC database. This
+information includes resources, and attributes such as user keys and
+initscripts.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object</dd>
+<dt><i>name</i></dt>
+<dd>
+name of the slice to retrieve a ticket for</dd>
+<dt><i>rspec</i></dt>
+<dd>
+resource specification dictionary</dd>
+<dt>Returns:</dt>
+<dd>
+a ticket object</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.list-method' name='geniclient.GeniClient.list-method'><b>list(cred)</b></a> [<a href='#geniclient.GeniClient.list-method'>#</a>]</dt>
+<dd>
+<p>List the records in an authority. The objectGID in the supplied credential
+should name the authority that will be listed.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object specifying rights of the caller</dd>
+<dt>Returns:</dt>
+<dd>
+list of record objects</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.list_slices-method' name='geniclient.GeniClient.list_slices-method'><b>list_slices(cred)</b></a> [<a href='#geniclient.GeniClient.list_slices-method'>#</a>]</dt>
+<dd>
+<p>List the slices on a component.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object that authorizes the caller</dd>
+<dt>Returns:</dt>
+<dd>
+a list of slice names</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.redeem_ticket-method' name='geniclient.GeniClient.redeem_ticket-method'><b>redeem_ticket(ticket)</b></a> [<a href='#geniclient.GeniClient.redeem_ticket-method'>#</a>]</dt>
+<dd>
+<p>Redeem a ticket. This operation is currently implemented on the
+component.
+
+The ticket is submitted to the node manager, and the slice is instantiated
+or updated as appropriate.
+
+TODO: This operation should return a sliver credential and indicate
+whether or not the component will accept only sliver credentials, or
+will accept both sliver and slice credentials.</p>
+<dl>
+<dt><i>ticket</i></dt>
+<dd>
+a ticket object containing the ticket</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.register-method' name='geniclient.GeniClient.register-method'><b>register(cred, record)</b></a> [<a href='#geniclient.GeniClient.register-method'>#</a>]</dt>
+<dd>
+<p>Register an object with the registry. In addition to being stored in the
+Geni database, the appropriate records will also be created in the
+PLC databases.
+
+The geni_info and/or pl_info fields must in the record must be filled
+out correctly depending on the type of record that is being registered.
+
+TODO: The geni_info member of the record should be parsed and the pl_info
+adjusted as necessary (add/remove users from a slice, etc)</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object specifying rights of the caller</dd>
+<dt>Returns:</dt>
+<dd>
+record to register</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.remove-method' name='geniclient.GeniClient.remove-method'><b>remove(cred, record)</b></a> [<a href='#geniclient.GeniClient.remove-method'>#</a>]</dt>
+<dd>
+<p>Remove an object from the registry. If the object represents a PLC object,
+then the PLC records will also be removed.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object specifying rights of the caller</dd>
+<dt><i>record</i></dt>
+<dd>
+record to register. The only relevant
+ fields of the record are 'name' and 'type', which are used to lookup
+ the current copy of the record in the Geni database, to make sure
+ that the appopriate record is removed.</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.reset_slice-method' name='geniclient.GeniClient.reset_slice-method'><b>reset_slice(cred)</b></a> [<a href='#geniclient.GeniClient.reset_slice-method'>#</a>]</dt>
+<dd>
+<p>Reset a slice.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+a credential identifying the caller (callerGID) and the slice
+ (objectGID)</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.resolve-method' name='geniclient.GeniClient.resolve-method'><b>resolve(cred, name)</b></a> [<a href='#geniclient.GeniClient.resolve-method'>#</a>]</dt>
+<dd>
+<p>Resolve an object in the registry. A given HRN may have multiple records
+associated with it, and therefore multiple records may be returned. The
+caller should check the type fields of the records to find the one that
+he is interested in.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object specifying rights of the caller</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name of object</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.start_slice-method' name='geniclient.GeniClient.start_slice-method'><b>start_slice(cred)</b></a> [<a href='#geniclient.GeniClient.start_slice-method'>#</a>]</dt>
+<dd>
+<p>Start a slice.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+a credential identifying the caller (callerGID) and the slice
+ (objectGID)</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.stop_slice-method' name='geniclient.GeniClient.stop_slice-method'><b>stop_slice(cred)</b></a> [<a href='#geniclient.GeniClient.stop_slice-method'>#</a>]</dt>
+<dd>
+<p>Stop a slice.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+a credential identifying the caller (callerGID) and the slice
+ (objectGID)</dd>
+</dl><br />
+</dd>
+<dt><a id='geniclient.GeniClient.update-method' name='geniclient.GeniClient.update-method'><b>update(cred, record)</b></a> [<a href='#geniclient.GeniClient.update-method'>#</a>]</dt>
+<dd>
+<p>Update an object in the registry. Currently, this only updates the
+PLC information associated with the record. The Geni fields (name, type,
+GID) are fixed.
+
+The record is expected to have the pl_info field filled in with the data
+that should be updated.
+
+TODO: The geni_info member of the record should be parsed and the pl_info
+adjusted as necessary (add/remove users from a slice, etc)</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object specifying rights of the caller</dd>
+<dt><i>record</i></dt>
+<dd>
+a record object to be updated</dd>
+</dl><br />
+</dd>
+</dl>
+<h2><a id='geniclient.GeniTransport-class' name='geniclient.GeniTransport-class'>The GeniTransport Class</a></h2>
+<dl>
+<dt><b>GeniTransport</b> (class) [<a href='#geniclient.GeniTransport-class'>#</a>]</dt>
+<dd>
+<p>GeniTransport
+
+A transport for XMLRPC that works on top of HTTPS</p>
+</dd>
+</dl>
+<h2><a id='geniclient.ServerException-class' name='geniclient.ServerException-class'>The ServerException Class</a></h2>
+<dl>
+<dt><b>ServerException</b> (class) [<a href='#geniclient.ServerException-class'>#</a>]</dt>
+<dd>
+<p>ServerException, ExceptionUnmarshaller
+
+Used to convert server exception strings back to an exception.
+ from usenet, Raghuram Devarakonda</p>
+</dd>
+</dl>
+</body></html>
--- /dev/null
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
+<title>The geniserver Module</title>
+</head>
+<body>
+<h1>The geniserver Module</h1>
+<p>This module implements a general-purpose server layer for geni.
+The same basic server should be usable on the registry, component, or
+other interfaces.
+
+TODO: investigate ways to combine this with existing PLC server?</p>
+<dl>
+<dt><b>GeniServer(ip, port, key_file, cert_file)</b> (class) [<a href='#geniserver.GeniServer-class'>#</a>]</dt>
+<dd>
+<p>Implements an HTTPS XML-RPC server.</p>
+<p>For more information about this class, see <a href='#geniserver.GeniServer-class'><i>The GeniServer Class</i></a>.</p>
+</dd>
+<dt><b>SecureXMLRpcRequestHandler</b> (class) [<a href='#geniserver.SecureXMLRpcRequestHandler-class'>#</a>]</dt>
+<dd>
+<p>taken from the web (XXX find reference).</p>
+<p>For more information about this class, see <a href='#geniserver.SecureXMLRpcRequestHandler-class'><i>The SecureXMLRpcRequestHandler Class</i></a>.</p>
+</dd>
+<dt><b>SecureXMLRPCServer(server_address, HandlerClass, key_file, cert_file, logRequests=True)</b> (class) [<a href='#geniserver.SecureXMLRPCServer-class'>#</a>]</dt>
+<dd>
+<p>Taken from the web (XXX find reference).</p>
+<p>For more information about this class, see <a href='#geniserver.SecureXMLRPCServer-class'><i>The SecureXMLRPCServer Class</i></a>.</p>
+</dd>
+<dt><a id='geniserver.verify_callback-function' name='geniserver.verify_callback-function'><b>verify_callback(conn, x509, err, depth, preverify)</b></a> [<a href='#geniserver.verify_callback-function'>#</a>]</dt>
+<dd>
+<p>Verification callback for pyOpenSSL. We do our own checking of keys because
+we have our own authentication spec. Thus we disable several of the normal
+prohibitions that OpenSSL places on certificates</p>
+</dd>
+</dl>
+<h2><a id='geniserver.GeniServer-class' name='geniserver.GeniServer-class'>The GeniServer Class</a></h2>
+<dl>
+<dt><b>GeniServer(ip, port, key_file, cert_file)</b> (class) [<a href='#geniserver.GeniServer-class'>#</a>]</dt>
+<dd>
+<p>Implements an HTTPS XML-RPC server. Generally it is expected that GENI
+functions will take a credential string, which is passed to
+decode_authentication. Decode_authentication() will verify the validity of
+the credential, and verify that the user is using the key that matches the
+GID supplied in the credential.</p>
+</dd>
+<dt><a id='geniserver.GeniServer.decode_authentication-method' name='geniserver.GeniServer.decode_authentication-method'><b>decode_authentication(cred_string, operation)</b></a> [<a href='#geniserver.GeniServer.decode_authentication-method'>#</a>]</dt>
+<dd>
+<p>Decode the credential string that was submitted by the caller. Several
+checks are performed to ensure that the credential is valid, and that the
+callerGID included in the credential matches the caller that is
+connected to the HTTPS connection.</p>
+</dd>
+<dt><a id='geniserver.GeniServer.noop-method' name='geniserver.GeniServer.noop-method'><b>noop(cred, anything)</b></a> [<a href='#geniserver.GeniServer.noop-method'>#</a>]</dt>
+<dd>
+<p>Sample no-op server function. The no-op function decodes the credential
+that was passed to it.</p>
+</dd>
+<dt><a id='geniserver.GeniServer.register_functions-method' name='geniserver.GeniServer.register_functions-method'><b>register_functions()</b></a> [<a href='#geniserver.GeniServer.register_functions-method'>#</a>]</dt>
+<dd>
+<p>Register functions that will be served by the XMLRPC server. This
+function should be overrided by each descendant class.</p>
+</dd>
+<dt><a id='geniserver.GeniServer.run-method' name='geniserver.GeniServer.run-method'><b>run()</b></a> [<a href='#geniserver.GeniServer.run-method'>#</a>]</dt>
+<dd>
+<p>Execute the server, serving requests forever.</p>
+</dd>
+</dl>
+<h2><a id='geniserver.SecureXMLRpcRequestHandler-class' name='geniserver.SecureXMLRpcRequestHandler-class'>The SecureXMLRpcRequestHandler Class</a></h2>
+<dl>
+<dt><b>SecureXMLRpcRequestHandler</b> (class) [<a href='#geniserver.SecureXMLRpcRequestHandler-class'>#</a>]</dt>
+<dd>
+<p>taken from the web (XXX find reference). Implents HTTPS xmlrpc request handler</p>
+</dd>
+</dl>
+<h2><a id='geniserver.SecureXMLRPCServer-class' name='geniserver.SecureXMLRPCServer-class'>The SecureXMLRPCServer Class</a></h2>
+<dl>
+<dt><b>SecureXMLRPCServer(server_address, HandlerClass, key_file, cert_file, logRequests=True)</b> (class) [<a href='#geniserver.SecureXMLRPCServer-class'>#</a>]</dt>
+<dd>
+<p>Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server</p>
+</dd>
+</dl>
+</body></html>
--- /dev/null
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
+<title>The hierarchy Module</title>
+</head>
+<body>
+<h1>The hierarchy Module</h1>
+<p>This module implements a hierarchy of authorities and performs a similar
+function as the "tree" module of the original geniwrapper prototype. An HRN
+is assumed to be a string of authorities separated by dots. For example,
+"planetlab.us.arizona.bakers". Each component of the HRN is a different
+authority, with the last component being a leaf in the tree.
+
+Each authority is stored in a subdirectory on the registry. Inside this
+subdirectory are several files:
+ *.GID - GID file
+ *.PKEY - private key file
+ *.DBINFO - database info</p>
+<dl>
+<dt><b>AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)</b> (class) [<a href='#hierarchy.AuthInfo-class'>#</a>]</dt>
+<dd>
+<p>The AuthInfo class contains the information for an authority.</p>
+<p>For more information about this class, see <a href='#hierarchy.AuthInfo-class'><i>The AuthInfo Class</i></a>.</p>
+</dd>
+<dt><b>Hierarchy(basedir=".")</b> (class) [<a href='#hierarchy.Hierarchy-class'>#</a>]</dt>
+<dd>
+<p>The Hierarchy class is responsible for managing the tree of authorities.</p>
+<p>For more information about this class, see <a href='#hierarchy.Hierarchy-class'><i>The Hierarchy Class</i></a>.</p>
+</dd>
+</dl>
+<h2><a id='hierarchy.AuthInfo-class' name='hierarchy.AuthInfo-class'>The AuthInfo Class</a></h2>
+<dl>
+<dt><b>AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename)</b> (class) [<a href='#hierarchy.AuthInfo-class'>#</a>]</dt>
+<dd>
+<p>The AuthInfo class contains the information for an authority. This information
+includes the GID, private key, and database connection information.</p>
+</dd>
+<dt><a id='hierarchy.AuthInfo.__init__-method' name='hierarchy.AuthInfo.__init__-method'><b>__init__(hrn, gid_filename, privkey_filename, dbinfo_filename)</b></a> [<a href='#hierarchy.AuthInfo.__init__-method'>#</a>]</dt>
+<dd>
+<p>Initialize and authority object.</p>
+<dl>
+<dt><i>hrn</i></dt>
+<dd>
+the human readable name of the authority</dd>
+<dt><i>gid_filename</i></dt>
+<dd>
+the filename containing the GID</dd>
+<dt><i>privkey_filename</i></dt>
+<dd>
+the filename containing the private key</dd>
+<dt><i>dbinfo_filename</i></dt>
+<dd>
+the filename containing the database info</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.AuthInfo.get_dbinfo-method' name='hierarchy.AuthInfo.get_dbinfo-method'><b>get_dbinfo()</b></a> [<a href='#hierarchy.AuthInfo.get_dbinfo-method'>#</a>]</dt>
+<dd>
+<p>Get the dbinfo in the form of a dictionary</p>
+</dd>
+<dt><a id='hierarchy.AuthInfo.get_gid_object-method' name='hierarchy.AuthInfo.get_gid_object-method'><b>get_gid_object()</b></a> [<a href='#hierarchy.AuthInfo.get_gid_object-method'>#</a>]</dt>
+<dd>
+<p>Get the GID in the form of a GID object</p>
+</dd>
+<dt><a id='hierarchy.AuthInfo.get_pkey_object-method' name='hierarchy.AuthInfo.get_pkey_object-method'><b>get_pkey_object()</b></a> [<a href='#hierarchy.AuthInfo.get_pkey_object-method'>#</a>]</dt>
+<dd>
+<p>Get the private key in the form of a Keypair object</p>
+</dd>
+<dt><a id='hierarchy.AuthInfo.set_gid_filename-method' name='hierarchy.AuthInfo.set_gid_filename-method'><b>set_gid_filename(fn)</b></a> [<a href='#hierarchy.AuthInfo.set_gid_filename-method'>#</a>]</dt>
+<dd>
+<p>Set the filename of the GID</p>
+<dl>
+<dt><i>fn</i></dt>
+<dd>
+filename of file containing GID</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.AuthInfo.update_gid_object-method' name='hierarchy.AuthInfo.update_gid_object-method'><b>update_gid_object(gid)</b></a> [<a href='#hierarchy.AuthInfo.update_gid_object-method'>#</a>]</dt>
+<dd>
+<p>Replace the GID with a new one. The file specified by gid_filename is
+overwritten with the new GID object</p>
+<dl>
+<dt><i>gid</i></dt>
+<dd>
+object containing new GID</dd>
+</dl><br />
+</dd>
+</dl>
+<h2><a id='hierarchy.Hierarchy-class' name='hierarchy.Hierarchy-class'>The Hierarchy Class</a></h2>
+<dl>
+<dt><b>Hierarchy(basedir=".")</b> (class) [<a href='#hierarchy.Hierarchy-class'>#</a>]</dt>
+<dd>
+<p>The Hierarchy class is responsible for managing the tree of authorities.
+Each authority is a node in the tree and exists as an AuthInfo object.
+
+The tree is stored on disk in a hierarchical manner than reflects the
+structure of the tree. Each authority is a subdirectory, and each subdirectory
+contains the GID, pkey, and dbinfo files for that authority (as well as
+subdirectories for each sub-authority)</p>
+</dd>
+<dt><a id='hierarchy.Hierarchy.auth_exists-method' name='hierarchy.Hierarchy.auth_exists-method'><b>auth_exists(hrn)</b></a> [<a href='#hierarchy.Hierarchy.auth_exists-method'>#</a>]</dt>
+<dd>
+<p>Check to see if an authority exists. An authority exists if it's disk
+files exist.</p>
+<dl>
+<dt><i>the</i></dt>
+<dd>
+human readable name of the authority to check</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.Hierarchy.create_auth-method' name='hierarchy.Hierarchy.create_auth-method'><b>create_auth(hrn, create_parents=False)</b></a> [<a href='#hierarchy.Hierarchy.create_auth-method'>#</a>]</dt>
+<dd>
+<p>Create an authority. A private key for the authority and the associated
+GID are created and signed by the parent authority.</p>
+<dl>
+<dt><i>hrn</i></dt>
+<dd>
+the human readable name of the authority to create</dd>
+<dt><i>create_parents</i></dt>
+<dd>
+if true, also create the parents if they do not exist</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.Hierarchy.create_gid-method' name='hierarchy.Hierarchy.create_gid-method'><b>create_gid(hrn, uuid, pkey)</b></a> [<a href='#hierarchy.Hierarchy.create_gid-method'>#</a>]</dt>
+<dd>
+<p>Create a new GID. The GID will be signed by the authority that is it's
+immediate parent in the hierarchy (and recursively, the parents' GID
+will be signed by its parent)</p>
+<dl>
+<dt><i>hrn</i></dt>
+<dd>
+the human readable name to store in the GID</dd>
+<dt><i>uuid</i></dt>
+<dd>
+the unique identifier to store in the GID</dd>
+<dt><i>pkey</i></dt>
+<dd>
+the public key to store in the GID</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.Hierarchy.get_auth_cred-method' name='hierarchy.Hierarchy.get_auth_cred-method'><b>get_auth_cred(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_cred-method'>#</a>]</dt>
+<dd>
+<p>Retrieve an authority credential for an authority. The authority
+credential will contain the authority privilege and will be signed by
+the authority's parent.</p>
+<dl>
+<dt><i>hrn</i></dt>
+<dd>
+the human readable name of the authority</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.Hierarchy.get_auth_filenames-method' name='hierarchy.Hierarchy.get_auth_filenames-method'><b>get_auth_filenames(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_filenames-method'>#</a>]</dt>
+<dd>
+<p>Given a hrn, return the filenames of the GID, private key, and dbinfo
+files.</p>
+<dl>
+<dt><i>hrn</i></dt>
+<dd>
+the human readable name of the authority</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.Hierarchy.get_auth_info-method' name='hierarchy.Hierarchy.get_auth_info-method'><b>get_auth_info(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_info-method'>#</a>]</dt>
+<dd>
+<p>Return the AuthInfo object for the specified authority. If the authority
+does not exist, then an exception is thrown. As a side effect, disk files
+and a subdirectory may be created to store the authority.</p>
+<dl>
+<dt><i>hrn</i></dt>
+<dd>
+the human readable name of the authority to create.</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.Hierarchy.get_auth_ticket-method' name='hierarchy.Hierarchy.get_auth_ticket-method'><b>get_auth_ticket(hrn)</b></a> [<a href='#hierarchy.Hierarchy.get_auth_ticket-method'>#</a>]</dt>
+<dd>
+<p>Retrieve an authority ticket. An authority ticket is not actually a
+redeemable ticket, but only serves the purpose of being included as the
+parent of another ticket, in order to provide a chain of authentication
+for a ticket.
+
+This looks almost the same as get_auth_cred, but works for tickets
+XXX does similarity imply there should be more code re-use?</p>
+<dl>
+<dt><i>hrn</i></dt>
+<dd>
+the human readable name of the authority</dd>
+</dl><br />
+</dd>
+<dt><a id='hierarchy.Hierarchy.refresh_gid-method' name='hierarchy.Hierarchy.refresh_gid-method'><b>refresh_gid(gid, hrn=None, uuid=None, pubkey=None)</b></a> [<a href='#hierarchy.Hierarchy.refresh_gid-method'>#</a>]</dt>
+<dd>
+<p>Refresh a GID. The primary use of this function is to refresh the
+the expiration time of the GID. It may also be used to change the HRN,
+UUID, or Public key of the GID.</p>
+<dl>
+<dt><i>gid</i></dt>
+<dd>
+the GID to refresh</dd>
+<dt><i>hrn</i></dt>
+<dd>
+if !=None, change the hrn</dd>
+<dt><i>uuid</i></dt>
+<dd>
+if !=None, change the uuid</dd>
+<dt><i>pubkey</i></dt>
+<dd>
+if !=None, change the public key</dd>
+</dl><br />
+</dd>
+</dl>
+</body></html>
--- /dev/null
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
+<title>The import Module</title>
+</head>
+<body>
+<h1>The import Module</h1>
+<p>Import PLC records into the Geni database. It is indended that this tool be
+run once to create Geni records that reflect the current state of the
+planetlab database.
+
+The import tool assumes that the existing PLC hierarchy should all be part
+of "planetlab.us" (see the root_auth and level1_auth variables below).
+
+Public keys are extracted from the users' SSH keys automatically and used to
+create GIDs. This is relatively experimental as a custom tool had to be
+written to perform conversion from SSH to OpenSSL format. It only supports
+RSA keys at this time, not DSA keys.</p>
+<dl>
+<dt><a id='import.root_auth-variable' name='import.root_auth-variable'><b>root_auth</b></a> (variable) [<a href='#import.root_auth-variable'>#</a>]</dt>
+<dd>
+<p>Two authorities are specified: the root authority and the level1 authority.</p>
+</dd>
+</dl>
+</body></html>
--- /dev/null
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
+<title>The record Module</title>
+</head>
+<body>
+<h1>The record Module</h1>
+<p>Implements support for geni records
+
+TODO: Use existing PLC database methods? or keep this separate?</p>
+<dl>
+<dt><b>GeniRecord(name=None, gid=None, type=None, pointer=None, dict=None)</b> (class) [<a href='#record.GeniRecord-class'>#</a>]</dt>
+<dd>
+<p>The GeniRecord class implements a Geni Record.</p>
+<p>For more information about this class, see <a href='#record.GeniRecord-class'><i>The GeniRecord Class</i></a>.</p>
+</dd>
+</dl>
+<h2><a id='record.GeniRecord-class' name='record.GeniRecord-class'>The GeniRecord Class</a></h2>
+<dl>
+<dt><b>GeniRecord(name=None, gid=None, type=None, pointer=None, dict=None)</b> (class) [<a href='#record.GeniRecord-class'>#</a>]</dt>
+<dd>
+<p>The GeniRecord class implements a Geni Record. A GeniRecord is a tuple
+(Name, GID, Type, Info).
+
+Name specifies the HRN of the object
+GID is the GID of the object
+Type is user | sa | ma | slice | component
+
+Info is comprised of the following sub-fields
+ pointer = a pointer to the record in the PL database
+ pl_info = planetlab-specific info (when talking to client)
+ geni_info = geni-specific info (when talking to client)
+
+The pointer is interpreted depending on the type of the record. For example,
+if the type=="user", then pointer is assumed to be a person_id that indexes
+into the persons table.
+
+A given HRN may have more than one record, provided that the records are
+of different types. For example, planetlab.us.arizona may have both an SA
+and a MA record, but cannot have two SA records.</p>
+</dd>
+<dt><a id='record.GeniRecord.as_dict-method' name='record.GeniRecord.as_dict-method'><b>as_dict()</b></a> [<a href='#record.GeniRecord.as_dict-method'>#</a>]</dt>
+<dd>
+<p>Return the record in the form of a dictionary</p>
+</dd>
+<dt><a id='record.GeniRecord.dump-method' name='record.GeniRecord.dump-method'><b>dump(dump_parents=False)</b></a> [<a href='#record.GeniRecord.dump-method'>#</a>]</dt>
+<dd>
+<p>Dump the record to stdout</p>
+<dl>
+<dt><i>dump_parents</i></dt>
+<dd>
+if true, then the parents of the GID will be dumped</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.get_field_names-method' name='record.GeniRecord.get_field_names-method'><b>get_field_names()</b></a> [<a href='#record.GeniRecord.get_field_names-method'>#</a>]</dt>
+<dd>
+<p>Returns a list of field names in this record. pl_info, geni_info are not
+included because they are not part of the record that is stored in the
+database, but are rather computed values from other entities</p>
+</dd>
+<dt><a id='record.GeniRecord.get_field_value_string-method' name='record.GeniRecord.get_field_value_string-method'><b>get_field_value_string(fieldname)</b></a> [<a href='#record.GeniRecord.get_field_value_string-method'>#</a>]</dt>
+<dd>
+<p>Given a field name ("name", "gid", ...) return the value of that field.</p>
+<dl>
+<dt><i>name</i></dt>
+<dd>
+is the name of field to be returned</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.get_field_value_strings-method' name='record.GeniRecord.get_field_value_strings-method'><b>get_field_value_strings(fieldnames)</b></a> [<a href='#record.GeniRecord.get_field_value_strings-method'>#</a>]</dt>
+<dd>
+<p>Given a list of field names, return a list of values for those fields.</p>
+<dl>
+<dt><i>fieldnames</i></dt>
+<dd>
+is a list of field names</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.get_geni_info-method' name='record.GeniRecord.get_geni_info-method'><b>get_geni_info()</b></a> [<a href='#record.GeniRecord.get_geni_info-method'>#</a>]</dt>
+<dd>
+<p>Return the geni_info of the record, or an empty dictionary if none exists</p>
+</dd>
+<dt><a id='record.GeniRecord.get_gid_object-method' name='record.GeniRecord.get_gid_object-method'><b>get_gid_object()</b></a> [<a href='#record.GeniRecord.get_gid_object-method'>#</a>]</dt>
+<dd>
+<p>Return the GID of the record, in the form of a GID object
+TODO: not the best name for the function, because we have things called
+gidObjects in the Cred</p>
+</dd>
+<dt><a id='record.GeniRecord.get_key-method' name='record.GeniRecord.get_key-method'><b>get_key()</b></a> [<a href='#record.GeniRecord.get_key-method'>#</a>]</dt>
+<dd>
+<p>Return a key that uniquely identifies this record among all records in
+Geni. This key is used to uniquely identify the record in the Geni
+database.</p>
+</dd>
+<dt><a id='record.GeniRecord.get_name-method' name='record.GeniRecord.get_name-method'><b>get_name()</b></a> [<a href='#record.GeniRecord.get_name-method'>#</a>]</dt>
+<dd>
+<p>Return the name (HRN) of the record</p>
+</dd>
+<dt><a id='record.GeniRecord.get_pl_info-method' name='record.GeniRecord.get_pl_info-method'><b>get_pl_info()</b></a> [<a href='#record.GeniRecord.get_pl_info-method'>#</a>]</dt>
+<dd>
+<p>Return the pl_info of the record, or an empty dictionary if none exists</p>
+</dd>
+<dt><a id='record.GeniRecord.get_pointer-method' name='record.GeniRecord.get_pointer-method'><b>get_pointer()</b></a> [<a href='#record.GeniRecord.get_pointer-method'>#</a>]</dt>
+<dd>
+<p>Return the pointer of the record. The pointer is an integer that may be
+used to look up the record in the PLC database. The evaluation of pointer
+depends on the type of the record</p>
+</dd>
+<dt><a id='record.GeniRecord.get_type-method' name='record.GeniRecord.get_type-method'><b>get_type()</b></a> [<a href='#record.GeniRecord.get_type-method'>#</a>]</dt>
+<dd>
+<p>Return the type of the record</p>
+</dd>
+<dt><a id='record.GeniRecord.set_geni_info-method' name='record.GeniRecord.set_geni_info-method'><b>set_geni_info(geni_info)</b></a> [<a href='#record.GeniRecord.set_geni_info-method'>#</a>]</dt>
+<dd>
+<p>Set the geni info the record</p>
+<dl>
+<dt><i>geni_info</i></dt>
+<dd>
+is a dictionary containing geni info</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.set_gid-method' name='record.GeniRecord.set_gid-method'><b>set_gid(gid)</b></a> [<a href='#record.GeniRecord.set_gid-method'>#</a>]</dt>
+<dd>
+<p>Set the GID of the record</p>
+<dl>
+<dt><i>gid</i></dt>
+<dd>
+is a GID object or the string representation of a GID object</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.set_name-method' name='record.GeniRecord.set_name-method'><b>set_name(name)</b></a> [<a href='#record.GeniRecord.set_name-method'>#</a>]</dt>
+<dd>
+<p>Set the name of the record</p>
+<dl>
+<dt><i>name</i></dt>
+<dd>
+is a string containing the HRN</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.set_pl_info-method' name='record.GeniRecord.set_pl_info-method'><b>set_pl_info(pl_info)</b></a> [<a href='#record.GeniRecord.set_pl_info-method'>#</a>]</dt>
+<dd>
+<p>Set the PLC info of the record</p>
+<dl>
+<dt><i>pl_info</i></dt>
+<dd>
+is a dictionary containing planetlab info</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.set_pointer-method' name='record.GeniRecord.set_pointer-method'><b>set_pointer(pointer)</b></a> [<a href='#record.GeniRecord.set_pointer-method'>#</a>]</dt>
+<dd>
+<p>Set the pointer of the record</p>
+<dl>
+<dt><i>pointer</i></dt>
+<dd>
+is an integer containing the ID of a PLC record</dd>
+</dl><br />
+</dd>
+<dt><a id='record.GeniRecord.set_type-method' name='record.GeniRecord.set_type-method'><b>set_type(type)</b></a> [<a href='#record.GeniRecord.set_type-method'>#</a>]</dt>
+<dd>
+<p>Set the type of the record</p>
+<dl>
+<dt><i>type</i></dt>
+<dd>
+is a string: user | sa | ma | slice | component</dd>
+</dl><br />
+</dd>
+</dl>
+</body></html>
--- /dev/null
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=us-ascii' />
+<title>The registry Module</title>
+</head>
+<body>
+<h1>The registry Module</h1>
+<p>Geni Registry Wrapper
+
+This wrapper implements the Geni Registry.
+
+There are several items that need to be done before starting the registry.
+
+1) Update util/config.py to match the parameters of your PLC installation.
+
+2) Import the existing planetlab database, creating the
+appropriate geni records. This is done by running the "import.py" tool.
+
+3) Create a "trusted_roots" directory and place the certificate of the root
+authority in that directory. Given the defaults in import.py, this certificate
+would be named "planetlab.gid". For example,
+
+ mkdir trusted_roots; cp authorities/planetlab.gid trusted_roots/</p>
+<dl>
+<dt><a id='registry.geni_fields_to_pl_fields-function' name='registry.geni_fields_to_pl_fields-function'><b>geni_fields_to_pl_fields(type, hrn, geni_fields, pl_fields)</b></a> [<a href='#registry.geni_fields_to_pl_fields-function'>#</a>]</dt>
+<dd>
+<p>Convert geni fields to PLC fields for use when registering up updating
+registry record in the PLC database</p>
+<dl>
+<dt><i>type</i></dt>
+<dd>
+type of record (user, slice, ...)</dd>
+<dt><i>hrn</i></dt>
+<dd>
+human readable name</dd>
+<dt><i>geni_fields</i></dt>
+<dd>
+dictionary of geni fields</dd>
+<dt><i>pl_fields</i></dt>
+<dd>
+dictionary of PLC fields (output)</dd>
+</dl><br />
+</dd>
+<dt><b>Registry(ip, port, key_file, cert_file)</b> (class) [<a href='#registry.Registry-class'>#</a>]</dt>
+<dd>
+<p>Registry is a GeniServer that serves registry requests.</p>
+<p>For more information about this class, see <a href='#registry.Registry-class'><i>The Registry Class</i></a>.</p>
+</dd>
+</dl>
+<h2><a id='registry.Registry-class' name='registry.Registry-class'>The Registry Class</a></h2>
+<dl>
+<dt><b>Registry(ip, port, key_file, cert_file)</b> (class) [<a href='#registry.Registry-class'>#</a>]</dt>
+<dd>
+<p>Registry is a GeniServer that serves registry requests. It also serves
+component and slice operations that are implemented on the registry
+due to SFA engineering decisions</p>
+</dd>
+<dt><a id='registry.Registry.connect_local_shell-method' name='registry.Registry.connect_local_shell-method'><b>connect_local_shell()</b></a> [<a href='#registry.Registry.connect_local_shell-method'>#</a>]</dt>
+<dd>
+<p>Connect to a local shell via local API functions</p>
+</dd>
+<dt><a id='registry.Registry.connect_remote_shell-method' name='registry.Registry.connect_remote_shell-method'><b>connect_remote_shell()</b></a> [<a href='#registry.Registry.connect_remote_shell-method'>#</a>]</dt>
+<dd>
+<p>Connect to a remote shell via XMLRPC</p>
+</dd>
+<dt><a id='registry.Registry.create_gid-method' name='registry.Registry.create_gid-method'><b>create_gid(cred, name, uuid, pubkey_str)</b></a> [<a href='#registry.Registry.create_gid-method'>#</a>]</dt>
+<dd>
+<p>GENI_API: Create_gid
+
+Create a new GID. For MAs and SAs that are physically located on the
+registry, this allows a owner/operator/PI to create a new GID and have it
+signed by his respective authority.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential of caller</dd>
+<dt><i>name</i></dt>
+<dd>
+hrn for new GID</dd>
+<dt><i>uuid</i></dt>
+<dd>
+unique identifier for new GID</dd>
+<dt><i>pkey_string</i></dt>
+<dd>
+public-key string (TODO: why is this a string and not a keypair object?)</dd>
+<dt>Returns:</dt>
+<dd>
+the string representation of a GID object</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.determine_rights-method' name='registry.Registry.determine_rights-method'><b>determine_rights(type, name)</b></a> [<a href='#registry.Registry.determine_rights-method'>#</a>]</dt>
+<dd>
+<p>Determine tje rights that an object should have. The rights are entirely
+dependent on the type of the object. For example, users automatically
+get "refresh", "resolve", and "info".</p>
+<dl>
+<dt><i>type</i></dt>
+<dd>
+the type of the object (user | sa | ma | slice | node)</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name of the object (not used at this time)</dd>
+<dt>Returns:</dt>
+<dd>
+RightList object containing rights</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.fill_record_geni_info-method' name='registry.Registry.fill_record_geni_info-method'><b>fill_record_geni_info(record)</b></a> [<a href='#registry.Registry.fill_record_geni_info-method'>#</a>]</dt>
+<dd>
+<p>Fill in the geni-specific fields of the record.
+
+Note: It is assumed the fill_record_pl_info() has already been performed
+on the record.</p>
+</dd>
+<dt><a id='registry.Registry.fill_record_info-method' name='registry.Registry.fill_record_info-method'><b>fill_record_info(record)</b></a> [<a href='#registry.Registry.fill_record_info-method'>#</a>]</dt>
+<dd>
+<p>Given a Geni record, fill in the PLC-specific and Geni-specific fields
+in the record.</p>
+</dd>
+<dt><a id='registry.Registry.fill_record_pl_info-method' name='registry.Registry.fill_record_pl_info-method'><b>fill_record_pl_info(record)</b></a> [<a href='#registry.Registry.fill_record_pl_info-method'>#</a>]</dt>
+<dd>
+<p>Fill in the planetlab-specific fields of a Geni record. This involves
+calling the appropriate PLC methods to retrieve the database record for
+the object.
+
+PLC data is filled into the pl_info field of the record.</p>
+<dl>
+<dt><i>record</i></dt>
+<dd>
+record to fill in fields (in/out param)</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.get_auth_info-method' name='registry.Registry.get_auth_info-method'><b>get_auth_info(auth_hrn)</b></a> [<a href='#registry.Registry.get_auth_info-method'>#</a>]</dt>
+<dd>
+<p>Given an authority name, return the information for that authority. This
+is basically a stub that calls the hierarchy module.</p>
+<dl>
+<dt><i>auth_hrn</i></dt>
+<dd>
+human readable name of authority</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.get_auth_table-method' name='registry.Registry.get_auth_table-method'><b>get_auth_table(auth_name)</b></a> [<a href='#registry.Registry.get_auth_table-method'>#</a>]</dt>
+<dd>
+<p>Given an authority name, return the database table for that authority. If
+the database table does not exist, then one will be automatically
+created.</p>
+<dl>
+<dt><i>auth_name</i></dt>
+<dd>
+human readable name of authority</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.get_credential-method' name='registry.Registry.get_credential-method'><b>get_credential(cred, type, name)</b></a> [<a href='#registry.Registry.get_credential-method'>#</a>]</dt>
+<dd>
+<p>GENI API: Get_credential
+
+Retrieve a credential for an object.
+
+If cred==None, then the behavior reverts to get_self_credential()</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential object specifying rights of the caller</dd>
+<dt><i>type</i></dt>
+<dd>
+type of object (user | slice | sa | ma | node)</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name of object</dd>
+<dt>Returns:</dt>
+<dd>
+the string representation of a credental object</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.get_gid-method' name='registry.Registry.get_gid-method'><b>get_gid(name)</b></a> [<a href='#registry.Registry.get_gid-method'>#</a>]</dt>
+<dd>
+<p>GENI API: get_gid
+
+Retrieve the GID for an object. This function looks up a record in the
+registry and returns the GID of the record if it exists.
+TODO: Is this function needed? It's a shortcut for Resolve()</p>
+<dl>
+<dt><i>name</i></dt>
+<dd>
+hrn to look up</dd>
+<dt>Returns:</dt>
+<dd>
+the string representation of a GID object</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.get_self_credential-method' name='registry.Registry.get_self_credential-method'><b>get_self_credential(type, name)</b></a> [<a href='#registry.Registry.get_self_credential-method'>#</a>]</dt>
+<dd>
+<p>GENI API: Get_self_credential
+
+Get_self_credential a degenerate version of get_credential used by a
+client to get his initial credential when he doesn't have one. This is
+the same as get_credential(..., cred=None,...).
+
+The registry ensures that the client is the principal that is named by
+(type, name) by comparing the public key in the record's GID to the
+private key used to encrypt the client-side of the HTTPS connection. Thus
+it is impossible for one principal to retrieve another principal's
+credential without having the appropriate private key.</p>
+<dl>
+<dt><i>type</i></dt>
+<dd>
+type of object (user | slice | sa | ma | node</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name of object</dd>
+<dt>Returns:</dt>
+<dd>
+the string representation of a credential object</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.get_ticket-method' name='registry.Registry.get_ticket-method'><b>get_ticket(cred, name, rspec)</b></a> [<a href='#registry.Registry.get_ticket-method'>#</a>]</dt>
+<dd>
+<p>GENI API: get_ticket
+
+Retrieve a ticket. This operation is currently implemented on the
+registry (see SFA, engineering decisions), and is not implemented on
+components.
+
+The ticket is filled in with information from the PLC database. This
+information includes resources, and attributes such as user keys and
+initscripts.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential string</dd>
+<dt><i>name</i></dt>
+<dd>
+name of the slice to retrieve a ticket for</dd>
+<dt><i>rspec</i></dt>
+<dd>
+resource specification dictionary</dd>
+<dt>Returns:</dt>
+<dd>
+the string representation of a ticket object</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.list-method' name='registry.Registry.list-method'><b>list(cred)</b></a> [<a href='#registry.Registry.list-method'>#</a>]</dt>
+<dd>
+<p>List the records in an authority. The objectGID in the supplied credential
+should name the authority that will be listed.
+
+TODO: List doesn't take an hrn and uses the hrn contained in the
+ objectGid of the credential. Does this mean the only way to list an
+ authority is by having a credential for that authority?</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential string specifying rights of the caller</dd>
+<dt>Returns:</dt>
+<dd>
+list of record dictionaries</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.lookup_users-method' name='registry.Registry.lookup_users-method'><b>lookup_users(auth_table, user_id_list, role="*")</b></a> [<a href='#registry.Registry.lookup_users-method'>#</a>]</dt>
+<dd>
+<p>Look up user records given PLC user-ids. This is used as part of the
+process for reverse-mapping PLC records into Geni records.</p>
+<dl>
+<dt><i>auth_table</i></dt>
+<dd>
+database table for the authority that holds the user records</dd>
+<dt><i>user_id_list</i></dt>
+<dd>
+list of user ids</dd>
+<dt><i>role</i></dt>
+<dd>
+either "*" or a string describing the role to look for ("pi", "user", ...)
+
+TODO: This function currently only searches one authority because it would
+be inefficient to brute-force search all authorities for a user id. The
+solution would likely be to implement a reverse mapping of user-id to
+(type, hrn) pairs.</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.record_to_slice_info-method' name='registry.Registry.record_to_slice_info-method'><b>record_to_slice_info(record)</b></a> [<a href='#registry.Registry.record_to_slice_info-method'>#</a>]</dt>
+<dd>
+<p>Convert a PLC record into the slice information that will be stored in
+a ticket. There are two parts to this information: attributes and
+rspec.
+
+Attributes are non-resource items, such as keys and the initscript
+Rspec is a set of resource specifications</p>
+<dl>
+<dt><i>record</i></dt>
+<dd>
+a record object</dd>
+<dt>Returns:</dt>
+<dd>
+a tuple (attrs, rspec) of dictionaries</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.register-method' name='registry.Registry.register-method'><b>register(cred, record_dict)</b></a> [<a href='#registry.Registry.register-method'>#</a>]</dt>
+<dd>
+<p>GENI API: register
+
+Register an object with the registry. In addition to being stored in the
+Geni database, the appropriate records will also be created in the
+PLC databases</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential string</dd>
+<dt><i>record_dict</i></dt>
+<dd>
+dictionary containing record fields</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.register_functions-method' name='registry.Registry.register_functions-method'><b>register_functions()</b></a> [<a href='#registry.Registry.register_functions-method'>#</a>]</dt>
+<dd>
+<p>Register the server RPCs for the registry</p>
+</dd>
+<dt><a id='registry.Registry.remove-method' name='registry.Registry.remove-method'><b>remove(cred, record_dict)</b></a> [<a href='#registry.Registry.remove-method'>#</a>]</dt>
+<dd>
+<p>GENI API: remove
+
+Remove an object from the registry. If the object represents a PLC object,
+then the PLC records will also be removed.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential string</dd>
+<dt><i>record_dict</i></dt>
+<dd>
+dictionary containing record fields. The only relevant
+ fields of the record are 'name' and 'type', which are used to lookup
+ the current copy of the record in the Geni database, to make sure
+ that the appopriate record is removed.</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.resolve-method' name='registry.Registry.resolve-method'><b>resolve(cred, name)</b></a> [<a href='#registry.Registry.resolve-method'>#</a>]</dt>
+<dd>
+<p>GENI API: Resolve
+
+This is a wrapper around resolve_raw that converts records objects into
+dictionaries before returning them to the user.</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential string authorizing the caller</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name to resolve</dd>
+<dt>Returns:</dt>
+<dd>
+a list of record dictionaries, or an empty list</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.resolve_raw-method' name='registry.Registry.resolve_raw-method'><b>resolve_raw(type, name, must_exist=True)</b></a> [<a href='#registry.Registry.resolve_raw-method'>#</a>]</dt>
+<dd>
+<p>Resolve a record. This is an internal version of the Resolve API call
+and returns records in record object format rather than dictionaries
+that may be sent over XMLRPC.</p>
+<dl>
+<dt><i>type</i></dt>
+<dd>
+type of record to resolve (user | sa | ma | slice | node)</dd>
+<dt><i>name</i></dt>
+<dd>
+human readable name of object</dd>
+<dt><i>must_exist</i></dt>
+<dd>
+if True, throw an exception if no records are found</dd>
+<dt>Returns:</dt>
+<dd>
+a list of record objects, or an empty list []</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.update-method' name='registry.Registry.update-method'><b>update(cred, record_dict)</b></a> [<a href='#registry.Registry.update-method'>#</a>]</dt>
+<dd>
+<p>GENI API: Register
+
+Update an object in the registry. Currently, this only updates the
+PLC information associated with the record. The Geni fields (name, type,
+GID) are fixed.
+
+The record is expected to have the pl_info field filled in with the data
+that should be updated.
+
+TODO: The geni_info member of the record should be parsed and the pl_info
+adjusted as necessary (add/remove users from a slice, etc)</p>
+<dl>
+<dt><i>cred</i></dt>
+<dd>
+credential string specifying rights of the caller</dd>
+<dt><i>record</i></dt>
+<dd>
+a record dictionary to be updated</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.verify_auth_belongs_to_me-method' name='registry.Registry.verify_auth_belongs_to_me-method'><b>verify_auth_belongs_to_me(name)</b></a> [<a href='#registry.Registry.verify_auth_belongs_to_me-method'>#</a>]</dt>
+<dd>
+<p>Verify that an authority belongs to this registry. This is basically left
+up to the implementation of the hierarchy module. If the specified name
+does not belong to this registry, an exception is thrown indicating the
+caller should contact someone else.</p>
+<dl>
+<dt><i>auth_name</i></dt>
+<dd>
+human readable name of authority</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.verify_object_belongs_to_me-method' name='registry.Registry.verify_object_belongs_to_me-method'><b>verify_object_belongs_to_me(name)</b></a> [<a href='#registry.Registry.verify_object_belongs_to_me-method'>#</a>]</dt>
+<dd>
+<p>Verify that an object belongs to this registry. By extension, this implies
+that the authority that owns the object belongs to this registry. If the
+object does not belong to this registry, then an exception is thrown.</p>
+<dl>
+<dt><i>name</i></dt>
+<dd>
+human readable name of object</dd>
+</dl><br />
+</dd>
+<dt><a id='registry.Registry.verify_object_permission-method' name='registry.Registry.verify_object_permission-method'><b>verify_object_permission(name)</b></a> [<a href='#registry.Registry.verify_object_permission-method'>#</a>]</dt>
+<dd>
+<p>Verify that the object_gid that was specified in the credential allows
+permission to the object 'name'. This is done by a simple prefix test.
+For example, an object_gid for planetlab.us.arizona would match the
+objects planetlab.us.arizona.slice1 and planetlab.us.arizona.</p>
+<dl>
+<dt><i>name</i></dt>
+<dd>
+human readable name to test</dd>
+</dl><br />
+</dd>
+</dl>
+</body></html>
git://git.onelab.eu / sfa.git / commitdiff