self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
# validate the credential
- self.api.auth.check(cred, 'createslice')
+ self.api.auth.check(cred, 'createslice', hrn)
manager_base = 'sfa.managers'
if self.api.interface in ['aggregate']:
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
# validate the credential
- self.api.auth.check(cred, 'deleteslice')
+ self.api.auth.check(cred, 'deleteslice', hrn)
# send the call to the right manager
manager_base = 'sfa.managers'
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
# validate the cred
- self.api.logger.info("Checking for %s" % self.api.interface)
- #self.api.logger.info("Credential = %s" % cred)
- self.api.auth.check(cred, 'listnodes')
- self.api.logger.info("Checked out!")
-
+ self.api.auth.check(cred, 'listnodes', hrn)
# send the call to the right manager
manager_base = 'sfa.managers'
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
# validate the cred
- self.api.auth.check(cred, "getticket")
+ self.api.auth.check(cred, "getticket", hrn)
# set the right outgoing rules
manager_base = 'sfa.managers'
def call(self, cred, xrn, origin_hrn=None):
hrn, type = urn_to_hrn(xrn)
- self.api.auth.check(cred, 'resetslice')
+ self.api.auth.check(cred, 'resetslice', hrn)
# send the call to the right manager
manager_base = 'sfa.managers'
if self.api.interface in ['component']:
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
# validate the cred
- self.api.auth.check(cred, 'startslice')
+ self.api.auth.check(cred, 'startslice', hrn)
# send the call to the right manager
manager_base = 'sfa.managers'
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
# validate the cred
- self.api.auth.check(cred, 'stopslice')
+ self.api.auth.check(cred, 'stopslice', hrn)
# send the call to the right manager
manager_base = 'sfa.managers'
self.network = network
self.id = slice['slice_id']
self.name = slice['name']
+ self.peer_id = slice['peer_id']
self.node_ids = set(slice['node_ids'])
self.slice_tag_ids = slice['slice_tag_ids']
if not config:
self.config = Config()
self.load_trusted_certs()
- self.trusted_cert_file_list = TrustedRootList(self.config.get_trustedroots_dir()).get_file_list()
def load_trusted_certs(self):
self.trusted_cert_list = TrustedRootList(self.config.get_trustedroots_dir()).get_list()
+ self.trusted_cert_file_list = TrustedRootList(self.config.get_trustedroots_dir()).get_file_list()
+
- def check(self, cred, operation):
+ def check(self, cred, operation, hrn = None):
"""
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
else:
raise MissingTrustedRoots(self.config.get_trustedroots_dir())
+ # Make sure the credential's target matches the specified hrn.
+ # This check does not apply to trusted peers
+ trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list]
+ if hrn and client_gid.get_hrn() not in trusted_peers:
+ if not hrn == object_gid.get_hrn():
+ raise PermissionError("Target hrn: %s doesn't match specified hrn: %s " % \
+ (object_gid.get_hrn(), hrn) )
return True
def check_ticket(self, ticket):
self.db.do(querystr)
for index in indexes:
self.db.do(index)
-
+
+ sefl.db.commit()
+
def remove(self, record):
query_str = "DELETE FROM %s WHERE record_id = %s" % \
(self.tablename, record['record_id'])
# if this is a site, remove all records where 'authority' == the
# site's hrn
- if record['type'] == 'site':
+ if record['type'] == 'authority':
sql = " DELETE FROM %s WHERE authority = %s" % \
(self.tablename, record['hrn'])
- self.db.do(sql)
+ self.db.do(sql)
+ self.db.commit()
def insert(self, record):
db_fields = self.db_fields(record)