from sfa.util.debug import log
from sfa.trust.credential import Credential
-class get_credential(Method):
+class GetCredential(Method):
"""
Retrive a credential for an object
If cred == Nonee then the behavior reverts to get_self_credential
- @param cred credential object specifying rights of the caller
- @param type type of object (user | slice | sa | ma | node)
@param hrn human readable name of object (hrn or urn)
+ @param cred credential object specifying rights of the caller
+ @param type type of object (user | slice | node | authority )
@return the string representation of a credential object
"""
interfaces = ['registry']
accepts = [
- Mixed(Parameter(str, "credential"),
- Parameter(None, "No credential")),
- Parameter(str, "Human readable name (hrn or urn)")
+ Mixed(Parameter(str, "Credential string"),
+ Parameter(type([str]), "List of credentials")),
+ Parameter(str, "Human readable name (hrn or urn)"),
+ Parameter(str, "Object type")
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cred, type, xrn, origin_hrn=None):
+ def call(self, creds, xrn, type):
+
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
+ # check creds
+ valid_creds = self.api.auth.checkCredentials(creds, 'getcredential', hrn)
+ self.api.auth.verify_object_belongs_to_me(hrn)
+
#log the call
- if not origin_hrn:
- origin_hrn = Credential(string=cred).get_gid_caller().get_hrn()
+ origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
- self.api.auth.check(cred, 'getcredential')
- self.api.auth.verify_object_belongs_to_me(hrn)
- # send the call to the right manager
- manager_base = 'sfa.managers'
- mgr_type = self.api.config.SFA_REGISTRY_TYPE
- manager_module = manager_base + ".registry_manager_%s" % mgr_type
- manager = __import__(manager_module, fromlist=[manager_base])
+ manager = self.api.get_interface_manager()
+
return manager.get_credential(self.api, xrn, type)
+
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
from sfa.util.debug import log
+from sfa.trust.certificate import Certificate
-class get_self_credential(Method):
+class GetSelfCredential(Method):
"""
Retrive a credential for an object
@param cert certificate string
accepts = [
Parameter(str, "certificate"),
Parameter(str, "Human readable name (hrn or urn)"),
- Mixed(Parameter(str, "Request hash"),
- Parameter(None, "Request hash not specified"))
+ Parameter(str, "Object type"),
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cert, type, xrn, origin_hrn=None):
+ def call(self, cert, xrn, type):
"""
get_self_credential a degenerate version of get_credential used by a client
to get his initial credential when de doesnt have one. This is the same as
hrn, type = urn_to_hrn(xrn)
self.api.auth.verify_object_belongs_to_me(hrn)
- #log the call
- if not origin_hrn:
- origin_hrn = hrn
- self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+ origin_hrn = Certificate(string=cert).get_subject()
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
- # send the call to the right manager
- manager_base = 'sfa.managers'
- mgr_type = self.api.config.SFA_REGISTRY_TYPE
- manager_module = manager_base + ".registry_manager_%s" % mgr_type
- manager = __import__(manager_module, fromlist=[manager_base])
-
+ manager = self.api.get_interface_manager()
+
# authenticate the gid
records = manager.resolve(self.api, xrn, type)
if not records:
from sfa.util.namespace import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
-from sfa.util.debug import log
-from sfa.trust.credential import Credential
+from sfa.methods.GetCredential import GetCredential
-class get_credential(Method):
+class get_credential(GetCredential):
"""
+ Deprecated. Use GetCredential instead.
+
Retrive a credential for an object
If cred == Nonee then the behavior reverts to get_self_credential
returns = Parameter(str, "String representation of a credential object")
def call(self, cred, type, xrn, origin_hrn=None):
- if type:
- hrn = urn_to_hrn(xrn)[0]
- else:
- hrn, type = urn_to_hrn(xrn)
-
- #log the call
- if not origin_hrn:
- origin_hrn = Credential(string=cred).get_gid_caller().get_hrn()
- self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
- self.api.auth.check(cred, 'getcredential')
- self.api.auth.verify_object_belongs_to_me(hrn)
-
- # send the call to the right manager
- manager_base = 'sfa.managers'
- mgr_type = self.api.config.SFA_REGISTRY_TYPE
- manager_module = manager_base + ".registry_manager_%s" % mgr_type
- manager = __import__(manager_module, fromlist=[manager_base])
- return manager.get_credential(self.api, xrn, type)
+ return GetCredential.call(self, cred, xrn, type)
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import SfaRecord
from sfa.util.debug import log
+from sfa.methods.GetSelfCredential import GetSelfCredential
-class get_self_credential(Method):
+class get_self_credential(GetSelfCredential):
"""
+ Deprecated. Use GetSelfCredential instead.
+
Retrive a credential for an object
@param cert certificate string
@param type type of object (user | slice | sa | ma | node)
interfaces = ['registry']
accepts = [
- Parameter(str, "certificate"),
Parameter(str, "Human readable name (hrn or urn)"),
+ Parameter(str, "certificate"),
Mixed(Parameter(str, "Request hash"),
Parameter(None, "Request hash not specified"))
]
@param hrn human readable name of authority to list
@return string representation of a credential object
"""
- if type:
- hrn = urn_to_hrn(xrn)[0]
- else:
- hrn, type = urn_to_hrn(xrn)
- self.api.auth.verify_object_belongs_to_me(hrn)
-
- #log the call
- if not origin_hrn:
- origin_hrn = hrn
- self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
-
- # send the call to the right manager
- manager_base = 'sfa.managers'
- mgr_type = self.api.config.SFA_REGISTRY_TYPE
- manager_module = manager_base + ".registry_manager_%s" % mgr_type
- manager = __import__(manager_module, fromlist=[manager_base])
-
- # authenticate the gid
- records = manager.resolve(self.api, xrn, type)
- if not records:
- raise RecordNotFound(hrn)
- record = SfaRecord(dict=records[0])
- gid = record.get_gid_object()
- gid_str = gid.save_to_string(save_parents=True)
- self.api.auth.authenticateGid(gid_str, [cert, type, hrn])
- # authenticate the certificate against the gid in the db
- certificate = Certificate(string=cert)
- if not certificate.is_pubkey(gid.get_pubkey()):
- raise ConnectionKeyGIDMismatch(gid.get_subject())
-
- return manager.get_credential(self.api, xrn, type, is_self=True)
+ return GetSelfCredential.call(self, cert, xrn, type)
git://git.onelab.eu / sfa.git / commitdiff