rub off unimportant differences to iron out differences
15 files changed:
- <aggregate addr="192.168.0.252" hrn="senslab" port="12347"/>
+ <aggregate addr="" hrn="" port=""/>
- <registry addr="192.168.0.252" hrn="senslab" port="12345"/>
+ <registry addr="" hrn="" port=""/>
'sfa/generic',
'sfa/managers',
'sfa/importer',
'sfa/generic',
'sfa/managers',
'sfa/importer',
-
-
-
- 'sfa/senslab',
-
-
-
-
-
'sfa/rspecs',
'sfa/rspecs/elements',
'sfa/rspecs/elements/versions',
'sfa/rspecs',
'sfa/rspecs/elements',
'sfa/rspecs/elements/versions',
'sfa/dummy',
'sfa/openstack',
'sfa/federica',
'sfa/dummy',
'sfa/openstack',
'sfa/federica',
'sfatables',
'sfatables/commands',
'sfatables/processors',
'sfatables',
'sfatables/commands',
'sfatables/processors',
rspec.filter({'component_manager_id': server_version['urn']})
rspec = RSpecConverter.to_pg_rspec(rspec.toxml(), content_type='request')
else:
rspec.filter({'component_manager_id': server_version['urn']})
rspec = RSpecConverter.to_pg_rspec(rspec.toxml(), content_type='request')
else:
- print >>sys.stderr, "\r\n \r\n \r\n WOOOOOO"
users = sfa_users_arg(user_records, slice_record)
# do not append users, keys, or slice tags. Anything
users = sfa_users_arg(user_records, slice_record)
# do not append users, keys, or slice tags. Anything
# an attempt to document what a driver class should provide,
# and implement reasonable defaults
#
# an attempt to document what a driver class should provide,
# and implement reasonable defaults
#
class Driver:
def __init__ (self, config):
class Driver:
def __init__ (self, config):
# to perform such a core operation (i.e. getting rights right)
# this is no longer in use when performing other SFA operations
def augment_records_with_testbed_info (self, sfa_records):
# to perform such a core operation (i.e. getting rights right)
# this is no longer in use when performing other SFA operations
def augment_records_with_testbed_info (self, sfa_records):
- print >>sys.stderr, " \r\n \r\n DRIVER.PY augment_records_with_testbed_info sfa_records ",sfa_records
return sfa_records
# incoming record, as provided by the client to the Register API call
return sfa_records
# incoming record, as provided by the client to the Register API call
local_records = dbsession.query(RegRecord).filter(RegRecord.hrn.in_(local_hrns))
if type:
local_records = local_records.filter_by(type=type)
local_records = dbsession.query(RegRecord).filter(RegRecord.hrn.in_(local_hrns))
if type:
local_records = local_records.filter_by(type=type)
- local_records=local_records.all()
+ local_records=local_records.all()
for local_record in local_records:
augment_with_sfa_builtins (local_record)
for local_record in local_records:
augment_with_sfa_builtins (local_record)
record.url=neighbour_dict[hrn].get_url()
return
for record in local_records: solve_neighbour_url (record)
record.url=neighbour_dict[hrn].get_url()
return
for record in local_records: solve_neighbour_url (record)
# convert local record objects to dicts for xmlrpc
# xxx somehow here calling dict(record) issues a weird error
# however record.todict() seems to work fine
# convert local record objects to dicts for xmlrpc
# xxx somehow here calling dict(record) issues a weird error
# however record.todict() seems to work fine
from sfa.util.xrn import urn_to_hrn
from sfa.util.method import Method
from sfa.util.sfatablesRuntime import run_sfatables
from sfa.util.xrn import urn_to_hrn
from sfa.util.method import Method
from sfa.util.sfatablesRuntime import run_sfatables
from sfa.trust.credential import Credential
from sfa.storage.parameter import Parameter, Mixed
from sfa.rspecs.rspec import RSpec
from sfa.trust.credential import Credential
from sfa.storage.parameter import Parameter, Mixed
from sfa.rspecs.rspec import RSpec
hrn, type = urn_to_hrn(slice_xrn)
self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name))
hrn, type = urn_to_hrn(slice_xrn)
self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name))
# Find the valid credentials
valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', hrn)
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
# Find the valid credentials
valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', hrn)
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
from sfa.util.xrn import urn_to_hrn
from sfa.util.method import Method
from sfa.util.sfatablesRuntime import run_sfatables
from sfa.util.xrn import urn_to_hrn
from sfa.util.method import Method
from sfa.util.sfatablesRuntime import run_sfatables
# get slice's hrn from options
xrn = options.get('geni_slice_urn', '')
(hrn, _) = urn_to_hrn(xrn)
# get slice's hrn from options
xrn = options.get('geni_slice_urn', '')
(hrn, _) = urn_to_hrn(xrn)
- print >>sys.stderr, " \r\n \r\n \t Lsitresources.pyeuuuuuu call : hrn %s options %s" %( hrn,options )
# Find the valid credentials
valid_creds = self.api.auth.checkCredentials(creds, 'listnodes', hrn)
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
# Find the valid credentials
valid_creds = self.api.auth.checkCredentials(creds, 'listnodes', hrn)
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
- print >>sys.stderr, " \r\n \r\n \t Lsitresources :origin_hrn %s sansvqalid credss %s " %(origin_hrn, Credential(string=creds[0]).get_gid_caller().get_hrn())
if not origin_hrn:
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
if not origin_hrn:
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
- print >>sys.stderr, " \r\n \r\n \t Lsitresources.py000 call : hrn %s self.api.interface %s origin_hrn %s \r\n \r\n \r\n " %(hrn ,self.api.interface,origin_hrn)
rspec = self.api.manager.ListResources(self.api, creds, options)
# filter rspec through sfatables
rspec = self.api.manager.ListResources(self.api, creds, options)
# filter rspec through sfatables
chain_name = 'OUTGOING'
elif self.api.interface in ['slicemgr']:
chain_name = 'FORWARD-OUTGOING'
chain_name = 'OUTGOING'
elif self.api.interface in ['slicemgr']:
chain_name = 'FORWARD-OUTGOING'
- self.api.logger.debug("ListResources: sfatables on chain %s"%chain_name)
- print >>sys.stderr, " \r\n \r\n \t Listresources.py001 call : chain_name %s hrn %s origine_hrn %s " %(chain_name, hrn, origin_hrn)
+ self.api.logger.debug("ListResources: sfatables on chain %s"%chain_name)
filtered_rspec = run_sfatables(chain_name, hrn, origin_hrn, rspec)
if options.has_key('geni_compressed') and options['geni_compressed'] == True:
filtered_rspec = run_sfatables(chain_name, hrn, origin_hrn, rspec)
if options.has_key('geni_compressed') and options['geni_compressed'] == True:
from types import StringTypes
from collections import defaultdict
from types import StringTypes
from collections import defaultdict
from sfa.util.sfatime import utcparse, datetime_to_epoch
from sfa.util.sfalogging import logger
from sfa.util.sfatime import utcparse, datetime_to_epoch
from sfa.util.sfalogging import logger
# slice belongs to out local plc or a myplc peer. We will assume it
# is a local site, unless we find out otherwise
peer = None
# slice belongs to out local plc or a myplc peer. We will assume it
# is a local site, unless we find out otherwise
peer = None
# get this slice's authority (site)
slice_authority = get_authority(hrn)
# get this site's authority (sfa root authority or sub authority)
site_authority = get_authority(slice_authority).lower()
# get this slice's authority (site)
slice_authority = get_authority(hrn)
# get this site's authority (sfa root authority or sub authority)
site_authority = get_authority(slice_authority).lower()
# check if we are already peered with this site_authority, if so
peers = self.driver.shell.GetPeers({}, ['peer_id', 'peername', 'shortname', 'hrn_root'])
for peer_record in peers:
# check if we are already peered with this site_authority, if so
peers = self.driver.shell.GetPeers({}, ['peer_id', 'peername', 'shortname', 'hrn_root'])
for peer_record in peers:
@staticmethod
def add_leases(xml, leases):
@staticmethod
def add_leases(xml, leases):
network_elems = xml.xpath('//network')
if len(network_elems) > 0:
network_elem = network_elems[0]
network_elems = xml.xpath('//network')
if len(network_elems) > 0:
network_elem = network_elems[0]
peer_gids = []
if not new_hrns:
return
peer_gids = []
if not new_hrns:
return
trusted_certs_dir = api.config.get_trustedroots_dir()
trusted_certs_dir = api.config.get_trustedroots_dir()
- for new_hrn in new_hrns:
+ for new_hrn in new_hrns:
if not new_hrn: continue
# the gid for this interface should already be installed
if new_hrn == api.config.SFA_INTERFACE_HRN: continue
if not new_hrn: continue
# the gid for this interface should already be installed
if new_hrn == api.config.SFA_INTERFACE_HRN: continue
if 'sfa' not in server_version:
logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn)
continue
if 'sfa' not in server_version:
logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn)
continue
trusted_gids = ReturnValue.get_value(interface.get_trusted_certs())
if trusted_gids:
# the gid we want should be the first one in the list,
trusted_gids = ReturnValue.get_value(interface.get_trusted_certs())
if trusted_gids:
# the gid we want should be the first one in the list,
hierarchy = Hierarchy()
auth_info = hierarchy.get_interface_auth_info()
server_key_file = auth_info.get_privkey_filename()
hierarchy = Hierarchy()
auth_info = hierarchy.get_interface_auth_info()
server_key_file = auth_info.get_privkey_filename()
- server_cert_file = auth_info.get_gid_filename()
+ server_cert_file = auth_info.get_gid_filename()
+
# ensure interface cert is present in trusted roots dir
trusted_roots = TrustedRoots(config.get_trustedroots_dir())
trusted_roots.add_gid(GID(filename=server_cert_file))
# ensure interface cert is present in trusted roots dir
trusted_roots = TrustedRoots(config.get_trustedroots_dir())
trusted_roots.add_gid(GID(filename=server_cert_file))
self.client_cred = Credential(string = cred)
self.client_gid = self.client_cred.get_gid_caller()
self.object_gid = self.client_cred.get_gid_object()
self.client_cred = Credential(string = cred)
self.client_gid = self.client_cred.get_gid_caller()
self.object_gid = self.client_cred.get_gid_object()
# make sure the client_gid is not blank
if not self.client_gid:
raise MissingCallerGID(self.client_cred.get_subject())
# make sure the client_gid is not blank
if not self.client_gid:
raise MissingCallerGID(self.client_cred.get_subject())
self.verifyPeerCert(self.peer_cert, self.client_gid)
# make sure the client is allowed to perform the operation
self.verifyPeerCert(self.peer_cert, self.client_gid)
# make sure the client is allowed to perform the operation
if not self.client_cred.can_perform(operation):
raise InsufficientRights(operation)
if self.trusted_cert_list:
self.client_cred.verify(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA)
if not self.client_cred.can_perform(operation):
raise InsufficientRights(operation)
if self.trusted_cert_list:
self.client_cred.verify(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA)
else:
raise MissingTrustedRoots(self.config.get_trustedroots_dir())
else:
raise MissingTrustedRoots(self.config.get_trustedroots_dir())
# This check does not apply to trusted peers
trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list]
if hrn and self.client_gid.get_hrn() not in trusted_peers:
# This check does not apply to trusted peers
trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list]
if hrn and self.client_gid.get_hrn() not in trusted_peers:
target_hrn = self.object_gid.get_hrn()
if not hrn == target_hrn:
raise PermissionError("Target hrn: %s doesn't match specified hrn: %s " % \
target_hrn = self.object_gid.get_hrn()
if not hrn == target_hrn:
raise PermissionError("Target hrn: %s doesn't match specified hrn: %s " % \
return
#if name.startswith(get_authority(name)):
#return
return
#if name.startswith(get_authority(name)):
#return
raise PermissionError(name)
def determine_user_rights(self, caller_hrn, reg_record):
raise PermissionError(name)
def determine_user_rights(self, caller_hrn, reg_record):
warn_logger = _SfaLogger(loggername='warning', level=logging.WARNING)
error_logger = _SfaLogger(loggername='error', level=logging.ERROR)
critical_logger = _SfaLogger(loggername='critical', level=logging.CRITICAL)
warn_logger = _SfaLogger(loggername='warning', level=logging.WARNING)
error_logger = _SfaLogger(loggername='error', level=logging.ERROR)
critical_logger = _SfaLogger(loggername='critical', level=logging.CRITICAL)
-
-#sql_logger = _SfaLogger(loggername = 'sqlalchemy.engine', level=logging.DEBUG)
-
logger = info_logger
sfi_logger = _SfaLogger(logfile=os.path.expanduser("~/.sfi/")+'sfi.log',loggername='sfilog', level=logging.DEBUG)
########################################
logger = info_logger
sfi_logger = _SfaLogger(logfile=os.path.expanduser("~/.sfi/")+'sfi.log',loggername='sfilog', level=logging.DEBUG)
########################################
# sfa should not depend on sfatables
# if the sfatables.runtime import fails, just define run_sfatables as identity
# sfa should not depend on sfatables
# if the sfatables.runtime import fails, just define run_sfatables as identity
try:
from sfatables.runtime import SFATablesRules
try:
from sfatables.runtime import SFATablesRules
"""
if not context_callback:
context_callback = fetch_context
"""
if not context_callback:
context_callback = fetch_context
chain = chain.upper()
rules = SFATablesRules(chain)
if rules.sorted_rule_list:
chain = chain.upper()
rules = SFATablesRules(chain)
if rules.sorted_rule_list:
-# just checking write access on repo
import sys
import unittest
import sys
import unittest
git://git.onelab.eu / sfa.git / commitdiff