From: Scott Baker Date: Fri, 3 Oct 2008 00:53:28 +0000 (+0000) Subject: updated documentation X-Git-Tag: sfa-0.9-0@14641~833 X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=7723a3ad29690212b271cb53f88b78e2469e671d updated documentation --- diff --git a/docs/Makefile b/docs/Makefile index f67bcd95..8151ea11 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -1,2 +1,8 @@ doc: - pythondoc.py ../util/cert.py ../util/credential.py ../util/gid.py ../util/rights.py ../util/config.py + pythondoc.py ../util/cert.py ../util/credential.py ../util/gid.py \ + ../util/rights.py ../util/config.py ../util/hierarchy.py \ + ../util/record.py ../util/geniclient.py \ + ../util/geniserver.py + + pythondoc.py ../registry/registry.py ../registry/import.py \ + ../registry/nuke.py diff --git a/docs/pythondoc-credential.html b/docs/pythondoc-credential.html index 4db30397..7c88af35 100644 --- a/docs/pythondoc-credential.html +++ b/docs/pythondoc-credential.html @@ -151,7 +151,9 @@ either a comma-separated list of privileges of a RightList object

Verify that a chain of credentials is valid (see cert.py:verify). In addition to the checks for ordinary certificates, verification also ensures that the delegate bit was set by each parent in the chain. If -a delegate bit was not set, then an exception is thrown.

+a delegate bit was not set, then an exception is thrown. + +Each credential must be a subset of the rights of the parent.

diff --git a/docs/pythondoc-geniclient.html b/docs/pythondoc-geniclient.html new file mode 100644 index 00000000..6620407d --- /dev/null +++ b/docs/pythondoc-geniclient.html @@ -0,0 +1,322 @@ + + + + +The geniclient Module + + +

The geniclient Module

This module implements the client-side of the Geni API. Stubs are provided +that convert the supplied parameters to the necessary format and send them +via XMLRPC to a Geni Server. + +TODO: Investigate ways to combine this with existing PLC API?

GeniClient(url, key_file, cert_file) (class) [#]

The GeniClient class provides stubs for executing Geni operations.

For more information about this class, see The GeniClient Class.

GeniTransport (class) [#]

For more information about this class, see The GeniTransport Class.

ServerException (class) [#]

ServerException, ExceptionUnmarshaller + +Used to convert server exception strings back to an exception.

For more information about this class, see The ServerException Class.

The GeniClient Class

GeniClient(url, key_file, cert_file) (class) [#]

The GeniClient class provides stubs for executing Geni operations. A given +client object connects to one server. To connect to multiple servers, create +multiple GeniClient objects. + +The Geni protocol uses an HTTPS connection, and the client's side of the +connection uses his private key. Generally, this private key must match the +public key that is containing in the GID that the client is providing for +those functions that take a GID.

create_gid(cred, name, uuid, pkey_string) [#]

Create a new GID. For MAs and SAs that are physically located on the +registry, this allows a owner/operator/PI to create a new GID and have it +signed by his respective authority.

cred: +credential of caller
name: +hrn for new GID
uuid: +unique identifier for new GID
pkey_string: +public-key string (TODO: why is this a string and not a keypair object?)
Returns:: +a GID object

delete_slice(cred) [#]

Delete a slice.

cred: +a credential identifying the caller (callerGID) and the slice + (objectGID)

get_credential(cred, type, name) [#]

Retrieve a credential for an object. + +If cred==None, then the behavior reverts to get_self_credential()

cred: +credential object specifying rights of the caller
type: +type of object (user | slice | sa | ma | node)
name: +human readable name of object
Returns:: +a credental object

get_gid(name) [#]

Retrieve the GID for an object. This function looks up a record in the +registry and returns the GID of the record if it exists. +TODO: Is this function needed? It's a shortcut for Resolve()

name: +hrn to look up
Returns:: +a GID object

get_self_credential(type, name) [#]

Get_self_credential a degenerate version of get_credential used by a +client to get his initial credential when he doesn't have one. This is +the same as get_credential(..., cred=None,...). + +The registry ensures that the client is the principal that is named by +(type, name) by comparing the public key in the record's GID to the +private key used to encrypt the client-side of the HTTPS connection. Thus +it is impossible for one principal to retrieve another principal's +credential without having the appropriate private key.

type: +type of object (user | slice | sa | ma | node
name: +human readable name of object
Returns:: +a credential object

get_ticket(cred, name, rspec) [#]

Retrieve a ticket. This operation is currently implemented on the +registry (see SFA, engineering decisions), and is not implemented on +components. + +The ticket is filled in with information from the PLC database. This +information includes resources, and attributes such as user keys and +initscripts.

cred: +credential object
name: +name of the slice to retrieve a ticket for
rspec: +resource specification dictionary
Returns:: +a ticket object

list(cred) [#]

List the records in an authority. The objectGID in the supplied credential +should name the authority that will be listed.

cred: +credential object specifying rights of the caller
Returns:: +list of record objects

list_slices(cred) [#]

List the slices on a component.

cred: +credential object that authorizes the caller
Returns:: +a list of slice names

redeem_ticket(ticket) [#]

Redeem a ticket. This operation is currently implemented on the +component. + +The ticket is submitted to the node manager, and the slice is instantiated +or updated as appropriate. + +TODO: This operation should return a sliver credential and indicate +whether or not the component will accept only sliver credentials, or +will accept both sliver and slice credentials.

ticket: +a ticket object containing the ticket

register(cred, record) [#]

Register an object with the registry. In addition to being stored in the +Geni database, the appropriate records will also be created in the +PLC databases. + +The geni_info and/or pl_info fields must in the record must be filled +out correctly depending on the type of record that is being registered. + +TODO: The geni_info member of the record should be parsed and the pl_info +adjusted as necessary (add/remove users from a slice, etc)

cred: +credential object specifying rights of the caller
Returns:: +record to register

remove(cred, record) [#]

Remove an object from the registry. If the object represents a PLC object, +then the PLC records will also be removed.

cred: +credential object specifying rights of the caller
record: +record to register. The only relevant + fields of the record are 'name' and 'type', which are used to lookup + the current copy of the record in the Geni database, to make sure + that the appopriate record is removed.

reset_slice(cred) [#]

Reset a slice.

cred: +a credential identifying the caller (callerGID) and the slice + (objectGID)

resolve(cred, name) [#]

Resolve an object in the registry. A given HRN may have multiple records +associated with it, and therefore multiple records may be returned. The +caller should check the type fields of the records to find the one that +he is interested in.

cred: +credential object specifying rights of the caller
name: +human readable name of object

start_slice(cred) [#]

Start a slice.

cred: +a credential identifying the caller (callerGID) and the slice + (objectGID)

stop_slice(cred) [#]

Stop a slice.

cred: +a credential identifying the caller (callerGID) and the slice + (objectGID)

update(cred, record) [#]

Update an object in the registry. Currently, this only updates the +PLC information associated with the record. The Geni fields (name, type, +GID) are fixed. + +The record is expected to have the pl_info field filled in with the data +that should be updated. + +TODO: The geni_info member of the record should be parsed and the pl_info +adjusted as necessary (add/remove users from a slice, etc)

cred: +credential object specifying rights of the caller
record: +a record object to be updated

The GeniTransport Class

GeniTransport (class) [#]: +
GeniTransport + +A transport for XMLRPC that works on top of HTTPS
+

The ServerException Class

ServerException (class) [#]: +
ServerException, ExceptionUnmarshaller + +Used to convert server exception strings back to an exception. + from usenet, Raghuram Devarakonda
+

+ diff --git a/docs/pythondoc-geniserver.html b/docs/pythondoc-geniserver.html new file mode 100644 index 00000000..9aa0996c --- /dev/null +++ b/docs/pythondoc-geniserver.html @@ -0,0 +1,83 @@ + + + + +The geniserver Module + + +

The geniserver Module

This module implements a general-purpose server layer for geni. +The same basic server should be usable on the registry, component, or +other interfaces. + +TODO: investigate ways to combine this with existing PLC server?

GeniServer(ip, port, key_file, cert_file) (class) [#]

Implements an HTTPS XML-RPC server.

For more information about this class, see The GeniServer Class.

SecureXMLRpcRequestHandler (class) [#]

taken from the web (XXX find reference).

For more information about this class, see The SecureXMLRpcRequestHandler Class.

SecureXMLRPCServer(server_address, HandlerClass, key_file, cert_file, logRequests=True) (class) [#]

Taken from the web (XXX find reference).

For more information about this class, see The SecureXMLRPCServer Class.

verify_callback(conn, x509, err, depth, preverify) [#]

Verification callback for pyOpenSSL. We do our own checking of keys because +we have our own authentication spec. Thus we disable several of the normal +prohibitions that OpenSSL places on certificates

The GeniServer Class

GeniServer(ip, port, key_file, cert_file) (class) [#]: +
Implements an HTTPS XML-RPC server. Generally it is expected that GENI +functions will take a credential string, which is passed to +decode_authentication. Decode_authentication() will verify the validity of +the credential, and verify that the user is using the key that matches the +GID supplied in the credential.
+
decode_authentication(cred_string, operation) [#]: +
Decode the credential string that was submitted by the caller. Several +checks are performed to ensure that the credential is valid, and that the +callerGID included in the credential matches the caller that is +connected to the HTTPS connection.
+
noop(cred, anything) [#]: +
Sample no-op server function. The no-op function decodes the credential +that was passed to it.
+
register_functions() [#]: +
Register functions that will be served by the XMLRPC server. This +function should be overrided by each descendant class.
+
run() [#]: +
Execute the server, serving requests forever.
+

The SecureXMLRpcRequestHandler Class

SecureXMLRpcRequestHandler (class) [#]: +
taken from the web (XXX find reference). Implents HTTPS xmlrpc request handler
+

The SecureXMLRPCServer Class

SecureXMLRPCServer(server_address, HandlerClass, key_file, cert_file, logRequests=True) (class) [#]: +
Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server
+

+ diff --git a/docs/pythondoc-hierarchy.html b/docs/pythondoc-hierarchy.html new file mode 100644 index 00000000..ec7ee800 --- /dev/null +++ b/docs/pythondoc-hierarchy.html @@ -0,0 +1,209 @@ + + + + +The hierarchy Module + + +

The hierarchy Module

This module implements a hierarchy of authorities and performs a similar +function as the "tree" module of the original geniwrapper prototype. An HRN +is assumed to be a string of authorities separated by dots. For example, +"planetlab.us.arizona.bakers". Each component of the HRN is a different +authority, with the last component being a leaf in the tree. + +Each authority is stored in a subdirectory on the registry. Inside this +subdirectory are several files: + *.GID - GID file + *.PKEY - private key file + *.DBINFO - database info

AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename) (class) [#]

The AuthInfo class contains the information for an authority.

For more information about this class, see The AuthInfo Class.

Hierarchy(basedir=".") (class) [#]

The Hierarchy class is responsible for managing the tree of authorities.

For more information about this class, see The Hierarchy Class.

The AuthInfo Class

AuthInfo(hrn, gid_filename, privkey_filename, dbinfo_filename) (class) [#]

The AuthInfo class contains the information for an authority. This information +includes the GID, private key, and database connection information.

__init__(hrn, gid_filename, privkey_filename, dbinfo_filename) [#]

Initialize and authority object.

hrn: +the human readable name of the authority
gid_filename: +the filename containing the GID
privkey_filename: +the filename containing the private key
dbinfo_filename: +the filename containing the database info

get_dbinfo() [#]

Get the dbinfo in the form of a dictionary

get_gid_object() [#]

Get the GID in the form of a GID object

get_pkey_object() [#]

Get the private key in the form of a Keypair object

set_gid_filename(fn) [#]

Set the filename of the GID

fn: +filename of file containing GID

update_gid_object(gid) [#]

Replace the GID with a new one. The file specified by gid_filename is +overwritten with the new GID object

gid: +object containing new GID

The Hierarchy Class

Hierarchy(basedir=".") (class) [#]

The Hierarchy class is responsible for managing the tree of authorities. +Each authority is a node in the tree and exists as an AuthInfo object. + +The tree is stored on disk in a hierarchical manner than reflects the +structure of the tree. Each authority is a subdirectory, and each subdirectory +contains the GID, pkey, and dbinfo files for that authority (as well as +subdirectories for each sub-authority)

auth_exists(hrn) [#]

Check to see if an authority exists. An authority exists if it's disk +files exist.

the: +human readable name of the authority to check

create_auth(hrn, create_parents=False) [#]

Create an authority. A private key for the authority and the associated +GID are created and signed by the parent authority.

hrn: +the human readable name of the authority to create
create_parents: +if true, also create the parents if they do not exist

create_gid(hrn, uuid, pkey) [#]

Create a new GID. The GID will be signed by the authority that is it's +immediate parent in the hierarchy (and recursively, the parents' GID +will be signed by its parent)

hrn: +the human readable name to store in the GID
uuid: +the unique identifier to store in the GID
pkey: +the public key to store in the GID

get_auth_cred(hrn) [#]

Retrieve an authority credential for an authority. The authority +credential will contain the authority privilege and will be signed by +the authority's parent.

hrn: +the human readable name of the authority

get_auth_filenames(hrn) [#]

Given a hrn, return the filenames of the GID, private key, and dbinfo +files.

hrn: +the human readable name of the authority

get_auth_info(hrn) [#]

Return the AuthInfo object for the specified authority. If the authority +does not exist, then an exception is thrown. As a side effect, disk files +and a subdirectory may be created to store the authority.

hrn: +the human readable name of the authority to create.

get_auth_ticket(hrn) [#]

Retrieve an authority ticket. An authority ticket is not actually a +redeemable ticket, but only serves the purpose of being included as the +parent of another ticket, in order to provide a chain of authentication +for a ticket. + +This looks almost the same as get_auth_cred, but works for tickets +XXX does similarity imply there should be more code re-use?

hrn: +the human readable name of the authority

refresh_gid(gid, hrn=None, uuid=None, pubkey=None) [#]

Refresh a GID. The primary use of this function is to refresh the +the expiration time of the GID. It may also be used to change the HRN, +UUID, or Public key of the GID.

gid: +the GID to refresh
hrn: +if !=None, change the hrn
uuid: +if !=None, change the uuid
pubkey: +if !=None, change the public key

+ diff --git a/docs/pythondoc-import.html b/docs/pythondoc-import.html new file mode 100644 index 00000000..0c66c158 --- /dev/null +++ b/docs/pythondoc-import.html @@ -0,0 +1,26 @@ + + + + +The import Module + + +

The import Module

Import PLC records into the Geni database. It is indended that this tool be +run once to create Geni records that reflect the current state of the +planetlab database. + +The import tool assumes that the existing PLC hierarchy should all be part +of "planetlab.us" (see the root_auth and level1_auth variables below). + +Public keys are extracted from the users' SSH keys automatically and used to +create GIDs. This is relatively experimental as a custom tool had to be +written to perform conversion from SSH to OpenSSL format. It only supports +RSA keys at this time, not DSA keys.

root_auth (variable) [#]: +
Two authorities are specified: the root authority and the level1 authority.
+

+ diff --git a/docs/pythondoc-record.html b/docs/pythondoc-record.html new file mode 100644 index 00000000..97b5d276 --- /dev/null +++ b/docs/pythondoc-record.html @@ -0,0 +1,169 @@ + + + + +The record Module + + +

The record Module

Implements support for geni records + +TODO: Use existing PLC database methods? or keep this separate?

GeniRecord(name=None, gid=None, type=None, pointer=None, dict=None) (class) [#]

The GeniRecord class implements a Geni Record.

For more information about this class, see The GeniRecord Class.

The GeniRecord Class

GeniRecord(name=None, gid=None, type=None, pointer=None, dict=None) (class) [#]

The GeniRecord class implements a Geni Record. A GeniRecord is a tuple +(Name, GID, Type, Info). + +Name specifies the HRN of the object +GID is the GID of the object +Type is user | sa | ma | slice | component + +Info is comprised of the following sub-fields + pointer = a pointer to the record in the PL database + pl_info = planetlab-specific info (when talking to client) + geni_info = geni-specific info (when talking to client) + +The pointer is interpreted depending on the type of the record. For example, +if the type=="user", then pointer is assumed to be a person_id that indexes +into the persons table. + +A given HRN may have more than one record, provided that the records are +of different types. For example, planetlab.us.arizona may have both an SA +and a MA record, but cannot have two SA records.

as_dict() [#]

Return the record in the form of a dictionary

dump(dump_parents=False) [#]

Dump the record to stdout

dump_parents: +if true, then the parents of the GID will be dumped

get_field_names() [#]

Returns a list of field names in this record. pl_info, geni_info are not +included because they are not part of the record that is stored in the +database, but are rather computed values from other entities

get_field_value_string(fieldname) [#]

Given a field name ("name", "gid", ...) return the value of that field.

name: +is the name of field to be returned

get_field_value_strings(fieldnames) [#]

Given a list of field names, return a list of values for those fields.

fieldnames: +is a list of field names

get_geni_info() [#]

Return the geni_info of the record, or an empty dictionary if none exists

get_gid_object() [#]

Return the GID of the record, in the form of a GID object +TODO: not the best name for the function, because we have things called +gidObjects in the Cred

get_key() [#]

Return a key that uniquely identifies this record among all records in +Geni. This key is used to uniquely identify the record in the Geni +database.

get_name() [#]

Return the name (HRN) of the record

get_pl_info() [#]

Return the pl_info of the record, or an empty dictionary if none exists

get_pointer() [#]

Return the pointer of the record. The pointer is an integer that may be +used to look up the record in the PLC database. The evaluation of pointer +depends on the type of the record

get_type() [#]

Return the type of the record

set_geni_info(geni_info) [#]

Set the geni info the record

geni_info: +is a dictionary containing geni info

set_gid(gid) [#]

Set the GID of the record

gid: +is a GID object or the string representation of a GID object

set_name(name) [#]

Set the name of the record

name: +is a string containing the HRN

set_pl_info(pl_info) [#]

Set the PLC info of the record

pl_info: +is a dictionary containing planetlab info

set_pointer(pointer) [#]

Set the pointer of the record

pointer: +is an integer containing the ID of a PLC record

set_type(type) [#]

Set the type of the record

type: +is a string: user | sa | ma | slice | component

+ diff --git a/docs/pythondoc-registry.html b/docs/pythondoc-registry.html new file mode 100644 index 00000000..ba1891e4 --- /dev/null +++ b/docs/pythondoc-registry.html @@ -0,0 +1,433 @@ + + + + +The registry Module + + +

The registry Module

Geni Registry Wrapper + +This wrapper implements the Geni Registry. + +There are several items that need to be done before starting the registry. + +1) Update util/config.py to match the parameters of your PLC installation. + +2) Import the existing planetlab database, creating the +appropriate geni records. This is done by running the "import.py" tool. + +3) Create a "trusted_roots" directory and place the certificate of the root +authority in that directory. Given the defaults in import.py, this certificate +would be named "planetlab.gid". For example, + + mkdir trusted_roots; cp authorities/planetlab.gid trusted_roots/

geni_fields_to_pl_fields(type, hrn, geni_fields, pl_fields) [#]

Convert geni fields to PLC fields for use when registering up updating +registry record in the PLC database

type: +type of record (user, slice, ...)
hrn: +human readable name
geni_fields: +dictionary of geni fields
pl_fields: +dictionary of PLC fields (output)

Registry(ip, port, key_file, cert_file) (class) [#]

Registry is a GeniServer that serves registry requests.

For more information about this class, see The Registry Class.

The Registry Class

Registry(ip, port, key_file, cert_file) (class) [#]

Registry is a GeniServer that serves registry requests. It also serves +component and slice operations that are implemented on the registry +due to SFA engineering decisions

connect_local_shell() [#]

Connect to a local shell via local API functions

connect_remote_shell() [#]

Connect to a remote shell via XMLRPC

create_gid(cred, name, uuid, pubkey_str) [#]

GENI_API: Create_gid + +Create a new GID. For MAs and SAs that are physically located on the +registry, this allows a owner/operator/PI to create a new GID and have it +signed by his respective authority.

cred: +credential of caller
name: +hrn for new GID
uuid: +unique identifier for new GID
pkey_string: +public-key string (TODO: why is this a string and not a keypair object?)
Returns:: +the string representation of a GID object

determine_rights(type, name) [#]

Determine tje rights that an object should have. The rights are entirely +dependent on the type of the object. For example, users automatically +get "refresh", "resolve", and "info".

type: +the type of the object (user | sa | ma | slice | node)
name: +human readable name of the object (not used at this time)
Returns:: +RightList object containing rights

fill_record_geni_info(record) [#]

Fill in the geni-specific fields of the record. + +Note: It is assumed the fill_record_pl_info() has already been performed +on the record.

fill_record_info(record) [#]

Given a Geni record, fill in the PLC-specific and Geni-specific fields +in the record.

fill_record_pl_info(record) [#]

Fill in the planetlab-specific fields of a Geni record. This involves +calling the appropriate PLC methods to retrieve the database record for +the object. + +PLC data is filled into the pl_info field of the record.

record: +record to fill in fields (in/out param)

get_auth_info(auth_hrn) [#]

Given an authority name, return the information for that authority. This +is basically a stub that calls the hierarchy module.

auth_hrn: +human readable name of authority

get_auth_table(auth_name) [#]

Given an authority name, return the database table for that authority. If +the database table does not exist, then one will be automatically +created.

auth_name: +human readable name of authority

get_credential(cred, type, name) [#]

GENI API: Get_credential + +Retrieve a credential for an object. + +If cred==None, then the behavior reverts to get_self_credential()

cred: +credential object specifying rights of the caller
type: +type of object (user | slice | sa | ma | node)
name: +human readable name of object
Returns:: +the string representation of a credental object

get_gid(name) [#]

GENI API: get_gid + +Retrieve the GID for an object. This function looks up a record in the +registry and returns the GID of the record if it exists. +TODO: Is this function needed? It's a shortcut for Resolve()

name: +hrn to look up
Returns:: +the string representation of a GID object

get_self_credential(type, name) [#]

GENI API: Get_self_credential + +Get_self_credential a degenerate version of get_credential used by a +client to get his initial credential when he doesn't have one. This is +the same as get_credential(..., cred=None,...). + +The registry ensures that the client is the principal that is named by +(type, name) by comparing the public key in the record's GID to the +private key used to encrypt the client-side of the HTTPS connection. Thus +it is impossible for one principal to retrieve another principal's +credential without having the appropriate private key.

type: +type of object (user | slice | sa | ma | node
name: +human readable name of object
Returns:: +the string representation of a credential object

get_ticket(cred, name, rspec) [#]

GENI API: get_ticket + +Retrieve a ticket. This operation is currently implemented on the +registry (see SFA, engineering decisions), and is not implemented on +components. + +The ticket is filled in with information from the PLC database. This +information includes resources, and attributes such as user keys and +initscripts.

cred: +credential string
name: +name of the slice to retrieve a ticket for
rspec: +resource specification dictionary
Returns:: +the string representation of a ticket object

list(cred) [#]

List the records in an authority. The objectGID in the supplied credential +should name the authority that will be listed. + +TODO: List doesn't take an hrn and uses the hrn contained in the + objectGid of the credential. Does this mean the only way to list an + authority is by having a credential for that authority?

cred: +credential string specifying rights of the caller
Returns:: +list of record dictionaries

lookup_users(auth_table, user_id_list, role="*") [#]

Look up user records given PLC user-ids. This is used as part of the +process for reverse-mapping PLC records into Geni records.

auth_table: +database table for the authority that holds the user records
user_id_list: +list of user ids
role: +either "*" or a string describing the role to look for ("pi", "user", ...) + +TODO: This function currently only searches one authority because it would +be inefficient to brute-force search all authorities for a user id. The +solution would likely be to implement a reverse mapping of user-id to +(type, hrn) pairs.

record_to_slice_info(record) [#]

Convert a PLC record into the slice information that will be stored in +a ticket. There are two parts to this information: attributes and +rspec. + +Attributes are non-resource items, such as keys and the initscript +Rspec is a set of resource specifications

record: +a record object
Returns:: +a tuple (attrs, rspec) of dictionaries

register(cred, record_dict) [#]

GENI API: register + +Register an object with the registry. In addition to being stored in the +Geni database, the appropriate records will also be created in the +PLC databases

cred: +credential string
record_dict: +dictionary containing record fields

register_functions() [#]

remove(cred, record_dict) [#]

GENI API: remove + +Remove an object from the registry. If the object represents a PLC object, +then the PLC records will also be removed.

cred: +credential string
record_dict: +dictionary containing record fields. The only relevant + fields of the record are 'name' and 'type', which are used to lookup + the current copy of the record in the Geni database, to make sure + that the appopriate record is removed.

resolve(cred, name) [#]

GENI API: Resolve + +This is a wrapper around resolve_raw that converts records objects into +dictionaries before returning them to the user.

cred: +credential string authorizing the caller
name: +human readable name to resolve
Returns:: +a list of record dictionaries, or an empty list

resolve_raw(type, name, must_exist=True) [#]

Resolve a record. This is an internal version of the Resolve API call +and returns records in record object format rather than dictionaries +that may be sent over XMLRPC.

type: +type of record to resolve (user | sa | ma | slice | node)
name: +human readable name of object
must_exist: +if True, throw an exception if no records are found
Returns:: +a list of record objects, or an empty list []

update(cred, record_dict) [#]

GENI API: Register + +Update an object in the registry. Currently, this only updates the +PLC information associated with the record. The Geni fields (name, type, +GID) are fixed. + +The record is expected to have the pl_info field filled in with the data +that should be updated. + +TODO: The geni_info member of the record should be parsed and the pl_info +adjusted as necessary (add/remove users from a slice, etc)

cred: +credential string specifying rights of the caller
record: +a record dictionary to be updated

verify_auth_belongs_to_me(name) [#]

Verify that an authority belongs to this registry. This is basically left +up to the implementation of the hierarchy module. If the specified name +does not belong to this registry, an exception is thrown indicating the +caller should contact someone else.

auth_name: +human readable name of authority

verify_object_belongs_to_me(name) [#]

Verify that an object belongs to this registry. By extension, this implies +that the authority that owns the object belongs to this registry. If the +object does not belong to this registry, then an exception is thrown.

name: +human readable name of object

verify_object_permission(name) [#]

Verify that the object_gid that was specified in the credential allows +permission to the object 'name'. This is done by a simple prefix test. +For example, an object_gid for planetlab.us.arizona would match the +objects planetlab.us.arizona.slice1 and planetlab.us.arizona.

name: +human readable name to test