From: Andy Bavier Date: Tue, 9 Feb 2010 20:43:17 +0000 (+0000) Subject: Add role_id check when changing slice tags X-Git-Tag: sfa-0.9-11~121 X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=8e398cda1058b7cf789b533ffad44cf22bc166f5 Add role_id check when changing slice tags --- diff --git a/sfa/managers/vini/vini_network.py b/sfa/managers/vini/vini_network.py index 3a2d54a5..e7a89458 100644 --- a/sfa/managers/vini/vini_network.py +++ b/sfa/managers/vini/vini_network.py @@ -161,13 +161,13 @@ class ViniSlice(Slice): except: # Should handle this case... raise Error("ran out of EGRE keys!") - tag = self.update_tag('egre_key', key) + tag = self.update_tag('egre_key', key, None, 10) return def turn_on_netns(self): tag = self.get_tag('netns') if (not tag) or (tag.value != '1'): - tag = self.update_tag('netns', '1') + tag = self.update_tag('netns', '1', None, 10) return def turn_off_netns(self): @@ -186,9 +186,9 @@ class ViniSlice(Slice): break else: newcaps = "CAP_NET_ADMIN," + tag.value - self.update_tag('capabilities', newcaps) + self.update_tag('capabilities', newcaps, None, 10) else: - tag = self.add_tag('capabilities', 'CAP_NET_ADMIN') + tag = self.add_tag('capabilities', 'CAP_NET_ADMIN', None, 10) return def remove_cap_net_admin(self): @@ -201,7 +201,7 @@ class ViniSlice(Slice): newcaps.append(cap) if newcaps: value = ','.join(newcaps) - self.update_tag('capabilities', value) + self.update_tag('capabilities', value, None, 10) else: tag.delete() return @@ -383,7 +383,7 @@ class ViniNetwork(Network): linkdesc.append(node.get_topo_rspec(link)) if linkdesc: topo_str = "%s" % linkdesc - tag = slice.update_tag('topo_rspec', topo_str, node) + tag = slice.update_tag('topo_rspec', topo_str, node, 10) # Update or expire the topo_rspec tags for tag in self.getSliceTags(): diff --git a/sfa/plc/network.py b/sfa/plc/network.py index d5ef4069..a8d2db95 100644 --- a/sfa/plc/network.py +++ b/sfa/plc/network.py @@ -147,16 +147,15 @@ class Slice: if id in self.network.nodes: n.append(self.network.nodes[id]) return n - + # Add a new slice tag - def add_tag(self, tagname, value, node = None, category = 'slice/rspec'): - record = {'slice_tag_id':None, 'slice_id':self.id, 'tagname':tagname, 'value':value, - 'category':category} - if node: - record['node_id'] = node.id - else: - record['node_id'] = None - tag = Slicetag(record) + def add_tag(self, tagname, value, node = None, role_id = 40): + tt = self.network.lookupTagType(tagname) + if role_id > tt.min_role_id: + raise InvalidRSpec("permission denied to add '%s' tag" % tagname) + + tag = Slicetag() + tag.initialize(tagname, value, node, self.network) self.network.tags[tag.id] = tag self.slice_tag_ids.append(tag.id) tag.changed = True @@ -165,27 +164,29 @@ class Slice: return tag # Update a slice tag if it exists, else add it - def update_tag(self, tagname, value, node = None): + def update_tag(self, tagname, value, node = None, role_id = 40): tag = self.get_tag(tagname, node) if tag and tag.value == value: value = "no change" elif tag: + if role_id > tag.min_role_id: + raise InvalidRSpec("permission denied to update '%s' tag" % tagname) tag.value = value tag.changed = True else: - tag = self.add_tag(tagname, value, node) + tag = self.add_tag(tagname, value, node, role_id) tag.updated = True tag.writable = True return tag - def update_multi_tag(self, tagname, value, node = None): + def update_multi_tag(self, tagname, value, node = None, role_id = 40): tags = self.get_multi_tag(tagname, node) for tag in tags: if tag and tag.value == value: value = "no change" break else: - tag = self.add_tag(tagname, value, node) + tag = self.add_tag(tagname, value, node, role_id) tag.updated = True tag.writable = True return tag @@ -212,17 +213,32 @@ class Slice: class Slicetag: newid = -1 - def __init__(self, tag): + def __init__(self, tag = None): + if not tag: + return self.id = tag['slice_tag_id'] - if not self.id: - # Make one up for the time being... - self.id = Slicetag.newid - Slicetag.newid -= 1 self.slice_id = tag['slice_id'] self.tagname = tag['tagname'] self.value = tag['value'] self.node_id = tag['node_id'] self.category = tag['category'] + self.min_role_id = tag['min_role_id'] + self.__init_flags() + + # Create a new slicetag that will be written to the DB later + def initialize(self, tagname, value, node, network): + tt = network.lookupTagType(tagname) + self.id = Slicetag.newid + Slicetag.newid -=1 + self.slice_id = network.slice.id + self.tagname = tagname + self.value = value + self.node_id = node.id + self.category = tt.category + self.min_role_id = tt.min_role_id + self.__init_flags() + + def __init_flags(self): self.updated = False self.changed = False self.deleted = False @@ -254,6 +270,7 @@ class TagType: self.id = tagtype['tag_type_id'] self.category = tagtype['category'] self.tagname = tagtype['tagname'] + self.min_role_id = tagtype['min_role_id'] self.multi = False self.in_rspec = False if self.category == 'slice/rspec': @@ -355,7 +372,7 @@ class Network: def lookupTagType(self, name): val = None try: - val = self.tagstypes[name] + val = self.tagtypes[name] except: raise InvalidRSpec("tag %s not found" % name) return val