From 62792bcff03b7c63c3140066563a1530aa497d48 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Fri, 16 Oct 2009 03:27:30 +0000 Subject: [PATCH] add request_hash argumet to more method calls --- sfa/client/sfi.py | 93 +++++++++++++++++++++-------------- sfa/methods/create_gid.py | 6 ++- sfa/methods/create_slice.py | 9 +++- sfa/methods/delete_slice.py | 15 ++++-- sfa/methods/get_aggregates.py | 7 +-- sfa/methods/get_registries.py | 7 +-- sfa/methods/get_resources.py | 11 ++++- sfa/methods/reset_slices.py | 10 +++- sfa/methods/start_slice.py | 10 +++- sfa/methods/stop_slice.py | 10 +++- 10 files changed, 120 insertions(+), 58 deletions(-) diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index c93449fb..d604978a 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -560,22 +560,24 @@ class Sfi: def aggregates(self, opts, args): - user_cred = self.get_user_cred() + user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = None if args: hrn = args[0] - - result = self.registry.get_aggregates(user_cred, hrn) + arg_list = [user_cred, hrn] + request_hash = self.key.compute_hash(arg_list) + result = self.registry.get_aggregates(user_cred, hrn, request_hash) self.display_list(result) return def registries(self, opts, args): - user_cred = self.get_user_cred() + user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = None if args: hrn = args[0] - - result = self.registry.get_registries(user_cred, hrn) + arg_list = [user_cred, hrn] + request_hash = self.key.compute_hash(arg_list) + result = self.registry.get_registries(user_cred, hrn, request_hash) self.display_list(result) return @@ -594,32 +596,40 @@ class Sfi: # show rspec for named slice def resources(self,opts, args): - user_cred = self.get_user_cred() - server = self.slicemgr - if opts.aggregate: - aggregates = self.registry.get_aggregates(user_cred, opts.aggregate) + user_cred = self.get_user_cred().save_to_string(save_parents=True) + server = self.slicemgr + if opts.aggregate: + agg_hrn = opts.aggregate + arg_list = [user_cred, arg_hrn] + request_hash = self.key.compute_hash(arg_list) + aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash) if not aggregates: - raise Exception, "No such aggregate %s" % opts.aggregate + raise Exception, "No such aggregate %s" % agg_hrn aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) - server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - if args: - slice_cred = self.get_slice_cred(args[0]) - result = server.get_resources(slice_cred, args[0]) - else: - result = server.get_resources(user_cred) - format = opts.format + server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file) + if args: + cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + hrn = args[0] + else: + cred = user_cred + hrn = None + + arg_list = [cred, hrn] + request_hash = self.key.compute_hash(arg_list) + result = server.get_resources(cred, hrn, request_hash) + format = opts.format - self.display_rspec(result, format) - if (opts.file is not None): - self.save_rspec_to_file(result, opts.file) - return + self.display_rspec(result, format) + if (opts.file is not None): + self.save_rspec_to_file(result, opts.file) + return # created named slice with given rspec def create(self,opts, args): slice_hrn = args[0] user_cred = self.get_user_cred() - slice_cred = self.get_slice_cred(slice_hrn) + slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) rspec_file = self.get_rspec_file(args[1]) rspec=open(rspec_file).read() server = self.slicemgr @@ -630,32 +640,41 @@ class Sfi: aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - return server.create_slice(slice_cred, slice_hrn, rspec) + arg_list = [slice_cred, slice_hrn, rspec] + request_hash = self.key.compute_hash(arg_list) + return server.create_slice(slice_cred, slice_hrn, rspec, request_hash) # delete named slice def delete(self,opts, args): - slice_hrn = args[0] - slice_cred = self.get_slice_cred(slice_hrn) - - return self.slicemgr.delete_slice(slice_cred, slice_hrn) + slice_hrn = args[0] + slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) + arg_list = [slice_cred, slice_hrn] + request_hash = self.key.compute_hash(arg_list) + return self.slicemgr.delete_slice(slice_cred, slice_hrn, request_hash) # start named slice def start(self,opts, args): - slice_hrn = args[0] - slice_cred = self.get_slice_cred(args[0]) - return self.slicemgr.start_slice(slice_cred, slice_hrn) + slice_hrn = args[0] + slice_cred = self.get_slice_cred(args[0]) + arg_list = [slice_cred, slice_hrn] + request_hash = self.key.compute_hash(arg_list) + return self.slicemgr.start_slice(slice_cred, slice_hrn, request_hash) # stop named slice def stop(self,opts, args): - slice_hrn = args[0] - slice_cred = self.get_slice_cred(args[0]) - return self.slicemgr.stop_slice(slice_cred, slice_hrn) + slice_hrn = args[0] + slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + arg_list = [slice_cred, slice_hrn] + request_hash = self.key.compute_hash(arg_list) + return self.slicemgr.stop_slice(slice_cred, slice_hrn, request_hash) # reset named slice def reset(self,opts, args): - slice_hrn = args[0] - slice_cred = self.get_slice_cred(args[0]) - return self.slicemgr.reset_slice(slice_cred, slice_hrn) + slice_hrn = args[0] + slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + arg_list = [slice_cred, slice_hrn] + request_hash = self.key.compute_hash(arg_list) + return self.slicemgr.reset_slice(slice_cred, slice_hrn, request_hash) # # diff --git a/sfa/methods/create_gid.py b/sfa/methods/create_gid.py index 12fe0f68..df2fa6d3 100644 --- a/sfa/methods/create_gid.py +++ b/sfa/methods/create_gid.py @@ -31,12 +31,14 @@ class create_gid(Method): Parameter(str, "Human readable name (hrn)"), Mixed(Parameter(str, "Unique identifier for new GID (uuid)"), Parameter(None, "Unique identifier (uuid) not specified")), - Parameter(str, "public-key string") + Parameter(str, "public-key string"), + Parameter(str, "Request hash"), ] returns = Parameter(str, "String represeneation of a GID object") - def call(self, cred, hrn, uuid, pubkey_str): + def call(self, cred, hrn, uuid, request_hash, pubkey_str): + self.api.auth.authenticateCred(cred, [cred, hrn, uuid], request_hash) self.api.auth.check(cred, "getcredential") self.api.auth.verify_object_belongs_to_me(hrn) self.api.auth.verify_object_permission(hrn) diff --git a/sfa/methods/create_slice.py b/sfa/methods/create_slice.py index 6609a0b8..576ac0ab 100644 --- a/sfa/methods/create_slice.py +++ b/sfa/methods/create_slice.py @@ -30,14 +30,21 @@ class create_slice(Method): Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), Parameter(str, "Resource specification"), + Parameter(str, "Request hash") ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, requested_rspec, caller_cred=None): + def call(self, cred, hrn, requested_rspec, request_hash, caller_cred=None): if caller_cred==None: caller_cred=cred + # This cred will be an slice cred, not a user, so we cant use it to + # authenticate the caller's request_hash. Let just get the caller's gid + # from the cred and authenticate using that + client_gid = Credential(string=cred).get_gid_caller() + client_gid_str = client_gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(client_gid_str, [cred, hrn, requested_rspec], request_hash) self.api.auth.check(cred, 'createslice') #log the call diff --git a/sfa/methods/delete_slice.py b/sfa/methods/delete_slice.py index 418d8176..2591a6a7 100644 --- a/sfa/methods/delete_slice.py +++ b/sfa/methods/delete_slice.py @@ -24,17 +24,24 @@ class delete_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to delete"), + Parameter(str, "Request hash") ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn, caller_cred=None): + def call(self, cred, hrn, request_hash, caller_cred=None): - if caller_cred==None: - caller_cred=cred - #log the call + if caller_cred==None: + caller_cred=cred + #log the call self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name)) + # This cred will be an slice cred, not a user, so we cant use it to + # authenticate the caller's request_hash. Let just get the caller's gid + # from the cred and authenticate using that + client_gid = Credential(string=cred).get_gid_caller() + client_gid_str = client_gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) self.api.auth.check(cred, 'deleteslice') slices = Slices(self.api, caller_cred=caller_cred) slices.delete_slice(hrn) diff --git a/sfa/methods/get_aggregates.py b/sfa/methods/get_aggregates.py index 7cf8d79a..57ef2590 100644 --- a/sfa/methods/get_aggregates.py +++ b/sfa/methods/get_aggregates.py @@ -23,13 +23,14 @@ class get_aggregates(Method): Parameter(str, "Credential string"), Mixed(Parameter(str, "Human readable name (hrn)"), - Parameter(None, "hrn not specified")) + Parameter(None, "hrn not specified")), + Parameter(str, "Request hash") ] returns = [Parameter(dict, "Aggregate interface information")] - def call(self, cred, hrn = None): - + def call(self, cred, hrn = None, request_hash=None): + self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) self.api.auth.check(cred, 'list') aggregates = Aggregates(self.api) hrn_list = [] diff --git a/sfa/methods/get_registries.py b/sfa/methods/get_registries.py index e928aa25..df65616b 100644 --- a/sfa/methods/get_registries.py +++ b/sfa/methods/get_registries.py @@ -23,13 +23,14 @@ class get_registries(Method): Parameter(str, "Credential string"), Mixed(Parameter(str, "Human readable name (hrn)"), - Parameter(None, "hrn not specified")) + Parameter(None, "hrn not specified")), + Parameter(str, "Request hash") ] returns = [Parameter(dict, "Registry interface information")] - def call(self, cred, hrn = None): - + def call(self, cred, hrn = None, request_hash=None): + self.api.auth.authenticateCred(cred, [cred, hrn], request_hash) self.api.auth.check(cred, 'list') registries = Registries(self.api) hrn_list = [] diff --git a/sfa/methods/get_resources.py b/sfa/methods/get_resources.py index dc7c68e2..7ded9399 100644 --- a/sfa/methods/get_resources.py +++ b/sfa/methods/get_resources.py @@ -27,14 +27,21 @@ class get_resources(Method): accepts = [ Parameter(str, "Credential string"), Mixed(Parameter(str, "Human readable name (hrn)"), - Parameter(None, "hrn not specified")) + Parameter(None, "hrn not specified")), + Parameter(str, "Request hash") ] returns = Parameter(str, "String representatin of an rspec") - def call(self, cred, hrn=None, caller_cred=None): + def call(self, cred, hrn=None, request_hash = None, caller_cred=None): sfa_aggregate_type = Config().get_aggregate_rspec_type() + # This cred will be an authority cred, not a user, so we cant use it to + # authenticate the caller's request_hash. Let just get the caller's gid + # from the cred and authenticate using that + client_gid = Credential(string=cred).get_gid_caller() + client_gid_str = client_gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(client_gid_str, [cred,hrn], request_hash) self.api.auth.check(cred, 'listnodes') if caller_cred==None: caller_cred=cred diff --git a/sfa/methods/reset_slices.py b/sfa/methods/reset_slices.py index 9b40d836..88d85fae 100644 --- a/sfa/methods/reset_slices.py +++ b/sfa/methods/reset_slices.py @@ -22,12 +22,18 @@ class reset_slices(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), + Parameter(str, "Request hash") ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn): - + def call(self, cred, hrn, request_hash): + # This cred will be an authority cred, not a user, so we cant use it to + # authenticate the caller's request_hash. Let just get the caller's gid + # from the cred and authenticate using that + client_gid = Credential(string=cred).get_gid_caller() + client_gid_str = client_gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) self.api.auth.check(cred, 'resetslice') ## XX Not yet implemented diff --git a/sfa/methods/start_slice.py b/sfa/methods/start_slice.py index 4356de2b..a34461ab 100644 --- a/sfa/methods/start_slice.py +++ b/sfa/methods/start_slice.py @@ -22,12 +22,18 @@ class start_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), + Parameter(str, "Request hash") ] returns = [Parameter(int, "1 if successful")] - def call(self, cred, hrn): - + def call(self, cred, hrn, request_hash): + # This cred will be an slice cred, not a user, so we cant use it to + # authenticate the caller's request_hash. Let just get the caller's gid + # from the cred and authenticate using that + client_gid = Credential(string=cred).get_gid_caller() + client_gid_str = client_gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) self.api.auth.check(cred, 'startslice') slices = Slices(self.api) slices.start_slice(hrn) diff --git a/sfa/methods/stop_slice.py b/sfa/methods/stop_slice.py index 959b18f4..ba2b78c0 100644 --- a/sfa/methods/stop_slice.py +++ b/sfa/methods/stop_slice.py @@ -22,12 +22,18 @@ class stop_slice(Method): accepts = [ Parameter(str, "Credential string"), Parameter(str, "Human readable name of slice to instantiate"), + Parameter(str, "Request hash") ] returns = Parameter(int, "1 if successful") - def call(self, cred, hrn): - + def call(self, cred, hrn, request_hash): + # This cred will be an slice cred, not a user, so we cant use it to + # authenticate the caller's request_hash. Let just get the caller's gid + # from the cred and authenticate using that + client_gid = Credential(string=cred).get_gid_caller() + client_gid_str = client_gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(client_gid_str, [cred, hrn], request_hash) self.api.auth.check(cred, 'stopslice') slices = Slices(self.api) slices.stop_slice(hrn) -- 2.43.0