From 680d4fc1af88ed631f820545216bee6e7a698f39 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Fri, 6 Aug 2010 20:00:50 +0000 Subject: [PATCH] replaceing resolve with Resolve --- sfa/managers/registry_manager_pl.py | 21 +----- sfa/methods/GetCredential.py | 53 ++++++++++++++ sfa/methods/GetGids.py | 50 ++++++++++++++ sfa/methods/GetSelfCredential.py | 80 +++++++++++++++++++++ sfa/methods/GetTicket.py | 66 ++++++++++++++++++ sfa/methods/List.py | 46 +++++++++++++ sfa/methods/RedeemTicket.py | 35 ++++++++++ sfa/methods/Register.py | 55 +++++++++++++++ sfa/methods/RegisterPeerObject.py | 73 ++++++++++++++++++++ sfa/methods/Remove.py | 58 ++++++++++++++++ sfa/methods/RemovePeerObject.py | 103 ++++++++++++++++++++++++++++ sfa/methods/Resolve.py | 50 ++++++++++++++ sfa/methods/ResolveGENI.py | 6 +- sfa/methods/Update.py | 51 ++++++++++++++ sfa/methods/__init__.py | 6 ++ sfa/methods/resolve.py | 25 ++----- sfa/plc/api.py | 4 ++ 17 files changed, 739 insertions(+), 43 deletions(-) create mode 100644 sfa/methods/GetCredential.py create mode 100644 sfa/methods/GetGids.py create mode 100644 sfa/methods/GetSelfCredential.py create mode 100644 sfa/methods/GetTicket.py create mode 100644 sfa/methods/List.py create mode 100644 sfa/methods/RedeemTicket.py create mode 100644 sfa/methods/Register.py create mode 100644 sfa/methods/RegisterPeerObject.py create mode 100644 sfa/methods/Remove.py create mode 100644 sfa/methods/RemovePeerObject.py create mode 100644 sfa/methods/Resolve.py create mode 100644 sfa/methods/Update.py diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py index 3783b567..215d6b94 100644 --- a/sfa/managers/registry_manager_pl.py +++ b/sfa/managers/registry_manager_pl.py @@ -80,24 +80,7 @@ def GetVersion(): version['geni_api'] = 1 return version - - -# The GENI resolve call -def Resolve(api, xrn, creds): - records = resolve(api, xrn) - - if len(records) == 0: - return {} - - record = records[0] - if record.type == 'slice': - return {'geni_urn': xrn, 'geni_creator': " ".join(record.PI)} - if record.type == 'user': - return {'geni_urn': xrn, 'geni_certificate': record.gid} - - - -def resolve(api, xrns, type=None, origin_hrn=None, full=True): +def resolve(api, xrns, creds, type=None, full=True): # load all know registry names into a prefix tree and attempt to find # the longest matching prefix @@ -129,7 +112,7 @@ def resolve(api, xrns, type=None, origin_hrn=None, full=True): xrns = xrn_dict[registry_hrn] if registry_hrn != api.hrn: credential = api.getCredential() - peer_records = registries[registry_hrn].resolve(credential, xrns, origin_hrn) + peer_records = registries[registry_hrn].Resolve(xrns, credential) records.extend([SfaRecord(dict=record).as_dict() for record in peer_records]) # try resolving the remaining unfound records at the local registry diff --git a/sfa/methods/GetCredential.py b/sfa/methods/GetCredential.py new file mode 100644 index 00000000..d047a068 --- /dev/null +++ b/sfa/methods/GetCredential.py @@ -0,0 +1,53 @@ +### $Id: get_credential.py 17576 2010-04-05 20:56:15Z tmack $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_credential.py $ + +from sfa.trust.credential import * +from sfa.trust.rights import * +from sfa.util.faults import * +from sfa.util.namespace import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.debug import log +from sfa.trust.credential import Credential + +class get_credential(Method): + """ + Retrive a credential for an object + If cred == Nonee then the behavior reverts to get_self_credential + + @param cred credential object specifying rights of the caller + @param type type of object (user | slice | sa | ma | node) + @param hrn human readable name of object (hrn or urn) + + @return the string representation of a credential object + """ + + interfaces = ['registry'] + + accepts = [ + Mixed(Parameter(str, "credential"), + Parameter(None, "No credential")), + Parameter(str, "Human readable name (hrn or urn)") + ] + + returns = Parameter(str, "String representation of a credential object") + + def call(self, cred, type, xrn, origin_hrn=None): + if type: + hrn = urn_to_hrn(xrn)[0] + else: + hrn, type = urn_to_hrn(xrn) + + #log the call + if not origin_hrn: + origin_hrn = Credential(string=cred).get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) + self.api.auth.check(cred, 'getcredential') + self.api.auth.verify_object_belongs_to_me(hrn) + + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + return manager.get_credential(self.api, xrn, type) diff --git a/sfa/methods/GetGids.py b/sfa/methods/GetGids.py new file mode 100644 index 00000000..b4976701 --- /dev/null +++ b/sfa/methods/GetGids.py @@ -0,0 +1,50 @@ +from sfa.util.faults import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.trust.auth import Auth +from sfa.trust.gid import GID +from sfa.trust.certificate import Certificate +from sfa.trust.credential import Credential + +class get_gids(Method): + """ + Get a list of record information (hrn, gid and type) for + the specified hrns. + + @param cred credential string + @param cert certificate string + @return + """ + + interfaces = ['registry'] + + accepts = [ + Parameter(str, "Certificate string"), + Mixed(Parameter(str, "Human readable name (hrn or xrn)"), + Parameter(type([str]), "List of Human readable names (hrn or xrn)")) + ] + + returns = [Parameter(dict, "Dictionary of gids keyed on hrn")] + + def call(self, cred, xrns): + # validate the credential + self.api.auth.check(cred, 'getgids') + user_cred = Credential(string=cred) + origin_hrn = user_cred.get_gid_caller().get_hrn() + + # resolve the record + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + records = manager.resolve(self.api, xrns, None, origin_hrn=origin_hrn, full = False) + if not records: + raise RecordNotFound(hrns) + + gids = [] + allowed_fields = ['hrn', 'type', 'gid'] + for record in records: + for key in record.keys(): + if key not in allowed_fields: + del(record[key]) + return records diff --git a/sfa/methods/GetSelfCredential.py b/sfa/methods/GetSelfCredential.py new file mode 100644 index 00000000..e0ac5692 --- /dev/null +++ b/sfa/methods/GetSelfCredential.py @@ -0,0 +1,80 @@ +### $Id: get_credential.py 15321 2009-10-15 05:01:21Z tmack $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_credential.py $ + +from sfa.trust.credential import * +from sfa.trust.rights import * +from sfa.util.faults import * +from sfa.util.namespace import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.record import SfaRecord +from sfa.util.debug import log + +class get_self_credential(Method): + """ + Retrive a credential for an object + @param cert certificate string + @param type type of object (user | slice | sa | ma | node) + @param hrn human readable name of object (hrn or urn) + + @return the string representation of a credential object + """ + + interfaces = ['registry'] + + accepts = [ + Parameter(str, "certificate"), + Parameter(str, "Human readable name (hrn or urn)"), + Mixed(Parameter(str, "Request hash"), + Parameter(None, "Request hash not specified")) + ] + + returns = Parameter(str, "String representation of a credential object") + + def call(self, cert, type, xrn, origin_hrn=None): + """ + get_self_credential a degenerate version of get_credential used by a client + to get his initial credential when de doesnt have one. This is the same as + get_credetial(..., cred = None, ...) + + The registry ensures that the client is the principal that is named by + (type, name) by comparing the public key in the record's GID to the + private key used to encrypt the client side of the HTTPS connection. Thus + it is impossible for one principal to retrive another principal's + credential without having the appropriate private key. + + @param type type of object (user | slice | sa | ma | node) + @param hrn human readable name of authority to list + @return string representation of a credential object + """ + if type: + hrn = urn_to_hrn(xrn)[0] + else: + hrn, type = urn_to_hrn(xrn) + self.api.auth.verify_object_belongs_to_me(hrn) + + #log the call + if not origin_hrn: + origin_hrn = hrn + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) + + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + + # authenticate the gid + records = manager.resolve(self.api, xrn, type) + if not records: + raise RecordNotFound(hrn) + record = SfaRecord(dict=records[0]) + gid = record.get_gid_object() + gid_str = gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(gid_str, [cert, type, hrn]) + # authenticate the certificate against the gid in the db + certificate = Certificate(string=cert) + if not certificate.is_pubkey(gid.get_pubkey()): + raise ConnectionKeyGIDMismatch(gid.get_subject()) + + return manager.get_credential(self.api, xrn, type, is_self=True) diff --git a/sfa/methods/GetTicket.py b/sfa/methods/GetTicket.py new file mode 100644 index 00000000..7d99e9fd --- /dev/null +++ b/sfa/methods/GetTicket.py @@ -0,0 +1,66 @@ +### $Id: get_ticket.py 17732 2010-04-19 21:10:45Z tmack $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_ticket.py $ +import time +from sfa.util.faults import * +from sfa.util.namespace import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.trust.auth import Auth +from sfa.util.config import Config +from sfa.trust.credential import Credential +from sfa.util.sfatablesRuntime import run_sfatables + +class GetTicket(Method): + """ + Retrieve a ticket. This operation is currently implemented on PLC + only (see SFA, engineering decisions); it is not implemented on + components. + + The ticket is filled in with information from the PLC database. This + information includes resources, and attributes such as user keys and + initscripts. + + @param cred credential string + @param name name of the slice to retrieve a ticket for (hrn or urn) + @param rspec resource specification dictionary + + @return the string representation of a ticket object + """ + + interfaces = ['aggregate', 'slicemgr'] + + accepts = [ + Parameter(str, "Human readable name of slice to retrive a ticket for (hrn or urn)"), + Mixed(Parameter(str, "Credential string"), + Parameter(type([str]), "List of credentials")), + Parameter(str, "Resource specification (rspec)"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Parameter(None, "Origin hrn not specified")), + Parameter(type([]), "List of user information") + ] + + returns = Parameter(str, "String represeneation of a ticket object") + + def call(self, xrn, creds, rspec, users): + hrn, type = urn_to_hrn(xrn) + # Find the valid credentials + valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', hrn) + origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() + + #log the call + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) + + manager = self.api.get_interface_manager() + + # flter rspec through sfatables + if self.api.interface in ['aggregate']: + chain_name = 'OUTGOING' + elif self.api.interface in ['slicemgr']: + chain_name = 'FORWARD-OUTGOING' + rspec = run_sfatables(chain_name, hrn, origin_hrn, rspec) + + # remove nodes that are not available at this interface from the rspec + ticket = manager.get_ticket(self.api, xrn, creds, rspec, users) + + return ticket + diff --git a/sfa/methods/List.py b/sfa/methods/List.py new file mode 100644 index 00000000..36607dd6 --- /dev/null +++ b/sfa/methods/List.py @@ -0,0 +1,46 @@ +### $Id: list.py 16588 2010-01-13 17:53:44Z anil $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/list.py $ + +from sfa.util.faults import * +from sfa.util.namespace import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.record import SfaRecord +from sfa.trust.credential import Credential + +class list(Method): + """ + List the records in an authority. + + @param cred credential string specifying the rights of the caller + @param hrn human readable name of authority to list (hrn or urn) + @return list of record dictionaries + """ + interfaces = ['registry'] + + accepts = [ + Parameter(str, "Credential string"), + Parameter(str, "Human readable name (hrn or urn)"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Parameter(None, "Origin hrn not specified")) + ] + + returns = [SfaRecord] + + def call(self, cred, xrn, origin_hrn=None): + hrn, type = urn_to_hrn(xrn) + user_cred = Credential(string=cred) + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) + + # validate the cred + self.api.auth.check(cred, 'list') + + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + return manager.list(self.api, xrn, origin_hrn) diff --git a/sfa/methods/RedeemTicket.py b/sfa/methods/RedeemTicket.py new file mode 100644 index 00000000..c471d5a6 --- /dev/null +++ b/sfa/methods/RedeemTicket.py @@ -0,0 +1,35 @@ +### $Id: reset_slice.py 15428 2009-10-23 15:28:03Z tmack $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfacomponent/methods/reset_slice.py $ +import xmlrpclib +from sfa.util.faults import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed + +class RedeemTicket(Method): + """ + Deprecated. Use RedeemTicket instead. + + @param cred credential string specifying the rights of the caller + @param ticket + @return 1 is successful, faults otherwise + """ + + interfaces = ['component'] + + accepts = [ + Parameter(str, "Ticket string representation of SFA ticket"), + Mixed(Parameter(str, "Credential string"), + Parameter(type([str]), "List of credentials")), + ] + + returns = [Parameter(int, "1 if successful")] + + def call(self, ticket, creds): + valid_creds = self.api.auth.checkCredentials(cred, 'redeemticket') + self.api.auth.check_ticket(ticket) + + + # send the call to the right manager + manager = self.api.get_interface_manager() + manager.redeem_ticket(self.api, ticket) + return 1 diff --git a/sfa/methods/Register.py b/sfa/methods/Register.py new file mode 100644 index 00000000..00560f77 --- /dev/null +++ b/sfa/methods/Register.py @@ -0,0 +1,55 @@ +### $Id: register.py 16477 2010-01-05 16:31:37Z thierry $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/register.py $ + +from sfa.trust.certificate import Keypair, convert_public_key +from sfa.trust.gid import * +from sfa.util.faults import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.record import SfaRecord +from sfa.util.debug import log +from sfa.trust.auth import Auth +from sfa.trust.gid import create_uuid +from sfa.trust.credential import Credential + +class register(Method): + """ + Register an object with the registry. In addition to being stored in the + SFA database, the appropriate records will also be created in the + PLC databases + + @param cred credential string + @param record_dict dictionary containing record fields + + @return gid string representation + """ + + interfaces = ['registry'] + + accepts = [ + Parameter(str, "Credential string"), + Parameter(dict, "Record dictionary containing record fields") + ] + + returns = Parameter(int, "String representation of gid object") + + def call(self, cred, record, origin_hrn=None): + user_cred = Credential(string=cred) + + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() + hrn = None + if 'hrn' in record: + hrn = record['hrn'] + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) + + # validate the cred + self.api.auth.check(cred, "register") + + #send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + return manager.register(self.api, record) diff --git a/sfa/methods/RegisterPeerObject.py b/sfa/methods/RegisterPeerObject.py new file mode 100644 index 00000000..68b3105c --- /dev/null +++ b/sfa/methods/RegisterPeerObject.py @@ -0,0 +1,73 @@ +### $Id: register.py 15001 2009-09-11 20:18:54Z tmack $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/register.py $ + +from sfa.trust.certificate import Keypair, convert_public_key +from sfa.trust.gid import * + +from sfa.util.faults import * +from sfa.util.namespace import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.record import SfaRecord +from sfa.util.table import SfaTable +from sfa.util.debug import log +from sfa.trust.auth import Auth +from sfa.trust.gid import create_uuid +from sfa.trust.credential import Credential + +class register_peer_object(Method): + """ + Register a peer object with the registry. In addition to being stored in the + SFA database, the appropriate records will also be created in the + PLC databases + + @param cred credential string + @param record_dict dictionary containing record fields + @return gid string representation + """ + + interfaces = ['registry'] + + accepts = [ + Parameter(str, "Credential string"), + Parameter(dict, "Record dictionary containing record fields"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Parameter(None, "Origin hrn not specified")) + ] + + returns = Parameter(int, "1 if successful") + + def call(self, cred, record_dict, origin_hrn=None): + user_cred = Credential(string=cred) + + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name)) + + # validate the cred + self.api.auth.check(cred, "register") + + # make sure this is a peer record + if 'peer_authority' not in record_dict or \ + not record_dict['peer_authority']: + raise SfaInvalidArgument, "peer_authority must be specified" + + record = SfaRecord(dict = record_dict) + type, hrn, peer_authority = record['type'], record['hrn'], record['peer_authority'] + record['authority'] = get_authority(record['hrn']) + # verify permissions + self.api.auth.verify_cred_is_me(cred) + + # check if record already exists + table = SfaTable() + existing_records = table.find({'type': type, 'hrn': hrn, 'peer_authority': peer_authority}) + if existing_records: + for existing_record in existing_records: + if existing_record['pointer'] != record['pointer']: + record['record_id'] = existing_record['record_id'] + table.update(record) + else: + record_id = table.insert(record) + + return 1 diff --git a/sfa/methods/Remove.py b/sfa/methods/Remove.py new file mode 100644 index 00000000..62828778 --- /dev/null +++ b/sfa/methods/Remove.py @@ -0,0 +1,58 @@ +### $Id: remove.py 16497 2010-01-07 03:33:24Z tmack $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/remove.py $ + +from sfa.util.faults import * +from sfa.util.namespace import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.debug import log +from sfa.trust.credential import Credential + +class remove(Method): + """ + Remove an object from the registry. If the object represents a PLC object, + then the PLC records will also be removed. + + @param cred credential string + @param type record type + @param xrn human readable name of record to remove (hrn or urn) + + @return 1 if successful, faults otherwise + """ + + interfaces = ['registry'] + + accepts = [ + Parameter(str, "Credential string"), + Parameter(str, "Record type"), + Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Parameter(None, "Origin hrn not specified")) + ] + + returns = Parameter(int, "1 if successful") + + def call(self, cred, type, xrn, origin_hrn=None): + user_cred = Credential(string=cred) + + # convert xrn to hrn + if type: + hrn = urn_to_hrn(xrn)[0] + else: + hrn, type = urn_to_hrn(xrn) + + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) + + # validate the cred + self.api.auth.check(cred, "remove") + self.api.auth.verify_object_permission(hrn) + + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + return manager.remove(self.api, xrn, type, origin_hrn) diff --git a/sfa/methods/RemovePeerObject.py b/sfa/methods/RemovePeerObject.py new file mode 100644 index 00000000..ed46ea71 --- /dev/null +++ b/sfa/methods/RemovePeerObject.py @@ -0,0 +1,103 @@ +from sfa.util.faults import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.trust.auth import Auth +from sfa.util.record import SfaRecord +from sfa.util.table import SfaTable +from sfa.util.debug import log +from sfa.trust.credential import Credential +from types import StringTypes + +class remove_peer_object(Method): + """ + Remove an peer object from the PLC records of a local aggregate. + This method will be called by registry.remove() while removing + a record from the local aggreage's PLCDB and sfa table. This + method need not be directly called by end-user. + + @param cred credential string + @param record record as stored in the local registry + + @return 1 if successful, faults otherwise + """ + + interfaces = ['registry'] + + accepts = [ + Parameter(str, "Credential string"), + Parameter(dict, "Record dictionary"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Parameter(None, "Origin hrn not specified")) + ] + + returns = Parameter(int, "1 if successful") + + def call(self, cred, record, origin_hrn=None): + user_cred = Credential(string=cred) + + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, record['hrn'], self.name)) + + self.api.auth.check(cred, "remove") + + # Only allow the local interface or record owner to delete peer_records + try: self.api.auth.verify_object_permission(record['hrn']) + except: self.api.auth.verify_cred_is_me(cred) + + table = SfaTable() + hrn, type = record['hrn'], record['type'] + records = table.find({'hrn': hrn, 'type': type }) + for record in records: + if record['peer_authority']: + self.remove_plc_record(record) + table.remove(record) + + return 1 + + def remove_plc_record(self, record): + type = record['type'] + if type == "user": + persons = self.api.plshell.GetPersons(self.api.plauth, {'person_id' : record['pointer']}) + if not persons: + return 1 + person = persons[0] + if person['peer_id']: + peer = self.get_peer_name(person['peer_id']) + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person['person_id'], peer) + self.api.plshell.DeletePerson(self.api.plauth, person['person_id']) + + elif type == "slice": + slices=self.api.plshell.GetSlices(self.api.plauth, {'slice_id' : record['pointer']}) + if not slices: + return 1 + slice=slices[0] + if slice['peer_id']: + peer = self.get_peer_name(slice['peer_id']) + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice['slice_id'], peer) + self.api.plshell.DeleteSlice(self.api.plauth, slice['slice_id']) + elif type == "authority": + sites=self.api.plshell.GetSites(self.api.plauth, {'site_id' : record['pointer']}) + if not sites: + return 1 + site=sites[0] + if site['peer_id']: + peer = self.get_peer_name(site['peer_id']) + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', site['site_id'], peer) + self.api.plshell.DeleteSite(self.api.plauth, site['site_id']) + + else: + raise UnknownSfaType(type) + + return 1 + + def get_peer_name(self, peer_id): + peers = self.api.plshell.GetPeers(self.api.plauth, [peer_id], ['peername', 'shortname', 'hrn_root']) + if not peers: + raise SfaInvalidArgument, "No such peer" + peer = peers[0] + return peer['shortname'] + + + diff --git a/sfa/methods/Resolve.py b/sfa/methods/Resolve.py new file mode 100644 index 00000000..03c40fab --- /dev/null +++ b/sfa/methods/Resolve.py @@ -0,0 +1,50 @@ +### $Id: resolve.py 17157 2010-02-21 04:19:34Z tmack $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/resolve.py $ +import traceback +import types +from sfa.util.faults import * +from sfa.util.namespace import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.debug import log +from sfa.trust.credential import Credential +from sfa.util.record import SfaRecord + +class Resolve(Method): + """ + Resolve a record. + + @param cred credential string authorizing the caller + @param hrn human readable name to resolve (hrn or urn) + @return a list of record dictionaries or empty list + """ + + interfaces = ['registry'] + + accepts = [ + Mixed(Parameter(str, "Human readable name (hrn or urn)"), + Parameter(list, "List of Human readable names ([hrn])")), + Mixed(Parameter(str, "Credential string"), + Parameter(list, "List of credentials)")) + ] + + returns = [SfaRecord] + + def call(self, xrns, creds): + if not isinstance(xrns, types.ListType): + xrns=[xrns] + hrns = [urn_to_hrn(xrn)[0] for xrn in xrns] + + #find valid credentials + valid_creds = self.api.auth.checkCredentials(creds, 'resolve') + + #log the call + origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrns, self.name)) + + # send the call to the right manager + manager = self.api.get_interface_manager() + return manager.resolve(self.api, xrns, creds) + + + diff --git a/sfa/methods/ResolveGENI.py b/sfa/methods/ResolveGENI.py index 83b6c393..c223bbe8 100644 --- a/sfa/methods/ResolveGENI.py +++ b/sfa/methods/ResolveGENI.py @@ -4,12 +4,12 @@ from sfa.util.method import Method from sfa.util.parameter import Parameter from sfa.trust.credential import Credential -class ResolveGENI(Method): +class Resolve(Method): """ Lookup a URN and return information about the corresponding object. @param urn - """ + interfaces = ['registry'] accepts = [ Parameter(str, "URN"), @@ -27,4 +27,4 @@ class ResolveGENI(Method): manager = __import__(manager_module, fromlist=[manager_base]) return manager.Resolve(self.api, xrn, '') - return {} \ No newline at end of file + return {} diff --git a/sfa/methods/Update.py b/sfa/methods/Update.py new file mode 100644 index 00000000..dcc5c70e --- /dev/null +++ b/sfa/methods/Update.py @@ -0,0 +1,51 @@ +### $Id: update.py 16477 2010-01-05 16:31:37Z thierry $ +### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/update.py $ + +import time +from sfa.util.faults import * +from sfa.util.method import Method +from sfa.util.parameter import Parameter, Mixed +from sfa.util.debug import log +from sfa.trust.credential import Credential + +class update(Method): + """ + Update an object in the registry. Currently, this only updates the + PLC information associated with the record. The SFA fields (name, type, + GID) are fixed. + + @param cred credential string specifying rights of the caller + @param record a record dictionary to be updated + + @return 1 if successful, faults otherwise + """ + + interfaces = ['registry'] + + accepts = [ + Parameter(str, "Credential string"), + Parameter(dict, "Record dictionary to be updated"), + Mixed(Parameter(str, "Human readable name of the original caller"), + Parameter(None, "Origin hrn not specified")) + ] + + returns = Parameter(int, "1 if successful") + + def call(self, cred, record_dict, origin_hrn=None): + user_cred = Credential(string=cred) + + #log the call + if not origin_hrn: + origin_hrn = user_cred.get_gid_caller().get_hrn() + self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name)) + + # validate the cred + self.api.auth.check(cred, "update") + + # send the call to the right manager + manager_base = 'sfa.managers' + mgr_type = self.api.config.SFA_REGISTRY_TYPE + manager_module = manager_base + ".registry_manager_%s" % mgr_type + manager = __import__(manager_module, fromlist=[manager_base]) + return manager.update(self.api, record_dict) + diff --git a/sfa/methods/__init__.py b/sfa/methods/__init__.py index 33b22901..bca484be 100644 --- a/sfa/methods/__init__.py +++ b/sfa/methods/__init__.py @@ -13,15 +13,21 @@ get_slices get_ticket get_trusted_certs list +List redeem_ticket +RedeemTicket register +Register register_peer_object remove +Remove reset_slice resolve +Resolve start_slice stop_slice update +Update remove_peer_object GetTicket GetVersion diff --git a/sfa/methods/resolve.py b/sfa/methods/resolve.py index 8920cdca..d26625e4 100644 --- a/sfa/methods/resolve.py +++ b/sfa/methods/resolve.py @@ -6,12 +6,12 @@ from sfa.util.faults import * from sfa.util.namespace import * from sfa.util.method import Method from sfa.util.parameter import Parameter, Mixed -from sfa.util.debug import log -from sfa.trust.credential import Credential from sfa.util.record import SfaRecord +from sfa.methods.Resolve import Resolve -class resolve(Method): +class resolve(Resolve): """ + Deprecated. Use Resolve instead Resolve a record. @param cred credential string authorizing the caller @@ -30,24 +30,7 @@ class resolve(Method): returns = [SfaRecord] def call(self, cred, xrns, origin_hrn=None): - user_cred = Credential(string=cred) - if not isinstance(xrns, types.ListType): - xrns=[xrns] - hrns = [urn_to_hrn(xrn)[0] for xrn in xrns] - - #log the call - if not origin_hrn: - origin_hrn = user_cred.get_gid_caller().get_hrn() - self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrns, self.name)) - - # validate the cred - self.api.auth.check(cred, 'resolve') - # send the call to the right manager - manager_base = 'sfa.managers' - mgr_type = self.api.config.SFA_REGISTRY_TYPE - manager_module = manager_base + ".registry_manager_%s" % mgr_type - manager = __import__(manager_module, fromlist=[manager_base]) - return manager.resolve(self.api, xrns, origin_hrn=origin_hrn) + return Resolve.call(self, xrns, cred) diff --git a/sfa/plc/api.py b/sfa/plc/api.py index aac86eb9..2143586d 100644 --- a/sfa/plc/api.py +++ b/sfa/plc/api.py @@ -476,6 +476,8 @@ class SfaAPI(BaseAPI): for person_id in pi_ids: hrns = [person['hrn'] for person in persons[person_id]] record['PI'].extend(hrns) + record['geni_urn'] = hrn_to_urn(record['hrn'], 'slice') + record['geni_creator'] = record['PI'] elif (type == "authority"): record['PI'] = [] @@ -500,6 +502,8 @@ class SfaAPI(BaseAPI): elif (type == "user"): sfa_info['email'] = record.get("email", "") + sfa_info['geni_urn'] = hrn_to_urn(record['hrn'], 'user') + sfa_info['geni_certificate'] = record['gid'] # xxx TODO: PostalAddress, Phone record.update(sfa_info) -- 2.43.0