From 9fe1cc1bbb72921e1fe94e9a7997cd387073d863 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Fri, 19 Oct 2012 23:05:31 -0400
Subject: [PATCH] Generalize credentials argument

---
 sfa/client/sfi.py            | 37 ++++++++++++++++++++++--------------
 sfa/methods/Allocate.py      |  3 ++-
 sfa/methods/Delete.py        |  2 +-
 sfa/methods/Describe.py      |  2 +-
 sfa/methods/ListResources.py |  2 +-
 sfa/methods/Provision.py     |  3 ++-
 sfa/methods/Renew.py         |  2 +-
 sfa/methods/Shutdown.py      |  2 +-
 sfa/trust/auth.py            |  6 +++---
 sfa/trust/credential.py      | 13 ++++++++++++-
 10 files changed, 47 insertions(+), 25 deletions(-)

diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py
index 20d4b990..16a4878c 100644
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -115,14 +115,15 @@ def filter_records(type, records):
     return filtered_records
 
 
-def credential_printable (credential_string):
-    credential=Credential(string=credential_string)
+def credential_printable (cred):
+    credential=Credential(cred=cred)
     result=""
     result += credential.get_summary_tostring()
     result += "\n"
     rights = credential.get_privileges()
-    result += "rights=%s"%rights
-    result += "\n"
+    result += "type=%s\n" % credential.type    
+    result += "version=%s\n" % credential.version    
+    result += "rights=%s\n"%rights
     return result
 
 def show_credentials (cred_s):
@@ -650,6 +651,9 @@ class Sfi:
         # extract what's needed
         self.private_key = client_bootstrap.private_key()
         self.my_credential_string = client_bootstrap.my_credential_string ()
+        self.my_credential = {'geni_type': 'geni_sfa',
+                              'geni_version': '3.0', 
+                              'geni_value': self.my_credential_string}
         self.my_gid = client_bootstrap.my_gid ()
         self.client_bootstrap = client_bootstrap
 
@@ -663,6 +667,11 @@ class Sfi:
     def slice_credential_string(self, name):
         return self.client_bootstrap.slice_credential_string (name)
 
+    def slice_credential(self, name):
+        return {'geni_type': 'geni_sfa',
+                'geni_version': '3.0',
+                'geni_value': self.slice_credential_string(name)}    
+
     # xxx should be supported by sfaclientbootstrap as well
     def delegate_cred(self, object_cred, hrn, type='authority'):
         # the gid and hrn of the object we are delegating
@@ -988,7 +997,7 @@ or version information about sfi itself
             creds.append(delegated_cred)  
         # options and call_id when supported
         api_options = {}
-	api_options['call_id']=unique_call_id()
+        api_options['call_id']=unique_call_id()
         if options.show_credential:
             show_credentials(creds)
         result = server.ListSlices(creds, *self.ois(server,api_options))
@@ -1008,7 +1017,7 @@ or with an slice hrn, shows currently provisioned resources
         server = self.sliceapi()
 
         # set creds
-        creds = [self.my_credential_string]
+        creds = [self.my_credential]
         if options.delegate:
             creds.append(self.delegate_cred(cred, get_authority(self.authority)))
         if options.show_credential:
@@ -1058,7 +1067,7 @@ or with an slice hrn, shows currently provisioned resources
         server = self.sliceapi()
 
         # set creds
-        creds = [self.slice_credential_string(args[0])]
+        creds = [self.slice_credential(args[0])]
         if options.delegate:
             creds.append(self.delegate_cred(cred, get_authority(self.authority)))
         if options.show_credential:
@@ -1172,7 +1181,7 @@ or with an slice hrn, shows currently provisioned resources
         slice_urn = hrn_to_urn(slice_hrn, 'slice') 
 
         # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
+        slice_cred = self.slice_credential(slice_hrn)
         creds = [slice_cred]
         if options.delegate:
             delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@ -1198,7 +1207,7 @@ or with an slice hrn, shows currently provisioned resources
         slice_urn = Xrn(slice_hrn, type='slice').get_urn()
 
         # credentials
-        creds = [self.slice_credential_string(slice_hrn)]
+        creds = [self.slice_credential(slice_hrn)]
 
         delegated_cred = None
         if server_version.get('interface') == 'slicemgr':
@@ -1263,7 +1272,7 @@ or with an slice hrn, shows currently provisioned resources
         slice_urn = Xrn(slice_hrn, type='slice').get_urn()
 
         # credentials
-        creds = [self.slice_credential_string(slice_hrn)]
+        creds = [self.slice_credential(slice_hrn)]
         delegated_cred = None
         if server_version.get('interface') == 'slicemgr':
             # delegate our cred to the slice manager
@@ -1300,7 +1309,7 @@ or with an slice hrn, shows currently provisioned resources
         slice_urn = hrn_to_urn(slice_hrn, 'slice') 
 
         # creds 
-        slice_cred = self.slice_credential_string(slice_hrn)
+        slice_cred = self.slice_credential(slice_hrn)
         creds = [slice_cred]
         if options.delegate:
             delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@ -1377,7 +1386,7 @@ or with an slice hrn, shows currently provisioned resources
         action = args[1]
         slice_urn = Xrn(slice_hrn, type='slice').get_urn() 
         # cred
-        slice_cred = self.slice_credential_string(args[0])
+        slice_cred = self.slice_credential(args[0])
         creds = [slice_cred]
         if options.delegate:
             delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@ -1404,7 +1413,7 @@ or with an slice hrn, shows currently provisioned resources
         slice_urn = hrn_to_urn(slice_hrn, 'slice') 
         # time: don't try to be smart on the time format, server-side will
         # creds
-        slice_cred = self.slice_credential_string(args[0])
+        slice_cred = self.slice_credential(args[0])
         creds = [slice_cred]
         if options.delegate:
             delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
@@ -1432,7 +1441,7 @@ or with an slice hrn, shows currently provisioned resources
         slice_hrn = args[0]
         slice_urn = hrn_to_urn(slice_hrn, 'slice') 
         # creds
-        slice_cred = self.slice_credential_string(slice_hrn)
+        slice_cred = self.slice_credential(slice_hrn)
         creds = [slice_cred]
         if options.delegate:
             delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority))
diff --git a/sfa/methods/Allocate.py b/sfa/methods/Allocate.py
index 565d859f..b549fd6b 100644
--- a/sfa/methods/Allocate.py
+++ b/sfa/methods/Allocate.py
@@ -51,7 +51,8 @@ class Allocate(Method):
         elif self.api.interface in ['slicemgr']:
             chain_name = 'FORWARD-INCOMING'
         self.api.logger.debug("Allocate: sfatables on chain %s"%chain_name)
-        origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+        origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
+        self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name)) 
         rspec = run_sfatables(chain_name, xrn.get_hrn(), origin_hrn, rspec)
         slivers = RSpec(rspec).version.get_nodes_with_slivers()
         if not slivers:
diff --git a/sfa/methods/Delete.py b/sfa/methods/Delete.py
index 8233fb75..88990e17 100644
--- a/sfa/methods/Delete.py
+++ b/sfa/methods/Delete.py
@@ -27,7 +27,7 @@ class Delete(Method):
         valid_creds = self.api.auth.checkCredentials(creds, 'deletesliver', xrns)
 
         #log the call
-        origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+        origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
         self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
 
         return self.api.manager.Delete(self.api, xrns, creds, options)
diff --git a/sfa/methods/Describe.py b/sfa/methods/Describe.py
index b261512c..ff3765d3 100644
--- a/sfa/methods/Describe.py
+++ b/sfa/methods/Describe.py
@@ -43,7 +43,7 @@ class Describe(Method):
         # get hrn of the original caller 
         origin_hrn = options.get('origin_hrn', None)
         if not origin_hrn:
-            origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+            origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
         desc = self.api.manager.Describe(self.api, creds, urns, options)
 
         # filter rspec through sfatables 
diff --git a/sfa/methods/ListResources.py b/sfa/methods/ListResources.py
index c05d6977..b7ac0b72 100644
--- a/sfa/methods/ListResources.py
+++ b/sfa/methods/ListResources.py
@@ -39,7 +39,7 @@ class ListResources(Method):
         # get hrn of the original caller 
         origin_hrn = options.get('origin_hrn', None)
         if not origin_hrn:
-            origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+            origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
         rspec = self.api.manager.ListResources(self.api, creds, options)
 
         # filter rspec through sfatables 
diff --git a/sfa/methods/Provision.py b/sfa/methods/Provision.py
index 00c5a434..5a857ec7 100644
--- a/sfa/methods/Provision.py
+++ b/sfa/methods/Provision.py
@@ -33,6 +33,7 @@ class Provision(Method):
 
         # Find the valid credentials
         valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', xrns) 
-        origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+        origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
+        self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrns, self.name))
         result = self.api.manager.Provision(self.api, xrns, creds, options)
         return result
diff --git a/sfa/methods/Renew.py b/sfa/methods/Renew.py
index ea4bb330..ca412bd5 100644
--- a/sfa/methods/Renew.py
+++ b/sfa/methods/Renew.py
@@ -38,7 +38,7 @@ class Renew(Method):
         # Validate that the time does not go beyond the credential's expiration time
         requested_time = utcparse(expiration_time)
         max_renew_days = int(self.api.config.SFA_MAX_SLICE_RENEW)
-        if requested_time > Credential(string=valid_creds[0]).get_expiration():
+        if requested_time > Credential(cred=valid_creds[0]).get_expiration():
             raise InsufficientRights('Renewsliver: Credential expires before requested expiration time')
         if requested_time > datetime.datetime.utcnow() + datetime.timedelta(days=max_renew_days):
             raise Exception('Cannot renew > %s days from now' % max_renew_days)
diff --git a/sfa/methods/Shutdown.py b/sfa/methods/Shutdown.py
index 53c406dc..e97738c0 100644
--- a/sfa/methods/Shutdown.py
+++ b/sfa/methods/Shutdown.py
@@ -21,7 +21,7 @@ class Shutdown(Method):
 
         valid_creds = self.api.auth.checkCredentials(creds, 'stopslice', xrn)
         #log the call
-        origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
+        origin_hrn = Credential(cred=valid_creds[0]).get_gid_caller().get_hrn()
         self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, xrn, self.name))
 
         return self.api.manager.Shutdown(self.api, xrn, creds)
diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index e787fe42..449f1cf1 100644
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -52,7 +52,7 @@ class Auth:
                     self.check(cred, operation, hrn)
                     valid.append(cred)
                 except:
-                    cred_obj=Credential(string=cred)
+                    cred_obj=Credential(cred=cred)
                     logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
                     error = sys.exc_info()[:2]
                     continue
@@ -63,7 +63,7 @@ class Auth:
         return valid
         
         
-    def check(self, cred_string, operation, hrn = None):
+    def check(self, credential, operation, hrn = None):
         """
         Check the credential against the peer cert (callerGID included 
         in the credential matches the caller that is connected to the 
@@ -71,7 +71,7 @@ class Auth:
         trusted cert and check if the credential is allowed to perform 
         the specified operation.    
         """
-        cred = Credential(string = cred_string)    
+        cred = Credential(cred=credential)    
         self.client_cred = cred
         logger.debug("Auth.check: handling hrn=%s and credential=%s"%\
                          (hrn,cred.get_summary_tostring()))
diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index 9ccf18fa..34cc7e41 100644
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -237,7 +237,7 @@ class Credential(object):
     # @param string If string!=None, load the credential from the string
     # @param filename If filename!=None, load the credential from the file
     # FIXME: create and subject are ignored!
-    def __init__(self, create=False, subject=None, string=None, filename=None):
+    def __init__(self, create=False, subject=None, string=None, filename=None, cred=None):
         self.gidCaller = None
         self.gidObject = None
         self.expiration = None
@@ -250,6 +250,17 @@ class Credential(object):
         self.xml = None
         self.refid = None
         self.legacy = None
+        self.type = None
+        self.version = None
+
+        if cred:
+            if isinstance(cred, StringTypes):
+                string = cred
+            elif isinstance(cred, dict):
+                string = cred['geni_value']
+                self.type = cred['geni_type']
+                self.version = cred['geni_version']
+                
 
         # Check if this is a legacy credential, translate it if so
         if string or filename:
-- 
2.43.0