From fd747515022cea0af5ab16040f18aa199676272d Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Mon, 20 Sep 2010 15:39:13 +0200 Subject: [PATCH] starting from tag 17, protected & reviewed UnBind/Bind calls and hacked client to not pass delegation credentials (tmp) --- sfa/client/sfi.py | 40 ++++++--- sfa/managers/aggregate_manager_pl.py | 32 +++---- sfa/plc/slices.py | 119 ++++++++++++++++----------- 3 files changed, 119 insertions(+), 72 deletions(-) diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index d299b89b..06e69367 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -724,7 +724,9 @@ class Sfi: """ user_cred = self.get_user_cred().save_to_string(save_parents=True) delegated_cred = self.delegate_cred(user_cred, get_authority(self.authority)) - creds = [user_cred, delegated_cred] +# as per tony's (tmp) +# creds = [user_cred, delegated_cred] + creds = [user_cred] server = self.get_server_from_opts(opts) results = server.ListSlices(creds) display_list(results) @@ -746,7 +748,9 @@ class Sfi: hrn = None delegated_cred = self.delegate_cred(cred, get_authority(self.authority)) - creds = [cred, delegated_cred] +# as per tony's (tmp) +# creds = [cred, delegated_cred] + creds = [cred] result = server.ListResources(creds, call_options) format = opts.format display_rspec(result, format) @@ -764,7 +768,9 @@ class Sfi: user_cred = self.get_user_cred() slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] rspec_file = self.get_rspec_file(args[1]) rspec = open(rspec_file).read() server = self.get_server_from_opts(opts) @@ -779,7 +785,9 @@ class Sfi: user_cred = self.get_user_cred() slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] rspec_file = self.get_rspec_file(rspec_path) rspec = open(rspec_file).read() server = self.get_server_from_opts(opts) @@ -830,7 +838,9 @@ class Sfi: slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] server = self.get_server_from_opts(opts) return server.DeleteSliver(slice_urn, creds) @@ -840,7 +850,9 @@ class Sfi: slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] server = self.get_server_from_opts(opts) return server.Start(slice_urn, creds) @@ -850,7 +862,9 @@ class Sfi: slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] server = self.get_server_from_opts(opts) return server.Stop(slice_urn, creds) @@ -861,7 +875,9 @@ class Sfi: server = self.get_server_from_opts(opts) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] return server.reset_slice(creds, slice_urn) def renew(self, opts, args): @@ -870,7 +886,9 @@ class Sfi: server = self.get_server_from_opts(opts) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] time = args[1] return server.RenewSliver(slice_urn, creds, time) @@ -880,7 +898,9 @@ class Sfi: slice_urn = hrn_to_urn(slice_hrn, 'slice') slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) - creds = [slice_cred, delegated_cred] +# as per tony's (tmp) +# creds = [slice_cred, delegated_cred] + creds = [slice_cred] server = self.get_server_from_opts(opts) print server.SliverStatus(slice_urn, creds) diff --git a/sfa/managers/aggregate_manager_pl.py b/sfa/managers/aggregate_manager_pl.py index f0338775..05beae9a 100644 --- a/sfa/managers/aggregate_manager_pl.py +++ b/sfa/managers/aggregate_manager_pl.py @@ -127,18 +127,20 @@ def create_slice(api, slice_xrn, creds, rspec, users): # add nodes from rspec added_nodes = list(set(request).difference(current)) - - if peer: - api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice.id, peer) - api.plshell.AddSliceToNodes(api.plauth, slice.name, added_nodes) - api.plshell.DeleteSliceFromNodes(api.plauth, slice.name, deleted_nodes) + try: + if peer: + api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice.id, peer) + + api.plshell.AddSliceToNodes(api.plauth, slice.name, added_nodes) + api.plshell.DeleteSliceFromNodes(api.plauth, slice.name, deleted_nodes) - network.updateSliceTags() + network.updateSliceTags() - if peer: - api.plshell.BindObjectToPeer(api.plauth, 'slice', slice.id, peer, - slice.peer_id) + finally: + if peer: + api.plshell.BindObjectToPeer(api.plauth, 'slice', slice.id, peer, + slice.peer_id) # print network.toxml() @@ -199,11 +201,13 @@ def delete_slice(api, xrn, creds): # determine if this is a peer slice peer = peers.get_peer(api, hrn) - if peer: - api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer) - api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids']) - if peer: - api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) + try: + if peer: + api.plshell.UnBindObjectFromPeer(api.plauth, 'slice', slice['slice_id'], peer) + api.plshell.DeleteSliceFromNodes(api.plauth, slicename, slice['node_ids']) + finally: + if peer: + api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) return 1 def get_slices(api, creds): diff --git a/sfa/plc/slices.py b/sfa/plc/slices.py index 2344bc87..adbb3ab5 100644 --- a/sfa/plc/slices.py +++ b/sfa/plc/slices.py @@ -191,7 +191,11 @@ class Slices: if not sites: site_id = self.api.plshell.AddSite(self.api.plauth, site) if peer: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id) + try: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id) + except Exception,e: + self.api.plshell.DeleteSite(self.api.plauth, site_id) + raise e # mark this site as an sfa peer record if sfa_peer and not reg_objects: peer_dict = {'type': 'authority', 'hrn': authority, 'peer_authority': sfa_peer, 'pointer': site_id} @@ -247,7 +251,11 @@ class Slices: #this belongs to a peer if peer: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice_id, peer, slice_record['pointer']) + try: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice_id, peer, slice_record['pointer']) + except Exception,e: + self.api.plshell.DeleteSlice(self.api.plauth,slice_id) + raise e slice['node_ids'] = [] else: slice = slices[0] @@ -303,7 +311,11 @@ class Slices: registry.register_peer_object(credential, peer_dict) if peer: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer']) + try: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer']) + except Exception,e: + self.api.plshell.DeletePerson(self.api.plauth,person_id) + raise e key_ids = [] else: person_id = persons[0]['person_id'] @@ -312,16 +324,19 @@ class Slices: # if this is a peer person, we must unbind them from the peer or PLCAPI will throw # an error - if peer: - self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer) - self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', site_id, peer) + try: + if peer and not local_person: + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer) + if peer: + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', site_id, peer) - self.api.plshell.AddPersonToSlice(self.api.plauth, person_dict['email'], slicename) - self.api.plshell.AddPersonToSite(self.api.plauth, person_dict['email'], site_id) - if peer and not local_person: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer']) - if peer: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id) + self.api.plshell.AddPersonToSlice(self.api.plauth, person_dict['email'], slicename) + self.api.plshell.AddPersonToSite(self.api.plauth, person_dict['email'], site_id) + finally: + if peer and not local_person: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer']) + if peer: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', site_id, peer, remote_site_id) self.verify_keys(registry, credential, person_dict, key_ids, person_id, peer, local_person) @@ -334,15 +349,17 @@ class Slices: for personkey in person_dict['keys']: if personkey not in keys: key = {'key_type': 'ssh', 'key': personkey} - if peer: - self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer) - key_id = self.api.plshell.AddPersonKey(self.api.plauth, person_dict['email'], key) - if peer and not local_person: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer']) - if peer: - try: self.api.plshell.BindObjectToPeer(self.api.plauth, 'key', key_id, peer, key_ids.pop(0)) - - except: pass + try: + if peer: + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'person', person_id, peer) + key_id = self.api.plshell.AddPersonKey(self.api.plauth, person_dict['email'], key) + finally: + if peer and not local_person: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'person', person_id, peer, person_dict['pointer']) + if peer: + # xxx - thierry how are we getting the peer_key_id in here ? + try: self.api.plshell.BindObjectToPeer(self.api.plauth, 'key', key_id, peer, key_ids.pop(0)) + except: pass def create_slice_aggregate(self, xrn, rspec): hrn, type = urn_to_hrn(xrn) @@ -400,44 +417,50 @@ class Slices: # add nodes from rspec added_nodes = list(set(node_names).difference(hostnames)) - if peer: - self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice['slice_id'], peer) + try: + if peer: + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', slice['slice_id'], peer) - self.api.plshell.AddSliceToNodes(self.api.plauth, slicename, added_nodes) + self.api.plshell.AddSliceToNodes(self.api.plauth, slicename, added_nodes) - # Add recognized slice tags - for node_name in node_names: - node = nodes[node_name] - for slice_tag in node.keys(): - value = node[slice_tag] - if (isinstance(value, list)): - value = value[0] + # Add recognized slice tags + for node_name in node_names: + node = nodes[node_name] + for slice_tag in node.keys(): + value = node[slice_tag] + if (isinstance(value, list)): + value = value[0] - self.api.plshell.AddSliceTag(self.api.plauth, slicename, slice_tag, value, node_name) + self.api.plshell.AddSliceTag(self.api.plauth, slicename, slice_tag, value, node_name) - self.api.plshell.DeleteSliceFromNodes(self.api.plauth, slicename, deleted_nodes) - if peer: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) + self.api.plshell.DeleteSliceFromNodes(self.api.plauth, slicename, deleted_nodes) + finally: + if peer: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id']) return 1 def sync_site(self, old_record, new_record, peer): if old_record['max_slices'] != new_record['max_slices'] or old_record['max_slivers'] != new_record['max_slivers']: - if peer: - self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', old_record['site_id'], peer) - if old_record['max_slices'] != new_record['max_slices']: - self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slices' : new_record['max_slices']}) - if old_record['max_slivers'] != new_record['max_slivers']: - self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slivers' : new_record['max_slivers']}) - if peer: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', old_record['site_id'], peer, old_record['peer_site_id']) + try: + if peer: + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'site', old_record['site_id'], peer) + if old_record['max_slices'] != new_record['max_slices']: + self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slices' : new_record['max_slices']}) + if old_record['max_slivers'] != new_record['max_slivers']: + self.api.plshell.UpdateSite(self.api.plauth, old_record['site_id'], {'max_slivers' : new_record['max_slivers']}) + finally: + if peer: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'site', old_record['site_id'], peer, old_record['peer_site_id']) return 1 def sync_slice(self, old_record, new_record, peer): if old_record['expires'] != new_record['expires']: - if peer: - self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', old_record['slice_id'], peer) - self.api.plshell.UpdateSlice(self.api.plauth, old_record['slice_id'], {'expires' : new_record['expires']}) - if peer: - self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', old_record['slice_id'], peer, old_record['peer_slice_id']) + try: + if peer: + self.api.plshell.UnBindObjectFromPeer(self.api.plauth, 'slice', old_record['slice_id'], peer) + self.api.plshell.UpdateSlice(self.api.plauth, old_record['slice_id'], {'expires' : new_record['expires']}) + finally: + if peer: + self.api.plshell.BindObjectToPeer(self.api.plauth, 'slice', old_record['slice_id'], peer, old_record['peer_slice_id']) return 1 -- 2.43.0