[Planetlab-devel] moving from hrn to urn
Josh Karlin
jkarlin at bbn.com
Mon Jan 4 17:54:21 EST 2010
Turns out the update to HEAD was quick. I've attached the patch. This
includes the updates listed in my previous email. If you guys approve
the code, it should be merged in quickly before the repository changes
again ;)
During the update, one of my tests broke. I think it's due to a change
in SFA unrelated to mine. When trying to add a slice, I now get
complaints about the expires field:
Fault: <Fault 102: 'person_id 2: AddSlice: Invalid argument: Trying to
set/change unaccepted key expires'>
Also, is there any chance I can get write access to the repository for
future work?
Thanks,
Josh
On 1/4/10 12:32 PM, Josh Karlin wrote:
> Here is what I have at the moment:
>
> . GIDs now only speak URN
> . In methods that take a URN or HRN, the argument is referred to as an
> XRN
> . Added an sfa/utils/xrn.py module for conversion functions
> . Conversion function takes (xrn,type=None) and returns (hrn,type)
> . All methods/ and managers/ functions take an XRN instead of an HRN
>
> Updating to HEAD will take me a few hours. So I can do that and send
> the patch, or you can go ahead and submit your changes. Whichever
> you'd prefer is fine with me.
>
> Note, I had to flush my cache of certificates, delete
> /var/lib/sfa/authorities and do a clean import from plc to update the
> GIDs. But I've made a script to test sfi.py and all of the operations
> work cleanly.
>
> Josh
>
>
>
> On 1/4/10 12:23 PM, Josh Karlin wrote:
>> Sounds like we're clobbering each other. I've already done the
>> conversion work. Just need to merge my code with recent updates to
>> svn and can then send the patch. Which route would be easier?
>>
>> Thanks,
>>
>> Josh
>>
>> On 1/4/10 12:19 PM, Tony Mack wrote:
>>> Hi Josh,
>>>
>>> I've added 2 methods to the sfa.util.namespace module:
>>>
>>> http://svn.planet-lab.org/changeset/16433
>>> sfa.util.namespace.hrn_to_urn()
>>> sfa.util.namespace.urn_to_hrn()
>>>
>>> and I've updated sfa.methods.create_gid to convert the hrn field
>>> (now named hrn_or_urn) to parse this field and return:
>>>
>>> hrn, type # if the field is a urn
>>> hrn, None # if the field is already a hrn
>>>
>>> I will go ahead and update the remaining methods if this looks ok to
>>> everyone.
>>>
>>>
>>> Tony
>>>
>>>
>>> ----- Original Message -----
>>> From: "Josh Karlin"<jkarlin at bbn.com>
>>> To: devel at lists.planet-lab.org
>>> Sent: Wednesday, December 23, 2009 6:18:35 PM GMT -05:00 US/Canada
>>> Eastern
>>> Subject: Re: [Planetlab-devel] moving from hrn to urn
>>>
>>>
>>> Just wanted to be clear on this point. You're saying that registry
>>> interface methods will require URNs, while the other interfaces can
>>> take either an HRN or URN? I'm looking at methods/create_gid.py
>>> right now and trying to figure out what its parameters should be.
>>>
>>> Josh
>>>
>>>
>>>
>>> On 12/22/09 5:40 PM, Larry Peterson wrote:
>>>
>>> On the last point, the official registry calls all take a URN as
>>> an argument. We have to fix all calling sites to translate the
>>> HRN/Type pair into a URN before making the call.
>>>
>>> It also seems that we should change the GID implementation
>>> to simply use the URN representation -- nothing extra has to
>>> happen to get the right over-the-wire representation when
>>> including the GID in some other structure. We then use the
>>> get_hrn method to get the HRN we need for other stuff.
>>>
>>> Larry
>>>
>>>
>>>
>>> On Tue, Dec 22, 2009 at 3:41 PM, Josh Karlin< jkarlin at bbn.com> wrote:
>>>
>>>
>>> This looks good to me. To make sure that I understand correctly
>>> there are two steps:
>>>
>>> 1) Alter the methods. Add (hrn=None, urn=None) to each method and
>>> then ensure that at least one of the two is provided. If a URN is
>>> provided, translate it to an HRN.
>>>
>>> 2) Adding a type to GID. Add the type to the GID class, and add
>>> get_urn(). It looks like a 'type' parameter needs to be added to
>>> trust/hierarchy.py's create_gid(). There is also the
>>> methods/create_gid.py method that needs to have a type parameter
>>> added. Are there other places that need to be edited?
>>>
>>> In order to get all over-the-wire calls to use URNs, what else would
>>> be necessary? For instance, methods like Resolve() take an HRN/URN
>>> and can call other registries, but currently it will make the call
>>> using an HRN instead of a URN.
>>>
>>> Josh
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 12/22/09 1:23 PM, Tony Mack wrote:
>>>
>>>
>>> Scott you are correct. We can add 'type' to the GID and export a
>>> get_urn() method as well as the existing get_hrn(), making both
>>> formats available. Also, as Scott and Larry suggested, we can have
>>> our methods support both URN or HRN arguments and just convert the
>>> URN to HRN behind the scenes. Once this is done, we can support URN
>>> as the standard over-the-wire format, but still continue using HRN
>>> internally and on the command line.
>>>
>>> Tony
>>>
>>> ----- Original Message -----
>>> From: "Scott Baker"< smbaker at gmail.com>
>>> To: "PlanetLab Development"< devel at planet-lab.org>
>>> Sent: Monday, December 21, 2009 6:29:18 PM GMT -05:00 US/Canada Eastern
>>> Subject: Re: [Planetlab-devel] moving from hrn to urn
>>>
>>> My impression from discussions at the last GEC was that the only
>>> substantial difference between the URN and HRN formats is that the URN
>>> includes a type specifier for the final component of the URN. Both
>>> formats are capable of supporting a multi-level hierarchy of
>>> subauthorities. The rest of it is just syntax, and we could implement
>>> a translation layer to translate one format into the other (with a few
>>> subtleties, such as the potential need to escape out characters that
>>> might be delimiters in one format, but aren't delimiters in the
>>> other).
>>>
>>> The SFA GID is object-oriented. A logical first step in merging the
>>> two naming schemes would probably be to add 'type' information to the
>>> SFA GID. If type information was present, then the SFA GID object
>>> could export a get_urn() method in addition to the get_hrn() method.
>>> It's been a while since I worked with this part of the SFA code, so I
>>> may be oversimplifying here. Tony will probably have the most up to
>>> date opinion.
>>>
>>> There's also the reverse direction to consider, those SFA calls that
>>> take an HRN as a parameter instead of a GID. Specifically I'm thinking
>>> of something like Resolve. To convert URNs to HRNs here, all we need
>>> to do is throw away the type information and rearrange the syntax.
>>>
>>> Our opinion at Raven is that we also prefer the simplicity of the HRN.
>>> If we did make the change to support URNs internally, then we would be
>>> interested in keeping the HRN format as a convenient shorthand for the
>>> user.
>>>
>>> Scott
>>>
>>> On Mon, Dec 21, 2009 at 2:32 PM, Josh Karlin< jkarlin at bbn.com> wrote:
>>>
>>>
>>>
>>> According to the GMOC proposal there is room for sub-authorities:
>>>
>>> “urn:publicid:IDN+toplevelauthority[:sub-authority]*[\+resource-type]\
>>> +resource-name”.
>>>
>>> So perhaps.. urn:publicid:IDN+plc:gpo+slice+mytestslice for
>>> plc.gpo.mytestslice. ProtoGENI intends to support sub-authorities in
>>> the
>>> future. As far as urn vs hrn, I have no preference. I would just
>>> like to
>>> see the two SFA-based projects have compatible identifiers.
>>>
>>> Josh
>>>
>>>
>>> On 12/21/09 4:35 PM, Larry Peterson wrote:
>>>
>>> A more substantive response...
>>>
>>> If we simply encode the HRN as the "resource name" in
>>> the URN, then haven't we lost the multi-level nature of
>>> the authority hierarchy. Specifically, the ProtoGENI web
>>> page says:
>>>
>>> ------------------------
>>> The definitive description of URN structure is given in the GMOC
>>> proposal.
>>> However, as an informational summary, ProtoGENI URNs can be
>>> considered in
>>> the form:
>>>
>>> urn:publicid:IDN+toplevelauthority+resource-type+resource-name
>>>
>>> where:
>>>
>>> toplevelauthorityis an internationali[sz]ed domain name (which must
>>> match
>>> the one in the certificate of the authority which issued the object
>>> name)
>>> resource-typeis a string describing the type of the named object
>>> (the set of
>>> strings is described below) resource-nameshould uniquely identify
>>> the object
>>> among any other resources with identical toplevelauthority and
>>> resource-type. It is important to realise that the ProtoGENI API
>>> attaches no
>>> other significance to this field, and in particular, no relation is
>>> implied
>>> between objects with identical resource-name but differing
>>> toplevelauthority
>>> or resource-type. However, individual authorities (and especially
>>> component
>>> managers) may choose to define additional semantics for resource names.
>>> ------------------------But for SFA, the authority that issued the
>>> certificate might be plc.eu.inria,
>>> not plc (aka planet-lab.org ). An alternative is to put plc.eu.inria
>>> in the
>>> toplevelauthority field, and let the name be the last "token" in the
>>> HRN.
>>>
>>> I guess this boils down to knowing the right way to use URNs when you
>>> have a chain of authorities rather than a simple 2-level hierarchy.
>>>
>>> Larry
>>>
>>> On Mon, Dec 21, 2009 at 4:17 PM, Larry Peterson< pete.larry at gmail.com>
>>> wrote:
>>>
>>>
>>>
>>> Well, I didn't exactly agree to replace HRNs with URNs...
>>>
>>> I do think there's general agreement among PlanetLab
>>> developers that UUIDs can go away, but (1) I'm personally
>>> not yet convinced that trading HRNs for URNs is the right
>>> thing to do, and (2) there are quite a few others with a stake
>>> in the SFA that need a chance to weigh in.
>>>
>>> I would like to retain the simpleness of HRNs in the sfi. Maybe
>>> that can be done with a simple transformation, but even if that's
>>> the case, I'd like to hear the as to argument as to why we need
>>> type information encoded in the name (since it's already recorded
>>> in the registry record).
>>>
>>> So let the comments begin...
>>>
>>> Larry
>>>
>>> On Mon, Dec 21, 2009 at 3:52 PM, Josh Karlin< jkarlin at bbn.com> wrote:
>>>
>>>
>>>
>>> Greetings,
>>>
>>> After recent discussion between the GENI Project Office, Larry, and
>>> Rob,
>>> it has been agreed that some (hopefully minor) alterations should be
>>> made to
>>> the SFA and ProtoGENI to make them more compatible. The GPO has offered
>>> development assistance. Christopher Small was on the project but he has
>>> recently moved to NetApp. I am taking over for Chris and am looking
>>> at the
>>> first step, which is to implement a common global identifier. Larry has
>>> agreed to use ProtoGENI's URN names for SFA objects, but I don't
>>> believe a
>>> formal description has been agreed upon.
>>>
>>> The URN format ( http://www.protogeni.net/trac/protogeni/wiki/URNs ) is
>>> of the form:
>>>
>>> urn:publicid:IDN+toplevelauthority+resource-type+resource-name
>>>
>>> types include: authority, interface, link, node, slice, sliver, ticket,
>>> and user.
>>>
>>> For instance, in ProtoGENI you might have
>>> 'urn:publicid:IDN+ emulab.net +slice+mytestslice'. For PlanetLab's
>>> SFA, I
>>> imagine we might have
>>> 'urn:publicid:IDN+ planet-lab.org +slice+plc.gpo.mytestslice' such
>>> that the
>>> old hrn is placed in the 'resource-name' field. The only real
>>> difference
>>> from the current hrn is that the identifier is longer and the type is
>>> included. It would be good to have some discussion on this.
>>>
>>>
>>> Regardless of the selected format, it will take a fair bit of work to
>>> make the appropriate changes to the SFA code. I have started a list of
>>> design decisions that need to be made:
>>>
>>> 1) Should URNs be stored natively in the geni records or should they be
>>> produced only when interfacing with ProtoGENI nodes? The idea is to
>>> move
>>> the SFA over to URNs completely so it should be in the records in my
>>> opinion.
>>>
>>> 2) Should the geni record change format? E.g. remove the redundant
>>> 'type' field. For simplicity I recommend not changing the format at
>>> first
>>> (since a lot of code appears to use the type field) and removing it
>>> later if
>>> necessary.
>>>
>>> 3) Should sfi.py use the old hrn or the new urn? I think Larry would
>>> prefer the user to deal with the simpler hrn format at the command
>>> line. So
>>> the sfi.py script would have to convert old hrns to the new urns.
>>>
>>> 4) Should the term 'hrn' be replaced with 'urn' in the code? Not
>>> sure if
>>> it matters much.
>>>
>>> 5) How will SFA Tables interact with the new URN? It seems like it will
>>> have to process the top-level-domain as well as the object name.
>>>
>>> I hope to begin working on this soon, so please add to the
>>> discussion and
>>> voice your concerns and comments.
>>>
>>> Thanks,
>>>
>>> Josh
>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>>
>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>>
>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>>
>>> _______________________________________________
>>> Devel mailing list Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at lists.planet-lab.org
>>> https://lists.planet-lab.org/mailman/listinfo/devel
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at lists.planet-lab.org
>> https://lists.planet-lab.org/mailman/listinfo/devel
-------------- next part --------------
Index: tests/testAll.py
===================================================================
--- tests/testAll.py (revision 16445)
+++ tests/testAll.py (working copy)
@@ -6,7 +6,7 @@
from testMisc import *
from testHierarchy import *
from testRecord import *
-from testTable import *
+#from testTable import *
if __name__ == "__main__":
unittest.main()
Index: tests/testCred.py
===================================================================
--- tests/testCred.py (revision 16445)
+++ tests/testCred.py (working copy)
@@ -19,8 +19,8 @@
def testLoadSave(self):
cred = Credential(subject="testCredential")
- gidCaller = GID(subject="caller", uuid=create_uuid(), hrn="foo.caller")
- gidObject = GID(subject="object", uuid=create_uuid(), hrn="foo.object")
+ gidCaller = GID(subject="caller", uuid=create_uuid(), urn=hrn_to_urn("foo.caller",'user'))
+ gidObject = GID(subject="object", uuid=create_uuid(), urn=hrn_to_urn("foo.object",'node'))
lifeTime = 12345
delegate = True
rights = "embed,bind"
Index: tests/testHierarchy.py
===================================================================
--- tests/testHierarchy.py (revision 16445)
+++ tests/testHierarchy.py (working copy)
@@ -30,7 +30,7 @@
gid = auth_info.get_gid_object()
self.assert_(gid)
- self.assertEqual(gid.get_subject(), name)
+ self.assertEqual(urn_to_hrn(gid.get_subject()), name)
pubkey = auth_info.get_pkey_object()
self.assert_(gid)
@@ -41,7 +41,7 @@
gid = auth_info2.get_gid_object()
self.assert_(gid)
- self.assertEqual(gid.get_subject(), name)
+ self.assertEqual(urn_to_hrn(gid.get_subject()), name)
pubkey = auth_info2.get_pkey_object()
self.assert_(gid)
Index: tests/testRecord.py
===================================================================
--- tests/testRecord.py (revision 16445)
+++ tests/testRecord.py (working copy)
@@ -1,7 +1,7 @@
import unittest
import xmlrpclib
from sfa.trust.gid import *
-from sfa.trust.config import *
+from sfa.util.config import *
from sfa.util.record import *
class TestRecord(unittest.TestCase):
Index: tests/testGid.py
===================================================================
--- tests/testGid.py (revision 16445)
+++ tests/testGid.py (working copy)
@@ -11,7 +11,7 @@
gid = GID(subject="test")
hrn = "test.hrn"
- gid.set_hrn(hrn)
+ gid.set_hrn(hrn,'node')
self.assertEqual(gid.get_hrn(), hrn)
def testSetGetUuid(self):
@@ -27,7 +27,7 @@
hrn = "test.hrn"
gid.set_uuid(u)
- gid.set_hrn(hrn)
+ gid.set_hrn(hrn,'node')
gid.encode()
gid.decode()
@@ -42,7 +42,7 @@
hrn = "test.hrn"
gid.set_uuid(u)
- gid.set_hrn(hrn)
+ gid.set_hrn(hrn,'node')
# create an issuer and sign the certificate
issuerKey = Keypair(create = True)
Index: sfa/trust/hierarchy.py
===================================================================
--- sfa/trust/hierarchy.py (revision 16445)
+++ sfa/trust/hierarchy.py (working copy)
@@ -108,9 +108,11 @@
# @param basedir the base directory to store the hierarchy in
def __init__(self, basedir = None):
+ self.config = Config()
+
if not basedir:
- self.config = Config()
basedir = os.path.join(self.config.SFA_DATA_DIR, "authorities")
+
self.basedir = basedir
##
# Given a hrn, return the filenames of the GID, private key, and dbinfo
@@ -138,7 +140,7 @@
def auth_exists(self, hrn):
(directory, gid_filename, privkey_filename, dbinfo_filename) = \
self.get_auth_filenames(hrn)
-
+
return os.path.exists(gid_filename) and \
os.path.exists(privkey_filename) and \
os.path.exists(dbinfo_filename)
@@ -176,7 +178,7 @@
pkey = Keypair(create = True)
pkey.save_to_file(privkey_filename)
- gid = self.create_gid(hrn, create_uuid(), pkey)
+ gid = self.create_gid(hrn_to_urn(hrn,'authority'), create_uuid(), pkey)
gid.save_to_file(gid_filename, save_parents=True)
# XXX TODO: think up a better way for the dbinfo to work
@@ -195,7 +197,7 @@
def get_auth_info(self, hrn):
#trace("Hierarchy: getting authority: " + hrn)
-
+
if not self.auth_exists(hrn):
raise MissingAuthority(hrn)
@@ -213,17 +215,17 @@
return auth_info
##
- # Create a new GID. The GID will be signed by the authority that is it's
- # immediate parent in the hierarchy (and recursively, the parents' GID
+ # Create a new GID. The GID will be signed by the authority that is its
+ # immediate parent in the hierarchy (and recursively, the parent's GID
# will be signed by its parent)
#
# @param hrn the human readable name to store in the GID
# @param uuid the unique identifier to store in the GID
# @param pkey the public key to store in the GID
- def create_gid(self, hrn, uuid, pkey):
- gid = GID(subject=hrn, uuid=uuid, hrn=hrn)
-
+ def create_gid(self, urn, uuid, pkey):
+ gid = GID(subject=urn, uuid=uuid, urn=urn)
+ hrn = gid.get_hrn()
parent_hrn = get_authority(hrn)
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
@@ -258,14 +260,15 @@
# update the gid if we need to
if gid_is_expired or hrn or uuid or pubkey:
if not hrn:
- hrn = gid.get_hrn()
+ hrn = gid.get_hrn()
if not uuid:
uuid = gid.get_uuid()
if not pubkey:
pubkey = gid.get_pubkey()
+ type = gid.get_type()
+
+ gid = self.create_gid(hrn_to_urn(hrn,type), uuid, pubkey)
- gid = self.create_gid(hrn, uuid, pubkey)
-
return gid
##
Index: sfa/trust/gid.py
===================================================================
--- sfa/trust/gid.py (revision 16445)
+++ sfa/trust/gid.py (working copy)
@@ -8,6 +8,7 @@
import xmlrpclib
import uuid
+from sfa.util.xrn import *
from sfa.trust.certificate import Certificate
@@ -17,22 +18,28 @@
def create_uuid():
return str(uuid.uuid4().int)
+
##
-# GID is a tuplie:
-# (uuid, hrn, public_key)
+# GID is a tuple:
+# (uuid, urn, public_key)
#
# UUID is a unique identifier and is created by the python uuid module
# (or the utility function create_uuid() in gid.py).
#
-# HRN is a human readable name. It is a dotted form similar to a backward domain
-# name. For example, planetlab.us.arizona.bakers.
+# URN is a human readable identifier of form:
+# “urn:publicid:IDN+toplevelauthority[:sub-auth.]*[\+res. type]\ +object name”
+# For example, urn:publicid:IDN+planetlab:us:arizona+node+bakers
#
-# PUBLIC_KEY is the public key of the principal identified by the UUID/HRN.
+# PUBLIC_KEY is the public key of the principal identified by the UUID/URN.
# It is a Keypair object as defined in the cert.py module.
#
-# It is expected that there is a one-to-one pairing between UUIDs and HRN,
+# It is expected that there is a one-to-one pairing between UUIDs and URN,
# but it is uncertain how this would be inforced or if it needs to be enforced.
#
+# GIDs can also be converted to HRNs. An HRN is a human readable name. It is a
+# dotted form similar to a backwards domain name. For example,
+# planetlab.us.arizona.bakers
+#
# These fields are encoded using xmlrpc into the subjectAltName field of the
# x509 certificate. Note: Call encode() once the fields have been filled in
# to perform this encoding.
@@ -40,7 +47,7 @@
class GID(Certificate):
uuid = None
- hrn = None
+ urn = None
##
# Create a new GID object
@@ -50,12 +57,12 @@
# @param string If string!=None, load the GID from a string
# @param filename If filename!=None, load the GID from a file
- def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, hrn=None):
+ def __init__(self, create=False, subject=None, string=None, filename=None, uuid=None, urn=None):
Certificate.__init__(self, create, subject, string, filename)
if uuid:
self.uuid = uuid
- if hrn:
- self.hrn = hrn
+ if urn:
+ self.urn = urn
def set_uuid(self, uuid):
self.uuid = uuid
@@ -65,14 +72,36 @@
self.decode()
return self.uuid
- def set_hrn(self, hrn):
- self.hrn = hrn
+ def set_hrn(self, hrn, type):
+ self.urn = hrn_to_urn(hrn,type)
def get_hrn(self):
- if not self.hrn:
+ urn = self.get_urn()
+ if urn == None:
+ return urn
+ return urn_to_hrn(urn)
+
+ def set_urn(self, urn):
+ self.urn = urn
+
+ def get_urn(self):
+ if not self.urn:
+ self.decode()
+ return self.urn
+
+ def set_type(self, type):
+ if not self.urn:
self.decode()
- return self.hrn
+
+ spl = self.urn.split('+')
+ spl[-2] = type
+ self.urn = '+'.join(spl)
+ def get_type(self):
+ return urn_to_type(self.get_urn())
+
+
+
##
# Encode the GID fields and package them into the subject-alt-name field
# of the X509 certificate. This must be called prior to signing the
@@ -80,7 +109,7 @@
def encode(self):
dict = {"uuid": self.uuid,
- "hrn": self.hrn}
+ "urn": self.urn}
str = xmlrpclib.dumps((dict,))
self.set_data(str)
@@ -97,7 +126,7 @@
dict = {}
self.uuid = dict.get("uuid", None)
- self.hrn = dict.get("hrn", None)
+ self.urn = dict.get("urn", None)
##
# Dump the credential to stdout.
@@ -106,7 +135,7 @@
# @param dump_parents If true, also dump the parents of the GID
def dump(self, indent=0, dump_parents=False):
- print " "*indent, " hrn:", self.get_hrn()
+ print " "*indent, " urn:", self.get_urn()
print " "*indent, "uuid:", self.get_uuid()
if self.parent and dump_parents:
Index: sfa/methods/remove.py
===================================================================
--- sfa/methods/remove.py (revision 16445)
+++ sfa/methods/remove.py (working copy)
@@ -2,6 +2,7 @@
### $URL$
from sfa.util.faults import *
+from sfa.util.xrn import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.debug import log
@@ -24,14 +25,16 @@
accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Record type"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (XRN)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, type, hrn, origin_hrn=None):
+
+ def call(self, cred, type, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn,type)
user_cred = Credential(string=cred)
#log the call
Index: sfa/methods/reset_slice.py
===================================================================
--- sfa/methods/reset_slice.py (revision 16445)
+++ sfa/methods/reset_slice.py (working copy)
@@ -2,6 +2,8 @@
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/reset_slices.py $
from sfa.util.faults import *
+from sfa.util.xrn import *
+
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
@@ -12,7 +14,7 @@
Reset the specified slice
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param xrn human readable name of slice to instantiate (hrn or urn)
@return 1 is successful, faults otherwise
"""
@@ -20,14 +22,15 @@
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
self.api.auth.check(cred, 'resetslice')
# send the call to the right manager
manager_base = 'sfa.managers'
@@ -35,16 +38,16 @@
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.reset_slice(self.api, hrn)
+ manager.reset_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.reset_slice(self.api, hrn)
+ manager.reset_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.reset_slice(self.api, hrn)
+ manager.reset_slice(self.api, xrn)
return 1
Index: sfa/methods/get_gid.py
===================================================================
--- sfa/methods/get_gid.py (revision 16445)
+++ sfa/methods/get_gid.py (working copy)
@@ -25,14 +25,15 @@
accepts = [
Parameter(str, "Certificate string"),
- Parameter(str, "Human readable name (hrn)"),
+ Parameter(str, "XRN (HRN or URN)"),
Parameter(str, "Object type")
]
returns = Parameter(str, "GID string")
-
- def call(self, cert, hrn, type):
+
+ def call(self, cert, xrn, type):
+ (hrn,type) = xrn_to_hrn(xrn,type)
self.api.auth.verify_object_belongs_to_me(hrn)
# resolve the record
Index: sfa/methods/stop_slice.py
===================================================================
--- sfa/methods/stop_slice.py (revision 16445)
+++ sfa/methods/stop_slice.py (working copy)
@@ -3,6 +3,7 @@
from sfa.util.faults import *
from sfa.util.namespace import *
+from sfa.util.xrn import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
@@ -13,7 +14,7 @@
Stop the specified slice
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param hrn human readable name of slice to instantiate (hrn or urn)
@return 1 is successful, faults otherwise
"""
@@ -21,14 +22,15 @@
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn,type)
user_cred = Credential(string=cred)
#log the call
@@ -45,16 +47,16 @@
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.stop_slice(self.api, hrn)
+ manager.stop_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.stop_slice(self.api, hrn)
+ manager.stop_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.stop_slice(self.api, hrn)
+ manager.stop_slice(self.api, xrn)
return 1
Index: sfa/methods/get_aggregates.py
===================================================================
--- sfa/methods/get_aggregates.py (revision 16445)
+++ sfa/methods/get_aggregates.py (working copy)
@@ -2,6 +2,8 @@
### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/methods/get_aggregates.py $
from types import StringTypes
from sfa.util.faults import *
+from sfa.util.xrn import *
+
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
@@ -12,7 +14,7 @@
Get a list of connection information for all known aggregates.
@param cred credential string specifying the rights of the caller
- @param a Human readable name (hrn), or list of hrns or None
+ @param a Human readable name (xrn - hrn or urn), or list of hrns or None
@return list of dictionaries with aggregate information.
"""
@@ -20,13 +22,19 @@
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (hrn or urn)"),
Parameter(None, "hrn not specified"))
]
returns = [Parameter(dict, "Aggregate interface information")]
- def call(self, cred, hrn = None):
+
+ def call(self, cred, xrn = None):
+ if xrn:
+ (hrn,type) = xrn_to_hrn(xrn)
+ else:
+ hrn = None
+
self.api.auth.check(cred, 'list')
aggregates = Aggregates(self.api)
hrn_list = []
Index: sfa/methods/get_credential.py
===================================================================
--- sfa/methods/get_credential.py (revision 16445)
+++ sfa/methods/get_credential.py (working copy)
@@ -25,13 +25,13 @@
accepts = [
Mixed(Parameter(str, "credential"),
Parameter(None, "No credential")),
- Parameter(str, "Human readable name (hrn)")
+ Parameter(str, "Human readable name (XRN)")
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cred, type, hrn):
-
+ def call(self, cred, type, xrn):
+ (hrn,type) = xrn_to_hrn(xrn,type)
self.api.auth.check(cred, 'getcredential')
self.api.auth.verify_object_belongs_to_me(hrn)
Index: sfa/methods/get_resources.py
===================================================================
--- sfa/methods/get_resources.py (revision 16445)
+++ sfa/methods/get_resources.py (working copy)
@@ -6,6 +6,7 @@
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.util.config import Config
+from sfa.util.xrn import *
from sfa.plc.nodes import Nodes
# RSpecManager_pl is not used. This line is a check that ensures that everything is in place for the import to work.
import sfa.rspecs.aggregates.rspec_manager_pl
@@ -18,7 +19,7 @@
available at an authority or the resources being used by a slice.
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of the slice we are interesed in or None
+ @param xrn (hrn or urn) human readable name of the slice we are interesed in or None
for an authority.
"""
@@ -26,7 +27,7 @@
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (xrn - urn or hrn)"),
Parameter(None, "hrn not specified")),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
@@ -34,9 +35,12 @@
returns = Parameter(str, "String representatin of an rspec")
- def call(self, cred, hrn=None, origin_hrn=None):
+ def call(self, cred, xrn=None, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
+
user_cred = Credential(string=cred)
+
#log the call
if not origin_hrn:
origin_hrn = user_cred.get_gid_caller().get_hrn()
@@ -51,13 +55,13 @@
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- rspec = manager.get_rspec(self.api, hrn, origin_hrn)
+ rspec = manager.get_rspec(self.api, xrn, origin_hrn)
outgoing_rules = SFATablesRules('OUTGOING')
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- rspec = manager.get_rspec(self.api, hrn, origin_hrn)
+ rspec = manager.get_rspec(self.api, xrn, origin_hrn)
outgoing_rules = SFATablesRules('FORWARD-OUTGOING')
filtered_rspec = rspec
Index: sfa/methods/list.py
===================================================================
--- sfa/methods/list.py (revision 16445)
+++ sfa/methods/list.py (working copy)
@@ -2,6 +2,7 @@
### $URL$
from sfa.util.faults import *
+from sfa.util.xrn import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.record import GeniRecord
@@ -19,14 +20,15 @@
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name (hrn)"),
+ Parameter(str, "Human readable name (xrn - either an hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = [GeniRecord]
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
if not origin_hrn:
@@ -36,6 +38,7 @@
# validate the cred
self.api.auth.check(cred, 'list')
+
# send the call to the right manager
manager_base = 'sfa.managers'
mgr_type = self.api.config.SFA_REGISTRY_TYPE
Index: sfa/methods/start_slice.py
===================================================================
--- sfa/methods/start_slice.py (revision 16445)
+++ sfa/methods/start_slice.py (working copy)
@@ -3,6 +3,7 @@
from sfa.util.faults import *
from sfa.util.namespace import *
+from sfa.util.xrn import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
@@ -13,7 +14,7 @@
Start the specified slice
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param hrn human readable name of slice to instantiate (urn or hrn)
@return 1 is successful, faults otherwise
"""
@@ -21,14 +22,16 @@
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (urn or hrn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = [Parameter(int, "1 if successful")]
- def call(self, cred, hrn, origin_hrn=None):
+
+ def call(self, cred, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
@@ -45,16 +48,16 @@
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.start_slice(self.api, hrn)
+ manager.start_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.start_slice(self.api, hrn)
+ manager.start_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.start_slice(self.api, hrn)
+ manager.start_slice(self.api, xrn)
return 1
Index: sfa/methods/get_registries.py
===================================================================
--- sfa/methods/get_registries.py (revision 16445)
+++ sfa/methods/get_registries.py (working copy)
@@ -6,13 +6,14 @@
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
from sfa.server.registry import Registries
+from sfa.util.xrn import *
class get_registries(Method):
"""
Get a list of connection information for all known registries.
@param cred credential string specifying the rights of the caller
- @param a Human readable name (hrn), or list of hrns or None
+ @param a Human readable name (xrn - urn or hrn), or list of hrns or None
@return list of dictionaries with aggregate information.
"""
@@ -20,21 +21,22 @@
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (xrn - hrn or urn)"),
Parameter(None, "hrn not specified"))
]
returns = [Parameter(dict, "Registry interface information")]
- def call(self, cred, hrn = None):
+ def call(self, cred, xrn = None):
+
self.api.auth.check(cred, 'list')
registries = Registries(self.api)
hrn_list = []
if hrn:
- if isinstance(hrn, StringTypes):
- hrn_list = [hrn]
- elif isinstance(hrn, list):
- hrn_list = hrn
+ if isinstance(xrn, StringTypes):
+ hrn_list = [xrn_to_hrn(xrn)[0]]
+ elif isinstance(xrn, list):
+ hrn_list = map(lambda x: xrn_to_hrn(x)[0], xrn)
if not hrn_list:
interfaces = registries.interfaces
Index: sfa/methods/resolve.py
===================================================================
--- sfa/methods/resolve.py (revision 16445)
+++ sfa/methods/resolve.py (working copy)
@@ -2,6 +2,7 @@
### $URL$
import traceback
from sfa.util.faults import *
+from sfa.util.xrn import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.util.debug import log
@@ -13,7 +14,7 @@
Resolve a record.
@param cred credential string authorizing the caller
- @param hrn human readable name to resolve
+ @param xrn human readable name to resolve (either urn or hrn)
@return a list of record dictionaries or empty list
"""
@@ -21,13 +22,15 @@
accepts = [
Parameter(str, "Credential string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
- Parameter(list, "List of Human readable names ([hrn])"))
+ Mixed(Parameter(str, "Human readable name (xrn)"),
+ Parameter(list, "List of Human readable names ([xrn])"))
]
returns = [GeniRecord]
- def call(self, cred, hrn, origin_hrn=None):
+ def call(self, cred, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
+
user_cred = Credential(string=cred)
#log the call
@@ -44,5 +47,3 @@
manager = __import__(manager_module, fromlist=[manager_base])
return manager.resolve(self.api, hrn, origin_hrn=origin_hrn)
-
-
Index: sfa/methods/delete_slice.py
===================================================================
--- sfa/methods/delete_slice.py (revision 16445)
+++ sfa/methods/delete_slice.py (working copy)
@@ -2,6 +2,7 @@
### $URL$
from sfa.util.faults import *
+from sfa.util.xrn import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
@@ -12,7 +13,7 @@
Remove the slice from all nodes.
@param cred credential string specifying the rights of the caller
- @param hrn human readable name specifying the slice to delete
+ @param xrn human readable name specifying the slice to delete
@return 1 if successful, faults otherwise
"""
@@ -20,14 +21,16 @@
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to delete"),
+ Parameter(str, "Human readable name of slice to delete (hrn or urn)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
]
returns = Parameter(int, "1 if successful")
-
- def call(self, cred, hrn, origin_hrn=None):
+
+ def call(self, cred, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
+
user_cred = Credential(string=cred)
#log the call
@@ -35,6 +38,7 @@
origin_hrn = user_cred.get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+
# validate the credential
self.api.auth.check(cred, 'deleteslice')
@@ -44,16 +48,16 @@
mgr_type = self.api.config.SFA_CM_TYPE
manager_module = manager_base + ".component_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.delete_slice(self.api, hrn)
+ manager.delete_slice(self.api, xrn)
elif self.api.interface in ['aggregate']:
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.delete_slice(self.api, hrn)
+ manager.delete_slice(self.api, xrn)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.delete_slice(self.api, hrn, origin_hrn)
+ manager.delete_slice(self.api, xrn, origin_hrn)
return 1
Index: sfa/methods/get_ticket.py
===================================================================
--- sfa/methods/get_ticket.py (revision 16445)
+++ sfa/methods/get_ticket.py (working copy)
@@ -2,6 +2,7 @@
### $URL$
import time
from sfa.util.faults import *
+from sfa.util.xrn import *
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
@@ -24,8 +25,8 @@
initscripts.
@param cred credential string
- @param name name of the slice to retrieve a ticket for
- @param rspec resource specification dictionary
+ @param name of the slice to retrieve a ticket for
+ @param rspec resource specification dictionary (hrn or urn)
@return the string representation of a ticket object
"""
@@ -34,7 +35,7 @@
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to retrive a ticket for (hrn)"),
+ Parameter(str, "Human readable name of slice to retrive a ticket for (hrn or urn)"),
Parameter(str, "Resource specification (rspec)"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
@@ -42,7 +43,8 @@
returns = Parameter(str, "String represeneation of a ticket object")
- def call(self, cred, hrn, rspec, origin_hrn=None):
+ def call(self, cred, xrn, rspec, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
@@ -81,7 +83,7 @@
rspec_object = RSpec(xml=rspec)
rspec_object.filter(tagname='NodeSpec', attribute='name', whitelist=valid_hostnames)
rspec = rspec_object.toxml()
- ticket = manager.get_ticket(self.api, hrn, rspec, origin_hrn)
+ ticket = manager.get_ticket(self.api, xrn, rspec, origin_hrn)
return ticket
Index: sfa/methods/get_self_credential.py
===================================================================
--- sfa/methods/get_self_credential.py (revision 16445)
+++ sfa/methods/get_self_credential.py (working copy)
@@ -22,15 +22,15 @@
interfaces = ['registry']
accepts = [
- Parameter(str, "certificate"),
- Parameter(str, "Human readable name (hrn)"),
+ Parameter(str, "certificate"),
+ Parameter(str, "XRN (HRN or URN)"),
Mixed(Parameter(str, "Request hash"),
Parameter(None, "Request hash not specified"))
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cert, type, hrn, request_hash=None):
+ def call(self, cert, type, xrn, request_hash=None):
"""
get_self_credential a degenerate version of get_credential used by a client
to get his initial credential when de doesnt have one. This is the same as
@@ -43,9 +43,10 @@
credential without having the appropriate private key.
@param type type of object (user | slice | sa | ma | node)
- @param hrn human readable name of authority to list
+ @param xrn human readable name of authority to list
@return string representation of a credential object
"""
+ (hrn,type) = xrn_to_hrn(xrn,type)
self.api.auth.verify_object_belongs_to_me(hrn)
# send the call to the right manager
@@ -61,7 +62,8 @@
record = GeniRecord(dict=records[0])
gid = record.get_gid_object()
gid_str = gid.save_to_string(save_parents=True)
- self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
+
+ self.api.auth.authenticateGid(gid_str, [cert, type, xrn], request_hash)
# authenticate the certificate against the gid in the db
certificate = Certificate(string=cert)
if not certificate.is_pubkey(gid.get_pubkey()):
Index: sfa/methods/create_slice.py
===================================================================
--- sfa/methods/create_slice.py (revision 16445)
+++ sfa/methods/create_slice.py (working copy)
@@ -2,6 +2,8 @@
### $URL$
from sfa.util.faults import *
+from sfa.util.xrn import *
+
from sfa.util.method import Method
from sfa.util.parameter import Parameter, Mixed
from sfa.trust.auth import Auth
@@ -18,7 +20,7 @@
Instantiate the specified slice according to whats defined in the specified rspec
@param cred credential string specifying the rights of the caller
- @param hrn human readable name of slice to instantiate
+ @param xrn human readable name (hrn or urn) of slice to instantiate
@param rspec resource specification
@return 1 is successful, faults otherwise
"""
@@ -27,7 +29,7 @@
accepts = [
Parameter(str, "Credential string"),
- Parameter(str, "Human readable name of slice to instantiate"),
+ Parameter(str, "Human readable name of slice to instantiate (urn or hrn)"),
Parameter(str, "Resource specification"),
Mixed(Parameter(str, "Human readable name of the original caller"),
Parameter(None, "Origin hrn not specified"))
@@ -35,7 +37,9 @@
returns = Parameter(int, "1 if successful")
- def call(self, cred, hrn, requested_rspec, origin_hrn=None):
+
+ def call(self, cred, xrn, requested_rspec, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
user_cred = Credential(string=cred)
#log the call
@@ -67,7 +71,7 @@
# send the call to the right manager
if sfa_aggregate_type not in ['pl']:
# To clean up after July 21 - SB
- rspec = rspec_manager.create_slice(self.api, hrn, rspec)
+ rspec = rspec_manager.create_slice(self.api, xrn, rspec)
return 1
manager_base = 'sfa.managers'
@@ -75,11 +79,11 @@
mgr_type = self.api.config.SFA_AGGREGATE_TYPE
manager_module = manager_base + ".aggregate_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.create_slice(self.api, hrn, rspec)
+ manager.create_slice(self.api, xrn, rspec)
elif self.api.interface in ['slicemgr']:
mgr_type = self.api.config.SFA_SM_TYPE
manager_module = manager_base + ".slice_manager_%s" % mgr_type
manager = __import__(manager_module, fromlist=[manager_base])
- manager.create_slice(self.api, hrn, rspec, origin_hrn)
+ manager.create_slice(self.api, xrn, rspec, origin_hrn)
return 1
Index: sfa/methods/get_gids.py
===================================================================
--- sfa/methods/get_gids.py (revision 16445)
+++ sfa/methods/get_gids.py (working copy)
@@ -27,14 +27,17 @@
accepts = [
Parameter(str, "Certificate string"),
- Mixed(Parameter(str, "Human readable name (hrn)"),
+ Mixed(Parameter(str, "Human readable name (xrn)"),
Parameter(type([str]), "List of Human readable names (hrn)"))
]
returns = [Parameter(dict, "Dictionary of gids keyed on hrn")]
- def call(self, cred, hrns):
+ def call(self, cred, xrns):
+ hrns = map(lambda xrn: xrn_to_hrn(xrn)[0], xrns)
+
# validate the credential
+
self.api.auth.check(cred, 'getgids')
table = GeniTable()
if not isinstance(hrns, list):
Index: sfa/methods/create_gid.py
===================================================================
--- sfa/methods/create_gid.py (revision 16445)
+++ sfa/methods/create_gid.py (working copy)
@@ -36,10 +36,8 @@
returns = Parameter(str, "String represeneation of a GID object")
- def call(self, cred, hrn_or_urn, uuid, pubkey_str):
-
- # convert urn to hrn
- hrn, type = hrn_to_urn(hrn_or_urn)
+ def call(self, cred, xrn, uuid, pubkey_str):
+ (hrn,type) = xrn_to_hrn(xrn,type)
# validate the credential
self.api.auth.check(cred, "getcredential")
@@ -51,6 +49,6 @@
pkey = Keypair()
pkey.load_pubkey_from_string(pubkey_str)
- gid = self.api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid = self.api.auth.hierarchy.create_gid(hrn_to_urn(hrn,type), uuid, pkey)
return gid.save_to_string(save_parents=True)
Index: sfa/methods/get_key.py
===================================================================
--- sfa/methods/get_key.py (revision 16445)
+++ sfa/methods/get_key.py (working copy)
@@ -45,7 +45,7 @@
# generate a new keypair and gid
uuid = create_uuid()
pkey = Keypair(create=True)
- gid_object = self.api.auth.hierarchy.create_gid(record['hrn'], uuid, pkey)
+ gid_object = self.api.auth.hierarchy.create_gid(hrn_to_urn(record['hrn'],record['type']), uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
Index: sfa/managers/aggregate_manager_openflow.py
===================================================================
--- sfa/managers/aggregate_manager_openflow.py (revision 16445)
+++ sfa/managers/aggregate_manager_openflow.py (working copy)
@@ -1,4 +1,5 @@
from sfa.util.faults import *
+from sfa.util.xrn import *
from sfa.util.namespace import *
from sfa.util.rspec import RSpec
from sfa.server.registry import Registries
@@ -89,23 +90,28 @@
print "IO error"
return 0
-def start_slice(cred, hrn):
+def start_slice(cred, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
if DEBUG: print "Received start_slice call"
return msg_aggrMgr(SFA_START_SLICE)
-def stop_slice(cred, hrn):
+def stop_slice(cred, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
if DEBUG: print "Received stop_slice call"
return msg_aggrMgr(SFA_STOP_SLICE)
-def delete_slice(cred, hrn):
+def delete_slice(cred, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
if DEBUG: print "Received delete_slice call"
return msg_aggrMgr(SFA_DELETE_SLICE)
-def reset_slices(cred, hrn):
+def reset_slices(cred, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
if DEBUG: print "Received reset_slices call"
return msg_aggrMgr(SFA_RESET_SLICES)
-def create_slice(cred, hrn, rspec):
+def create_slice(cred, xrn, rspec):
+ (hrn,type) = xrn_to_hrn(xrn)
if DEBUG: print "Received create_slice call"
slice_id = generate_slide_id(cred, hrn)
@@ -126,7 +132,8 @@
print "IO error"
return 0
-def get_rspec(cred, hrn=None):
+def get_rspec(cred, xrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
if DEBUG: print "Received get_rspec call"
slice_id = generate_slide_id(cred, hrn)
Index: sfa/managers/aggregate_manager_pl.py
===================================================================
--- sfa/managers/aggregate_manager_pl.py (revision 16445)
+++ sfa/managers/aggregate_manager_pl.py (working copy)
@@ -8,6 +8,7 @@
from types import StringTypes
from sfa.util.namespace import *
+from sfa.util.xrn import *
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
@@ -20,7 +21,8 @@
from sfa.plc.slices import Slices
import sfa.plc.peers as peers
-def delete_slice(api, hrn):
+def delete_slice(api, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename})
if not slices:
@@ -36,15 +38,17 @@
api.plshell.BindObjectToPeer(api.plauth, 'slice', slice['slice_id'], peer, slice['peer_slice_id'])
return 1
-def create_slice(api, hrn, rspec):
+def create_slice(api, xrn, rspec):
# XX just import the legacy module and excute that until
# we transition the code to this module
+ (hrn,type) = xrn_to_hrn(xrn)
from sfa.plc.slices import Slices
slices = Slices(api)
slices.create_slice_aggregate(hrn, rspec)
-def get_ticket(api, slice_hrn, rspec, origin_hrn=None):
+def get_ticket(api, slice_xrn, rspec, origin_hrn=None):
# the the slice record
+ (slice_hrn,type) = xrn_to_hrn(slice_xrn)
registries = Registries(api)
registry = registries[api.hrn]
credential = api.getCredential()
@@ -87,7 +91,8 @@
return new_ticket.save_to_string(save_parents=True)
-def start_slice(api, hrn):
+def start_slice(api, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
@@ -99,7 +104,8 @@
return 1
-def stop_slice(api, hrn):
+def stop_slice(api, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
@@ -110,20 +116,23 @@
api.plshell.UpdateSliceTag(api.plauth, attribute_id, "0")
return 1
-def reset_slice(api, hrn):
+def reset_slice(api, xrn):
# XX not implemented at this interface
+ (hrn,type) = xrn_to_hrn(xrn)
+
return 1
def get_slices(api):
# XX just import the legacy module and excute that until
- # we transition the code to this module
+ # we transition the code to this module
from sfa.plc.slices import Slices
slices = Slices(api)
slices.refresh()
return slices['hrn']
-def get_rspec(api, hrn=None, origin_hrn=None):
+def get_rspec(api, xrn=None, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
from sfa.plc.nodes import Nodes
nodes = Nodes(api, origin_hrn=origin_hrn)
if hrn:
Index: sfa/managers/registry_manager_pl.py
===================================================================
--- sfa/managers/registry_manager_pl.py (revision 16445)
+++ sfa/managers/registry_manager_pl.py (working copy)
@@ -182,7 +182,7 @@
pub_key = record['key']
pkey = convert_public_key(pub_key)
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(hrn_to_urn(hrn,type), uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
Index: sfa/managers/slice_manager_pl.py
===================================================================
--- sfa/managers/slice_manager_pl.py (revision 16445)
+++ sfa/managers/slice_manager_pl.py (working copy)
@@ -8,6 +8,7 @@
from types import StringTypes
from sfa.util.namespace import *
+from sfa.util.xrn import *
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
@@ -21,7 +22,8 @@
from sfa.server.aggregate import Aggregates
import sfa.plc.peers as peers
-def delete_slice(api, hrn, origin_hrn=None):
+def delete_slice(api, xrn, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
credential = api.getCredential()
aggregates = Aggregates(api)
for aggregate in aggregates:
@@ -35,7 +37,8 @@
print >> log, "Error calling delete slice at aggregate %s" % aggregate
return 1
-def create_slice(api, hrn, rspec, origin_hrn=None):
+def create_slice(api, xrn, rspec, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
spec = RSpec()
tempspec = RSpec()
spec.parseString(rspec)
@@ -89,8 +92,8 @@
traceback.print_exc()
return 1
-def get_ticket(api, slice_hrn, rspec, origin_hrn=None):
-
+def get_ticket(api, slice_xrn, rspec, origin_hrn=None):
+ (slice_hrn,type) = xrn_to_hrn(slice_xrn)
# get the netspecs contained within the clients rspec
client_rspec = RSpec(xml=rspec)
netspecs = client_rspec.getDictsByTagName('NetSpec')
@@ -160,7 +163,8 @@
new_ticket.sign()
return new_ticket.save_to_string(save_parents=True)
-def start_slice(api, hrn):
+def start_slice(api, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
@@ -172,7 +176,9 @@
return 1
-def stop_slice(api, hrn):
+def stop_slice(api, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
+
slicename = hrn_to_pl_slicename(hrn)
slices = api.plshell.GetSlices(api.plauth, {'name': slicename}, ['slice_id'])
if not slices:
@@ -184,6 +190,7 @@
return 1
def reset_slice(api, hrn):
+ (hrn,type) = xrn_to_hrn(xrn)
# XX not implemented at this interface
return 1
@@ -195,7 +202,8 @@
slices.refresh()
return slices['hrn']
-def get_rspec(api, hrn=None, origin_hrn=None):
+def get_rspec(api, xrn=None, origin_hrn=None):
+ (hrn,type) = xrn_to_hrn(xrn)
from sfa.plc.nodes import Nodes
nodes = Nodes(api, origin_hrn=origin_hrn)
if hrn:
Index: sfa/managers/aggregate_manager_max.py
===================================================================
--- sfa/managers/aggregate_manager_max.py (revision 16445)
+++ sfa/managers/aggregate_manager_max.py (working copy)
@@ -4,6 +4,7 @@
import sys
import pdb
from sfa.util.namespace import *
+from sfa.util.xrn import *
from sfa.util.rspec import *
from sfa.util.specdict import *
from sfa.util.faults import *
@@ -248,9 +249,10 @@
return 1
-def get_rspec(api, hrn):
+def get_rspec(api, xrn):
# Eg. config line:
# plc.princeton.sapan vlan23,vlan45
+ (hrn,type) = xrn_to_hrn(xrn)
allocations = read_alloc_dict()
if (hrn and allocations.has_key(hrn)):
@@ -261,7 +263,8 @@
return (ret_rspec)
-def create_slice(api, hrn, rspec_xml):
+def create_slice(api, xrn, rspec_xml):
+ (hrn,type) = xrn_to_hrn(xrn)
global topology
topology = get_interface_map()
Index: sfa/managers/aggregate_manager_vini.py
===================================================================
--- sfa/managers/aggregate_manager_vini.py (revision 16445)
+++ sfa/managers/aggregate_manager_vini.py (working copy)
@@ -1,4 +1,5 @@
from sfa.util.faults import *
+from sfa.util.xrn import *
from sfa.util.namespace import *
from sfa.util.rspec import RSpec
from sfa.server.registry import Registries
@@ -132,7 +133,8 @@
return 1
-def get_rspec(api, hrn):
+def get_rspec(api, xrn):
+ (hrn,type) = xrn_to_hrn(xrn)
topo = Topology(api)
if (hrn):
slicename = hrn_to_pl_slicename(hrn)
@@ -151,7 +153,9 @@
"""
Hook called via 'sfi.py create'
"""
-def create_slice(api, hrn, xml):
+def create_slice(api, xrn, xml):
+ (hrn,type) = xrn_to_hrn(xrn)
+
### Check the whitelist
### It consists of lines of the form: <slice hrn> <bw>
whitelist = {}
Index: sfa/util/geniclient.py
===================================================================
--- sfa/util/geniclient.py (revision 16445)
+++ sfa/util/geniclient.py (working copy)
@@ -62,7 +62,7 @@
# signed by his respective authority.
#
# @param cred credential of caller
- # @param name hrn for new GID
+ # @param name urn for new GID
# @param uuid unique identifier for new GID
# @param pkey_string public-key string (TODO: why is this a string and not a keypair object?)
#
Index: sfa/plc/sfa-import-plc.py
===================================================================
--- sfa/plc/sfa-import-plc.py (revision 16445)
+++ sfa/plc/sfa-import-plc.py (working copy)
@@ -97,7 +97,8 @@
sfaImporter.create_top_level_auth_records(level1_auth)
import_auth = level1_auth
- trace("Import: adding" + import_auth + "to trusted list", logger)
+ trace("Import: adding " + import_auth + " to trusted list", logger)
+
authority = AuthHierarchy.get_auth_info(import_auth)
TrustedRoots.add_gid(authority.get_gid_object())
@@ -121,7 +122,8 @@
sites = shell.GetSites(plc_auth, {'peer_id': None})
sites_dict = {}
for site in sites:
- sites_dict[site['login_base']] = site
+ sites_dict[site['login_base']] = site
+
# Get all plc users
persons = shell.GetPersons(plc_auth, {'peer_id': None}, ['person_id', 'email', 'key_ids', 'site_ids'])
@@ -156,11 +158,13 @@
for slice in slices:
slices_dict[slice['slice_id']] = slice
+
# start importing
for site in sites:
site_hrn = import_auth + "." + site['login_base']
# import if hrn is not in list of existing hrns or if the hrn exists
# but its not a site record
+
if site_hrn not in existing_hrns or \
(site_hrn, 'authority') not in existing_records:
site_hrn = sfaImporter.import_site(import_auth, site)
Index: sfa/plc/sfaImport.py
===================================================================
--- sfa/plc/sfaImport.py (revision 16445)
+++ sfa/plc/sfaImport.py (working copy)
@@ -127,7 +127,8 @@
pkey = Keypair(create=True)
# create the gid
- person_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey)
+ print "Creating gid for", hrn, "of type user"
+ person_gid = AuthHierarchy.create_gid(hrn_to_urn(hrn, 'user'), create_uuid(), pkey)
table = GeniTable()
person_record = GeniRecord(hrn=hrn, gid=person_gid, type="user", pointer=person['person_id'])
person_record['authority'] = get_authority(person_record['hrn'])
@@ -153,7 +154,7 @@
trace("Import: importing slice " + hrn, self.logger)
pkey = Keypair(create=True)
- slice_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey)
+ slice_gid = AuthHierarchy.create_gid(hrn_to_urn(hrn, 'slice'), create_uuid(), pkey)
slice_record = GeniRecord(hrn=hrn, gid=slice_gid, type="slice", pointer=slice['slice_id'])
slice_record['authority'] = get_authority(slice_record['hrn'])
table = GeniTable()
@@ -184,7 +185,7 @@
table = GeniTable()
node_record = table.find({'type': 'node', 'hrn': hrn})
pkey = Keypair(create=True)
- node_gid = AuthHierarchy.create_gid(hrn, create_uuid(), pkey)
+ node_gid = AuthHierarchy.create_gid(hrn_to_urn(hrn, 'node'), create_uuid(), pkey)
node_record = GeniRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
node_record['authority'] = get_authority(node_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
More information about the Devel
mailing list