GeniCM.pm.in 14.5 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package GeniCM;

#
# The server side of the CM interface on remote sites. Also communicates
# with the GMC interface at Geni Central as a client.
#
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);

@ISA    = "Exporter";
@EXPORT = qw ( );

# Must come after package declaration!
use lib '@prefix@/lib';
use GeniDB;
use Genixmlrpc;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
24 25
use GeniResponse;
use GeniTicket;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
26
use GeniCredential;
27
use GeniCertificate;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
28
use GeniSlice;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
29
use GeniAggregate;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
30
use GeniSliver;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
31
use GeniUser;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
32
use libtestbed;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
33 34 35
# Hate to import all this crap; need a utility library.
use libdb qw(TBGetUniqueIndex TBcheck_dbslot TBDB_CHECKDBSLOT_ERROR);
use User;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
36
use Node;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
37 38
use English;
use Data::Dumper;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
39
use XML::Simple;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
40
use Experiment;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
41 42 43 44 45 46 47 48

# Configure variables
my $TB		   = "@prefix@";
my $TBOPS          = "@TBOPSEMAIL@";
my $TBAPPROVAL     = "@TBAPPROVALEMAIL@";
my $TBAUDIT   	   = "@TBAUDITEMAIL@";
my $BOSSNODE       = "@BOSSNODE@";
my $OURDOMAIN      = "@OURDOMAIN@";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
49 50
my $CREATEEXPT     = "$TB/bin/batchexp";
my $NALLOC	   = "$TB/bin/nalloc";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
51 52 53 54 55 56 57 58
my $AVAIL	   = "$TB/sbin/avail";

#
# Discover resources on this component, returning a resource availablity spec
#
sub DiscoverResources($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
59
    my $slice      = $argref->{'slice'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
60 61
    my $credential = $argref->{'credential'};
    my $user_uuid  = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
62
    my $slice_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
63

Leigh B. Stoller's avatar
Leigh B. Stoller committed
64
    if (! defined($slice)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
65 66 67 68 69 70 71 72
	return GeniResponse->MalformedArgsResponse();
    }

    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
73
    GeniCertificate->CertificateInfo($slice, \$slice_uuid) == 0 or
Leigh B. Stoller's avatar
Leigh B. Stoller committed
74 75 76
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
    # The credential owner/slice has to match what was provided.
    if (! ($user_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }

    #
    # Eventually we will take an optional rspec, but for now just return
    # a list of free nodes using avail. 
    #
    if (! open(AVAIL, "$AVAIL type=pc aslist |")) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not start avail");
    }
    my @nodelist = ();
    while (<AVAIL>) {
	my $nodeid = $_;
	chomp($nodeid);
	my $node = Node->Lookup($nodeid);
	push(@nodelist, $node)
	    if (defined($node));
    }
    close(AVAIL);

Leigh B. Stoller's avatar
Leigh B. Stoller committed
102
    my $xml = "<rspec xmlns=\"http://protogeni.net/resources/rspec/0.1\">\n";
Leigh B. Stoller's avatar
Leigh B. Stoller committed
103 104 105 106 107 108 109 110 111 112 113
    foreach my $node (@nodelist) {
	my $uuid = $node->uuid();
	my $nodeid = $node->node_id();
	
	$xml .= "<node uuid=\"$uuid\" name=\"$nodeid\">".
	    "<available>true</available></node>\n";
    }
    $xml .= "</rspec>";

    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $xml);
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
114

Leigh B. Stoller's avatar
Leigh B. Stoller committed
115
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
116
# Respond to a GetTicket request. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
117 118 119 120
#
sub GetTicket($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
121
    my $slice_cert = $argref->{'slice'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
122
    my $rspec      = $argref->{'rspec'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
123
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
124
    my $credential = $argref->{'credential'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125
    my $owner_uuid = $ENV{'GENIUSER'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
126
    my $slice_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
127

Leigh B. Stoller's avatar
Leigh B. Stoller committed
128
    if (! defined($slice_cert)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
129
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
130
			     "Improper slice");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
131
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
132 133 134
    if (! (defined($rspec) && ($rspec =~ /^[-\w]+$/))) {
	GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
			     "Improper rspec");	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
135
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
136 137 138
    # Convert the rspec back to a structure.
    $rspec = XMLin($rspec, ForceArray => ["node"]);

Leigh B. Stoller's avatar
Leigh B. Stoller committed
139 140 141
    $impotent = 0
	if (!defined($impotent));

Leigh B. Stoller's avatar
Leigh B. Stoller committed
142
    $credential = GeniCredential->CreateFromSigned($credential);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
143 144 145 146
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
147
    GeniCertificate->CertificateInfo($slice_cert, \$slice_uuid) == 0 or
Leigh B. Stoller's avatar
Leigh B. Stoller committed
148 149 150 151
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
	
	
Leigh B. Stoller's avatar
Leigh B. Stoller committed
152 153 154 155 156 157
    # The credential owner/slice has to match what was provided.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $slice_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
158

Leigh B. Stoller's avatar
Leigh B. Stoller committed
159 160 161 162 163 164 165
    #
    # See if we have a record of this slice in the DB. If not, then we have
    # to go to the ClearingHouse to find its record, so that we can find out
    # who the SA for it is.
    #
    my $slice = GeniSlice->Lookup($slice_uuid);
    if (!defined($slice)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
166 167 168 169 170 171
	$slice = GeniSlice->CreateFromRegistry($slice_uuid);
	if (!defined($slice)) {
	    print STDERR "No slice $slice_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get slice info from ClearingHouse");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
172 173
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
174
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
175 176 177 178 179 180 181 182 183 184 185 186
    # Ditto the user.
    #
    my $user = GeniUser->Lookup($owner_uuid);
    if (!defined($user)) {
	$user = GeniUser->CreateFromRegistry($owner_uuid);
	if (!defined($user)) {
	    print STDERR "No user $owner_uuid in the ClearingHouse\n";
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
			    "Could not get user info from ClearingHouse");
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
187
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
188 189 190 191
    # If the underlying experiment does not exist, need to create
    # a holding experiment. All these are going to go into the same
    # project for now. Generally, users for non-local slices do not
    # have local accounts or directories.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
192
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209
    my $experiment = Experiment->Lookup($slice_uuid);
    if (!defined($experiment)) {
	#
	# Form an eid for the experiment. 
	#
	my $eid = "slice" . TBGetUniqueIndex('next_sliceid', 1);

	# Note the -h option; allows experiment with no NS file.
	system("$CREATEEXPT -q -i -w -E 'Geni Slice Experiment' ".
	       "-h '$slice_uuid' -p genislices -e $eid");
	if ($?) {
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Internal Error");
	}
	$experiment = Experiment->Lookup($slice_uuid);
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
210
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
211 212 213
    # An rspec is a structure that requests specific nodes. If those
    # nodes are available, then reserve it. Otherwise the ticket
    # cannot be granted. 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
214
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
215
    my @nodeids = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
216 217 218
    my $pid     = $experiment->pid();
    my $eid     = $experiment->eid();

Leigh B. Stoller's avatar
Leigh B. Stoller committed
219 220 221 222 223 224 225 226 227
    foreach my $node_id (keys(%{$rspec->{'node'}})) {
	if ($node_id =~ /^(\w*)$/) {
	    $node_id = $1;
	}
	else {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
					"Improper node id: $node_id");
	}
	push(@nodeids, $node_id);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
228
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
229 230

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
231
    # Create the ticket first, before allocating the node.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
232
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
233
    my $ticket = GeniTicket->Create($slice, $user, $rspec);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
234 235 236 237
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
238
    # Nalloc might fail if the node gets picked up by someone else.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
239
    if (!$impotent) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
240
	system("$NALLOC $pid $eid @nodeids");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
241 242 243 244 245 246 247 248 249 250
	if (($? >> 8) < 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
					"Allocation failure");
	}
	elsif (($? >> 8) > 0) {
	    $ticket->Delete();
	    return GeniResponse->Create(GENIRESPONSE_UNAVAILABLE, undef,
					"Could not allocate node\n");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
251
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
252
    if ($ticket->Sign() != 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
253
	# Release will free the nodes.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
254
	$ticket->Release();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
255 256 257
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not sign Ticket");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
258 259 260 261 262 263 264 265 266 267
    return GeniResponse->Create(GENIRESPONSE_SUCCESS,
				$ticket->asString());
}

#
# Create a sliver.
#
sub CreateSliver($)
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
268 269
    my $owner_uuid = $ENV{'GENIUSER'};
    my $ticket     = $argref->{'ticket'};
270
    my $impotent   = $argref->{'impotent'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
271
    my $message    = "Error creating sliver/aggregate";
272 273 274

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
275 276 277 278 279 280 281 282 283 284 285 286

    if (! (defined($ticket) &&
	   !TBcheck_dbslot($ticket, "default", "text",
			   TBDB_CHECKDBSLOT_ERROR))) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "ticket: ". TBFieldErrorString());
    }
    $ticket = GeniTicket->CreateFromSignedTicket($ticket);
    if (!defined($ticket)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniTicket object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
287 288 289 290 291
    # The credential owner has to match what is in the ticket.
    if ($owner_uuid ne $ticket->owner_uuid()) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
292

Leigh B. Stoller's avatar
Leigh B. Stoller committed
293 294 295 296 297 298
    my $experiment = Experiment->Lookup($ticket->slice_uuid());
    if (!defined($experiment)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No local experiment for slice");
    }

299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317
    #
    # See if we have a record of this slice in the DB. If not, throw an
    # error; might change later.
    #
    my $slice = GeniSlice->Lookup($ticket->slice_uuid());
    if (!defined($slice)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No slice record for slice");
    }

    #
    # Ditto the user.
    #
    my $owner = GeniUser->Lookup($owner_uuid);
    if (!defined($owner)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "No user record for $owner_uuid");
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
318 319 320 321 322 323 324 325 326 327 328 329 330
    #
    # Create an emulab nonlocal user for tmcd.
    #
    $owner->BindToSlice($slice) == 0
	or return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				       "Error binding user to slice");
	
    #
    # We are actually an Aggregate, so return an aggregate of sliver,
    # even if there is just one node (simpler).
    #
    my $aggregate = GeniAggregate->Create($ticket);
    if (!defined($aggregate)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
331
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
332
				    "Could not create GeniAggregate object");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
333
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
334 335

    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
336 337
    # Now for each resource (okay, node) in the ticket create a sliver and
    # add it to the aggregate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
338
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
339 340 341 342 343 344 345 346 347 348 349 350
    my @slivers = ();
    foreach my $resource_uuid (keys(%{$ticket->rspec()->{'node'}})) {
	if (! ($resource_uuid =~ /^[-\w]*$/)) {
	    $message = "Improper resource_uuid in ticket: $resource_uuid";
	    goto bad;
	}
	my $sliver = GeniSliver->Create($slice, $owner, $resource_uuid);
	if (!defined($sliver)) {
	    $message = "Could not create GeniSliver object for $resource_uuid";
	    goto bad;
	}
	push(@slivers, $sliver);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
351
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367

    #
    # Now do the provisioning (note that we actually allocated the node
    # above when the ticket was granted). The add the sliver to the aggregate.
    #
    foreach my $sliver (@slivers) {
	if (!$impotent && $sliver->Provision() != 0) {
	    $message = "Could not provision $sliver";
	    goto bad;
	}
	if ($sliver->SetAggregate($aggregate) != 0) {
	    $message = "Could not aggregate for $sliver to $aggregate";
	    goto bad;
	}
    }

Leigh B. Stoller's avatar
Leigh B. Stoller committed
368
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
369
    # The API states we return a credential to control the sliver/aggregate.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
370
    #
Leigh B. Stoller's avatar
Leigh B. Stoller committed
371
    my $credential = $aggregate->NewCredential($owner);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
372
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
373 374
	$message = "Could not create credential for $aggregate";
	goto bad;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
375 376
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS, $credential->asString());
Leigh B. Stoller's avatar
Leigh B. Stoller committed
377 378 379 380 381 382 383 384 385 386 387

  bad:
    foreach my $sliver (@slivers) {
	$sliver->UnProvision()
	    if (! $impotent);
	$sliver->Delete();
    }
    $aggregate->Delete()
	if (defined($aggregate));
    
    return GeniResponse->Create(GENIRESPONSE_ERROR, undef, $message);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
388 389 390
}

#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
391
# Start a sliver (not sure what this means yet, so reboot for now).
Leigh B. Stoller's avatar
Leigh B. Stoller committed
392
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
393
sub StartSliver($)
Leigh B. Stoller's avatar
Leigh B. Stoller committed
394 395
{
    my ($argref) = @_;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
396
    my $owner_uuid  = $ENV{'GENIUSER'};
397
    my $sliver_cert = $argref->{'sliver'};
Leigh B. Stoller's avatar
Leigh B. Stoller committed
398
    my $credential  = $argref->{'credential'};
399
    my $sliver_uuid;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
400 401 402 403
    my $impotent   = $argref->{'impotent'};

    $impotent = 0
	if (!defined($impotent));
Leigh B. Stoller's avatar
Leigh B. Stoller committed
404

405
    if (!defined($sliver_cert) || !defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
406 407
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
408 409 410 411
    GeniCertificate->CertificateInfo($sliver_cert, \$sliver_uuid) == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
412 413 414 415 416
    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not create GeniCredential object");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
417 418
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
419 420 421 422 423 424
	# Might be an aggregate instead.
	$sliver = GeniAggregate->Lookup($sliver_uuid);
	if (!defined($sliver)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver/aggregate $sliver_uuid");
	}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
425
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462
    
    # The credential owner has to match what is in the ticket.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $sliver_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
    }
    if (!$impotent) {
	$sliver->StartUp() == 0 or
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				"Could not start sliver/aggregate");
    }
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
}

#
# Destroy a sliver/aggregate.
#
sub DestroySliver($)
{
    my ($argref) = @_;
    my $owner_uuid  = $ENV{'GENIUSER'};
    my $sliver_cert = $argref->{'sliver'};
    my $credential  = $argref->{'credential'};
    my $sliver_uuid;
    my $impotent   = $argref->{'impotent'};

    $impotent = 0
	if (!defined($impotent));

    if (!defined($sliver_cert) || !defined($credential)) {
	return GeniResponse->Create(GENIRESPONSE_BADARGS);
    }
    GeniCertificate->CertificateInfo($sliver_cert, \$sliver_uuid) == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				    "Could not get uuid from Certificate");
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
463 464
    $credential = GeniCredential->CreateFromSigned($credential);
    if (!defined($credential)) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
465
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
466
				    "Could not create GeniCredential object");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
467
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
468 469 470 471 472 473 474 475 476 477
    my $sliver = GeniSliver->Lookup($sliver_uuid);
    if (!defined($sliver)) {
	# Might be an aggregate instead.
	$sliver = GeniAggregate->Lookup($sliver_uuid);
	if (!defined($sliver)) {
	    return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
				    "No such sliver/aggregate $sliver_uuid");
	}
    }
    
Leigh B. Stoller's avatar
Leigh B. Stoller committed
478 479 480 481 482
    # The credential owner has to match what is in the ticket.
    if (! ($owner_uuid eq $credential->owner_uuid() &&
	   $sliver_uuid eq $credential->this_uuid())) {
	return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
				    "Invalid credentials for operation");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
483
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
484 485 486 487 488
    if (!$impotent) {
	$sliver->UnProvision() == 0 or
	    return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
				"Could not unprovision sliver/aggregate");
    }
Leigh B. Stoller's avatar
Leigh B. Stoller committed
489 490
    $sliver->Delete() == 0 or
	return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
Leigh B. Stoller's avatar
Leigh B. Stoller committed
491
				    "Could not delete sliver/aggregate");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
492 493
    
    return GeniResponse->Create(GENIRESPONSE_SUCCESS);
Leigh B. Stoller's avatar
Leigh B. Stoller committed
494
}