Skip to content
  • Leigh B Stoller's avatar
    Changes our ssh key/account handling in RedeemTicket() and · 03c2107c
    Leigh B Stoller authored
    CreateSliver(), to handle multiple accounts.  This somewhat reflects
    the Geni AM API for keys, which allows the client to specify multiple
    users, each with a set of ssh keys.
    
    The keys argument to the CM now looks like the following (note that
    the old format is still accepted and will be for a while).
    
    [{'urn'   => 'urn:blabla'
      'login' => 'dopey',
      'keys'  => [ list of keys like before ]},
     {'login' => "leebee",
      'keys'  => [ list of keys ... ]}];
    
    Key Points:
    
    1. You can supply a urn or a login or both. Typically, it is going to
       be the result of getkeys() at the PG SA, and so it will include
       both.
    
    2. If a login is provided, use that. Otherwise use the id from the urn.
    
    3. No matter what, verify that the token is valid for Emulab an uid
       (standard 8 char unix login that is good on just about any unix
       variant), and transform it if not.
    
    4. For now, getkeys() at the SA will continue to return the old format
       (unless you supply version=2 argument) since we do not want to
       default to a keylist that most CMs will barf on.
    
    5. I have modified the AM code to transform the Geni AM version of the
       "users" argument into the above structure. Bottom line here, is
       that users of the AM interface will not actually need to do
       anything, although now multiple users are actually supported
       instead of ignored.
    
    Still to be done are the changes to the login services structure in
    the manifest. We have yet to settle on what these changes will look
    like, but since people generally supply valid login ids, you probably
    will not need this, since no transformation will take place.
    03c2107c