ABAC Speaksfor credential support.
The CM can now receive either an ABAC or a non-ABAC speaksfor credential in the list of credentials. Thanks to Gary for getting libabac built on boss so that I could use it! The AM probably needs a little bit more work since it has a few V3 places where it does not invoke CMV2 directly, but that should be easy to fix; all of the AMV2 functions will work tough. Caveat; I don't bother to look at the speaksfor option; if we get a speaksfor credential, I figure it was cause the user wants to use it! I added a hacky script called genspeaksfor to create a proper speaks for credential that allows me to speak for another user. For example: genspeaksfor -a urn:publicid:IDN+emulab.net+user+leebee \ urn:publicid:IDN+emulab.net+user+stoller which generates an ABAC speaks for credential that allows me to spead for leebee. To use the PG test scripts with this credential: createsliver.py* -S speaksfor.cred -s slice.cred Where slice.cred is a plain slice credential issued to leebee and then given to me via an out of band mechanism (:-).
Showing with 348 additions and 55 deletions