Implement speaksfor (non-abac) support.
CM V2 (and thus the AM) now accept a type=speaksfor credential along with regular credentials. When supplied, the speaksfor caller must be equal to the owner of the speaksfor credential and the target must be equal to the owner of the regular credential(s). All operations take place in the context of the spokenfor user. Added speaksfor slots to geni_slices,geni_aggregates and geni_tickets. Also to the history table. But these are just the most recent data. Each transaction is logged as normal, and the metadata now includes the speaksfor data and the log always includes all of the credentials. For testing, there is a new script in the scripts directory to generate a speaksfor credential. Not installed since it is really a hack. But to create one: perl genspeaksfor urn:publicid:IDN+emulab.net+user+leebee \ urn:publicid:IDN+emulab.net+user+stoller which generates a speaksfor credential that says stoller is speaking for leebee. Given a slice credential issued to leebee, the test scripts can be invoked as follows (by stoller): createsliver.py -S speaksfor.cred -s slice.cred -c leebee.cred A copy of leebee's self credential is needed simply cause of the test script's desire to talk to the SA (which does not support speaksfor). Not otherwise needed. Oh, not tested on the AM interface yet.
Showing with 421 additions and 103 deletions