All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit d819cc16 authored by Leigh B Stoller's avatar Leigh B Stoller

Oops, left this out of previous commit.

parent f087b3a0
......@@ -37,13 +37,18 @@ use vars qw(@ISA @EXPORT $AUTOLOAD);
use EmulabConstants;
use emdb;
use libtestbed;
use GeniHRN;
use GeniCertificate;
use GeniCredential;
use GeniAuthority;
use GeniResponse;
# Configure variables
my $TB = "@prefix@";
my $MAINSITE = @TBMAINSITE@;
my $TBOPS = "@TBOPSEMAIL@";
my $OURDOMAIN = "@OURDOMAIN@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
my $SACERT = "$TB/etc/genisa.pem";
my $EMCERT = "$TB/etc/emulab.pem";
my $EMKEY = "$TB/etc/emulab.key";
......@@ -57,6 +62,9 @@ my %speakcache = ();
# Use real abac credentials (which means we can do speaks-for at ALS2).
my $USEABACCREDS = 0;
# Debugging;
my $usemydevtree = 0;
#
# Check credential/certificate status early, looking for expired certs.
#
......@@ -438,5 +446,78 @@ sub GenABACCredential($$)
return $cred;
}
#
# Generate a project credential for a user.
#
sub GenProjectCredential($$)
{
my ($project, $geniuser) = @_;
my $pid = $project->pid();
my $urn = $project->urn();
my $error;
my $certificate =
GeniCertificate->Create({'urn' => $urn,
'hrn' => "${PGENIDOMAIN}.project.${pid}",
'email'=> $TBOPS,
"nostore" => 1,
}, \$error);
if (!defined($certificate)) {
print STDERR "Could not create new certificate for $urn\n";
return undef;
}
my ($credential, $speaksfor) = GenCredentials($certificate, $geniuser);
return undef
if (!defined($credential));
return ($credential, $speaksfor);
}
#
# Generate a user (self) credential for a user.
#
sub GenUserCredential($)
{
my ($geniuser) = @_;
my ($credential, $speaksfor) = GenCredentials($geniuser, $geniuser);
return undef
if (!defined($credential));
return ($credential, $speaksfor);
}
#
# RPC to the Cluster RPC server.
#
sub PortalRPC($$$@)
{
my ($authority, $context, $method, @args) = @_;
my $cmurl = $authority->url();
$cmurl =~ s/\/cm$/\/cluster/;
if ($usemydevtree) {
$cmurl =~ s/protogeni/protogeni\/stoller/;
}
#
# We use the root context to talk to the Cluster RPC server
#
if (!defined($context)) {
$context = RootContext();
if (!defined($context)) {
return GeniResponse->Create(GENIRESPONSE_RPCERROR(), undef,
"Could not get root context for RPC");
}
}
my $response = Genixmlrpc::CallMethod($cmurl, $context, $method, @args);
if ($response->code() != GENIRESPONSE_SUCCESS()) {
if (!defined($response->output())) {
$response->output("Operation failed, returned " .
$response->code());
}
}
return $response;
}
# _Always_ make sure that this 1 is at the end of the file...
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment