Commit 3bfea992 authored by Leigh Stoller's avatar Leigh Stoller

Add ability to get a "project" credential using GetCredential(). Pass

a self credential and the project URN. Be sure to use the sub-sa URL
when requesting the credentials. This addresses ticket #42.
parent d7b10039
#!/usr/bin/perl -wT
#
# Copyright (c) 2008-2015 University of Utah and the Flux Group.
# Copyright (c) 2008-2016 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -42,6 +42,7 @@ use vars qw(@ISA @EXPORT);
# Must come after package declaration!
use libtestbed;
use EmulabConstants;
use libEmulab;
use GeniDB;
use Genixmlrpc;
......@@ -277,6 +278,63 @@ sub GetCredential($)
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
$slice_credential->asString());
}
if (lc($type) eq "project") {
if (!CheckMembershipByProjectId($geniuser, $id)) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"You are not a member of this project");
}
my $project = Project->Lookup($id);
return GeniResponse->Create(GENIRESPONSE_ERROR)
if (!defined($project));
#
# We need a certificate to create a credential. Not storing these
# yet, but might need to.
#
my $error;
my $certificate =
GeniCertificate->Create({'urn' => $urn,
'hrn' => "${PGENIDOMAIN}.project.${id}",
'email'=> $TBOPS,
"nostore" => 1,
}, \$error);
if (!defined($certificate)) {
if (defined($error)) {
return GeniResponse->Create($error, undef,
GENIRESPONSE_STRING($error));
}
print STDERR "Could not create new certificate for slice\n";
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not create project certificate.");
}
my $project_credential =
GeniCredential->Create($certificate,
$geniuser);
if (!defined($project_credential)) {
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Could not create project credential.");
}
my $trust = $project->Trust($geniuser->emulab_user());
my $priv = "none";
if ($trust eq PROJMEMBERTRUST_PROJROOT() ||
$trust eq PROJMEMBERTRUST_GROUPROOT()) {
$priv = "pi";
}
elsif ($trust eq PROJMEMBERTRUST_LOCALROOT() ||
$trust eq PROJMEMBERTRUST_USER()) {
$priv = "user";
}
$project_credential->AddCapability($priv, 0);
if ($project_credential->Sign($main::PROJECT ?
$authority->GetCertificate() :
$GeniCredential::LOCALSA_FLAG) != 0) {
$project_credential->Delete();
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Error signing project credential");
}
return GeniResponse->Create(GENIRESPONSE_SUCCESS,
$project_credential->asString());
}
return GeniResponse->Create(GENIRESPONSE_UNSUPPORTED);
}
......
#! /usr/bin/env python
#
# Copyright (c) 2008-2016 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
# GENI Public License
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
#
# }}}
#
#
#
import sys
import pwd
import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
execfile( "test-common.py" )
#
# Get a credential for myself, that allows me to do things at the SA.
#
mycredential = get_self_credential()
#
# Get the project credential.
#
params = {}
params["credential"] = mycredential
params["type"] = "Project"
params["urn"] = "urn:publicid:IDN+emulab.net+project+testbed"
rval,response = do_method_retry("sa", "GetCredential", params)
if rval:
Fatal("Could not get project credential")
pass
print response["value"]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment