Skip to content
  • Leigh B Stoller's avatar
    Implement speaksfor (non-abac) support. · 8d53b3fd
    Leigh B Stoller authored
    CM V2 (and thus the AM) now accept a type=speaksfor credential along
    with regular credentials. When supplied, the speaksfor caller must be
    equal to the owner of the speaksfor credential and the target must be
    equal to the owner of the regular credential(s). All operations take
    place in the context of the spokenfor user.
    
    Added speaksfor slots to geni_slices,geni_aggregates and geni_tickets.
    Also to the history table. But these are just the most recent data.
    Each transaction is logged as normal, and the metadata now includes
    the speaksfor data and the log always includes all of the credentials.
    
    For testing, there is a new script in the scripts directory to
    generate a speaksfor credential. Not installed since it is really
    a hack. But to create one:
    
      perl genspeaksfor urn:publicid:IDN+emulab.net+user+leebee \
    	urn:publicid:IDN+emulab.net+user+stoller
    
    which generates a speaksfor credential that says stoller is speaking
    for leebee.
    
    Given a slice credential issued to leebee, the test scripts can be
    invoked as follows (by stoller):
    
      createsliver.py -S speaksfor.cred -s slice.cred -c leebee.cred
    
    A copy of leebee's self credential is needed simply cause of the test
    script's desire to talk to the SA (which does not support speaksfor).
    Not otherwise needed.
    
    Oh, not tested on the AM interface yet.
    8d53b3fd