Commit 71159201 authored by Jonathon Duerig's avatar Jonathon Duerig

More pre-GEC fixes to the GENI SA.

parent 9ea87020
......@@ -71,6 +71,7 @@ CREATE TABLE `geni_slices` (
`monitor_pid` int(11) default '0',
`expiration_max` datetime default NULL,
`renew_limit` time default NULL,
`description` mediumtext default NULL,
PRIMARY KEY (`idx`),
UNIQUE KEY `hrn` (`hrn`),
UNIQUE KEY `uuid` (`uuid`)
......
......@@ -314,6 +314,7 @@ sub speaksfor_urn($) { return field($_[0], "speaksfor_urn"); }
sub speaksfor_uuid($) { return field($_[0], "speaksfor_uuid"); }
sub expiration_max($) { return field($_[0], "expiration_max"); }
sub renew_limit($) { return field($_[0], "renew_limit"); }
sub description($) { return field($_[0], "description"); }
sub cert($) { return $_[0]->{'CERT'}->cert(); }
sub GetCertificate($) { return $_[0]->{'CERT'}; }
sub LOCKED($) { return $_[0]->{'LOCKED'}; }
......@@ -430,6 +431,26 @@ sub LookupByCreator($$)
return @result;
}
sub BoundToUser($$)
{
my ($class, $user) = @_;
my $uuid = $user->uuid();
my $query_result =
DBQueryWarn("select slice_uuid from geni_bindings ".
"where user_uuid='$uuid'");
return undef unless defined($query_result);
my @result = ();
while (my ($slice_uuid) = $query_result->fetchrow_array()) {
my $slice = GeniSlice->Lookup($slice_uuid);
push(@result, $slice)
if (defined($slice));
}
return @result;
}
#
# We lock at a very coarse grain, mostly in the CM. When a slice is busy
# we cannot expire things from it.
......@@ -956,6 +977,22 @@ sub SetSpeaksFor($$)
return 0;
}
sub SetDescription($$)
{
my ($self, $description) = @_;
my $uuid = $self->uuid();
my $safe_description = DBQuoteSpecial($description);
return -w
if (!DBQueryWarn("update geni_slices set " .
" description=$safe_description ".
"where uuid='$uuid'"));
$self->{'SLICE'}->{'description'} = $description;
return 0;
}
sub SetRenewLimit($$)
{
my ($self, $limit) = @_;
......
......@@ -91,6 +91,12 @@ sub CreateSlice($$)
}
my $sliceCred = GeniCredential->CreateFromSigned(GeniResponse::value($response));
my $slice = GeniSlice->Lookup($sliceCred->target_urn());
if (exists($options->{'fields'}->{'SLICE_DESCRIPTION'})) {
my $description = $options->{'fields'}->{'SLICE_DESCRIPTION'};
$slice->SetDescription($description);
}
my $blob = {
"SLICE_URN" => $sliceCred->target_urn(),
"SLICE_EXPIRATION" => $sliceCred->expires()
......@@ -107,6 +113,7 @@ sub LookupSlices()
return $credential
if (GeniResponse::IsResponse($credential));
# TODO: Make sure that slice URN is the same as the credential URN
$credential->HasPrivilege( "authority" ) or
$credential->HasPrivilege( "resolve" ) or
return GeniResponse->Create( GENIRESPONSE_FORBIDDEN, undef,
......@@ -116,20 +123,26 @@ sub LookupSlices()
my $members = {};
if (defined($match)) {
print STDERR "-- DEFINED\n";
foreach my $key (@{ $match }) {
print STDERR "-- foreach\n";
my $slice = GeniSlice->Lookup($key);
if (defined($slice)) {
print STDERR "-- found slice\n";
my $description = '';
if (defined($slice->description())) {
$description = $slice->description();
}
my $isExpired = 'False';
if ($slice->IsExpired()) {
$isExpired = 'True';
}
my $completeblob = {
"SLICE_URN" => $slice->urn(),
"SLICE_UID" => $slice->uuid(),
"SLICE_CREATION" => $slice->created(),
"SLICE_EXPIRATION" => $slice->expires(),
"SLICE_EXPIRED" => "False",
"SLICE_EXPIRED" => $isExpired,
"SLICE_NAME" => $slice->hrn(),
"SLICE_DESCRIPTION" => "A Slice",
"SLICE_DESCRIPTION" => $description,
"SLICE_PROJECT_URN" => "Unimplemented"
};
my $blob = GeniStd::FilterFields($completeblob, $filter);
......@@ -143,8 +156,28 @@ sub LookupSlices()
sub UpdateSlice()
{
my ($slice_urn, $credential_args, $options) = @_;
return GeniResponse->Create(GENIRESPONSE_NOT_IMPLEMENTED, undef,
"Update Slice is not implemented");
my $credential = GeniStd::CheckCredentials(GeniStd::FilterCredentials($credential_args));
return $credential
if (GeniResponse::IsResponse($credential));
# TODO: Make sure that slice URN is the same as the credential URN
my $slice = GeniSlice->Lookup($slice_urn);
my $response;
if (exists($options->{'fields'}->{'SLICE_DESCRIPTION'})) {
$slice->SetDescription($options->{'fields'}->{'SLICE_DESCRIPTION'});
}
if (exists($options->{'fields'}->{'SLICE_EXPIRES'})) {
my $args = {
"credential" => $credential->asString(),
"expiration" => $options->{'fields'}->{'SLICE_EXPIRES'}
};
$response = GeniSA::RenewSlice($args);
}
return $response
if (GeniResponse::IsError($response));
return GeniResponse->Create(GENIRESPONSE_SUCCESS, {});
}
sub GetCredentials()
......@@ -243,12 +276,13 @@ sub LookupSliceMembers()
"Who are you? No local record");
}
if ($credential->target_urn() ne $slice_urn) {
return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
"Slice URN does not match credential URN");
}
# TODO: How do we validate slice urn?
# if ($credential->target_urn() ne $slice_urn) {
# return GeniResponse->Create(GENIRESPONSE_BADARGS, undef,
# "Slice URN does not match credential URN");
# }
my $slice = GeniSlice->Lookup($credential->target_urn());
my $slice = GeniSlice->Lookup($slice_urn);
if (!defined($slice)) {
return GeniResponse->Create(GENIRESPONSE_SEARCHFAILED, undef,
"Unknown slice for this credential");
......@@ -260,6 +294,7 @@ sub LookupSliceMembers()
return GeniResponse->Create(GENIRESPONSE_ERROR, undef,
"Failed to lookup member bindings");
}
push(@{ $uuids }, $this_user->uuid());
my $result = [];
foreach my $id (@{ $uuids }) {
......@@ -269,14 +304,59 @@ sub LookupSliceMembers()
'SLICE_ROLE' => 'MEMBER' });
}
}
return GeniResposne->CREATE(GENIRESPONSE_SUCCESS, $result);
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $result);
}
sub LookupSlicesForMember()
sub LookupSlicesForMember($$$)
{
my ($member_urn, $credential_args, $options) = @_;
return GeniResponse->Create(GENIRESPONSE_NOT_IMPLEMENTED, undef,
"Lookup Slices for Member is not implemented");
if (! defined($member_urn) ||
! defined($credential_args) ||
! defined($options))
{
return GeniResponse->MalformedArgsResponse('Requires a member urn, a list of credentials, and an options field');
}
my ($cred) = GeniStd::CheckCredentials(GeniStd::FilterCredentials($credential_args));
my $credential = GeniCredential::CheckCredential($cred->asString());
return $credential
if (GeniResponse::IsResponse($credential));
if ($ENV{'GENIURN'} ne $member_urn) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"You are not allowed to lookup slices for other members");
}
my $this_user = GeniUser->Lookup($ENV{'GENIURN'}, 1);
if (!defined($this_user)) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Who are you? No local record");
}
my $result = [];
my @created = GeniSlice->LookupByCreator($this_user);
my @bound = GeniSlice->BoundToUser($this_user);
addSlicesToMemberList(\@created, $result)
if (defined(@created));
addSlicesToMemberList(\@bound, $result)
if (defined(@bound));
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $result);
}
sub addSlicesToMemberList($$)
{
my ($slices, $result) = @_;
foreach my $slice (@{ $slices }) {
my $blob = {
'SLICE_URN' => $slice->urn(),
'SLICE_ROLE' => 'MEMBER'
};
push(@{ $result }, $blob);
}
}
sub CreateSliverInfo($$$$)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment