本文整理汇总了Python中sfa.util.xrn.urn_to_hrn函数的典型用法代码示例。如果您正苦于以下问题:Python urn_to_hrn函数的具体用法?Python urn_to_hrn怎么用?Python urn_to_hrn使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了urn_to_hrn函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: GetSelfCredential
def GetSelfCredential(certificate, xnr, type):
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
origin_hrn = Certificate(string=cert).get_subject()
### authenticate the gid
# import here so we can load this module at build-time for sfa2wsdl
#from sfa.storage.alchemy import dbsession
from sfa.storage.model import RegRecord
# xxx-local - the current code runs Resolve, which would forward to
# another registry if needed
# I wonder if this is truly the intention, or shouldn't we instead
# only look in the local db ?
records = self.api.manager.Resolve(self.api, xrn, type, details=False)
if not records:
raise RecordNotFound(hrn)
record_obj = RegRecord (dict=records[0])
# xxx-local the local-only version would read
#record_obj = dbsession.query(RegRecord).filter_by(hrn=hrn).first()
#if not record_obj: raise RecordNotFound(hrn)
gid = record_obj.get_gid_object()
gid_str = gid.save_to_string(save_parents=True)
self.api.auth.authenticateGid(gid_str, [cert, type, hrn])
# authenticate the certificate against the gid in the db
certificate = Certificate(string=cert)
if not certificate.is_pubkey(gid.get_pubkey()):
for (obj,name) in [ (certificate,"CERT"), (gid,"GID"), ]:
if hasattr (obj,'filename'):
raise ConnectionKeyGIDMismatch(gid.get_subject())
return self.api.manager.GetCredential(self.api, xrn, type)示例2: GetCredential
def GetCredential(self, api, xrn, type, caller_xrn=None):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = api.auth.get_auth_info(auth_hrn)
# get record info
record=dbsession.query(RegRecord).filter_by(type=type,hrn=hrn).first()
if not record:
raise RecordNotFound("hrn=%s, type=%s"%(hrn,type))
# get the callers gid
# if caller_xrn is not specified assume the caller is the record
# object itself.
if not caller_xrn:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
caller_hrn, caller_type = urn_to_hrn(caller_xrn)
if caller_type:
caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn,type=caller_type).first()
else:
caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn).first()
if not caller_record:
raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type))
caller_gid = GID(string=caller_record.gid)i
object_hrn = record.get_gid_object().get_hrn()
# call the builtin authorization/credential generation engine
rights = api.auth.determine_user_rights(caller_hrn, record)
# make sure caller has rights to this object
if rights.is_empty():
raise PermissionError("%s has no rights to %s (%s)" % \
(caller_hrn, object_hrn, xrn))
object_gid = GID(string=record.gid)
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
#new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
new_cred.get_privileges().delegate_all_privileges(True)
if hasattr(record,'expires'):
date = utcparse(record.expires)
expires = datetime_to_epoch(date)
new_cred.set_expiration(int(expires))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
#new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)示例3: get_credential
def get_credential(api, xrn, type, is_self=False):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
# get record info
auth_info = api.auth.get_auth_info(auth_hrn)
table = SfaTable()
records = table.findObjects({'type': type, 'hrn': hrn})
if not records:
raise RecordNotFound(hrn)
record = records[0]
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
api.fill_record_info(record)
if record['type']=='user':
if not record['enabled']:
raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email']))
# get the callers gid
# if this is a self cred the record's gid is the caller's gid
if is_self:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
caller_gid = api.auth.client_cred.get_gid_caller()
caller_hrn = caller_gid.get_hrn()
object_hrn = record.get_gid_object().get_hrn()
rights = api.auth.determine_user_rights(caller_hrn, record)
# make sure caller has rights to this object
if rights.is_empty():
raise PermissionError(caller_hrn + " has no rights to " + record['name'])
object_gid = GID(string=record['gid'])
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
#new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
new_cred.get_privileges().delegate_all_privileges(True)
if 'expires' in record:
new_cred.set_expiration(int(record['expires']))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
#new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)示例4: _get_registry_objects
def _get_registry_objects(self, slice_xrn, creds, users):
"""
"""
hrn, _ = urn_to_hrn(slice_xrn)
#hrn_auth = get_authority(hrn)
# Build up objects that an SFA registry would return if SFA
# could contact the slice's registry directly
reg_objects = None
if users:
# dont allow special characters in the site login base
#only_alphanumeric = re.compile('[^a-zA-Z0-9]+')
#login_base = only_alphanumeric.sub('', hrn_auth[:20]).lower()
slicename = hrn_to_pl_slicename(hrn)
login_base = slicename.split('_')[0]
reg_objects = {}
site = {}
site['site_id'] = 0
site['name'] = 'geni.%s' % login_base
site['enabled'] = True
site['max_slices'] = 100
# Note:
# Is it okay if this login base is the same as one already at this myplc site?
# Do we need uniqueness? Should use hrn_auth instead of just the leaf perhaps?
site['login_base'] = login_base
site['abbreviated_name'] = login_base
site['max_slivers'] = 1000
reg_objects['site'] = site
slice = {}
# get_expiration always returns a normalized datetime - no need to utcparse
extime = Credential(string=creds[0]).get_expiration()
# If the expiration time is > 60 days from now, set the expiration time to 60 days from now
if extime > datetime.datetime.utcnow() + datetime.timedelta(days=60):
extime = datetime.datetime.utcnow() + datetime.timedelta(days=60)
slice['expires'] = int(time.mktime(extime.timetuple()))
slice['hrn'] = hrn
slice['name'] = hrn_to_pl_slicename(hrn)
slice['url'] = hrn
slice['description'] = hrn
slice['pointer'] = 0
reg_objects['slice_record'] = slice
reg_objects['users'] = {}
for user in users:
user['key_ids'] = []
hrn, _ = urn_to_hrn(user['urn'])
user['email'] = hrn_to_pl_slicename(hrn) + "@geni.net"
user['first_name'] = hrn
user['last_name'] = hrn
reg_objects['users'][user['email']] = user
return reg_objects示例5: call
def call(self, cert, xrn, type):
"""
GetSelfCredential a degenerate version of GetCredential used by a client
to get his initial credential when de doesnt have one. This is the same as
GetCredential(..., cred = None, ...)
The registry ensures that the client is the principal that is named by
(type, name) by comparing the public key in the record's GID to the
private key used to encrypt the client side of the HTTPS connection. Thus
it is impossible for one principal to retrieve another principal's
credential without having the appropriate private key.
@param type type of object (user | slice | sa | ma | node)
@param hrn human readable name of authority to list
@return string representation of a credential object
"""
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
self.api.auth.verify_object_belongs_to_me(hrn)
origin_hrn = Certificate(string=cert).get_subject()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
### authenticate the gid
# import here so we can load this module at build-time for sfa2wsdl
#from sfa.storage.alchemy import dbsession
from sfa.storage.model import RegRecord
# xxx-local - the current code runs Resolve, which would forward to
# another registry if needed
# I wonder if this is truly the intention, or shouldn't we instead
# only look in the local db ?
records = self.api.manager.Resolve(self.api, xrn, type, details=False)
if not records:
raise RecordNotFound(hrn)
record_obj = RegRecord (dict=records[0])
# xxx-local the local-only version would read
#record_obj = dbsession.query(RegRecord).filter_by(hrn=hrn).first()
#if not record_obj: raise RecordNotFound(hrn)
gid = record_obj.get_gid_object()
gid_str = gid.save_to_string(save_parents=True)
self.api.auth.authenticateGid(gid_str, [cert, type, hrn])
# authenticate the certificate against the gid in the db
certificate = Certificate(string=cert)
if not certificate.is_pubkey(gid.get_pubkey()):
for (obj,name) in [ (certificate,"CERT"), (gid,"GID"), ]:
self.api.logger.debug("ConnectionKeyGIDMismatch, %s pubkey: %s"%(name,obj.get_pubkey().get_pubkey_string()))
self.api.logger.debug("ConnectionKeyGIDMismatch, %s dump: %s"%(name,obj.dump_string()))
if hasattr (obj,'filename'):
self.api.logger.debug("ConnectionKeyGIDMismatch, %s filename: %s"%(name,obj.filename))
raise ConnectionKeyGIDMismatch(gid.get_subject())
return self.api.manager.GetCredential(self.api, xrn, type)示例6: resolve
def resolve(api, xrns, type=None, full=True):
# load all known registry names into a prefix tree and attempt to find
# the longest matching prefix
if not isinstance(xrns, types.ListType):
if not type:
type = Xrn(xrns).get_type()
xrns = [xrns]
hrns = [urn_to_hrn(xrn)[0] for xrn in xrns]
# create a dict where key is a registry hrn and its value is a
# hrns at that registry (determined by the known prefix tree).
xrn_dict = {}
registries = api.registries
tree = prefixTree()
registry_hrns = registries.keys()
tree.load(registry_hrns)
for xrn in xrns:
registry_hrn = tree.best_match(urn_to_hrn(xrn)[0])
if registry_hrn not in xrn_dict:
xrn_dict[registry_hrn] = []
xrn_dict[registry_hrn].append(xrn)
records = []
for registry_hrn in xrn_dict:
# skip the hrn without a registry hrn
# XX should we let the user know the authority is unknown?
if not registry_hrn:
continue
# if the best match (longest matching hrn) is not the local registry,
# forward the request
xrns = xrn_dict[registry_hrn]
if registry_hrn != api.hrn:
credential = api.getCredential()
peer_records = registries[registry_hrn].Resolve(xrns, credential)
records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
# try resolving the remaining unfound records at the local registry
remaining_hrns = set(hrns).difference([record['hrn'] for record in records])
# convert set to list
remaining_hrns = [hrn for hrn in remaining_hrns]
table = SfaTable()
local_records = table.findObjects({'hrn': remaining_hrns})
if full:
api.fill_record_info(local_records)
# convert local record objects to dicts
records.extend([dict(record) for record in local_records])
if not records:
raise RecordNotFound(str(hrns))
if type:
records = filter(lambda rec: rec['type'] in [type], records)
return records示例7: call
def call(self, creds, options):
self.api.logger.info("interface: %s\tmethod-name: %s" % (self.api.interface, self.name))
# client must specify a version
if not options.get('geni_rspec_version'):
if options.get('rspec_version'):
options['geni_rspec_version'] = options['rspec_version']
else:
raise SfaInvalidArgument('Must specify an rspec version option. geni_rspec_version cannot be null')
# get slice's hrn from options
xrn = options.get('geni_slice_urn', '')
(hrn, _) = urn_to_hrn(xrn)
# Find the valid credentials
valid_creds = self.api.auth.checkCredentials(creds, 'listnodes', hrn)
# get hrn of the original caller
origin_hrn = options.get('origin_hrn', None)
if not origin_hrn:
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
rspec = self.api.manager.ListResources(self.api, creds, options)
# filter rspec through sfatables
if self.api.interface in ['aggregate']:
chain_name = 'OUTGOING'
elif self.api.interface in ['slicemgr']:
chain_name = 'FORWARD-OUTGOING'
self.api.logger.debug("ListResources: sfatables on chain %s"%chain_name)
filtered_rspec = run_sfatables(chain_name, hrn, origin_hrn, rspec)
if options.has_key('geni_compressed') and options['geni_compressed'] == True:
filtered_rspec = zlib.compress(filtered_rspec).encode('base64')
return filtered_rspec 示例8: ListResources
def ListResources(api, creds, options, call_id):
if Callids().already_handled(call_id): return ""
# get slice's hrn from options
xrn = options.get('geni_slice_urn', None)
(hrn, type) = urn_to_hrn(xrn)
version_manager = VersionManager()
# get the rspec's return format from options
rspec_version = version_manager.get_version(options.get('rspec_version'))
version_string = "rspec_%s" % (rspec_version.to_string())
#panos adding the info option to the caching key (can be improved)
if options.get('info'):
version_string = version_string + "_"+options.get('info', 'default')
# look in cache first
if caching and api.cache and not xrn:
rspec = api.cache.get(version_string)
if rspec:
api.logger.info("aggregate.ListResources: returning cached value for hrn %s"%hrn)
return rspec
#panos: passing user-defined options
#print "manager options = ",options
aggregate = Aggregate(api, options)
rspec = aggregate.get_rspec(slice_xrn=xrn, version=rspec_version)
# cache the result
if caching and api.cache and not xrn:
api.cache.add(version_string, rspec)
return rspec示例9: get_auth_cred
def get_auth_cred(self, xrn, kind="authority"):
hrn, type = urn_to_hrn(xrn)
auth_info = self.get_auth_info(hrn)
gid = auth_info.get_gid_object()
cred = Credential(subject=hrn)
cred.set_gid_caller(gid)
cred.set_gid_object(gid)
cred.set_privileges(kind)
cred.get_privileges().delegate_all_privileges(True)
#cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
if not parent_hrn or hrn == self.config.SFA_INTERFACE_HRN:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
else:
# we need the parent's private key in order to sign this GID
parent_auth_info = self.get_auth_info(parent_hrn)
cred.set_issuer_keys(parent_auth_info.get_privkey_filename(), parent_auth_info.get_gid_filename())
cred.set_parent(self.get_auth_cred(parent_hrn, kind))
cred.encode()
cred.sign()
return cred示例10: get_slice_and_slivers
def get_slice_and_slivers(self, slice_xrn):
"""
Returns a dict of slivers keyed on the sliver's node_id
"""
slivers = {}
slice = None
if not slice_xrn:
return (slice, slivers)
slice_urn = hrn_to_urn(slice_xrn, 'slice')
slice_hrn, _ = urn_to_hrn(slice_xrn)
slice_name = hrn_to_nitos_slicename(slice_hrn)
slices = self.driver.shell.getSlices({'slice_name': slice_name}, [])
#filter results
for slc in slices:
if slc['slice_name'] == slice_name:
slice = slc
break
if not slice:
return (slice, slivers)
reserved_nodes = self.driver.shell.getReservedNodes({'slice_id': slice['slice_id']}, [])
reserved_node_ids = []
# filter on the slice
for node in reserved_nodes:
if node['slice_id'] == slice['slice_id']:
reserved_node_ids.append(node['node_id'])
#get all the nodes
all_nodes = self.driver.shell.getNodes({}, [])
for node in all_nodes:
if node['node_id'] in reserved_node_ids:
slivers[node['node_id']] = node
return (slice, slivers)示例11: Delete
def Delete(self, api, xrn, creds, options):
call_id = options.get('call_id')
if Callids().already_handled(call_id): return ""
def _Delete(server, xrn, creds, options):
return server.Delete(xrn, creds, options)
(hrn, type) = urn_to_hrn(xrn[0])
# get the callers hrn
valid_cred = api.auth.checkCredentials(creds, 'deletesliver', hrn)[0]
caller_hrn = Credential(cred=valid_cred).get_gid_caller().get_hrn()
# attempt to use delegated credential first
cred = api.getDelegatedCredential(creds)
if not cred:
cred = api.getCredential()
multiclient = MultiClient()
for aggregate in api.aggregates:
# prevent infinite loop. Dont send request back to caller
# unless the caller is the aggregate's SM
if caller_hrn == aggregate and aggregate != api.hrn:
continue
interface = api.aggregates[aggregate]
server = api.server_proxy(interface, cred)
multiclient.run(_Delete, server, xrn, [cred], options)
results = []
for result in multiclient.get_results():
results += ReturnValue.get_value(result)
return results示例12: call
def call(self, creds, xrn, type):
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
# check creds
valid_creds = self.api.auth.checkCredentials(creds, 'getcredential')
self.api.auth.verify_object_belongs_to_me(hrn)
#log the call
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
return self.api.manager.GetCredential(self.api, xrn, type, self.api.auth.client_gid.get_urn())示例13: DeleteSliver
def DeleteSliver(api, xrn, creds, call_id):
def _DeleteSliver(server, xrn, creds, call_id):
server_version = api.get_cached_server_version(server)
args = [xrn, creds]
if _call_id_supported(api, server):
args.append(call_id)
return server.DeleteSliver(*args)
if Callids().already_handled(call_id): return ""
(hrn, type) = urn_to_hrn(xrn)
# get the callers hrn
valid_cred = api.auth.checkCredentials(creds, 'deletesliver', hrn)[0]
caller_hrn = Credential(string=valid_cred).get_gid_caller().get_hrn()
# attempt to use delegated credential first
cred = api.getDelegatedCredential(creds)
if not cred:
cred = api.getCredential()
threads = ThreadManager()
for aggregate in api.aggregates:
# prevent infinite loop. Dont send request back to caller
# unless the caller is the aggregate's SM
if caller_hrn == aggregate and aggregate != api.hrn:
continue
interface = api.aggregates[aggregate]
server = api.get_server(interface, cred)
threads.run(_DeleteSliver, server, xrn, [cred], call_id)
threads.get_results()
return 1示例14: get_slice_and_slivers
def get_slice_and_slivers(self, slice_xrn, login=None):
"""
Returns a dict of slivers keyed on the sliver's node_id
"""
slivers = {}
sfa_slice = None
if not slice_xrn:
return (sfa_slice, slivers)
slice_urn = hrn_to_urn(slice_xrn, 'slice')
slice_hrn, _ = urn_to_hrn(slice_xrn)
slice_name = slice_hrn
slices = self.driver.GetSlices(slice_filter= str(slice_name), \
slice_filter_type = 'slice_hrn', login=login)
logger.debug("Slabaggregate api \tget_slice_and_slivers \
sfa_slice %s \r\n slices %s self.driver.hrn %s" \
%(sfa_slice, slices, self.driver.hrn))
if not slices:
return (sfa_slice, slivers)
#if isinstance(sfa_slice, list):
#sfa_slice = slices[0]
#else:
#sfa_slice = slices
# sort slivers by node id , if there is a job
#and therfore, node allocated to this slice
for sfa_slice in slices:
try:
node_ids_list = sfa_slice['node_ids']
except KeyError:
logger.log_exc("SLABAGGREGATE \t \
get_slice_and_slivers KeyError ")
continue
for node in node_ids_list:
sliver_xrn = Xrn(slice_urn, type='sliver', id=node)
sliver_xrn.set_authority(self.driver.hrn)
#node_id = self.driver.root_auth + '.' + node_id
sliver = Sliver({'sliver_id':sliver_xrn.urn,
'name': sfa_slice['hrn'],
'type': 'slab-node',
'tags': []})
slivers[node] = sliver
#Add default sliver attribute :
#connection information for senslab
if get_authority (sfa_slice['hrn']) == self.driver.root_auth:
tmp = sfa_slice['hrn'].split('.')
ldap_username = tmp[1].split('_')[0]
vmaddr = 'ssh ' + ldap_username + '@grenoble.senslab.info'
slivers['default_sliver'] = {'vm': vmaddr , 'login': ldap_username}
#TODO get_slice_and_slivers Find the login of the external user
logger.debug("SLABAGGREGATE api get_slice_and_slivers slivers %s "\
%(slivers))
return (slices, slivers)示例15: get_peer
def get_peer(self, xrn):
hrn, hrn_type = urn_to_hrn(xrn)
#Does this slice belong to a local site or a peer senslab site?
peer = None
# get this slice's authority (site)
slice_authority = get_authority(hrn)
site_authority = slice_authority
# get this site's authority (sfa root authority or sub authority)
#site_authority = get_authority(slice_authority).lower()
logger.debug("SLABSLICES \ get_peer slice_authority %s \
site_authority %s hrn %s" %(slice_authority, \
site_authority, hrn))
#This slice belongs to the current site
if site_authority == self.driver.root_auth :
return None
# check if we are already peered with this site_authority, if so
#peers = self.driver.GetPeers({})
peers = self.driver.GetPeers(peer_filter = slice_authority)
for peer_record in peers:
if site_authority == peer_record.hrn:
peer = peer_record
logger.debug(" SLABSLICES \tget_peer peer %s " %(peer))
return peer