def call(self, xrn, creds, rspec, options):
xrn = Xrn(xrn, type='slice')
# Find the valid credentials
valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'createsliver', xrn.get_hrn(), options=options)
the_credential = Credential(cred=valid_creds[0])
# use the expiration from the first valid credential to determine when
# the slivers should expire.
expiration = datetime_to_string(the_credential.expiration)
self.api.logger.debug("Allocate, received expiration from credential: %s"%expiration)
# turned off, as passing an empty rspec is indeed useful for cleaning up the slice
# # make sure request is not empty
# slivers = RSpec(rspec).version.get_nodes_with_slivers()
# if not slivers:
# raise InvalidRSpec("Missing <sliver_type> or <sliver> element. Request rspec must explicitly allocate slivers")
# flter rspec through sfatables
if self.api.interface in ['aggregate']:
chain_name = 'INCOMING'
elif self.api.interface in ['slicemgr']:
chain_name = 'FORWARD-INCOMING'
self.api.logger.debug("Allocate: sfatables on chain %s"%chain_name)
actual_caller_hrn = the_credential.actual_caller_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, actual_caller_hrn, xrn.get_hrn(), self.name))
rspec = run_sfatables(chain_name, xrn.get_hrn(), actual_caller_hrn, rspec)
# turned off, as passing an empty rspec is indeed useful for cleaning up the slice
# slivers = RSpec(rspec).version.get_nodes_with_slivers()
# if not slivers:
# raise SfatablesRejected(slice_xrn)
# pass this to the driver code in case they need it
options['actual_caller_hrn'] = actual_caller_hrn
result = self.api.manager.Allocate(self.api, xrn.get_urn(), creds, rspec, expiration, options)
return result
def call(self, urns, creds, expiration_time, options):
# Find the valid credentials
valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'renewsliver', urns,
check_sliver_callback = self.api.driver.check_sliver_credentials,
options=options)
the_credential = Credential(cred=valid_creds[0])
actual_caller_hrn = the_credential.actual_caller_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-urns: %s\texpiration:%s\tmethod-name: %s"%\
(self.api.interface, actual_caller_hrn, urns, expiration_time,self.name))
# extend as long as possible : take the min of requested and now+SFA_MAX_SLICE_RENEW
if options.get('geni_extend_alap'):
# ignore requested time and set to max
expiration_time = add_datetime(datetime.datetime.utcnow(), days=int(self.api.config.SFA_MAX_SLICE_RENEW))
# Validate that the time does not go beyond the credential's expiration time
requested_expire = utcparse(expiration_time)
self.api.logger.info("requested_expire = %s"%requested_expire)
credential_expire = the_credential.get_expiration()
self.api.logger.info("credential_expire = %s"%credential_expire)
max_renew_days = int(self.api.config.SFA_MAX_SLICE_RENEW)
max_expire = datetime.datetime.utcnow() + datetime.timedelta (days=max_renew_days)
if requested_expire > credential_expire:
# used to throw an InsufficientRights exception here, this was not right
self.api.logger.warning("Requested expiration %s, after credential expiration (%s) -> trimming to the latter/sooner"%\
(requested_expire, credential_expire))
requested_expire = credential_expire
if requested_expire > max_expire:
# likewise
self.api.logger.warning("Requested expiration %s, after maximal expiration %s days (%s) -> trimming to the latter/sooner"%\
(requested_expire, self.api.config.SFA_MAX_SLICE_RENEW,max_expire))
requested_expire = max_expire
return self.api.manager.Renew(self.api, urns, creds, requested_expire, options)
