def GetCredential(self, api, xrn, type, caller_xrn=None):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = api.auth.get_auth_info(auth_hrn)
# get record info
record=dbsession.query(RegRecord).filter_by(type=type,hrn=hrn).first()
if not record:
raise RecordNotFound("hrn=%s, type=%s"%(hrn,type))
# get the callers gid
# if caller_xrn is not specified assume the caller is the record
# object itself.
if not caller_xrn:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
caller_hrn, caller_type = urn_to_hrn(caller_xrn)
if caller_type:
caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn,type=caller_type).first()
else:
caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn).first()
if not caller_record:
raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type))
caller_gid = GID(string=caller_record.gid)
object_hrn = record.get_gid_object().get_hrn()
# call the builtin authorization/credential generation engine
rights = api.auth.determine_user_rights(caller_hrn, record)
# make sure caller has rights to this object
if rights.is_empty():
raise PermissionError("%s has no rights to %s (%s)" % \
(caller_hrn, object_hrn, xrn))
object_gid = GID(string=record.gid)
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
#new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
new_cred.get_privileges().delegate_all_privileges(True)
if hasattr(record,'expires'):
date = utcparse(record.expires)
expires = datetime_to_epoch(date)
new_cred.set_expiration(int(expires))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
#new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
def update (self, old_sfa_record, new_sfa_record, hrn, new_key):
'''
Update a object (record) in the registry. This might also update the tested information
associated with the record.
:param old_sfa_record: SFA record of the entity being updated
:type dict
:param new_sfa_record: new SFA record to update the old SFA record
:type dict
:param hrn: hrn of the resource being updated
:type string
:param new_key: new public key for the user (if apply)
:type string
:returns boolean value indicating the success of the operation
:rtype boolean
'''
pointer = old_sfa_record['pointer']
if isinstance(pointer, str):
pointer = int(pointer)
type = old_sfa_record['type']
clab_updated_fields = self.sfa_fields_to_clab_fields(type, hrn, new_sfa_record)
# new_key implemented for users only
#if new_key and type not in [ 'user' ]:
# raise UnknownSfaType(type)
if type == "slice":
filtered_slices = self.driver.testbed_shell.get_slices({'id': pointer})
if not filtered_slices:
raise RecordNotFound('Slice with id %s'%pointer) # Slice not found
slice_uri = filtered_slices[0]['uri']
return self.driver.testbed_shell.update_slice(slice_uri, clab_updated_fields)
elif type == "user":
filtered_users = self.driver.testbed_shell.get_users({'id': pointer})
if not filtered_slices:
raise RecordNotFound('User with id %s'%pointer) # User not found
user_uri = filtered_users[0]['uri']
return self.driver.testbed_shell.update_user(user_uri, clab_updated_fields)
#if new_key:
# needs to be improved
#self.shell.addUserKey({'user_id': pointer, 'key': new_key})
elif type == "node":
filtered_nodes = self.driver.testbed_shell.get_nodes({'id': pointer})
if not filtered_nodes:
raise RecordNotFound('Node with id %s'%pointer) # Node not found
node_uri = filtered_nodes[0]['uri']
return self.driver.testbed_shell.update_node(node_uri, clab_updated_fields)
return False
def _getCredentialRaw(self):
"""
Get our current credential directly from the local registry.
"""
hrn = self.hrn
auth_hrn = self.auth.get_authority(hrn)
# is this a root or sub authority
if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = self.auth.get_auth_info(auth_hrn)
# xxx although unlikely we might want to check for a potential leak
dbsession = self.dbsession()
from sfa.storage.model import RegRecord
record = dbsession.query(RegRecord).filter_by(type='authority+sa',
hrn=hrn).first()
if not record:
raise RecordNotFound(hrn)
type = record.type
object_gid = record.get_gid_object()
new_cred = Credential(subject=object_gid.get_subject())
new_cred.set_gid_caller(object_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer_keys(auth_info.get_privkey_filename(),
auth_info.get_gid_filename())
r1 = determine_rights(type, hrn)
new_cred.set_privileges(r1)
new_cred.encode()
new_cred.sign()
return new_cred
def GetSelfCredential(certificate, xnr, type):
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
origin_hrn = Certificate(string=cert).get_subject()
### authenticate the gid
# import here so we can load this module at build-time for sfa2wsdl
#from sfa.storage.alchemy import dbsession
from sfa.storage.model import RegRecord
# xxx-local - the current code runs Resolve, which would forward to
# another registry if needed
# I wonder if this is truly the intention, or shouldn't we instead
# only look in the local db ?
records = self.api.manager.Resolve(self.api, xrn, type, details=False)
if not records:
raise RecordNotFound(hrn)
record_obj = RegRecord (dict=records[0])
# xxx-local the local-only version would read
#record_obj = dbsession.query(RegRecord).filter_by(hrn=hrn).first()
#if not record_obj: raise RecordNotFound(hrn)
gid = record_obj.get_gid_object()
gid_str = gid.save_to_string(save_parents=True)
self.api.auth.authenticateGid(gid_str, [cert, type, hrn])
# authenticate the certificate against the gid in the db
certificate = Certificate(string=cert)
if not certificate.is_pubkey(gid.get_pubkey()):
for (obj,name) in [ (certificate,"CERT"), (gid,"GID"), ]:
if hasattr (obj,'filename'):
raise ConnectionKeyGIDMismatch(gid.get_subject())
return self.api.manager.GetCredential(self.api, xrn, type)
def shutdown(self, xrn, options={}):
hrn, _ = urn_to_hrn(xrn)
top_auth_hrn = top_auth(hrn)
site_hrn = '.'.join(hrn.split('.')[:-1])
slice_part = hrn.split('.')[-1]
if top_auth_hrn == self.hrn:
login_base = slice_hrn.split('.')[-2][:12]
else:
login_base = hash_loginbase(site_hrn)
slicename = '_'.join([login_base, slice_part])
slices = self.shell.GetSlices({
'peer_id': None,
'name': slicename
}, ['slice_id'])
if not slices:
raise RecordNotFound(slice_hrn)
slice_id = slices[0]['slice_id']
slice_tags = self.shell.GetSliceTags({
'slice_id': slice_id,
'tagname': 'enabled'
})
if not slice_tags:
self.shell.AddSliceTag(slice_id, 'enabled', '0')
elif slice_tags[0]['value'] != "0":
tag_id = slice_tags[0]['slice_tag_id']
self.shell.UpdateSliceTag(tag_id, '0')
return 1
def renew_sliver(self, slice_urn, slice_hrn, creds, expiration_time,
options):
slicename = hrn_to_nitos_slicename(slice_hrn)
slices = self.shell.GetSlices({'slicename': slicename}, ['slice_id'])
if not slices:
raise RecordNotFound(slice_hrn)
slice = slices[0]
requested_time = utcparse(expiration_time)
record = {'expires': int(datetime_to_epoch(requested_time))}
try:
self.shell.UpdateSlice(slice['slice_id'], record)
return True
except:
return False
def shutdown(self, xrn, options={}):
xrn = DummyXrn(xrn=xrn, type='slice')
slicename = xrn.pl_slicename()
slices = self.shell.GetSlices({'name': slicename}, ['slice_id'])
if not slices:
raise RecordNotFound(slice_hrn)
slice_id = slices[0]['slice_id']
slice_tags = self.shell.GetSliceTags({
'slice_id': slice_id,
'tagname': 'enabled'
})
if not slice_tags:
self.shell.AddSliceTag(slice_id, 'enabled', '0')
elif slice_tags[0]['value'] != "0":
tag_id = slice_tags[0]['slice_tag_id']
self.shell.UpdateSliceTag(tag_id, '0')
return 1
def call(self, xrns, creds):
# validate the credential
valid_creds = self.api.auth.checkCredentials(creds, 'getgids')
# xxxpylintxxx origin_hrn is unused..
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
# resolve the record
records = self.api.manager.Resolve(self.api, xrns, details = False)
if not records:
raise RecordNotFound(xrns)
allowed_fields = ['hrn', 'type', 'gid']
for record in records:
for key in record.keys():
if key not in allowed_fields:
del(record[key])
return records
def Remove(self, api, xrn, origin_hrn=None):
dbsession = api.dbsession()
hrn = xrn.get_hrn()
type = xrn.get_type()
request = dbsession.query(RegRecord).filter_by(hrn=hrn)
if type and type not in ['all', '*']:
request = request.filter_by(type=type)
record = request.first()
if not record:
msg = "Could not find hrn %s" % hrn
if type: msg += " type=%s" % type
raise RecordNotFound(msg)
type = record.type
if type not in ['slice', 'user', 'node', 'authority']:
raise UnknownSfaType(type)
credential = api.getCredential()
registries = api.registries
# Try to remove the object from the PLCDB of federated agg.
# This is attempted before removing the object from the local agg's PLCDB and sfa table
if hrn.startswith(api.hrn) and type in ['user', 'slice', 'authority']:
for registry in registries:
if registry not in [api.hrn]:
try:
result = registries[registry].remove_peer_object(
credential, record, origin_hrn)
except:
pass
# call testbed callback first
# IIUC this is done on the local testbed TOO because of the refreshpeer link
if not api.driver.remove(record.__dict__):
logger.warning("driver.remove failed")
# delete from sfa db
dbsession.delete(record)
dbsession.commit()
return 1
def GetCredential(self, api, xrn, type, caller_xrn=None):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = api.auth.get_auth_info(auth_hrn)
# get record info
filter = {'hrn': hrn}
if type:
filter['type'] = type
record = dbsession.query(RegRecord).filter_by(**filter).first()
if not record:
raise RecordNotFound("hrn=%s, type=%s" % (hrn, type))
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
logger.debug("get credential before augment dict, keys=%s" %
record.__dict__.keys())
self.driver.augment_records_with_testbed_info(record.__dict__)
logger.debug("get credential after augment dict, keys=%s" %
record.__dict__.keys())
if not self.driver.is_enabled(record.__dict__):
raise AccountNotEnabled(
": PlanetLab account %s is not enabled. Please contact your site PI"
% (record.email))
# get the callers gid
# if caller_xrn is not specified assume the caller is the record
# object itself.
if not caller_xrn:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
caller_hrn, caller_type = urn_to_hrn(caller_xrn)
caller_filter = {'hrn': caller_hrn}
if caller_type:
caller_filter['type'] = caller_type
caller_record = dbsession.query(RegRecord).filter_by(
**caller_filter).first()
if not caller_record:
raise RecordNotFound(
"Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"
% (caller_hrn, caller_type, hrn, type))
caller_gid = GID(string=caller_record.gid)
object_hrn = record.get_gid_object().get_hrn()
rights = api.auth.determine_user_rights(caller_hrn, record.todict())
# make sure caller has rights to this object
if rights.is_empty():
raise PermissionError(caller_hrn + " has no rights to " +
record.hrn)
object_gid = GID(string=record.gid)
new_cred = Credential(subject=object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer_keys(auth_info.get_privkey_filename(),
auth_info.get_gid_filename())
#new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
new_cred.get_privileges().delegate_all_privileges(True)
if hasattr(record, 'expires'):
date = utcparse(record.expires)
expires = datetime_to_epoch(date)
new_cred.set_expiration(int(expires))
auth_kind = "authority,ma,sa"
# Parent not necessary, verify with certs
#new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
def update_relation (self, subject_type, target_type, relation_name, subject_id, target_ids):
'''
Update the relations between objects in the testbed.
Typically it is used to add/change roles of users with respect to some resources,
e.g. defined the role of researcher for a user in a given slice.
:param subject_type: resource type (slice, node...) for which the relation is being updated. Subject of the relation update.
:type string
:param target_type: resource/entity (user) whose relation with respect to the resource indicated in subject is being changed.
Target of the relation updated.
:type string
:param relation_name: new role for the target entity with respect to the subject resource. (researcher, owner...)
:type string
:param subject_id: ID of the subject resource for which the relation is being changed (id of the slice)
:type string OR int
:param target_ids: ID or list of IDs for the entity or entities whose relation with respect to the subject resource is being updated.
:type list
:returns boolean value indicating the success of the operation
:rtype boolean
'''
# Supported: change relation type of a User for a Slice
if subject_type =='slice' and target_type == 'user':
# obtain subject slice
if isinstance(subject_id, str):
subject_id = int(subject_id)
filtered_subjects = self.driver.testbed_shell.get_slices ({'id': subject_id})
if not filtered_subjects:
raise RecordNotFound('Slice with id %s'%subject_id)
subject = filtered_subjects[0]
# Obtain group_uri the slice belongs to
group_uri = subject['group']['uri']
if not isinstance(target_ids, list):
target_ids = [target_ids]
# For each target_id (user_id) that needs its role to be changed
for target_id in target_ids:
# Get the current group roles of the user
if isinstance(target_id, str):
target_id = int(target_id)
user = self.driver.testbed_shell.get_users({'id':target_id})[0]
group_roles = user['group_roles']
# Change the roles according to the relation_update for the user
# The roles of the group that the subject slice belogs to
for role in group_roles:
# Select the group role of the group that the slice belongs to
if role['group']['uri']==group_uri:
# Prepare new relation
if relation_name == 'researcher':
role['is_researcher']=True
elif relation_name == 'technician':
role['is_technician']=True
break
# Update the user with the new group_roles
return self.driver.testbed_shell.update_user(user['uri'], {'group_roles':group_roles})
else:
raise SfaNotImplemented('Registry')
def call(self, cert, xrn, type):
"""
GetSelfCredential a degenerate version of GetCredential used by a client
to get his initial credential when de doesnt have one. This is the same as
GetCredential(..., cred = None, ...)
The registry ensures that the client is the principal that is named by
(type, name) by comparing the public key in the record's GID to the
private key used to encrypt the client side of the HTTPS connection. Thus
it is impossible for one principal to retrieve another principal's
credential without having the appropriate private key.
@param type type of object (user | slice | sa | ma | node)
@param hrn human readable name of authority to list
@return string representation of a credential object
"""
if type:
hrn = urn_to_hrn(xrn)[0]
else:
hrn, type = urn_to_hrn(xrn)
self.api.auth.verify_object_belongs_to_me(hrn)
origin_hrn = Certificate(string=cert).get_subject()
self.api.logger.info(
"interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s" %
(self.api.interface, origin_hrn, hrn, self.name))
### authenticate the gid
# import here so we can load this module at build-time for sfa2wsdl
#from sfa.storage.alchemy import dbsession
from sfa.storage.model import RegRecord
# xxx-local - the current code runs Resolve, which would forward to
# another registry if needed
# I wonder if this is truly the intention, or shouldn't we instead
# only look in the local db ?
records = self.api.manager.Resolve(self.api, xrn, type, details=False)
if not records:
raise RecordNotFound(hrn)
record_obj = RegRecord(dict=records[0])
# xxx-local the local-only version would read
#record_obj = dbsession.query(RegRecord).filter_by(hrn=hrn).first()
#if not record_obj: raise RecordNotFound(hrn)
gid = record_obj.get_gid_object()
gid_str = gid.save_to_string(save_parents=True)
self.api.auth.authenticateGid(gid_str, [cert, type, hrn])
# authenticate the certificate against the gid in the db
certificate = Certificate(string=cert)
if not certificate.is_pubkey(gid.get_pubkey()):
for (obj, name) in [
(certificate, "CERT"),
(gid, "GID"),
]:
self.api.logger.debug(
"ConnectionKeyGIDMismatch, %s pubkey: %s" %
(name, obj.get_pubkey().get_pubkey_string()))
self.api.logger.debug("ConnectionKeyGIDMismatch, %s dump: %s" %
(name, obj.dump_string()))
if hasattr(obj, 'filename'):
self.api.logger.debug(
"ConnectionKeyGIDMismatch, %s filename: %s" %
(name, obj.filename))
raise ConnectionKeyGIDMismatch(gid.get_subject())
return self.api.manager.GetCredential(self.api, xrn, type)
def Resolve(self, api, xrns, type=None, details=False):
if not isinstance(xrns, types.ListType):
# try to infer type if not set and we get a single input
if not type:
type = Xrn(xrns).get_type()
xrns = [xrns]
hrns = [urn_to_hrn(xrn)[0] for xrn in xrns]
# load all known registry names into a prefix tree and attempt to find
# the longest matching prefix
# create a dict where key is a registry hrn and its value is a list
# of hrns at that registry (determined by the known prefix tree).
xrn_dict = {}
registries = api.registries
tree = prefixTree()
registry_hrns = registries.keys()
tree.load(registry_hrns)
for xrn in xrns:
registry_hrn = tree.best_match(urn_to_hrn(xrn)[0])
if registry_hrn not in xrn_dict:
xrn_dict[registry_hrn] = []
xrn_dict[registry_hrn].append(xrn)
records = []
for registry_hrn in xrn_dict:
# skip the hrn without a registry hrn
# XX should we let the user know the authority is unknown?
if not registry_hrn:
continue
# if the best match (longest matching hrn) is not the local registry,
# forward the request
xrns = xrn_dict[registry_hrn]
if registry_hrn != api.hrn:
credential = api.getCredential()
interface = api.registries[registry_hrn]
server_proxy = api.server_proxy(interface, credential)
# should propagate the details flag but that's not supported in the xmlrpc interface yet
#peer_records = server_proxy.Resolve(xrns, credential,type, details=details)
peer_records = server_proxy.Resolve(xrns, credential)
# pass foreign records as-is
# previous code used to read
# records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
# not sure why the records coming through xmlrpc had to be processed at all
records.extend(peer_records)
# try resolving the remaining unfound records at the local registry
local_hrns = list ( set(hrns).difference([record['hrn'] for record in records]) )
#
local_records = dbsession.query(RegRecord).filter(RegRecord.hrn.in_(local_hrns))
if type:
local_records = local_records.filter_by(type=type)
local_records=local_records.all()
for local_record in local_records:
augment_with_sfa_builtins (local_record)
logger.info("Resolve, (details=%s,type=%s) local_records=%s "%(details,type,local_records))
local_dicts = [ record.__dict__ for record in local_records ]
if details:
# in details mode we get as much info as we can, which involves contacting the
# testbed for getting implementation details about the record
self.driver.augment_records_with_testbed_info(local_dicts)
# also we fill the 'url' field for known authorities
# used to be in the driver code, sounds like a poorman thing though
def solve_neighbour_url (record):
if not record.type.startswith('authority'): return
hrn=record.hrn
for neighbour_dict in [ api.aggregates, api.registries ]:
if hrn in neighbour_dict:
record.url=neighbour_dict[hrn].get_url()
return
for record in local_records:
solve_neighbour_url (record)
# convert local record objects to dicts for xmlrpc
# xxx somehow here calling dict(record) issues a weird error
# however record.todict() seems to work fine
# records.extend( [ dict(record) for record in local_records ] )
records.extend( [ record.todict(exclude_types=[InstrumentedList]) for record in local_records ] )
if not records:
raise RecordNotFound(str(hrns))
return records
def get_key_from_incoming_ip(self, api):
dbsession = api.dbsession()
# verify that the callers's ip address exist in the db and is an interface
# for a node in the db
(ip, port) = api.remote_addr
interfaces = api.driver.shell.GetInterfaces({'ip': ip}, ['node_id'])
if not interfaces:
raise NonExistingRecord("no such ip %(ip)s" % locals())
nodes = api.driver.shell.GetNodes([interfaces[0]['node_id']],
['node_id', 'hostname'])
if not nodes:
raise NonExistingRecord("no such node using ip %(ip)s" % locals())
node = nodes[0]
# look up the sfa record
record = dbsession.query(RegRecord).filter_by(
type='node', pointer=node['node_id']).first()
if not record:
raise RecordNotFound("node with pointer %s" % node['node_id'])
# generate a new keypair and gid
uuid = create_uuid()
pkey = Keypair(create=True)
urn = hrn_to_urn(record.hrn, record.type)
gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record.gid = gid
# update the record
dbsession.commit()
# attempt the scp the key
# and gid onto the node
# this will only work for planetlab based components
(kfd, key_filename) = tempfile.mkstemp()
(gfd, gid_filename) = tempfile.mkstemp()
pkey.save_to_file(key_filename)
gid_object.save_to_file(gid_filename, save_parents=True)
host = node['hostname']
key_dest = "/etc/sfa/node.key"
gid_dest = "/etc/sfa/node.gid"
scp = "/usr/bin/scp"
#identity = "/etc/planetlab/root_ssh_key.rsa"
identity = "/etc/sfa/root_ssh_key"
scp_options = " -i %(identity)s " % locals()
scp_options += "-o StrictHostKeyChecking=no " % locals()
scp_key_command="%(scp)s %(scp_options)s %(key_filename)s root@%(host)s:%(key_dest)s" %\
locals()
scp_gid_command="%(scp)s %(scp_options)s %(gid_filename)s root@%(host)s:%(gid_dest)s" %\
locals()
all_commands = [scp_key_command, scp_gid_command]
for command in all_commands:
(status, output) = commands.getstatusoutput(command)
if status:
raise Exception, output
for filename in [key_filename, gid_filename]:
os.unlink(filename)
return 1
def Update(self, api, record_dict):
dbsession = api.dbsession()
assert ('type' in record_dict)
new_record = make_record(dict=record_dict)
(type, hrn) = (new_record.type, new_record.hrn)
# make sure the record exists
record = dbsession.query(RegRecord).filter_by(type=type,
hrn=hrn).first()
if not record:
raise RecordNotFound("hrn=%s, type=%s" % (hrn, type))
record.just_updated()
# Use the pointer from the existing record, not the one that the user
# gave us. This prevents the user from inserting a forged pointer
pointer = record.pointer
# is there a change in keys ?
new_key = None
if type == 'user':
if getattr(new_record, 'keys', None):
new_key = new_record.keys
if isinstance(new_key, types.ListType):
new_key = new_key[0]
# take new_key into account
if new_key:
# update the openssl key and gid
pkey = convert_public_key(new_key)
uuid = create_uuid()
urn = hrn_to_urn(hrn, type)
gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
# xxx should do side effects from new_record to record
# not too sure how to do that
# not too big a deal with planetlab as the driver is authoritative, but...
# update native relations
if isinstance(record, RegSlice):
researcher_hrns = getattr(new_record, 'researcher', None)
if researcher_hrns is not None:
record.update_researchers(researcher_hrns, dbsession)
elif isinstance(record, RegAuthority):
pi_hrns = getattr(new_record, 'pi', None)
if pi_hrns is not None: record.update_pis(pi_hrns, dbsession)
# update the PLC information that was specified with the record
# xxx oddly enough, without this useless statement,
# record.__dict__ as received by the driver seems to be off
# anyway the driver should receive an object
# (and then extract __dict__ itself if needed)
print "DO NOT REMOVE ME before driver.update, record=%s" % record
new_key_pointer = -1
try:
(pointer,
new_key_pointer) = api.driver.update(record.__dict__,
new_record.__dict__, hrn,
new_key)
except:
pass
if new_key and new_key_pointer:
record.reg_keys = [RegKey(new_key, new_key_pointer)]
record.gid = gid
dbsession.commit()
# update membership for researchers, pis, owners, operators
self.update_driver_relations(api, record, new_record)
return 1
