예제 #1
0
def confirm_requests(request):
    """Confirm the approval of the permission requests."""

    approved_req_ids = request.session.setdefault("approved_req_ids", [])
    delegatable_req_ids = request.session.setdefault("delegatable_req_ids", [])
    denied_req_ids = request.session.setdefault("denied_req_ids", [])

    approved_reqs = []
    for req_id in approved_req_ids:
        req = get_object_or_404(PermissionRequest, id=req_id)
        delegatable = req_id in delegatable_req_ids
        approved_reqs.append((req, delegatable))

    denied_reqs = []
    for req_id in denied_req_ids:
        denied_reqs.append(get_object_or_404(PermissionRequest, id=req_id))

    if request.method == "POST":
        # check if confirmed and then do actions.
        if request.POST.get("post", "no") == "yes":
            for req in denied_reqs:
                req.deny()
                #                DatedMessage.objects.post_message_to_user(
                #                    "Request for permission %s for object %s denied."
                #                    % (req.requested_permission.permission.name,
                #                       req.requested_permission.target),
                #                    user=req.requesting_user,
                #                    sender=req.permission_owner,
                #                    msg_type=DatedMessage.TYPE_WARNING)

                post_message = "Request for %s denied." % str(
                    req.requested_permission.target).capitalize()
                if req.requested_permission.permission.name == "can_create_project":
                    # Removes "* Project name: "
                    try:
                        project_name = req.message.split("||")[0].strip()[16:]
                        post_message = "Request for project %s creation denied." % project_name

                        # Notify requesting user
                        try:
                            send_mail(
                                settings.EMAIL_SUBJECT_PREFIX +
                                "Denied project request for '%s'" %
                                (project_name),
                                "Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details."
                                % project_name,
                                from_email=settings.DEFAULT_FROM_EMAIL,
                                recipient_list=[req.requesting_user.email],
                            )
                        except Exception as e:
                            print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(
                                e)

                    except:
                        pass
                # -------------------------------------------
                # It is not about permission granting anymore
                # -------------------------------------------
                # Notify requesting user
                DatedMessage.objects.post_message_to_user(
                    post_message,
                    user=req.requesting_user,
                    sender=req.permission_owner,
                    msg_type=DatedMessage.TYPE_WARNING)

                # Notify user with permission (e.g. root)
                DatedMessage.objects.post_message_to_user(
                    post_message,
                    user=request.user,
                    sender=req.permission_owner,
                    msg_type=DatedMessage.TYPE_WARNING)

            for req, delegate in approved_reqs:
                # --------------------------------------------------------
                # Do NOT grant permission to create projects in the future
                # --------------------------------------------------------
                #                req.allow(can_delegate=delegate)
                req.deny()
                #                DatedMessage.objects.post_message_to_user(
                #                    "Request for permission %s for object %s approved."
                #                    % (req.requested_permission.permission.name,
                #                       req.requested_permission.target),
                #                    user=req.requesting_user,
                #                    sender=req.permission_owner,
                #                    msg_type=DatedMessage.TYPE_SUCCESS)

                post_message = "Request for %s approved." % str(
                    req.requested_permission.target).capitalize()
                permission_user_post = post_message
                requesting_user_post = post_message
                email_header = post_message
                email_body = "%s." % post_message
                message_type = DatedMessage.TYPE_SUCCESS
                # ---------------------------------------
                # Project will be created in a direct way
                # ---------------------------------------
                if req.requested_permission.permission.name == "can_create_project":
                    project_name = ""
                    try:
                        project = Project()
                        project.uuid = uuid.uuid4()
                        message = req.message.split("||")
                        # Removes "* Project name: "
                        project.name = message[0].strip()[16:]
                        project_name = project.name
                        # Removes "* Project description: "
                        project.description = message[3].strip()[23:]
                        post_message = "Successfully created project %s" % project.name
                        project.save()
                        create_project_roles(project, req.requesting_user)
                        project.save()
                        email_header = "Approved project request for '%s'" % project_name
                        email_body = "Your request for the creation of project '%s' has been approved." % project_name
                    except Exception as e:
                        # Any error when creating a project results into:
                        # 1. Denying the petition
                        # 2. Notifying user in their Expedient
                        # 3. Notifying user via e-mail
                        post_message = "Project '%s' could not be created" % project_name
                        permission_user_post = post_message
                        requesting_user_post = post_message

                        # Handle exception text for user
                        if "duplicate entry" in str(e).lower():
                            email_body = "There is already a project with name '%s'. Try using a different name" % project_name
                            requesting_user_post += ". Details: project '%s' already exists" % project_name
                        else:
                            email_body = "There might have been a problem when interpreting the information for project '%s'" % str(
                                project_name)
                        requesting_user_post += ". Contact your Island Manager for further details"

                        # Handle exception text for admin
                        if "Details" not in post_message:
                            permission_user_post = "%s. Details: %s" % (
                                post_message, str(e))

                        message_type = DatedMessage.TYPE_ERROR
                        # Email for requesting user
                        email_header = "Denied project request for '%s'" % project_name
                        email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % (
                            project_name, email_body)

                    # Notify requesting user
                    DatedMessage.objects.post_message_to_user(
                        requesting_user_post,
                        user=req.requesting_user,
                        sender=req.permission_owner,
                        msg_type=message_type)

                    try:
                        send_mail(
                            settings.EMAIL_SUBJECT_PREFIX + email_header,
                            email_body,
                            from_email=settings.DEFAULT_FROM_EMAIL,
                            recipient_list=[req.requesting_user.email],
                        )
                    except Exception as e:
                        print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(
                            e)

                    # Notify user with permission (e.g. root)
                    DatedMessage.objects.post_message_to_user(
                        permission_user_post,
                        user=request.user,
                        sender=req.permission_owner,
                        msg_type=message_type)

        # After this post we will be done with all this information
        del request.session["approved_req_ids"]
        del request.session["delegatable_req_ids"]
        del request.session["denied_req_ids"]

        return HttpResponseRedirect(reverse("home"))

    else:
        return direct_to_template(request=request,
                                  template=TEMPLATE_PATH +
                                  "/confirm_requests.html",
                                  extra_context={
                                      "approved_reqs": approved_reqs,
                                      "denied_reqs": denied_reqs,
                                  })
예제 #2
0
def CreateSliver(slice_urn, rspec, user):
    (project_name, project_desc, slice_name, slice_desc, slice_expiry,
    controller_url, firstname, lastname, affiliation,
    email, password, slivers) = rspec_mod.parse_slice(rspec)

    logger.debug("Parsed Rspec")
    
    slice_expiry = datetime.fromtimestamp(slice_expiry)

    give_permission_to("can_create_project", Project, user)

    user.first_name = firstname
    user.last_name = lastname
    user.email = email
    profile = UserProfile.get_or_create_profile(user)
    profile.affiliation = affiliation
    user.save()
    profile.save()
    
    # Check if the slice exists
    try:
        slice = get_slice(slice_urn)
        # update the slice info
        slice.description = slice_desc
        slice.name = slice_name
        slice.expiration_date = slice_expiry
        slice.save()
        # update the project info
        slice.project.name = project_name
        slice.project.description = project_desc
        slice.project.save()
        project = slice.project
    except Slice.DoesNotExist:
        # Check if the project exists
        try:
            project = Project.objects.get(name=project_name)
            # update the project info
            logger.debug("Updating project")
            project.description = project_desc
            project.save()
        except Project.DoesNotExist:
            # create the project
            logger.debug("Creating project")
            project = Project.objects.create(
                name=project_name,
                description=project_desc,
            )
            create_project_roles(project, user)
        
        # create the slice
        logger.debug("Creating slice")
        
        try:
            slice = Slice.objects.create(
                name=slice_name,
                description=slice_desc,
                project=project,
                owner=user,
                expiration_date = slice_expiry,
            )
        except IntegrityError:
            raise DuplicateSliceNameException(slice_name)

    logger.debug("Creating/updating slice info")
    
    # create openflow slice info for the slice
    create_or_update(
        OpenFlowSliceInfo,
        filter_attrs={"slice": slice},
        new_attrs={
            "controller_url": controller_url,
            "password": password,
        },
    )
    
    logger.debug("creating gapislice")

    # store a pointer to this slice using the slice_urn
    create_or_update(
        GENISliceInfo,
        filter_attrs={
            "slice": slice,
        },
        new_attrs={
            "slice_urn": slice_urn,
        },
    )
    
    logger.debug("adding resources")

    sliver_ids = []
    
    # delete all flowspace in the slice
    FlowSpaceRule.objects.filter(slivers__slice=slice).delete()
    
    # add the new flowspace
    for fs_dict, iface_qs in slivers:
        # give the user, project, slice permission to use the aggregate
        aggregate_ids = list(iface_qs.values_list("aggregate", flat=True))
        for agg_id in aggregate_ids:
            aggregate = Aggregate.objects.get(id=agg_id).as_leaf_class()
            give_permission_to("can_use_aggregate", aggregate, user)
            give_permission_to("can_use_aggregate", aggregate, project)
            give_permission_to("can_use_aggregate", aggregate, slice)

        # Create flowspace
        logger.debug("Creating flowspace %s" % fs_dict)
        fs = FlowSpaceRule.objects.create(**fs_dict)

        # make sure all the selected interfaces are added
        for iface in iface_qs:
            sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
                slice=slice, resource=iface)
            sliver_ids.append(sliver.id)
            fs.slivers.add(sliver)
        
    logger.debug("Deleting old resources")

    # Delete all removed interfaces
    OpenFlowInterfaceSliver.objects.exclude(id__in=sliver_ids).delete()
        
    logger.debug("Starting the slice %s %s" % (slice, slice.name))
    
    # make the reservation
    tl = threadlocals.get_thread_locals()
    tl["project"] = project
    tl["slice"] = slice
    slice.start(user)
    logger.debug("Done creating sliver")

    return rspec_mod.create_resv_rspec(user, slice)
예제 #3
0
def confirm_requests(request):
    """Confirm the approval of the permission requests."""
    
    approved_req_ids = request.session.setdefault("approved_req_ids", [])
    delegatable_req_ids = request.session.setdefault("delegatable_req_ids", [])
    denied_req_ids = request.session.setdefault("denied_req_ids", [])

    approved_reqs = []
    for req_id in approved_req_ids:
        req = get_object_or_404(PermissionRequest, id=req_id)
        delegatable = req_id in delegatable_req_ids
        approved_reqs.append((req, delegatable))
    
    denied_reqs = []
    for req_id in denied_req_ids:
        denied_reqs.append(
            get_object_or_404(PermissionRequest, id=req_id))

    if request.method == "POST":
        # check if confirmed and then do actions.
        if request.POST.get("post", "no") == "yes":
            for req in denied_reqs:
                req.deny()
#                DatedMessage.objects.post_message_to_user(
#                    "Request for permission %s for object %s denied."
#                    % (req.requested_permission.permission.name,
#                       req.requested_permission.target),
#                    user=req.requesting_user,
#                    sender=req.permission_owner,
#                    msg_type=DatedMessage.TYPE_WARNING)

                post_message = "Request for %s denied." % str(req.requested_permission.target).capitalize()
                if req.requested_permission.permission.name == "can_create_project":
                    # Removes "* Project name: "
                    try:
                        project_name = req.message.split("||")[0].strip()[16:]
                        post_message = "Request for project %s creation denied." % project_name

                        # Notify requesting user
                        try:
                            send_mail(
                                     settings.EMAIL_SUBJECT_PREFIX + "Denied project request for '%s'" % (project_name),
                                     "Your request for the creation of project '%s' has been denied.\n\n\nYou may want to get in contact with the Island Manager for further details." % project_name, 
                                     from_email = settings.DEFAULT_FROM_EMAIL,
                                     recipient_list = [req.requesting_user.email],
                             )
                        except Exception as e:
                            print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)

                    except:
                        pass
                # -------------------------------------------
                # It is not about permission granting anymore
                # -------------------------------------------
                # Notify requesting user
                DatedMessage.objects.post_message_to_user(
                    post_message,
                    user = req.requesting_user,
                    sender = req.permission_owner,
                    msg_type = DatedMessage.TYPE_WARNING)

                # Notify user with permission (e.g. root)
                DatedMessage.objects.post_message_to_user(
                    post_message,
                    user = request.user,
                    sender = req.permission_owner,
                    msg_type = DatedMessage.TYPE_WARNING)

            for req, delegate in approved_reqs:
                # --------------------------------------------------------
                # Do NOT grant permission to create projects in the future
                # --------------------------------------------------------
#                req.allow(can_delegate=delegate)
                req.deny()
#                DatedMessage.objects.post_message_to_user(
#                    "Request for permission %s for object %s approved."
#                    % (req.requested_permission.permission.name,
#                       req.requested_permission.target),
#                    user=req.requesting_user,
#                    sender=req.permission_owner,
#                    msg_type=DatedMessage.TYPE_SUCCESS)

                post_message = "Request for %s approved." % str(req.requested_permission.target).capitalize()
                permission_user_post = post_message
                requesting_user_post = post_message
                email_header = post_message
                email_body = "%s." % post_message
                message_type = DatedMessage.TYPE_SUCCESS
                # ---------------------------------------
                # Project will be created in a direct way
                # ---------------------------------------
                if req.requested_permission.permission.name == "can_create_project":
                    project_name = ""
                    try:
                        project = Project()
                        project.uuid = uuid.uuid4()
                        message = req.message.split("||")
                        # Removes "* Project name: "
                        project.name = message[0].strip()[16:]
                        project_name = project.name
                        # Removes "* Project description: "
                        project.description = message[3].strip()[23:]
                        project.urn = 'n/a'
                        #import pdb; pdb.set_trace()
                        if settings.ENABLE_CBAS:
                            user_profile = UserProfile.get_or_create_profile(req.requesting_user)
                            cert = user_profile.certificate
                            creds = user_profile.credentials
                            project_urn = create_project(certificate=cert, credentials=creds,
                                                    project_name=project.name, project_desc=project.description)
                            if project_urn:
                                project.urn = project_urn

                        post_message = "Successfully created project %s" % project.name
                        project.save()
                        create_project_roles(project, req.requesting_user)
                        project.save()
                        email_header = "Approved project request for '%s'" % project_name
                        email_body = "Your request for the creation of project '%s' has been approved." % project_name
                    except Exception as e:
                        # Any error when creating a project results into:
                            # 1. Denying the petition
                            # 2. Notifying user in their Expedient
                            # 3. Notifying user via e-mail
                        post_message = "Project '%s' could not be created" % project_name
                        permission_user_post = post_message
                        requesting_user_post = post_message

                        # Handle exception text for user
                        if "duplicate entry" in str(e).lower():
                            email_body = "There is already a project with name '%s'. Try using a different name" % project_name
                            requesting_user_post += ". Details: project '%s' already exists" % project_name
                        else:
                            email_body = "There might have been a problem when interpreting the information for project '%s'" % str(project_name)
                        requesting_user_post += ". Contact your Island Manager for further details"

                        # Handle exception text for admin
                        if "Details" not in post_message:
                            permission_user_post = "%s. Details: %s" % (post_message, str(e))

                        message_type = DatedMessage.TYPE_ERROR
                        # Email for requesting user
                        email_header = "Denied project request for '%s'" % project_name
                        email_body = "Your request for the creation of project '%s' has been denied because of the following causes:\n\n%s\n\n\nYou may want to get in contact with the Island Manager for further details." % (project_name, email_body)

                    # Notify requesting user
                    DatedMessage.objects.post_message_to_user(
                        requesting_user_post,
                        user = req.requesting_user,
                        sender = req.permission_owner,
                        msg_type = message_type)

                    try:
                        send_mail(
                                 settings.EMAIL_SUBJECT_PREFIX + email_header,
                                 email_body,
                                 from_email = settings.DEFAULT_FROM_EMAIL,
                                 recipient_list = [req.requesting_user.email],
                         )
                    except Exception as e:
                        print "[WARNING] User e-mail notification could not be sent. Details: %s" % str(e)

                    # Notify user with permission (e.g. root)
                    DatedMessage.objects.post_message_to_user(
                        permission_user_post,
                        user = request.user,
                        sender = req.permission_owner,
                        msg_type = message_type)
                    

        # After this post we will be done with all this information
        del request.session["approved_req_ids"]
        del request.session["delegatable_req_ids"]
        del request.session["denied_req_ids"]
        
        return HttpResponseRedirect(reverse("home"))
    
    else:
        return direct_to_template(
            request=request,
            template=TEMPLATE_PATH+"/confirm_requests.html",
            extra_context={
                "approved_reqs": approved_reqs,
                "denied_reqs": denied_reqs,
            }
        )
    def handle_noargs(self, **options):
        
        username = options.get("username")
        password = options.get("password")
        
        filename = options.get("filename")
        do_aggs = options.get("load_aggs")
        do_slices = options.get("load_slices")
        start_slices = options.get("start_slices")
        append = options.get("append")
        
        f = open(filename)
        data = load(f)
        f.close()
        
        client = Client()
        client.login(username=username, password=password)

        user = User.objects.get(username=username)
        threadlocals.get_thread_locals()["user"] = user

        if do_aggs:
            for agg_dict in data["aggregates"]:
                resp = test_get_and_post_form(
                    client, reverse("openflow_aggregate_create"),
                    agg_dict,
                )
                
                assert(resp.status_code == 302)
                assert(
                    re.search(
                        r"/openflow/aggregate/\d+/links/$",
                        resp["Location"]))
        if do_slices:
            for project_dict in data["projects"]:
                project, _ = Project.objects.get_or_create(
                    name=project_dict["name"],
                    description=project_dict["description"],
                )
                create_project_roles(project, user)
                threadlocals.get_thread_locals()["project"] = project
                
                # add aggregates to project
                for aggregate in OpenFlowAggregate.objects.all():
                    give_permission_to("can_use_aggregate", aggregate, user)
                    give_permission_to("can_use_aggregate", aggregate, project)

                for aggregate in GCFOpenFlowAggregate.objects.all():
                    give_permission_to("can_use_aggregate", aggregate, user)
                    give_permission_to("can_use_aggregate", aggregate, project)
                
                # add slices to project
                for slice_dict in project_dict["slices"]:
                    slice = Slice.objects.create(
                        name=slice_dict["name"],
                        description=slice_dict["description"],
                        project=project,
                        owner=user,
                    )
                
                    OpenFlowSliceInfo.objects.create(
                        slice=slice,
                        controller_url=slice_dict["controller_url"],
                        password=slice_dict["password"],
                    )

                    info, _ = GENISliceInfo.objects.get_or_create(
                        slice=slice,
                    )
                    
                    if not info.ssh_private_key or not info.ssh_public_key:
                        info.generate_ssh_keys()
                        info.save()
                    
                    # add aggregates to slices
                    for aggregate in OpenFlowAggregate.objects.all():
                        give_permission_to("can_use_aggregate", aggregate, slice)

                    for aggregate in GCFOpenFlowAggregate.objects.all():
                        give_permission_to("can_use_aggregate", aggregate, slice)
                    
                    # add slivers
                    slivers = []
                    for dpid, port in slice_dict["ifaces"]:
                        try:
                            sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
                                slice=slice,
                                resource=OpenFlowInterface.objects.get(
                                    port_num=port, switch__datapath_id=dpid),
                            )
                            slivers.append(sliver)
                        except OpenFlowInterface.DoesNotExist:
                            continue
                        
                    # add flowspace
                    for sfs_dict in slice_dict["sfs"]:
                        fs_dict = {}
                        for attr in "dl_src", "dl_dst", "dl_type", "vlan_id", \
                        "nw_src", "nw_dst", "nw_proto", "tp_dst", "tp_src":
                            fs_dict[attr+"_start"] = sfs_dict[attr]
                            fs_dict[attr+"_end"] = sfs_dict[attr]
                        
                        fs = FlowSpaceRule.objects.create(**fs_dict)
                        
                        for sliver in slivers:
                            fs.slivers.add(sliver)
                            
                    if start_slices:
                        tl = threadlocals.get_thread_locals()
                        tl["project"] = project
                        tl["slice"] = slice
                        slice.start(user)
예제 #5
0
    def handle_noargs(self, **options):

        username = options.get("username")
        password = options.get("password")

        filename = options.get("filename")
        do_aggs = options.get("load_aggs")
        do_slices = options.get("load_slices")
        start_slices = options.get("start_slices")
        append = options.get("append")

        f = open(filename)
        data = load(f)
        f.close()

        client = Client()
        client.login(username=username, password=password)

        user = User.objects.get(username=username)
        threadlocals.get_thread_locals()["user"] = user

        if do_aggs:
            for agg_dict in data["aggregates"]:
                resp = test_get_and_post_form(
                    client,
                    reverse("openflow_aggregate_create"),
                    agg_dict,
                )

                assert (resp.status_code == 302)
                assert (re.search(r"/openflow/aggregate/\d+/links/$",
                                  resp["Location"]))
        if do_slices:
            for project_dict in data["projects"]:
                project, _ = Project.objects.get_or_create(
                    name=project_dict["name"],
                    description=project_dict["description"],
                )
                create_project_roles(project, user)
                threadlocals.get_thread_locals()["project"] = project

                # add aggregates to project
                for aggregate in OpenFlowAggregate.objects.all():
                    give_permission_to("can_use_aggregate", aggregate, user)
                    give_permission_to("can_use_aggregate", aggregate, project)

                for aggregate in GCFOpenFlowAggregate.objects.all():
                    give_permission_to("can_use_aggregate", aggregate, user)
                    give_permission_to("can_use_aggregate", aggregate, project)

                # add slices to project
                for slice_dict in project_dict["slices"]:
                    slice = Slice.objects.create(
                        name=slice_dict["name"],
                        description=slice_dict["description"],
                        project=project,
                        owner=user,
                    )

                    OpenFlowSliceInfo.objects.create(
                        slice=slice,
                        controller_url=slice_dict["controller_url"],
                        password=slice_dict["password"],
                    )

                    info, _ = GENISliceInfo.objects.get_or_create(
                        slice=slice, )

                    if not info.ssh_private_key or not info.ssh_public_key:
                        info.generate_ssh_keys()
                        info.save()

                    # add aggregates to slices
                    for aggregate in OpenFlowAggregate.objects.all():
                        give_permission_to("can_use_aggregate", aggregate,
                                           slice)

                    for aggregate in GCFOpenFlowAggregate.objects.all():
                        give_permission_to("can_use_aggregate", aggregate,
                                           slice)

                    # add slivers
                    slivers = []
                    for dpid, port in slice_dict["ifaces"]:
                        try:
                            sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
                                slice=slice,
                                resource=OpenFlowInterface.objects.get(
                                    port_num=port, switch__datapath_id=dpid),
                            )
                            slivers.append(sliver)
                        except OpenFlowInterface.DoesNotExist:
                            continue

                    # add flowspace
                    for sfs_dict in slice_dict["sfs"]:
                        fs_dict = {}
                        for attr in "dl_src", "dl_dst", "dl_type", "vlan_id", \
                        "nw_src", "nw_dst", "nw_proto", "tp_dst", "tp_src":
                            fs_dict[attr + "_start"] = sfs_dict[attr]
                            fs_dict[attr + "_end"] = sfs_dict[attr]

                        fs = FlowSpaceRule.objects.create(**fs_dict)

                        for sliver in slivers:
                            fs.slivers.add(sliver)

                    if start_slices:
                        tl = threadlocals.get_thread_locals()
                        tl["project"] = project
                        tl["slice"] = slice
                        slice.start(user)
예제 #6
0
파일: gapi.py 프로젝트: cargious/ocf
def CreateSliver(slice_urn, rspec, user):
    (project_name, project_desc, slice_name, slice_desc, slice_expiry,
     controller_url, firstname, lastname, affiliation, email, password,
     slivers) = rspec_mod.parse_slice(rspec)

    logger.debug("Parsed Rspec")

    slice_expiry = datetime.fromtimestamp(slice_expiry)

    give_permission_to("can_create_project", Project, user)

    user.first_name = firstname
    user.last_name = lastname
    user.email = email
    profile = UserProfile.get_or_create_profile(user)
    profile.affiliation = affiliation
    user.save()
    profile.save()

    # Check if the slice exists
    try:
        slice = get_slice(slice_urn)
        # update the slice info
        slice.description = slice_desc
        slice.name = slice_name
        slice.expiration_date = slice_expiry
        slice.save()
        # update the project info
        slice.project.name = project_name
        slice.project.description = project_desc
        slice.project.save()
        project = slice.project
    except Slice.DoesNotExist:
        # Check if the project exists
        try:
            project = Project.objects.get(name=project_name)
            # update the project info
            logger.debug("Updating project")
            project.description = project_desc
            project.save()
        except Project.DoesNotExist:
            # create the project
            logger.debug("Creating project")
            project = Project.objects.create(
                name=project_name,
                description=project_desc,
            )
            create_project_roles(project, user)

        # create the slice
        logger.debug("Creating slice")

        try:
            slice = Slice.objects.create(
                name=slice_name,
                description=slice_desc,
                project=project,
                owner=user,
                expiration_date=slice_expiry,
            )
        except IntegrityError:
            raise DuplicateSliceNameException(slice_name)

    logger.debug("Creating/updating slice info")

    # create openflow slice info for the slice
    create_or_update(
        OpenFlowSliceInfo,
        filter_attrs={"slice": slice},
        new_attrs={
            "controller_url": controller_url,
            "password": password,
        },
    )

    logger.debug("creating gapislice")

    # store a pointer to this slice using the slice_urn
    create_or_update(
        GENISliceInfo,
        filter_attrs={
            "slice": slice,
        },
        new_attrs={
            "slice_urn": slice_urn,
        },
    )

    logger.debug("adding resources")

    sliver_ids = []

    # delete all flowspace in the slice
    FlowSpaceRule.objects.filter(slivers__slice=slice).delete()

    # add the new flowspace
    for fs_dict, iface_qs in slivers:
        # give the user, project, slice permission to use the aggregate
        aggregate_ids = list(iface_qs.values_list("aggregate", flat=True))
        for agg_id in aggregate_ids:
            aggregate = Aggregate.objects.get(id=agg_id).as_leaf_class()
            give_permission_to("can_use_aggregate", aggregate, user)
            give_permission_to("can_use_aggregate", aggregate, project)
            give_permission_to("can_use_aggregate", aggregate, slice)

        # Create flowspace
        logger.debug("Creating flowspace %s" % fs_dict)
        fs = FlowSpaceRule.objects.create(**fs_dict)

        # make sure all the selected interfaces are added
        for iface in iface_qs:
            sliver, _ = OpenFlowInterfaceSliver.objects.get_or_create(
                slice=slice, resource=iface)
            sliver_ids.append(sliver.id)
            fs.slivers.add(sliver)

    logger.debug("Deleting old resources")

    # Delete all removed interfaces
    OpenFlowInterfaceSliver.objects.exclude(id__in=sliver_ids).delete()

    logger.debug("Starting the slice %s %s" % (slice, slice.name))

    # make the reservation
    tl = threadlocals.get_thread_locals()
    tl["project"] = project
    tl["slice"] = slice
    slice.start(user)
    logger.debug("Done creating sliver")

    return rspec_mod.create_resv_rspec(user, slice)