def call(self, xrn, creds, rspec, options): xrn = Xrn(xrn, type='slice') # Find the valid credentials valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'createsliver', xrn.get_hrn(), options=options) the_credential = Credential(cred=valid_creds[0]) # use the expiration from the first valid credential to determine when # the slivers should expire. expiration = datetime_to_string(the_credential.expiration) self.api.logger.debug("Allocate, received expiration from credential: %s"%expiration) # turned off, as passing an empty rspec is indeed useful for cleaning up the slice # # make sure request is not empty # slivers = RSpec(rspec).version.get_nodes_with_slivers() # if not slivers: # raise InvalidRSpec("Missing <sliver_type> or <sliver> element. Request rspec must explicitly allocate slivers") # flter rspec through sfatables if self.api.interface in ['aggregate']: chain_name = 'INCOMING' elif self.api.interface in ['slicemgr']: chain_name = 'FORWARD-INCOMING' self.api.logger.debug("Allocate: sfatables on chain %s"%chain_name) actual_caller_hrn = the_credential.actual_caller_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, actual_caller_hrn, xrn.get_hrn(), self.name)) rspec = run_sfatables(chain_name, xrn.get_hrn(), actual_caller_hrn, rspec) # turned off, as passing an empty rspec is indeed useful for cleaning up the slice # slivers = RSpec(rspec).version.get_nodes_with_slivers() # if not slivers: # raise SfatablesRejected(slice_xrn) # pass this to the driver code in case they need it options['actual_caller_hrn'] = actual_caller_hrn result = self.api.manager.Allocate(self.api, xrn.get_urn(), creds, rspec, expiration, options) return result
def call(self, urns, creds, expiration_time, options): # Find the valid credentials valid_creds = self.api.auth.checkCredentialsSpeaksFor(creds, 'renewsliver', urns, check_sliver_callback = self.api.driver.check_sliver_credentials, options=options) the_credential = Credential(cred=valid_creds[0]) actual_caller_hrn = the_credential.actual_caller_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-urns: %s\texpiration:%s\tmethod-name: %s"%\ (self.api.interface, actual_caller_hrn, urns, expiration_time,self.name)) # extend as long as possible : take the min of requested and now+SFA_MAX_SLICE_RENEW if options.get('geni_extend_alap'): # ignore requested time and set to max expiration_time = add_datetime(datetime.datetime.utcnow(), days=int(self.api.config.SFA_MAX_SLICE_RENEW)) # Validate that the time does not go beyond the credential's expiration time requested_expire = utcparse(expiration_time) self.api.logger.info("requested_expire = %s"%requested_expire) credential_expire = the_credential.get_expiration() self.api.logger.info("credential_expire = %s"%credential_expire) max_renew_days = int(self.api.config.SFA_MAX_SLICE_RENEW) max_expire = datetime.datetime.utcnow() + datetime.timedelta (days=max_renew_days) if requested_expire > credential_expire: # used to throw an InsufficientRights exception here, this was not right self.api.logger.warning("Requested expiration %s, after credential expiration (%s) -> trimming to the latter/sooner"%\ (requested_expire, credential_expire)) requested_expire = credential_expire if requested_expire > max_expire: # likewise self.api.logger.warning("Requested expiration %s, after maximal expiration %s days (%s) -> trimming to the latter/sooner"%\ (requested_expire, self.api.config.SFA_MAX_SLICE_RENEW,max_expire)) requested_expire = max_expire return self.api.manager.Renew(self.api, urns, creds, requested_expire, options)