Public Member Functions | |
| def | __init__ |
| Create the hierarchy object. | |
| def | get_auth_filenames |
| Given a hrn, return the filenames of the GID, private key, and dbinfo files. | |
| def | auth_exists |
| Check to see if an authority exists. | |
| def | create_auth |
| Create an authority. | |
| def | get_auth_info |
| Return the AuthInfo object for the specified authority. | |
| def | create_gid |
| Create a new GID. | |
| def | refresh_gid |
| Refresh a GID. | |
| def | get_auth_cred |
| Retrieve an authority credential for an authority. | |
| def | get_auth_ticket |
| Retrieve an authority ticket. | |
Public Attributes | |
| basedir | |
Each authority is a node in the tree and exists as an AuthInfo object.
The tree is stored on disk in a hierarchical manner than reflects the structure of the tree. Each authority is a subdirectory, and each subdirectory contains the GID, pkey, and dbinfo files for that authority (as well as subdirectories for each sub-authority)
| def geni::util::hierarchy::Hierarchy::__init__ | ( | self, | ||
basedir = None | ||||
| ) |
| def geni::util::hierarchy::Hierarchy::get_auth_filenames | ( | self, | ||
| hrn | ||||
| ) |
Given a hrn, return the filenames of the GID, private key, and dbinfo files.
| hrn | the human readable name of the authority |
| def geni::util::hierarchy::Hierarchy::auth_exists | ( | self, | ||
| hrn | ||||
| ) |
Check to see if an authority exists.
An authority exists if it's disk files exist.
| the | human readable name of the authority to check |
| def geni::util::hierarchy::Hierarchy::create_auth | ( | self, | ||
| hrn, | ||||
create_parents = False | ||||
| ) |
Create an authority.
A private key for the authority and the associated GID are created and signed by the parent authority.
| hrn | the human readable name of the authority to create | |
| create_parents | if true, also create the parents if they do not exist |
| def geni::util::hierarchy::Hierarchy::get_auth_info | ( | self, | ||
| hrn | ||||
| ) |
Return the AuthInfo object for the specified authority.
If the authority does not exist, then an exception is thrown. As a side effect, disk files and a subdirectory may be created to store the authority.
| hrn | the human readable name of the authority to create. |
| def geni::util::hierarchy::Hierarchy::create_gid | ( | self, | ||
| hrn, | ||||
| uuid, | ||||
| pkey | ||||
| ) |
Create a new GID.
The GID will be signed by the authority that is it's immediate parent in the hierarchy (and recursively, the parents' GID will be signed by its parent)
| hrn | the human readable name to store in the GID | |
| uuid | the unique identifier to store in the GID | |
| pkey | the public key to store in the GID |
| def geni::util::hierarchy::Hierarchy::refresh_gid | ( | self, | ||
| gid, | ||||
hrn = None, |
||||
uuid = None, |
||||
pubkey = None | ||||
| ) |
Refresh a GID.
The primary use of this function is to refresh the the expiration time of the GID. It may also be used to change the HRN, UUID, or Public key of the GID.
| gid | the GID to refresh | |
| hrn | if !=None, change the hrn | |
| uuid | if !=None, change the uuid | |
| pubkey | if !=None, change the public key |
| def geni::util::hierarchy::Hierarchy::get_auth_cred | ( | self, | ||
| hrn, | ||||
kind = "authority" | ||||
| ) |
Retrieve an authority credential for an authority.
The authority credential will contain the authority privilege and will be signed by the authority's parent.
| hrn | the human readable name of the authority | |
| authority | type of credential to return (authority | sa | ma) |
| def geni::util::hierarchy::Hierarchy::get_auth_ticket | ( | self, | ||
| hrn | ||||
| ) |
Retrieve an authority ticket.
An authority ticket is not actually a redeemable ticket, but only serves the purpose of being included as the parent of another ticket, in order to provide a chain of authentication for a ticket.
This looks almost the same as get_auth_cred, but works for tickets XXX does similarity imply there should be more code re-use?
| hrn | the human readable name of the authority |
1.5.5