Class: OMF::SFA::AM::PrivilegeCredential
- Inherits:
-
Credential
- Object
- Base::LObject
- Credential
- OMF::SFA::AM::PrivilegeCredential
- Defined in:
- lib/omf-sfa/am/privilege_credential.rb
Overview
Throws exception if credentials XML encoded in cred_string_a
are not sufficient for action
GENI API Credentials
The privileges are the rights that are assigned to the owner of the credential on the target resource. Different slice authorities use different permission names, but they have similar semantic meaning. If and only if a privilege can be delegated, then that means the owner of the credential can delegate that permission to another entity. Currently, the only credentials used in the GENI API are slice credentials and user credentials. Privileges have not yet been agreed upon between the control frameworks.
Currently, SFA assigns [‘refresh’, ‘resolve’, and ‘info’] rights to user credentials.
Slice credentials have “slice” rights. ProtoGENI defaults to the “*” privilege which means that the owner has rights to all methods associated with that credential type (user or slice). See www.protogeni.net/trac/protogeni/wiki/ReferenceImplementationPrivileges for more information on ProtoGENI privileges.
Instance Attribute Summary
Attributes inherited from Credential
#owner_urn, #signer_urn, #target_urn, #valid_until
Class Method Summary collapse
-
.verify_type(type) ⇒ Object
attr_reader :privileges.
Instance Method Summary collapse
-
#initialize(description_doc, signer_urn) ⇒ PrivilegeCredential
constructor
Create a credential described in
description_doc
. - #privilege?(pname) ⇒ Boolean
- #type ⇒ Object
- #user_urn ⇒ Object
Methods inherited from Credential
unmarshall, #valid_at?, verify_signed_xml
Constructor Details
#initialize(description_doc, signer_urn) ⇒ PrivilegeCredential
Create a credential described in description_doc
.
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/omf-sfa/am/privilege_credential.rb', line 51 def initialize(description_doc, signer_urn) super # @see http://groups.geni.net/geni/wiki/GeniApiCredentials # <privileges> # <privilege><name>refresh</name><can_delegate>true</can_delegate></privilege> # <privilege><name>embed</name><can_delegate>true</can_delegate></privilege> # <privilege><name>bind</name><can_delegate>true</can_delegate></privilege> # <privilege><name>control</name><can_delegate>true</can_delegate></privilege> # <privilege><name>info</name><can_delegate>true</can_delegate></privilege> # </privileges> unless el = description_doc.xpath('//credential/privileges')[0] raise "Missing element 'privileges' in credential" end @privileges = {} el.children.each do |pel| p = {} pel.children.each do |cel| p[cel.name.to_sym] = cel.content end # example: @privileges={"refresh"=>{:can_delegate=>"true"}, "resolve"=>{:can_delegate=>"true"}, "info"=>{:can_delegate=>"true"}} @privileges[p.delete(:name)] = p end end |
Class Method Details
.verify_type(type) ⇒ Object
attr_reader :privileges
31 32 33 |
# File 'lib/omf-sfa/am/privilege_credential.rb', line 31 def self.verify_type(type) raise "Expected type 'privilege' but got '#{type}'" unless type == 'privilege' end |
Instance Method Details
#privilege?(pname) ⇒ Boolean
35 36 37 |
# File 'lib/omf-sfa/am/privilege_credential.rb', line 35 def privilege?(pname) @privileges.has_key?(pname) end |
#type ⇒ Object
43 44 45 46 |
# File 'lib/omf-sfa/am/privilege_credential.rb', line 43 def type # urn:publicid:IDN+topdomain:subdomain+slice+test target_urn.split('+')[2] # it should be one of "slice" or "user" end |
#user_urn ⇒ Object
39 40 41 |
# File 'lib/omf-sfa/am/privilege_credential.rb', line 39 def user_urn owner_urn end |