Opened 10 years ago

#89 new

User with valid slice credential cannot delete slivers created by another user an on the same slice.

Reported by: lnevers@bbn.com Owned by: somebody
Priority: major Milestone:
Component: AM Version: SPIRAL4
Keywords: Cc:
Dependencies:

Description

This test scenario uses two user accounts:

  • lnevers1 urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers1
  • lnevers urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers

The user "lnevers" binds the user "lnevers1" to a slice. Subsequently all AM API operations run by "lnevers1" works, except for deletesliver, which fails and should not. Here is the test sequence that showed the problem.

  1. As user "lnevers", used the protogeni-tests script registerslice.py to bind user "lnevers1" to a slice. The command executed:
    lnevers@sendaria:~/protogeni-tests$ ./registerslice.py --certificate=/home/lnevers/.ssl/pgeni/encrypted.pem --sa=https://www.pgeni.gpolab.bbn.com:443/protogeni/xmlrpc/sa -n bindslice lnevers1
    Got my SA credential
    No such slice registered here:Creating new slice called bindslice
    New slice created: urn:publicid:IDN+emulab.net+slice+bindslice
    Found other user record at the SA, binding to slice ...
    Bound other user to slice at the SA
    
  1. User "lnevers" creates a sliver:
    lnevers@sendaria:~/gcf-1.6.2$ omni.py createsliver -a exobbn  bindslice exo.rspec
    
  1. User "lnevers1" gets slice credentials:
    lnevers1@sendaria:~/gcf-1.6.2$ omni.py getslicecred bindslice -o
    Result Summary: Saved slice bindslice cred to file bindslice-cred.xml
    
  1. As "lnevers1", I cannot delete the sliver using the slice credentials:
    lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn deletesliver bindslice --slicecredfile ./bindslice-cred.xml -o 
    Result Summary: Failed to delete sliver 
    urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice on unspecified_AM_URN 
    at https://bbn-hn.exogeni.net:11443/orca/xmlrpc 
    
  1. As user "lnevers1", I can execute all other AM API sliver slice commands:
    lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn listresources bindslice --slicecredfile ./bindslice-cred.xml -o
    Result Summary: Retrieved resources for slice bindslice from 1 aggregates.
    Wrote rspecs from 1 aggregates to 1 files
    Saved listresources RSpec at 'unspecified_AM_URN' to file 
    bindslice-rspec-bbn-hn-exogeni-net-11443-orca.xml; .
    
    lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn sliverstatus bindslice --slicecredfile ./bindslice-cred.xml -o
    Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice 
    expires within 1 day(s) on 2012-08-02 01:23:04 UTC
    Saved sliverstatus on bindslice at AM https://bbn-hn.exogeni.net:11443/orca/xmlrpc 
    to file bindslice-sliverstatus-bbn-hn-exogeni-net-11443-orca.json. 
    
    lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn renewsliver bindslice --slicecredfile ./bindslice-cred.xml 2012-08-05
    
    Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice expires on 2012-08-05 00:00:00 UTC
    Renewed sliver urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice at 
    unspecified_AM_URN (https://bbn-hn.exogeni.net:11443/orca/xmlrpc) until 
    2012-08-05T00:00:00+00:00 (UTC)
    

Attaching the slice credentials file bindslice-cred.xml used by "lnevers1".

Note: To anyone trying to reproduce, the renewslice command works for lnevers1, but new slice credentials must be downloaded immediately after the renewslice.

Attachments (1)

bindslice-cred.xml (6.2 KB) - added by lnevers@bbn.com 10 years ago.

Download all attachments as: .zip

Change History (1)

Changed 10 years ago by lnevers@bbn.com

Attachment: bindslice-cred.xml added
Note: See TracTickets for help on using tickets.