Opened 12 years ago

#89 new

User with valid slice credential cannot delete slivers created by another user an on the same slice.

Reported by: Owned by: somebody
Priority: major Milestone:
Component: AM Version: SPIRAL4
Keywords: Cc:


This test scenario uses two user accounts:

  • lnevers1
  • lnevers

The user "lnevers" binds the user "lnevers1" to a slice. Subsequently all AM API operations run by "lnevers1" works, except for deletesliver, which fails and should not. Here is the test sequence that showed the problem.

  1. As user "lnevers", used the protogeni-tests script to bind user "lnevers1" to a slice. The command executed:
    lnevers@sendaria:~/protogeni-tests$ ./ --certificate=/home/lnevers/.ssl/pgeni/encrypted.pem --sa= -n bindslice lnevers1
    Got my SA credential
    No such slice registered here:Creating new slice called bindslice
    New slice created:
    Found other user record at the SA, binding to slice ...
    Bound other user to slice at the SA
  1. User "lnevers" creates a sliver:
    lnevers@sendaria:~/gcf-1.6.2$ createsliver -a exobbn  bindslice exo.rspec
  1. User "lnevers1" gets slice credentials:
    lnevers1@sendaria:~/gcf-1.6.2$ getslicecred bindslice -o
    Result Summary: Saved slice bindslice cred to file bindslice-cred.xml
  1. As "lnevers1", I cannot delete the sliver using the slice credentials:
    lnevers1@sendaria:~/gcf-1.6.2$ -a exobbn deletesliver bindslice --slicecredfile ./bindslice-cred.xml -o 
    Result Summary: Failed to delete sliver on unspecified_AM_URN 
  1. As user "lnevers1", I can execute all other AM API sliver slice commands:
    lnevers1@sendaria:~/gcf-1.6.2$ -a exobbn listresources bindslice --slicecredfile ./bindslice-cred.xml -o
    Result Summary: Retrieved resources for slice bindslice from 1 aggregates.
    Wrote rspecs from 1 aggregates to 1 files
    Saved listresources RSpec at 'unspecified_AM_URN' to file 
    bindslice-rspec-bbn-hn-exogeni-net-11443-orca.xml; .
    lnevers1@sendaria:~/gcf-1.6.2$ -a exobbn sliverstatus bindslice --slicecredfile ./bindslice-cred.xml -o
    Result Summary: Slice 
    expires within 1 day(s) on 2012-08-02 01:23:04 UTC
    Saved sliverstatus on bindslice at AM 
    to file bindslice-sliverstatus-bbn-hn-exogeni-net-11443-orca.json. 
    lnevers1@sendaria:~/gcf-1.6.2$ -a exobbn renewsliver bindslice --slicecredfile ./bindslice-cred.xml 2012-08-05
    Result Summary: Slice expires on 2012-08-05 00:00:00 UTC
    Renewed sliver at 
    unspecified_AM_URN ( until 
    2012-08-05T00:00:00+00:00 (UTC)

Attaching the slice credentials file bindslice-cred.xml used by "lnevers1".

Note: To anyone trying to reproduce, the renewslice command works for lnevers1, but new slice credentials must be downloaded immediately after the renewslice.

Attachments (1)

bindslice-cred.xml (6.2 KB) - added by 12 years ago.

Download all attachments as: .zip

Change History (1)

Changed 12 years ago by

Attachment: bindslice-cred.xml added
Note: See TracTickets for help on using tickets.