Opened 12 years ago
#89 new
User with valid slice credential cannot delete slivers created by another user an on the same slice.
Reported by: | lnevers@bbn.com | Owned by: | somebody |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | AM | Version: | SPIRAL4 |
Keywords: | Cc: | ||
Dependencies: |
Description
This test scenario uses two user accounts:
- lnevers1 urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers1
- lnevers urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers
The user "lnevers" binds the user "lnevers1" to a slice. Subsequently all AM API operations run by "lnevers1" works, except for deletesliver, which fails and should not. Here is the test sequence that showed the problem.
- As user "lnevers", used the protogeni-tests script registerslice.py to bind user "lnevers1" to a slice. The command executed:
lnevers@sendaria:~/protogeni-tests$ ./registerslice.py --certificate=/home/lnevers/.ssl/pgeni/encrypted.pem --sa=https://www.pgeni.gpolab.bbn.com:443/protogeni/xmlrpc/sa -n bindslice lnevers1 Got my SA credential No such slice registered here:Creating new slice called bindslice New slice created: urn:publicid:IDN+emulab.net+slice+bindslice Found other user record at the SA, binding to slice ... Bound other user to slice at the SA
- User "lnevers" creates a sliver:
lnevers@sendaria:~/gcf-1.6.2$ omni.py createsliver -a exobbn bindslice exo.rspec
- User "lnevers1" gets slice credentials:
lnevers1@sendaria:~/gcf-1.6.2$ omni.py getslicecred bindslice -o Result Summary: Saved slice bindslice cred to file bindslice-cred.xml
- As "lnevers1", I cannot delete the sliver using the slice credentials:
lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn deletesliver bindslice --slicecredfile ./bindslice-cred.xml -o Result Summary: Failed to delete sliver urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice on unspecified_AM_URN at https://bbn-hn.exogeni.net:11443/orca/xmlrpc
- As user "lnevers1", I can execute all other AM API sliver slice commands:
lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn listresources bindslice --slicecredfile ./bindslice-cred.xml -o Result Summary: Retrieved resources for slice bindslice from 1 aggregates. Wrote rspecs from 1 aggregates to 1 files Saved listresources RSpec at 'unspecified_AM_URN' to file bindslice-rspec-bbn-hn-exogeni-net-11443-orca.xml; . lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn sliverstatus bindslice --slicecredfile ./bindslice-cred.xml -o Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice expires within 1 day(s) on 2012-08-02 01:23:04 UTC Saved sliverstatus on bindslice at AM https://bbn-hn.exogeni.net:11443/orca/xmlrpc to file bindslice-sliverstatus-bbn-hn-exogeni-net-11443-orca.json. lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn renewsliver bindslice --slicecredfile ./bindslice-cred.xml 2012-08-05 Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice expires on 2012-08-05 00:00:00 UTC Renewed sliver urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice at unspecified_AM_URN (https://bbn-hn.exogeni.net:11443/orca/xmlrpc) until 2012-08-05T00:00:00+00:00 (UTC)
Attaching the slice credentials file bindslice-cred.xml used by "lnevers1".
Note: To anyone trying to reproduce, the renewslice command works for lnevers1, but new slice credentials must be downloaded immediately after the renewslice.
Attachments (1)
Note: See
TracTickets for help on using
tickets.