User with valid slice credential cannot delete slivers created by another user an on the same slice.

[lnevers@bbn.com]

This test scenario uses two user accounts:

• lnevers1 urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers1
• lnevers urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers

The user "lnevers" binds the user "lnevers1" to a slice. Subsequently all AM API operations run by "lnevers1" works, except for deletesliver, which fails and should not. Here is the test sequence that showed the problem.

1. As user "lnevers", used the protogeni-tests script registerslice.py to bind user "lnevers1" to a slice. The command executed:

   lnevers@sendaria:~/protogeni-tests$ ./registerslice.py --certificate=/home/lnevers/.ssl/pgeni/encrypted.pem --sa=https://www.pgeni.gpolab.bbn.com:443/protogeni/xmlrpc/sa -n bindslice lnevers1
   Got my SA credential
   No such slice registered here:Creating new slice called bindslice
   New slice created: urn:publicid:IDN+emulab.net+slice+bindslice
   Found other user record at the SA, binding to slice ...
   Bound other user to slice at the SA
   

2. User "lnevers" creates a sliver:

   lnevers@sendaria:~/gcf-1.6.2$ omni.py createsliver -a exobbn  bindslice exo.rspec
   

3. User "lnevers1" gets slice credentials:

   lnevers1@sendaria:~/gcf-1.6.2$ omni.py getslicecred bindslice -o
   Result Summary: Saved slice bindslice cred to file bindslice-cred.xml
   

4. As "lnevers1", I cannot delete the sliver using the slice credentials:

   lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn deletesliver bindslice --slicecredfile ./bindslice-cred.xml -o 
   Result Summary: Failed to delete sliver 
   urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice on unspecified_AM_URN 
   at https://bbn-hn.exogeni.net:11443/orca/xmlrpc 
   

5. As user "lnevers1", I can execute all other AM API sliver slice commands:

   lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn listresources bindslice --slicecredfile ./bindslice-cred.xml -o
   Result Summary: Retrieved resources for slice bindslice from 1 aggregates.
   Wrote rspecs from 1 aggregates to 1 files
   Saved listresources RSpec at 'unspecified_AM_URN' to file 
   bindslice-rspec-bbn-hn-exogeni-net-11443-orca.xml; .
   
   lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn sliverstatus bindslice --slicecredfile ./bindslice-cred.xml -o
   Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice 
   expires within 1 day(s) on 2012-08-02 01:23:04 UTC
   Saved sliverstatus on bindslice at AM https://bbn-hn.exogeni.net:11443/orca/xmlrpc 
   to file bindslice-sliverstatus-bbn-hn-exogeni-net-11443-orca.json. 
   
   lnevers1@sendaria:~/gcf-1.6.2$ omni.py -a exobbn renewsliver bindslice --slicecredfile ./bindslice-cred.xml 2012-08-05
   
   Result Summary: Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice expires on 2012-08-05 00:00:00 UTC
   Renewed sliver urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+bindslice at 
   unspecified_AM_URN (https://bbn-hn.exogeni.net:11443/orca/xmlrpc) until 
   2012-08-05T00:00:00+00:00 (UTC)
   

Attaching the slice credentials file bindslice-cred.xml used by "lnevers1".

Note: To anyone trying to reproduce, the renewslice command works for lnevers1, but new slice credentials must be downloaded immediately after the renewslice.