diff options
| -rw-r--r-- | ca/tests/left-right-protocol-samples.xml | 138 | ||||
| -rw-r--r-- | ca/tests/smoketest.py | 4 | ||||
| -rw-r--r-- | rpki/gui/app/check_expired.py | 2 | ||||
| -rw-r--r-- | rpki/gui/app/glue.py | 2 | ||||
| -rw-r--r-- | rpki/gui/app/models.py | 2 | ||||
| -rw-r--r-- | rpki/gui/app/views.py | 2 | ||||
| -rw-r--r-- | rpki/gui/cacheview/util.py | 4 | ||||
| -rw-r--r-- | rpki/irdb/zookeeper.py | 130 | ||||
| -rw-r--r-- | rpki/irdbd.py | 34 | ||||
| -rw-r--r-- | rpki/left_right.py | 2 | ||||
| -rw-r--r-- | rpki/log.py | 4 | ||||
| -rw-r--r-- | rpki/relaxng.py | 190 | ||||
| -rw-r--r-- | rpki/rpkic.py | 14 | ||||
| -rw-r--r-- | rpki/rpkid.py | 50 | ||||
| -rw-r--r-- | rpki/rpkid_tasks.py | 76 | ||||
| -rw-r--r-- | rpki/rpkidb/migrations/0007_auto_20151020_1345.py | 74 | ||||
| -rw-r--r-- | rpki/rpkidb/models.py | 119 | ||||
| -rw-r--r-- | schemas/relaxng/left-right.rnc | 162 | ||||
| -rw-r--r-- | schemas/relaxng/left-right.rng | 190 |
19 files changed, 624 insertions, 575 deletions
diff --git a/ca/tests/left-right-protocol-samples.xml b/ca/tests/left-right-protocol-samples.xml index 7b97386d..2cdcb1c4 100644 --- a/ca/tests/left-right-protocol-samples.xml +++ b/ca/tests/left-right-protocol-samples.xml @@ -37,15 +37,15 @@ <completely_gratuitous_wrapper_element_to_let_me_run_this_through_xmllint> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="create" tag="a000" self_handle="42"/> + <tenant action="create" tag="a000" tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="create" tag="a000" self_handle="42"/> + <tenant action="create" tag="a000" tenant_handle="42"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="set" self_handle="42" + <tenant action="set" tenant_handle="42" rekey="yes" reissue="yes" revoke="yes" @@ -92,19 +92,19 @@ YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== </bpki_glue> - </self> + </tenant> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="set" self_handle="42"/> + <tenant action="set" tenant_handle="42"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="get" self_handle="42"/> + <tenant action="get" tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="get" self_handle="42"> + <tenant action="get" tenant_handle="42"> <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN @@ -143,15 +143,15 @@ YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== </bpki_glue> - </self> + </tenant> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="list"/> + <tenant action="list"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="list" self_handle="42"> + <tenant action="list" tenant_handle="42"> <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN @@ -190,22 +190,22 @@ YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq 3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ== </bpki_glue> - </self> - <self action="list" self_handle="99"/> + </tenant> + <tenant action="list" tenant_handle="99"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="destroy" self_handle="42"/> + <tenant action="destroy" tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <self action="destroy" self_handle="42"/> + <tenant action="destroy" tenant_handle="42"/> </msg> <!-- ==== --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="create" self_handle="42" bsc_handle="17" + <bsc action="create" tenant_handle="42" bsc_handle="17" generate_keypair="yes" key_type="rsa" hash_alg="sha256" @@ -233,13 +233,13 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="create" self_handle="42" bsc_handle="17"> + <bsc action="create" tenant_handle="42" bsc_handle="17"> <pkcs10_request>cmVxdWVzdAo=</pkcs10_request> </bsc> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="set" self_handle="42" bsc_handle="17"> + <bsc action="set" tenant_handle="42" bsc_handle="17"> <signing_cert> MIIDHTCCAgWgAwIBAgIJAKUUCoKn9ovVMA0GCSqGSIb3DQEBBQUAMCYxJDAiBgNV BAMTG1Rlc3QgQ2VydGlmaWNhdGUgQWxpY2UgUm9vdDAeFw0wNzA4MDExOTUzMDda @@ -274,15 +274,15 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="set" self_handle="42" bsc_handle="17"/> + <bsc action="set" tenant_handle="42" bsc_handle="17"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="get" self_handle="42" bsc_handle="17"/> + <bsc action="get" tenant_handle="42" bsc_handle="17"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="get" self_handle="42" bsc_handle="17"> + <bsc action="get" tenant_handle="42" bsc_handle="17"> <signing_cert> MIIDHTCCAgWgAwIBAgIJAKUUCoKn9ovVMA0GCSqGSIb3DQEBBQUAMCYxJDAiBgNV BAMTG1Rlc3QgQ2VydGlmaWNhdGUgQWxpY2UgUm9vdDAeFw0wNzA4MDExOTUzMDda @@ -306,11 +306,11 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="list" self_handle="42"/> + <bsc action="list" tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="get" self_handle="42" bsc_handle="17"> + <bsc action="get" tenant_handle="42" bsc_handle="17"> <signing_cert> MIIDHTCCAgWgAwIBAgIJAKUUCoKn9ovVMA0GCSqGSIb3DQEBBQUAMCYxJDAiBgNV BAMTG1Rlc3QgQ2VydGlmaWNhdGUgQWxpY2UgUm9vdDAeFw0wNzA4MDExOTUzMDda @@ -334,17 +334,17 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="destroy" self_handle="42" bsc_handle="17"/> + <bsc action="destroy" tenant_handle="42" bsc_handle="17"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <bsc action="destroy" self_handle="42" bsc_handle="17"/> + <bsc action="destroy" tenant_handle="42" bsc_handle="17"/> </msg> <!-- ==== --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="create" self_handle="42" parent_handle="666" + <parent action="create" tenant_handle="42" parent_handle="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_handle="17" @@ -393,11 +393,11 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="create" self_handle="42" parent_handle="666"/> + <parent action="create" tenant_handle="42" parent_handle="666"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="set" self_handle="42" parent_handle="666" + <parent action="set" tenant_handle="42" parent_handle="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_handle="17" @@ -447,15 +447,15 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="set" self_handle="42" parent_handle="666"/> + <parent action="set" tenant_handle="42" parent_handle="666"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="get" self_handle="42" parent_handle="666"/> + <parent action="get" tenant_handle="42" parent_handle="666"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="get" self_handle="42" parent_handle="666" + <parent action="get" tenant_handle="42" parent_handle="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_handle="17" @@ -502,11 +502,11 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="list" self_handle="42"/> + <parent action="list" tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="list" self_handle="42" parent_handle="666" + <parent action="list" tenant_handle="42" parent_handle="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_handle="17" @@ -553,17 +553,17 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="destroy" self_handle="42" + <parent action="destroy" tenant_handle="42" parent_handle="666"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <parent action="destroy" self_handle="42" parent_handle="666"/> + <parent action="destroy" tenant_handle="42" parent_handle="666"/> </msg> <!-- ==== --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="create" self_handle="42" child_handle="3" + <child action="create" tenant_handle="42" child_handle="3" bsc_handle="17"> <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV @@ -588,11 +588,11 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="create" self_handle="42" child_handle="3"/> + <child action="create" tenant_handle="42" child_handle="3"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="set" self_handle="42" child_handle="3" + <child action="set" tenant_handle="42" child_handle="3" bsc_handle="17" reissue="yes"> <bpki_cert> @@ -618,15 +618,15 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="set" self_handle="42" child_handle="3"/> + <child action="set" tenant_handle="42" child_handle="3"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="get" self_handle="42" child_handle="3"/> + <child action="get" tenant_handle="42" child_handle="3"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="get" self_handle="42" child_handle="3" + <child action="get" tenant_handle="42" child_handle="3" bsc_handle="17"> <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV @@ -651,11 +651,11 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="list" self_handle="42"/> + <child action="list" tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="list" self_handle="42" child_handle="3" + <child action="list" tenant_handle="42" child_handle="3" bsc_handle="17"> <bpki_cert> MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV @@ -680,17 +680,17 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="destroy" self_handle="42" child_handle="3"/> + <child action="destroy" tenant_handle="42" child_handle="3"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <child action="destroy" self_handle="42" child_handle="3"/> + <child action="destroy" tenant_handle="42" child_handle="3"/> </msg> <!-- ==== --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="create" self_handle="42" repository_handle="120" + <repository action="create" tenant_handle="42" repository_handle="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_handle="17"> <bpki_cert> @@ -735,11 +735,11 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="create" self_handle="42" repository_handle="120"/> + <repository action="create" tenant_handle="42" repository_handle="120"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="set" self_handle="42" repository_handle="120" + <repository action="set" tenant_handle="42" repository_handle="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_handle="17"> <bpki_cert> @@ -784,15 +784,15 @@ </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="set" self_handle="42" repository_handle="120"/> + <repository action="set" tenant_handle="42" repository_handle="120"/> </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="get" self_handle="42" repository_handle="120"/> + <repository action="get" tenant_handle="42" repository_handle="120"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="get" self_handle="42" repository_handle="120" + <repository action="get" tenant_handle="42" repository_handle="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_handle="17"> <bpki_cert> @@ -837,11 +837,11 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="list" self_handle="42"/> + <repository action="list" tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="list" self_handle="42" repository_handle="120" + <repository action="list" tenant_handle="42" repository_handle="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_handle="17"> <bpki_cert> @@ -886,21 +886,21 @@ </msg> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="destroy" self_handle="42" repository_handle="120"/> + <repository action="destroy" tenant_handle="42" repository_handle="120"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <repository action="destroy" self_handle="42" repository_handle="120"/> + <repository action="destroy" tenant_handle="42" repository_handle="120"/> </msg> <!-- ==== --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_resources self_handle="42" child_handle="289"/> + <list_resources tenant_handle="42" child_handle="289"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_resources self_handle="42" child_handle="289" + <list_resources tenant_handle="42" child_handle="289" valid_until="2008-04-01T00:00:00Z" ipv4="10.0.0.44/32,10.3.0.44/32" ipv6="fe80:deed:f00d::/48,fe80:dead:beef:2::-fe80:dead:beef:2::49" @@ -910,16 +910,16 @@ <!-- === --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_roa_requests self_handle="42"/> + <list_roa_requests tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_roa_requests self_handle="42" + <list_roa_requests tenant_handle="42" asn="666" ipv4="10.0.0.44/32,10.3.0.44/32" ipv6="fe80:deed:f00d::/48,fe80:dead:beef::/48-56" /> - <list_roa_requests self_handle="42" + <list_roa_requests tenant_handle="42" asn="12345" ipv4="10.0.0.44/32" ipv6="2002:a00::/48-56" @@ -929,11 +929,11 @@ <!-- === --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_received_resources self_handle="42"/> + <list_received_resources tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_received_resources self_handle="42" + <list_received_resources tenant_handle="42" parent_handle="Alice" notBefore="2010-02-22T03:44:23Z" notAfter="2011-02-21T11:03:49Z" @@ -942,7 +942,7 @@ aia_uri="rsync://arin.rpki.net/arin/arin.cer" asn="1280,3557" ipv4="149.20.0.0/16,192.5.4.0/23,204.152.184.0/21"/> - <list_received_resources self_handle="42" + <list_received_resources tenant_handle="42" parent_handle="Bob" uri="rsync://arin.rpki.net/arin/1/uWqpa8GkcEDBZkEsmOEofeDKk9s.cer" notBefore="2010-02-22T03:44:20Z" @@ -958,11 +958,11 @@ <!-- === --> <msg version="1" type="query" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_published_objects self_handle="42"/> + <list_published_objects tenant_handle="42"/> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <list_published_objects self_handle="42" uri="rsync://rpki.example.org/rpki/DEMEtlxZrZes7TNGbe7XwVSMgW0.crl"> + <list_published_objects tenant_handle="42" uri="rsync://rpki.example.org/rpki/DEMEtlxZrZes7TNGbe7XwVSMgW0.crl"> MIIBrjCBlwIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygwQzQzMDRCNjVDNTlBRDk3 QUNFRDMzNDY2REVFRDdDMTU0OEM4MTZEFw0wOTA5MjgyMDUxNDlaFw0wOTA5MjgyMTUxNDla oDAwLjAfBgNVHSMEGDAWgBQMQwS2XFmtl6ztM0Zt7tfBVIyBbTALBgNVHRQEBAICAWkwDQYJ @@ -973,7 +973,7 @@ fBk4i7H945v/zs7bLLMJxTs8+ao4iCDuknjbGhjWmi9xrTXDtcCXx607rPDkJQcJE2WnRS/U HIA= </list_published_objects> - <list_published_objects self_handle="42" uri="rsync://rpki.example.org/rpki/DEMEtlxZrZes7TNGbe7XwVSMgW0.mft"> + <list_published_objects tenant_handle="42" uri="rsync://rpki.example.org/rpki/DEMEtlxZrZes7TNGbe7XwVSMgW0.mft"> MIIHBQYJKoZIhvcNAQcCoIIG9jCCBvICAQMxDTALBglghkgBZQMEAgEwggEfBgsqhkiG9w0B CRABGqCCAQ4EggEKMIIBBgICAWoYDzIwMDkwOTI4MjA1MTQ5WhgPMjAwOTA5MjgyMTUxNDla BglghkgBZQMEAgEwgdIwRBYfREVNRXRseFpyWmVzN1ROR2JlN1h3VlNNZ1cwLmNybAMhAPgd @@ -1009,7 +1009,7 @@ yML8lQJAFAyjnXJ+doGbqfTUpVH4q4drqRb73WbL0zf/Z2HGwhDlTmsAdjparWdQcfXIVrJF ynS1fab9XZfj+VtBFKjooDjaLw== </list_published_objects> - <list_published_objects self_handle="42" uri="rsync://rpki.example.org/rpki/ldvxcHGdr3oKHcPj-gukmetNRZ0.roa"> + <list_published_objects tenant_handle="42" uri="rsync://rpki.example.org/rpki/ldvxcHGdr3oKHcPj-gukmetNRZ0.roa"> MIIGnQYJKoZIhvcNAQcCoIIGjjCCBooCAQMxDTALBglghkgBZQMEAgEwMQYLKoZIhvcNAQkQ ARigIgQgMB4CAg3lMBgwFgQCAAEwEDAGAwQAwAUEMAYDBADABQWgggSTMIIEjzCCA3egAwIB AgIBAjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygwQzQzMDRCNjVDNTlBRDk3QUNFRDMz @@ -1043,7 +1043,7 @@ +N931gu2r5I/XB/MGgGvXNWozK7RuMn55i5hMqI2NQs+/b7/AQU0+/i3g7SlLA8iZwHq49U2 ZXRCjLXcy0tQOWVsMnGfReN8oNDhHbc= </list_published_objects> - <list_published_objects self_handle="42" uri="rsync://rpki.example.org/rpki/xopNGcsB_p7eafYqXatmVV8HZd0.roa"> + <list_published_objects tenant_handle="42" uri="rsync://rpki.example.org/rpki/xopNGcsB_p7eafYqXatmVV8HZd0.roa"> MIIGoQYJKoZIhvcNAQcCoIIGkjCCBo4CAQMxDTALBglghkgBZQMEAgEwMAYLKoZIhvcNAQkQ ARigIQQfMB0CAgUAMBcwFQQCAAEwDzAFAwMAlRQwBgMEA8yYuKCCBJgwggSUMIIDfKADAgEC AgEDMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDBDNDMwNEI2NUM1OUFEOTdBQ0VEMzM0 @@ -1083,11 +1083,11 @@ <!-- === --> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <report_error self_handle="42" error_code="your_hair_is_on_fire">text string</report_error> + <report_error tenant_handle="42" error_code="your_hair_is_on_fire">text string</report_error> </msg> <msg version="1" type="reply" xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/"> - <report_error self_handle="42" error_code="your_hair_is_on_fire"/> + <report_error tenant_handle="42" error_code="your_hair_is_on_fire"/> </msg> </completely_gratuitous_wrapper_element_to_let_me_run_this_through_xmllint> diff --git a/ca/tests/smoketest.py b/ca/tests/smoketest.py index f52ce984..5f18119c 100644 --- a/ca/tests/smoketest.py +++ b/ca/tests/smoketest.py @@ -663,7 +663,7 @@ class allocation(object): cb() if target is None: - logger.info("Rekeying <self/> %s", self.name) + logger.info("Rekeying <tenant/> %s", self.name) self.call_rpkid([rpki.left_right.self_elt.make_pdu( action = "set", self_handle = self.name, rekey = "yes")], cb = done) else: @@ -680,7 +680,7 @@ class allocation(object): cb() if target is None: - logger.info("Revoking <self/> %s", self.name) + logger.info("Revoking <tenant/> %s", self.name) self.call_rpkid([rpki.left_right.self_elt.make_pdu( action = "set", self_handle = self.name, revoke = "yes")], cb = done) else: diff --git a/rpki/gui/app/check_expired.py b/rpki/gui/app/check_expired.py index 62292e66..61c9e8c8 100644 --- a/rpki/gui/app/check_expired.py +++ b/rpki/gui/app/check_expired.py @@ -108,7 +108,7 @@ def check_child_certs(conf, errs): z = Zookeeper(handle=conf.handle) req = Element(tag_msg, nsmap=nsmap, type="query", version=version) SubElement(req, tag_list_published_objects, - tag="list_published_objects", self_handle=conf.handle) + tag="list_published_objects", tenant_handle=conf.handle) pdus = z.call_rpkid(req) for pdu in pdus: if pdu.get("uri").endswith('.cer'): diff --git a/rpki/gui/app/glue.py b/rpki/gui/app/glue.py index bfade6d8..330e014b 100644 --- a/rpki/gui/app/glue.py +++ b/rpki/gui/app/glue.py @@ -79,7 +79,7 @@ def list_received_resources(log, conf): z = Zookeeper(handle=conf.handle, disable_signal_handlers=True) req = Element(tag_msg, nsmap=nsmap, type="query", version=version) - SubElement(req, tag_list_received_resources, self_handle=conf.handle) + SubElement(req, tag_list_received_resources, tenant_handle=conf.handle) pdus = z.call_rpkid(req) # pdus is sometimes None (see https://trac.rpki.net/ticket/681) if pdus is None: diff --git a/rpki/gui/app/models.py b/rpki/gui/app/models.py index c49e6d43..56ada2ab 100644 --- a/rpki/gui/app/models.py +++ b/rpki/gui/app/models.py @@ -122,7 +122,7 @@ class Alert(models.Model): class Conf(rpki.irdb.models.ResourceHolderCA): """This is the center of the universe, also known as a place to - have a handle on a resource-holding entity. It's the <self> + have a handle on a resource-holding entity. It's the <tenant/> in the rpkid schema. """ diff --git a/rpki/gui/app/views.py b/rpki/gui/app/views.py index d9b3fee3..28b8a498 100644 --- a/rpki/gui/app/views.py +++ b/rpki/gui/app/views.py @@ -1215,7 +1215,7 @@ def resource_holder_delete(request, pk): form = forms.Empty(request.POST) if form.is_valid(): z = Zookeeper(handle=conf.handle, logstream=log) - z.delete_self() + z.delete_tenant() z.synchronize_deleted_ca() return redirect(resource_holder_list) else: diff --git a/rpki/gui/cacheview/util.py b/rpki/gui/cacheview/util.py index 21430091..7ab4837a 100644 --- a/rpki/gui/cacheview/util.py +++ b/rpki/gui/cacheview/util.py @@ -321,7 +321,7 @@ def fetch_published_objects(): q_msg = Element(rpki.left_right.tag_msg, nsmap = rpki.left_right.nsmap, type = "query", version = rpki.left_right.version) for h in handles: - SubElement(q_msg, rpki.left_right.tag_list_published_objects, action="list", self_handle=h, tag=h) + SubElement(q_msg, rpki.left_right.tag_list_published_objects, action="list", tenant_handle=h, tag=h) z = Zookeeper() r_msg = z.call_rpkid(q_msg) for r_pdu in r_msg: @@ -331,7 +331,7 @@ def fetch_published_objects(): if qs: # get the current validity state valid = qs[0].statuses.filter(status=object_accepted).exists() - uris[r_pdu.get("uri")] = (r_pdu.get("self_handle"), valid, False, None) + uris[r_pdu.get("uri")] = (r_pdu.get("tenant_handle"), valid, False, None) logger.debug('adding %s', r_pdu.get("uri")) else: # this object is not in the cache. it was either published diff --git a/rpki/irdb/zookeeper.py b/rpki/irdb/zookeeper.py index 6a355f9e..7202f421 100644 --- a/rpki/irdb/zookeeper.py +++ b/rpki/irdb/zookeeper.py @@ -347,10 +347,10 @@ class Zookeeper(object): @django.db.transaction.atomic - def delete_self(self): + def delete_tenant(self): """ Delete the ResourceHolderCA object corresponding to the current handle. - This corresponds to deleting an rpkid <self/> object. + This corresponds to deleting an rpkid <tenant/> object. This code assumes the normal Django cascade-on-delete behavior, that is, we assume that deleting the ResourceHolderCA object @@ -509,17 +509,17 @@ class Zookeeper(object): q_msg = self._compose_left_right_query() for ca in rpki.irdb.models.ResourceHolderCA.objects.all(): - q_pdu = SubElement(q_msg, rpki.left_right.tag_self, + q_pdu = SubElement(q_msg, rpki.left_right.tag_tenant, action = "set", - tag = "%s__self" % ca.handle, - self_handle = ca.handle) + tag = "%s__tenant" % ca.handle, + tenant_handle = ca.handle) SubElement(q_pdu, rpki.left_right.tag_bpki_cert).text = ca.certificate.get_Base64() for bsc in rpki.irdb.models.BSC.objects.all(): q_pdu = SubElement(q_msg, rpki.left_right.tag_bsc, action = "set", tag = "%s__bsc__%s" % (bsc.issuer.handle, bsc.handle), - self_handle = bsc.issuer.handle, + tenant_handle = bsc.issuer.handle, bsc_handle = bsc.handle) SubElement(q_pdu, rpki.left_right.tag_signing_cert).text = bsc.certificate.get_Base64() SubElement(q_pdu, rpki.left_right.tag_signing_cert_crl).text = bsc.issuer.latest_crl.get_Base64() @@ -528,7 +528,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_repository, action = "set", tag = "%s__repository__%s" % (repository.issuer.handle, repository.handle), - self_handle = repository.issuer.handle, + tenant_handle = repository.issuer.handle, repository_handle = repository.handle) SubElement(q_pdu, rpki.left_right.tag_bpki_cert).text = repository.certificate.get_Base64() @@ -536,7 +536,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_parent, action = "set", tag = "%s__parent__%s" % (parent.issuer.handle, parent.handle), - self_handle = parent.issuer.handle, + tenant_handle = parent.issuer.handle, parent_handle = parent.handle) SubElement(q_pdu, rpki.left_right.tag_bpki_cert).text = parent.certificate.get_Base64() @@ -544,7 +544,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_parent, action = "set", tag = "%s__rootd" % rootd.issuer.handle, - self_handle = rootd.issuer.handle, + tenant_handle = rootd.issuer.handle, parent_handle = rootd.issuer.handle) SubElement(q_pdu, rpki.left_right.tag_bpki_cert).text = rootd.certificate.get_Base64() @@ -552,7 +552,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_child, action = "set", tag = "%s__child__%s" % (child.issuer.handle, child.handle), - self_handle = child.issuer.handle, + tenant_handle = child.issuer.handle, child_handle = child.handle) SubElement(q_pdu, rpki.left_right.tag_bpki_cert).text = child.certificate.get_Base64() @@ -793,7 +793,7 @@ class Zookeeper(object): if sia_base is None and referral is None: self.log("This might be an offer, checking") try: - parent = rpki.irdb.models.ResourceHolderCA.objects.get(children__ta__exact = client_ta) + parent = rpki.irdb.models.ResourceHolderCA.objects.get(children__ta = client_ta) if "/" in parent.repositories.get(ta = self.server_ca.certificate).client_handle: self.log("Client's parent is not top-level, this is not a valid offer") else: @@ -804,7 +804,7 @@ class Zookeeper(object): self.log("Found client's parent, but repository isn't set, this shouldn't happen!") except rpki.irdb.models.ResourceHolderCA.DoesNotExist: try: - rpki.irdb.models.Rootd.objects.get(issuer__certificate__exact = client_ta) + rpki.irdb.models.Rootd.objects.get(issuer__certificate = client_ta) self.log("This client's parent is rootd") sia_base = default_sia_base except rpki.irdb.models.Rootd.DoesNotExist: @@ -997,7 +997,7 @@ class Zookeeper(object): primary_keys.append(obj.pk) q = rpki.irdb.models.ChildNet.objects - q = q.filter(child__issuer__exact = self.resource_ca) + q = q.filter(child__issuer = self.resource_ca) q = q.exclude(pk__in = primary_keys) q.delete() @@ -1032,7 +1032,7 @@ class Zookeeper(object): primary_keys.append(obj.pk) q = rpki.irdb.models.ChildASN.objects - q = q.filter(child__issuer__exact = self.resource_ca) + q = q.filter(child__issuer = self.resource_ca) q = q.exclude(pk__in = primary_keys) q.delete() @@ -1126,10 +1126,10 @@ class Zookeeper(object): return r_msg - def _rpkid_self_control(self, *bools): + def _rpkid_tenant_control(self, *bools): assert all(isinstance(b, str) for b in bools) q_msg = self._compose_left_right_query() - q_pdu = SubElement(q_msg, rpki.left_right.tag_self, action = "set", self_handle = self.handle) + q_pdu = SubElement(q_msg, rpki.left_right.tag_tenant, action = "set", tenant_handle = self.handle) for b in bools: q_pdu.set(b, "yes") return self.call_rpkid(q_msg) @@ -1144,7 +1144,7 @@ class Zookeeper(object): to force the object to be immediately issued. """ - return self._rpkid_self_control("run_now") + return self._rpkid_tenant_control("run_now") def publish_world_now(self): @@ -1152,7 +1152,7 @@ class Zookeeper(object): Poke rpkid to (re)publish everything for the current handle. """ - return self._rpkid_self_control("publish_world_now") + return self._rpkid_tenant_control("publish_world_now") def reissue(self): @@ -1160,7 +1160,7 @@ class Zookeeper(object): Poke rpkid to reissue everything for the current handle. """ - return self._rpkid_self_control("reissue") + return self._rpkid_tenant_control("reissue") def rekey(self): @@ -1169,7 +1169,7 @@ class Zookeeper(object): handle. """ - return self._rpkid_self_control("rekey") + return self._rpkid_tenant_control("rekey") def revoke(self): @@ -1177,7 +1177,7 @@ class Zookeeper(object): Poke rpkid to revoke old RPKI keys for the current handle. """ - return self._rpkid_self_control("revoke") + return self._rpkid_tenant_control("revoke") def revoke_forgotten(self): @@ -1185,7 +1185,7 @@ class Zookeeper(object): Poke rpkid to revoke old forgotten RPKI keys for the current handle. """ - return self._rpkid_self_control("revoke_forgotten") + return self._rpkid_tenant_control("revoke_forgotten") def clear_all_sql_cms_replay_protection(self): @@ -1199,8 +1199,8 @@ class Zookeeper(object): if self.run_rpkid: q_msg = self._compose_left_right_query() for ca in rpki.irdb.models.ResourceHolderCA.objects.all(): - SubElement(q_msg, rpki.left_right.tag_self, action = "set", - self_handle = ca.handle, clear_replay_protection = "yes") + SubElement(q_msg, rpki.left_right.tag_tenant, action = "set", + tenant_handle = ca.handle, clear_replay_protection = "yes") self.call_rpkid(q_msg) if self.run_pubd: @@ -1267,7 +1267,7 @@ class Zookeeper(object): but be warned that this can be slow with a lot of CAs. Any arguments given are handles of CAs which should be poked with a - <self run_now="yes"/> operation. + <tenant run_now="yes"/> operation. """ for ca in rpki.irdb.models.ResourceHolderCA.objects.all(): @@ -1330,7 +1330,7 @@ class Zookeeper(object): # might make a case for a day instead, but we've been running with # six hours for a while now and haven't seen a lot of whining. - self_crl_interval = self.cfg.getint("self_crl_interval", 6 * 60 * 60, section = myrpki_section) + tenant_crl_interval = self.cfg.getint("tenant_crl_interval", 6 * 60 * 60, section = myrpki_section) # regen_margin now just controls how long before RPKI certificate # expiration we should regenerate; it used to control the interval @@ -1342,22 +1342,22 @@ class Zookeeper(object): # that this will regenerate certificates just *before* the # companion cron job warns of impending doom. - self_regen_margin = self.cfg.getint("self_regen_margin", 14 * 24 * 60 * 60 + 2 * 60, section = myrpki_section) + tenant_regen_margin = self.cfg.getint("tenant_regen_margin", 14 * 24 * 60 * 60 + 2 * 60, section = myrpki_section) # See what rpkid already has on file for this entity. q_msg = self._compose_left_right_query() - SubElement(q_msg, rpki.left_right.tag_self, action = "get", self_handle = ca.handle) - SubElement(q_msg, rpki.left_right.tag_bsc, action = "list", self_handle = ca.handle) - SubElement(q_msg, rpki.left_right.tag_repository, action = "list", self_handle = ca.handle) - SubElement(q_msg, rpki.left_right.tag_parent, action = "list", self_handle = ca.handle) - SubElement(q_msg, rpki.left_right.tag_child, action = "list", self_handle = ca.handle) + SubElement(q_msg, rpki.left_right.tag_tenant, action = "get", tenant_handle = ca.handle) + SubElement(q_msg, rpki.left_right.tag_bsc, action = "list", tenant_handle = ca.handle) + SubElement(q_msg, rpki.left_right.tag_repository, action = "list", tenant_handle = ca.handle) + SubElement(q_msg, rpki.left_right.tag_parent, action = "list", tenant_handle = ca.handle) + SubElement(q_msg, rpki.left_right.tag_child, action = "list", tenant_handle = ca.handle) r_msg = self.call_rpkid(q_msg, suppress_error_check = True) self.check_error_report(r_msg) - self_pdu = r_msg.find(rpki.left_right.tag_self) + tenant_pdu = r_msg.find(rpki.left_right.tag_tenant) bsc_pdus = dict((r_pdu.get("bsc_handle"), r_pdu) for r_pdu in r_msg.getiterator(rpki.left_right.tag_bsc)) @@ -1370,25 +1370,25 @@ class Zookeeper(object): q_msg = self._compose_left_right_query() - self_cert, created = rpki.irdb.models.HostedCA.objects.get_or_certify( + tenant_cert, created = rpki.irdb.models.HostedCA.objects.get_or_certify( issuer = self.server_ca, hosted = ca) - # There should be exactly one <self/> object per hosted entity, by definition - - if (self_pdu is None or - self_pdu.get("crl_interval") != str(self_crl_interval) or - self_pdu.get("regen_margin") != str(self_regen_margin) or - self_pdu.findtext(rpki.left_right.tag_bpki_cert, "").decode("base64") != self_cert.certificate.get_DER()): - q_pdu = SubElement(q_msg, rpki.left_right.tag_self, - action = "create" if self_pdu is None else "set", - tag = "self", - self_handle = ca.handle, - crl_interval = str(self_crl_interval), - regen_margin = str(self_regen_margin)) + # There should be exactly one <tenant/> object per hosted entity, by definition + + if (tenant_pdu is None or + tenant_pdu.get("crl_interval") != str(tenant_crl_interval) or + tenant_pdu.get("regen_margin") != str(tenant_regen_margin) or + tenant_pdu.findtext(rpki.left_right.tag_bpki_cert, "").decode("base64") != tenant_cert.certificate.get_DER()): + q_pdu = SubElement(q_msg, rpki.left_right.tag_tenant, + action = "create" if tenant_pdu is None else "set", + tag = "tenant", + tenant_handle = ca.handle, + crl_interval = str(tenant_crl_interval), + regen_margin = str(tenant_regen_margin)) SubElement(q_pdu, rpki.left_right.tag_bpki_cert).text = ca.certificate.get_Base64() - # In general we only need one <bsc/> per <self/>. BSC objects + # In general we only need one <bsc/> per <tenant/>. BSC objects # are a little unusual in that the keypair and PKCS #10 # subelement are generated by rpkid, so complete setup requires # two round trips. @@ -1399,19 +1399,19 @@ class Zookeeper(object): SubElement(q_msg, rpki.left_right.tag_bsc, action = "create" if bsc_pdu is None else "set", tag = "bsc", - self_handle = ca.handle, + tenant_handle = ca.handle, bsc_handle = bsc_handle, generate_keypair = "yes") for bsc_handle in bsc_pdus: SubElement(q_msg, rpki.left_right.tag_bsc, - action = "destroy", self_handle = ca.handle, bsc_handle = bsc_handle) + action = "destroy", tenant_handle = ca.handle, bsc_handle = bsc_handle) # If we've already got actions queued up, run them now, so we # can finish setting up the BSC before anything tries to use it. if len(q_msg) > 0: - SubElement(q_msg, rpki.left_right.tag_bsc, action = "list", tag = "bsc", self_handle = ca.handle) + SubElement(q_msg, rpki.left_right.tag_bsc, action = "list", tag = "bsc", tenant_handle = ca.handle) r_msg = self.call_rpkid(q_msg) bsc_pdus = dict((r_pdu.get("bsc_handle"), r_pdu) for r_pdu in r_msg.getiterator(rpki.left_right.tag_bsc) @@ -1433,7 +1433,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_bsc, action = "set", tag = "bsc", - self_handle = ca.handle, + tenant_handle = ca.handle, bsc_handle = bsc_handle) SubElement(q_pdu, rpki.left_right.tag_signing_cert).text = bsc.certificate.get_Base64() SubElement(q_pdu, rpki.left_right.tag_signing_cert_crl).text = ca.latest_crl.get_Base64() @@ -1456,7 +1456,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_repository, action = "create" if repository_pdu is None else "set", tag = repository.handle, - self_handle = ca.handle, + tenant_handle = ca.handle, repository_handle = repository.handle, bsc_handle = bsc_handle, peer_contact_uri = repository.service_uri) @@ -1466,7 +1466,7 @@ class Zookeeper(object): for repository_handle in repository_pdus: SubElement(q_msg, rpki.left_right.tag_repository, action = "destroy", - self_handle = ca.handle, repository_handle = repository_handle) + tenant_handle = ca.handle, repository_handle = repository_handle) # <parent/> setup code currently assumes 1:1 mapping between # <repository/> and <parent/>, and further assumes that the handles @@ -1492,7 +1492,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_parent, action = "create" if parent_pdu is None else "set", tag = parent.handle, - self_handle = ca.handle, + tenant_handle = ca.handle, parent_handle = parent.handle, bsc_handle = bsc_handle, repository_handle = parent.handle, @@ -1520,7 +1520,7 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_parent, action = "create" if parent_pdu is None else "set", tag = ca.handle, - self_handle = ca.handle, + tenant_handle = ca.handle, parent_handle = ca.handle, bsc_handle = bsc_handle, repository_handle = ca.handle, @@ -1535,7 +1535,7 @@ class Zookeeper(object): for parent_handle in parent_pdus: SubElement(q_msg, rpki.left_right.tag_parent, action = "destroy", - self_handle = ca.handle, parent_handle = parent_handle) + tenant_handle = ca.handle, parent_handle = parent_handle) # Children are simpler than parents, because they call us, so no URL # to construct and figuring out what certificate to use is their @@ -1551,19 +1551,19 @@ class Zookeeper(object): q_pdu = SubElement(q_msg, rpki.left_right.tag_child, action = "create" if child_pdu is None else "set", tag = child.handle, - self_handle = ca.handle, + tenant_handle = ca.handle, child_handle = child.handle, bsc_handle = bsc_handle) SubElement(q_pdu, rpki.left_right.tag_bpki_cert).text = child.certificate.get_Base64() for child_handle in child_pdus: SubElement(q_msg, rpki.left_right.tag_child, action = "destroy", - self_handle = ca.handle, child_handle = child_handle) + tenant_handle = ca.handle, child_handle = child_handle) # If caller wants us to poke rpkid, add that to the very end of the message if poke: - SubElement(q_msg, rpki.left_right.tag_self, action = "set", self_handle = ca.handle, run_now = "yes") + SubElement(q_msg, rpki.left_right.tag_tenant, action = "set", tenant_handle = ca.handle, run_now = "yes") # If we changed anything, ship updates off to rpkid. @@ -1643,23 +1643,23 @@ class Zookeeper(object): def synchronize_rpkid_deleted_core(self): """ - Remove any <self/> objects present in rpkid's database but not + Remove any <tenant/> objects present in rpkid's database but not present in the IRDB. This is the core synchronization code. Don't call this directly, instead call a methods that calls this inside a Django commit wrapper. """ q_msg = self._compose_left_right_query() - SubElement(q_msg, rpki.left_right.tag_self, action = "list") + SubElement(q_msg, rpki.left_right.tag_tenant, action = "list") self.call_rpkid(q_msg) - self_handles = set(s.get("self_handle") for s in q_msg) + tenant_handles = set(s.get("tenant_handle") for s in q_msg) ca_handles = set(ca.handle for ca in rpki.irdb.models.ResourceHolderCA.objects.all()) - assert ca_handles <= self_handles + assert ca_handles <= tenant_handles q_msg = self._compose_left_right_query() - for handle in (self_handles - ca_handles): - SubElement(q_msg, rpki.left_right.tag_self, action = "destroy", self_handle = handle) + for handle in (tenant_handles - ca_handles): + SubElement(q_msg, rpki.left_right.tag_tenant, action = "destroy", tenant_handle = handle) if len(q_msg) > 0: self.call_rpkid(q_msg) diff --git a/rpki/irdbd.py b/rpki/irdbd.py index d58128e5..96757477 100644 --- a/rpki/irdbd.py +++ b/rpki/irdbd.py @@ -42,13 +42,11 @@ logger = logging.getLogger(__name__) class main(object): def handle_list_resources(self, q_pdu, r_msg): - self_handle = q_pdu.get("self_handle") - child_handle = q_pdu.get("child_handle") - child = rpki.irdb.models.Child.objects.get( - issuer__handle__exact = self_handle, - handle = child_handle) + tenant_handle = q_pdu.get("tenant_handle") + child_handle = q_pdu.get("child_handle") + child = rpki.irdb.models.Child.objects.get(issuer__handle = tenant_handle, handle = child_handle) resources = child.resource_bag - r_pdu = SubElement(r_msg, rpki.left_right.tag_list_resources, self_handle = self_handle, child_handle = child_handle, + r_pdu = SubElement(r_msg, rpki.left_right.tag_list_resources, tenant_handle = tenant_handle, child_handle = child_handle, valid_until = child.valid_until.strftime("%Y-%m-%dT%H:%M:%SZ")) for k, v in (("asn", resources.asn), ("ipv4", resources.v4), @@ -58,15 +56,15 @@ class main(object): r_pdu.set(k, str(v)) def handle_list_roa_requests(self, q_pdu, r_msg): - self_handle = q_pdu.get("self_handle") + tenant_handle = q_pdu.get("tenant_handle") for request in rpki.irdb.models.ROARequest.objects.raw(""" SELECT irdb_roarequest.* FROM irdb_roarequest, irdb_resourceholderca WHERE irdb_roarequest.issuer_id = irdb_resourceholderca.id AND irdb_resourceholderca.handle = %s - """, [self_handle]): + """, [tenant_handle]): prefix_bag = request.roa_prefix_bag - r_pdu = SubElement(r_msg, rpki.left_right.tag_list_roa_requests, self_handle = self_handle, asn = str(request.asn)) + r_pdu = SubElement(r_msg, rpki.left_right.tag_list_roa_requests, tenant_handle = tenant_handle, asn = str(request.asn)) for k, v in (("ipv4", prefix_bag.v4), ("ipv6", prefix_bag.v6), ("tag", q_pdu.get("tag"))): @@ -74,26 +72,22 @@ class main(object): r_pdu.set(k, str(v)) def handle_list_ghostbuster_requests(self, q_pdu, r_msg): - self_handle = q_pdu.get("self_handle") + tenant_handle = q_pdu.get("tenant_handle") parent_handle = q_pdu.get("parent_handle") - ghostbusters = rpki.irdb.models.GhostbusterRequest.objects.filter( - issuer__handle__exact = self_handle, - parent__handle__exact = parent_handle) + ghostbusters = rpki.irdb.models.GhostbusterRequest.objects.filter(issuer__handle = tenant_handle, parent__handle = parent_handle) if ghostbusters.count() == 0: - ghostbusters = rpki.irdb.models.GhostbusterRequest.objects.filter( - issuer__handle__exact = self_handle, - parent = None) + ghostbusters = rpki.irdb.models.GhostbusterRequest.objects.filter(issuer__handle = tenant_handle, parent = None) for ghostbuster in ghostbusters: - r_pdu = SubElement(r_msg, q_pdu.tag, self_handle = self_handle, parent_handle = parent_handle) + r_pdu = SubElement(r_msg, q_pdu.tag, tenant_handle = tenant_handle, parent_handle = parent_handle) if q_pdu.get("tag"): r_pdu.set("tag", q_pdu.get("tag")) r_pdu.text = ghostbuster.vcard def handle_list_ee_certificate_requests(self, q_pdu, r_msg): - self_handle = q_pdu.get("self_handle") - for ee_req in rpki.irdb.models.EECertificateRequest.objects.filter(issuer__handle__exact = self_handle): + tenant_handle = q_pdu.get("tenant_handle") + for ee_req in rpki.irdb.models.EECertificateRequest.objects.filter(issuer__handle = tenant_handle): resources = ee_req.resource_bag - r_pdu = SubElement(r_msg, q_pdu.tag, self_handle = self_handle, gski = ee_req.gski, + r_pdu = SubElement(r_msg, q_pdu.tag, tenant_handle = tenant_handle, gski = ee_req.gski, valid_until = ee_req.valid_until.strftime("%Y-%m-%dT%H:%M:%SZ"), cn = ee_req.cn, sn = ee_req.sn) for k, v in (("asn", resources.asn), diff --git a/rpki/left_right.py b/rpki/left_right.py index 87082106..090de561 100644 --- a/rpki/left_right.py +++ b/rpki/left_right.py @@ -58,7 +58,7 @@ tag_pkcs10 = xmlns + "pkcs10" tag_pkcs10_request = xmlns + "pkcs10_request" tag_report_error = xmlns + "report_error" tag_repository = xmlns + "repository" -tag_self = xmlns + "self" +tag_tenant = xmlns + "tenant" tag_signing_cert = xmlns + "signing_cert" tag_signing_cert_crl = xmlns + "signing_cert_crl" diff --git a/rpki/log.py b/rpki/log.py index 0ef9ee5b..828982da 100644 --- a/rpki/log.py +++ b/rpki/log.py @@ -259,14 +259,14 @@ def class_logger(module_logger, attribute = "logger"): def log_repr(obj, *tokens): """ Constructor for __repr__() strings, handles suppression of Python - IDs as needed, includes self_handle when available. + IDs as needed, includes tenant_handle when available. """ # pylint: disable=W0702 words = ["%s.%s" % (obj.__class__.__module__, obj.__class__.__name__)] try: - words.append("{%s}" % obj.self.self_handle) + words.append("{%s}" % obj.tenant.tenant_handle) except: pass diff --git a/rpki/relaxng.py b/rpki/relaxng.py index 1eba49fb..b05da5ad 100644 --- a/rpki/relaxng.py +++ b/rpki/relaxng.py @@ -61,7 +61,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> </start> <!-- PDUs allowed in a query --> <define name="query_elt" combine="choice"> - <ref name="self_query"/> + <ref name="tenant_query"/> </define> <define name="query_elt" combine="choice"> <ref name="bsc_query"/> @@ -95,7 +95,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> </define> <!-- PDUs allowed in a reply --> <define name="reply_elt" combine="choice"> - <ref name="self_reply"/> + <ref name="tenant_reply"/> </define> <define name="reply_elt" combine="choice"> <ref name="bsc_reply"/> @@ -227,8 +227,8 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <param name="pattern">[\-,0-9/:a-fA-F]*</param> </data> </define> - <!-- <self/> element --> - <define name="self_bool"> + <!-- <tenant/> element --> + <define name="tenant_bool"> <optional> <attribute name="rekey"> <value>yes</value> @@ -265,7 +265,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> </attribute> </optional> </define> - <define name="self_payload"> + <define name="tenant_payload"> <optional> <attribute name="use_hsm"> <choice> @@ -295,74 +295,74 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> </element> </optional> </define> - <define name="self_handle"> - <attribute name="self_handle"> + <define name="tenant_handle"> + <attribute name="tenant_handle"> <ref name="object_handle"/> </attribute> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_create"/> - <ref name="self_handle"/> - <ref name="self_bool"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_bool"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_set"/> - <ref name="self_handle"/> - <ref name="self_bool"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_bool"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_get"/> - <ref name="self_handle"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_list"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_list"/> - <ref name="self_handle"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <!-- <bsc/> element. Key parameters hardwired for now. --> @@ -415,7 +415,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_bool"/> <ref name="bsc_payload"/> @@ -424,7 +424,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_readonly"/> </element> @@ -432,7 +432,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_bool"/> <ref name="bsc_payload"/> @@ -441,7 +441,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_readonly"/> </element> @@ -449,14 +449,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_payload"/> <ref name="bsc_readonly"/> @@ -465,13 +465,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_payload"/> <ref name="bsc_readonly"/> @@ -480,14 +480,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> @@ -565,7 +565,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_bool"/> <ref name="parent_payload"/> @@ -574,14 +574,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_bool"/> <ref name="parent_payload"/> @@ -590,21 +590,21 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_payload"/> </element> @@ -612,13 +612,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_payload"/> </element> @@ -626,14 +626,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> @@ -673,7 +673,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_bool"/> <ref name="child_payload"/> @@ -682,14 +682,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_bool"/> <ref name="child_payload"/> @@ -698,21 +698,21 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_payload"/> </element> @@ -720,13 +720,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_payload"/> </element> @@ -734,14 +734,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> @@ -786,7 +786,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_bool"/> <ref name="repository_payload"/> @@ -795,14 +795,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_bool"/> <ref name="repository_payload"/> @@ -811,21 +811,21 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_payload"/> </element> @@ -833,13 +833,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_payload"/> </element> @@ -847,14 +847,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> @@ -862,14 +862,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="list_resources_query"> <element name="list_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="list_resources_reply"> <element name="list_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <attribute name="valid_until"> <data type="dateTime"> @@ -897,13 +897,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="list_roa_requests_query"> <element name="list_roa_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_roa_requests_reply"> <element name="list_roa_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="asn"> <data type="nonNegativeInteger"/> </attribute> @@ -923,14 +923,14 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="list_ghostbuster_requests_query"> <element name="list_ghostbuster_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="list_ghostbuster_requests_reply"> <element name="list_ghostbuster_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <data type="string"/> </element> @@ -939,13 +939,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="list_ee_certificate_requests_query"> <element name="list_ee_certificate_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_ee_certificate_requests_reply"> <element name="list_ee_certificate_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="gski"> <data type="token"> <param name="minLength">27</param> @@ -1003,13 +1003,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="list_published_objects_query"> <element name="list_published_objects"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_published_objects_reply"> <element name="list_published_objects"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="uri"> <ref name="uri"/> </attribute> @@ -1025,13 +1025,13 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <define name="list_received_resources_query"> <element name="list_received_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_received_resources_reply"> <element name="list_received_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <attribute name="notBefore"> <data type="dateTime"> @@ -1079,7 +1079,7 @@ left_right = RelaxNGParser(r'''<?xml version="1.0" encoding="UTF-8"?> <element name="report_error"> <ref name="tag"/> <optional> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </optional> <attribute name="error_code"> <ref name="error"/> diff --git a/rpki/rpkic.py b/rpki/rpkic.py index ad695976..f5e77396 100644 --- a/rpki/rpkic.py +++ b/rpki/rpkic.py @@ -390,7 +390,7 @@ class main(Cmd): """ Delete local RPKI root as parent of the current entity. - This tells the current rpkid identity (<self/>) to stop talking to + This tells the current rpkid identity (<tenant/>) to stop talking to rootd. """ @@ -482,11 +482,11 @@ class main(Cmd): @parsecmd(argsubparsers) def do_delete_identity(self, args): """ - Delete the current RPKI identity (rpkid <self/> object). + Delete the current RPKI identity (rpkid <tenant/> object). """ try: - self.zoo.delete_self() + self.zoo.delete_tenant() self.zoo.synchronize_deleted_ca() except rpki.irdb.models.ResourceHolderCA.DoesNotExist: print "No such resource holder \"%s\"" % self.zoo.handle @@ -584,7 +584,7 @@ class main(Cmd): """ q_msg = self.zoo._compose_left_right_query() - SubElement(q_msg, rpki.left_right.tag_list_received_resources, self_handle = self.zoo.handle) + SubElement(q_msg, rpki.left_right.tag_list_received_resources, tenant_handle = self.zoo.handle) for r_pdu in self.zoo.call_rpkid(q_msg): @@ -606,7 +606,7 @@ class main(Cmd): """ q_msg = self.zoo._compose_left_right_query() - SubElement(q_msg, rpki.left_right.tag_list_published_objects, self_handle = self.zoo.handle) + SubElement(q_msg, rpki.left_right.tag_list_published_objects, tenant_handle = self.zoo.handle) for r_pdu in self.zoo.call_rpkid(q_msg): uri = r_pdu.get("uri") @@ -856,9 +856,9 @@ class main(Cmd): @parsecmd(argsubparsers) - def do_list_self_handles(self, args): + def do_list_tenant_handles(self, args): """ - List all <self/> handles in this rpkid instance. + List all <tenant/> handles in this rpkid instance. """ for ca in rpki.irdb.models.ResourceHolderCA.objects.all(): diff --git a/rpki/rpkid.py b/rpki/rpkid.py index 619f8650..c6b1001e 100644 --- a/rpki/rpkid.py +++ b/rpki/rpkid.py @@ -205,14 +205,14 @@ class main(object): errback(e) - def irdb_query_child_resources(self, self_handle, child_handle, callback, errback): + def irdb_query_child_resources(self, tenant_handle, child_handle, callback, errback): """ Ask IRDB about a child's resources. """ q_msg = self._compose_left_right_query() SubElement(q_msg, rpki.left_right.tag_list_resources, - self_handle = self_handle, child_handle = child_handle) + tenant_handle = tenant_handle, child_handle = child_handle) def done(r_msg): if len(r_msg) != 1: @@ -226,16 +226,16 @@ class main(object): self.irdb_query(q_msg, done, errback) - def irdb_query_roa_requests(self, self_handle, callback, errback): + def irdb_query_roa_requests(self, tenant_handle, callback, errback): """ Ask IRDB about self's ROA requests. """ q_msg = self._compose_left_right_query() - SubElement(q_msg, rpki.left_right.tag_list_roa_requests, self_handle = self_handle) + SubElement(q_msg, rpki.left_right.tag_list_roa_requests, tenant_handle = tenant_handle) self.irdb_query(q_msg, callback, errback) - def irdb_query_ghostbuster_requests(self, self_handle, parent_handles, callback, errback): + def irdb_query_ghostbuster_requests(self, tenant_handle, parent_handles, callback, errback): """ Ask IRDB about self's ghostbuster record requests. """ @@ -243,16 +243,16 @@ class main(object): q_msg = self._compose_left_right_query() for parent_handle in parent_handles: SubElement(q_msg, rpki.left_right.tag_list_ghostbuster_requests, - self_handle = self_handle, parent_handle = parent_handle) + tenant_handle = tenant_handle, parent_handle = parent_handle) self.irdb_query(q_msg, callback, errback) - def irdb_query_ee_certificate_requests(self, self_handle, callback, errback): + def irdb_query_ee_certificate_requests(self, tenant_handle, callback, errback): """ Ask IRDB about self's EE certificate requests. """ q_msg = self._compose_left_right_query() - SubElement(q_msg, rpki.left_right.tag_list_ee_certificate_requests, self_handle = self_handle) + SubElement(q_msg, rpki.left_right.tag_list_ee_certificate_requests, tenant_handle = tenant_handle) self.irdb_query(q_msg, callback, errback) @property @@ -266,7 +266,7 @@ class main(object): except AttributeError: import rpki.rpkidb.models # pylint: disable=W0621 self._left_right_models = { - rpki.left_right.tag_self : rpki.rpkidb.models.Self, + rpki.left_right.tag_tenant : rpki.rpkidb.models.Tenant, rpki.left_right.tag_bsc : rpki.rpkidb.models.BSC, rpki.left_right.tag_parent : rpki.rpkidb.models.Parent, rpki.left_right.tag_child : rpki.rpkidb.models.Child, @@ -292,14 +292,14 @@ class main(object): <list_published_objects/> server. """ - self_handle = q_pdu.get("self_handle") - msg_tag = q_pdu.get("tag") + tenant_handle = q_pdu.get("tenant_handle") + msg_tag = q_pdu.get("tag") - kw = dict(self_handle = self_handle) + kw = dict(tenant_handle = tenant_handle) if msg_tag is not None: kw.update(tag = msg_tag) - for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(ca__parent__self__self_handle = self_handle, state = "active"): + for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(ca__parent__tenant__tenant_handle = tenant_handle, state = "active"): SubElement(r_msg, rpki.left_right.tag_list_published_objects, uri = ca_detail.crl_uri, **kw).text = ca_detail.latest_crl.get_Base64() SubElement(r_msg, rpki.left_right.tag_list_published_objects, @@ -323,14 +323,14 @@ class main(object): """ logger.debug(".handle_list_received_resources() %s", ElementToString(q_pdu)) - self_handle = q_pdu.get("self_handle") - msg_tag = q_pdu.get("tag") - for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(ca__parent__self__self_handle = self_handle, + tenant_handle = q_pdu.get("tenant_handle") + msg_tag = q_pdu.get("tag") + for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(ca__parent__tenant__tenant_handle = tenant_handle, state = "active", latest_ca_cert__isnull = False): cert = ca_detail.latest_ca_cert resources = cert.get_3779resources() r_pdu = SubElement(r_msg, rpki.left_right.tag_list_received_resources, - self_handle = self_handle, + tenant_handle = tenant_handle, parent_handle = ca_detail.ca.parent.parent_handle, uri = ca_detail.ca_cert_uri, notBefore = str(cert.getNotBefore()), @@ -386,14 +386,14 @@ class main(object): def fail(e): if not isinstance(e, rpki.exceptions.NotFound): logger.exception("Unhandled exception serving left-right PDU %r", q_pdu) - error_self_handle = q_pdu.get("self_handle") - error_tag = q_pdu.get("tag") + error_tenant_handle = q_pdu.get("tenant_handle") + error_tag = q_pdu.get("tag") r_pdu = SubElement(r_msg, rpki.left_right.tag_report_error, error_code = e.__class__.__name__) r_pdu.text = str(e) if error_tag is not None: r_pdu.set("tag", error_tag) - if error_self_handle is not None: - r_pdu.set("self_handle", error_self_handle) + if error_tenant_handle is not None: + r_pdu.set("tenant_handle", error_tenant_handle) cb(200, body = rpki.left_right.cms_msg().wrap(r_msg, self.rpkid_key, self.rpkid_cert)) try: @@ -466,12 +466,12 @@ class main(object): match = self.up_down_url_regexp.search(path) if match is None: raise rpki.exceptions.BadContactURL("Bad URL path received in up_down_handler(): %s" % path) - self_handle, child_handle = match.groups() + tenant_handle, child_handle = match.groups() try: - child = rpki.rpkidb.models.Child.objects.get(self__self_handle = self_handle, child_handle = child_handle) + child = rpki.rpkidb.models.Child.objects.get(tenant__tenant_handle = tenant_handle, child_handle = child_handle) except rpki.rpkidb.models.Child.DoesNotExist: raise rpki.exceptions.ChildNotFound("Could not find child %s of self %s in up_down_handler()" % ( - child_handle, self_handle)) + child_handle, tenant_handle)) child.serve_up_down(self, q_der, done) except (rpki.async.ExitNow, SystemExit): raise @@ -543,7 +543,7 @@ class main(object): completion = rpki.rpkid_tasks.CompletionHandler(done) try: - selves = rpki.rpkidb.models.Self.objects.all() + selves = rpki.rpkidb.models.Tenant.objects.all() except Exception: logger.exception("Error pulling selves from SQL, maybe SQL server is down?") else: diff --git a/rpki/rpkid_tasks.py b/rpki/rpkid_tasks.py index f6afad1e..91fa787d 100644 --- a/rpki/rpkid_tasks.py +++ b/rpki/rpkid_tasks.py @@ -97,7 +97,7 @@ class AbstractTask(object): def __init__(self, rpkid, s, description = None): self.rpkid = rpkid - self.self = s + self.tenant = s self.description = description self.completions = [] self.continuation = None @@ -140,7 +140,7 @@ class AbstractTask(object): return rpki.sundial.now() > self.due_date def __getattr__(self, name): - return getattr(self.self, name) + return getattr(self.tenant, name) def start(self): raise NotImplementedError @@ -167,13 +167,10 @@ class PollParentTask(AbstractTask): def start(self): logger.debug("PollParentTask.start()") self.rpkid.checkpoint() - logger.debug("Self %s[%r] polling parents", self.self_handle, self) + logger.debug("Self %s[%r] polling parents", self.tenant_handle, self) assert not self.started self.started = True - # - # XXX Apparently "self" is a //really// bad choice for a column name with Django - # - rpki.async.iterator(rpki.rpkidb.models.Parent.objects.filter(self__exact = self.self), self.parent_loop, self.exit) + rpki.async.iterator(self.parents.all(), self.parent_loop, self.exit) def parent_loop(self, parent_iterator, parent): logger.debug("PollParentTask.parent_loop()") @@ -248,16 +245,13 @@ class UpdateChildrenTask(AbstractTask): def start(self): self.rpkid.checkpoint() - logger.debug("Self %s[%r] updating children", self.self_handle, self) + logger.debug("Self %s[%r] updating children", self.tenant_handle, self) assert not self.started self.started = True self.now = rpki.sundial.now() self.rsn = self.now + rpki.sundial.timedelta(seconds = self.regen_margin) self.publisher = rpki.rpkid.publication_queue(self.rpkid) - # - # XXX Apparently "self" is a //really// bad choice for a column name with Django - # - rpki.async.iterator(rpki.rpkidb.models.Child.objects.filter(self__exact = self.self), self.loop, self.done) + rpki.async.iterator(self.children.all(), self.loop, self.done) def loop(self, iterator, child): self.rpkid.checkpoint() @@ -271,7 +265,7 @@ class UpdateChildrenTask(AbstractTask): def do_child(self): if self.child_certs: - self.rpkid.irdb_query_child_resources(self.child.self.self_handle, self.child.child_handle, + self.rpkid.irdb_query_child_resources(self.child.tenant.tenant_handle, self.child.child_handle, self.got_resources, self.lose) else: self.iterator() @@ -344,7 +338,7 @@ class UpdateChildrenTask(AbstractTask): self.publisher.call_pubd(self.exit, self.publication_failed) def publication_failed(self, e): - logger.exception("Couldn't publish for %s, skipping", self.self_handle) + logger.exception("Couldn't publish for %s, skipping", self.tenant_handle) self.rpkid.checkpoint() self.exit() @@ -365,11 +359,11 @@ class UpdateROAsTask(AbstractTask): def start(self): self.rpkid.checkpoint() - logger.debug("Self %s[%r] updating ROAs", self.self_handle, self) + logger.debug("Self %s[%r] updating ROAs", self.tenant_handle, self) assert not self.started self.started = True logger.debug("Issuing query for ROA requests") - self.rpkid.irdb_query_roa_requests(self.self_handle, self.got_roa_requests, self.roa_requests_failed) + self.rpkid.irdb_query_roa_requests(self.tenant_handle, self.got_roa_requests, self.roa_requests_failed) def got_roa_requests(self, r_msg): self.rpkid.checkpoint() @@ -385,7 +379,7 @@ class UpdateROAsTask(AbstractTask): logger.debug("UpdateROAsTask.got_roa_requests(): setup done, self.orphans %r", self.orphans) assert isinstance(self.orphans, list) # XXX - for roa in rpki.rpkidb.models.ROA.objects.filter(self__exact = self.self): # XXX + for roa in self.tenant.roas.all(): logger.debug("UpdateROAsTask.got_roa_requests(): roa loop, self.orphans %r", self.orphans) assert isinstance(self.orphans, list) # XXX k = (roa.asn, str(roa.ipv4), str(roa.ipv6)) @@ -418,7 +412,7 @@ class UpdateROAsTask(AbstractTask): roa = roas.pop(k, None) if roa is None: roa = rpki.rpkidb.models.ROA(asn = long(r_pdu.get("asn")), ipv4 = r_pdu.get("ipv4"), ipv6 = r_pdu.get("ipv6")) - roa.self = self.self + roa.tenant = self.tenant logger.debug("Created new %r", roa) else: logger.debug("Found existing %r", roa) @@ -467,7 +461,7 @@ class UpdateROAsTask(AbstractTask): self.publisher.call_pubd(done, self.publication_failed) def publication_failed(self, e): - logger.exception("Couldn't publish for %s, skipping", self.self_handle) + logger.exception("Couldn't publish for %s, skipping", self.tenant_handle) self.rpkid.checkpoint() self.exit() @@ -484,7 +478,7 @@ class UpdateROAsTask(AbstractTask): self.publish(self.exit) def roa_requests_failed(self, e): - logger.exception("Could not fetch ROA requests for %s, skipping", self.self_handle) + logger.exception("Could not fetch ROA requests for %s, skipping", self.tenant_handle) self.exit() @@ -505,11 +499,11 @@ class UpdateGhostbustersTask(AbstractTask): def start(self): self.rpkid.checkpoint() - logger.debug("Self %s[%r] updating Ghostbuster records", self.self_handle, self) + logger.debug("Self %s[%r] updating Ghostbuster records", self.tenant_handle, self) assert not self.started self.started = True - parent_handles = set(p.parent_handle for p in rpki.rpkidb.models.Parent.objects.filter(self__exact = self.self)) - self.rpkid.irdb_query_ghostbuster_requests(self.self_handle, parent_handles, + parent_handles = set(p.parent_handle for p in self.tenant.parents.all()) + self.rpkid.irdb_query_ghostbuster_requests(self.tenant_handle, parent_handles, self.got_ghostbuster_requests, self.ghostbuster_requests_failed) @@ -524,7 +518,7 @@ class UpdateGhostbustersTask(AbstractTask): ca_details = set() seen = set() - for ghostbuster in rpki.rpkidb.models.Ghostbuster.objects.filter(self__exact = self.self): + for ghostbuster in self.tenant.ghostbusters.all(): k = (ghostbuster.ca_detail.pk, ghostbuster.vcard) if ghostbuster.ca_detail.state != "active" or k in ghostbusters: orphans.append(ghostbuster) @@ -533,7 +527,7 @@ class UpdateGhostbustersTask(AbstractTask): for r_pdu in r_msg: try: - rpki.rpkidb.models.Parent.objects.get(self__exact = self.self, parent_handle = r_pdu.get("parent_handle")) + self.tenant.parents.get(parent_handle = r_pdu.get("parent_handle")) except rpki.rpkidb.models.Parent.DoesNotExist: logger.warning("Unknown parent_handle %r in Ghostbuster request, skipping", r_pdu.get("parent_handle")) continue @@ -543,11 +537,11 @@ class UpdateGhostbustersTask(AbstractTask): continue seen.add(k) for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(ca__parent__parent_handle = r_pdu.get("parent_handle"), - ca__parent__self = self.self, state = "active"): + ca__parent__tenant = self.tenant, state = "active"): ghostbuster = ghostbusters.pop((ca_detail.pk, r_pdu.text), None) if ghostbuster is None: ghostbuster = rpki.rpkidb.models.Ghostbuster(ca_detail = ca_detail, vcard = r_pdu.text) - ghostbuster.self = self.self + ghostbuster.tenant = self.tenant logger.debug("Created new %r for %r", ghostbuster, r_pdu.get("parent_handle")) else: logger.debug("Found existing %r for %s", ghostbuster, r_pdu.get("parent_handle")) @@ -569,16 +563,16 @@ class UpdateGhostbustersTask(AbstractTask): except (SystemExit, rpki.async.ExitNow): raise except Exception: - logger.exception("Could not update Ghostbuster records for %s, skipping", self.self_handle) + logger.exception("Could not update Ghostbuster records for %s, skipping", self.tenant_handle) self.exit() def publication_failed(self, e): - logger.exception("Couldn't publish Ghostbuster updates for %s, skipping", self.self_handle) + logger.exception("Couldn't publish Ghostbuster updates for %s, skipping", self.tenant_handle) self.rpkid.checkpoint() self.exit() def ghostbuster_requests_failed(self, e): - logger.exception("Could not fetch Ghostbuster record requests for %s, skipping", self.self_handle) + logger.exception("Could not fetch Ghostbuster record requests for %s, skipping", self.tenant_handle) self.exit() @@ -596,10 +590,10 @@ class UpdateEECertificatesTask(AbstractTask): def start(self): self.rpkid.checkpoint() - logger.debug("Self %s[%r] updating EE certificates", self.self_handle, self) + logger.debug("Self %s[%r] updating EE certificates", self.tenant_handle, self) assert not self.started self.started = True - self.rpkid.irdb_query_ee_certificate_requests(self.self_handle, + self.rpkid.irdb_query_ee_certificate_requests(self.tenant_handle, self.got_requests, self.get_requests_failed) @@ -611,7 +605,7 @@ class UpdateEECertificatesTask(AbstractTask): publisher = rpki.rpkid.publication_queue(self.rpkid) existing = dict() - for ee in rpki.rpkidb.models.EECertificate.objects.filter(self__exact = self.self): # XXX + for ee in self.tenant.ee_certificates.all(): gski = ee.gski if gski not in existing: existing[gski] = set() @@ -673,16 +667,16 @@ class UpdateEECertificatesTask(AbstractTask): except (SystemExit, rpki.async.ExitNow): raise except Exception: - logger.exception("Could not update EE certificates for %s, skipping", self.self_handle) + logger.exception("Could not update EE certificates for %s, skipping", self.tenant_handle) self.exit() def publication_failed(self, e): - logger.exception("Couldn't publish EE certificate updates for %s, skipping", self.self_handle) + logger.exception("Couldn't publish EE certificate updates for %s, skipping", self.tenant_handle) self.rpkid.checkpoint() self.exit() def get_requests_failed(self, e): - logger.exception("Could not fetch EE certificate requests for %s, skipping", self.self_handle) + logger.exception("Could not fetch EE certificate requests for %s, skipping", self.tenant_handle) self.exit() @@ -704,7 +698,7 @@ class RegenerateCRLsAndManifestsTask(AbstractTask): def start(self): self.rpkid.checkpoint() - logger.debug("Self %s[%r] regenerating CRLs and manifests", self.self_handle, self) + logger.debug("Self %s[%r] regenerating CRLs and manifests", self.tenant_handle, self) assert not self.started self.started = True now = rpki.sundial.now() @@ -714,7 +708,7 @@ class RegenerateCRLsAndManifestsTask(AbstractTask): logger.debug("RegenerateCRLsAndManifestsTask: setup complete") # XXX - for ca in rpki.rpkidb.models.CA.objects.filter(parent__self = self.self): + for ca in rpki.rpkidb.models.CA.objects.filter(parent__tenant = self.tenant): logger.debug("RegenerateCRLsAndManifestsTask: checking CA %r", ca) # XXX try: for ca_detail in ca.ca_details.filter(state = "revoked"): @@ -739,7 +733,7 @@ class RegenerateCRLsAndManifestsTask(AbstractTask): self.exit() def lose(self, e): - logger.exception("Couldn't publish updated CRLs and manifests for self %r, skipping", self.self_handle) + logger.exception("Couldn't publish updated CRLs and manifests for self %r, skipping", self.tenant_handle) self.rpkid.checkpoint() self.exit() @@ -759,13 +753,13 @@ class CheckFailedPublication(AbstractTask): logger.debug("CheckFailedPublication starting") self.started = True publisher = rpki.rpkid.publication_queue(self.rpkid) - for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(ca__parent__self = self.self, state = "active"): + for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(ca__parent__tenant = self.tenant, state = "active"): ca_detail.check_failed_publication(publisher) self.rpkid.checkpoint() publisher.call_pubd(self.done, self.publication_failed) def publication_failed(self, e): - logger.exception("Couldn't publish for %s, skipping", self.self_handle) + logger.exception("Couldn't publish for %s, skipping", self.tenant_handle) self.rpkid.checkpoint() self.exit() diff --git a/rpki/rpkidb/migrations/0007_auto_20151020_1345.py b/rpki/rpkidb/migrations/0007_auto_20151020_1345.py new file mode 100644 index 00000000..b4682b14 --- /dev/null +++ b/rpki/rpkidb/migrations/0007_auto_20151020_1345.py @@ -0,0 +1,74 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('rpkidb', '0006_auto_20151019_0032'), + ] + + operations = [ + migrations.RenameModel( + old_name='Self', + new_name='Tenant', + ), + migrations.RenameField( + model_name='bsc', + old_name='self', + new_name='tenant', + ), + migrations.RenameField( + model_name='child', + old_name='self', + new_name='tenant', + ), + migrations.RenameField( + model_name='eecertificate', + old_name='self', + new_name='tenant', + ), + migrations.RenameField( + model_name='ghostbuster', + old_name='self', + new_name='tenant', + ), + migrations.RenameField( + model_name='parent', + old_name='self', + new_name='tenant', + ), + migrations.RenameField( + model_name='repository', + old_name='self', + new_name='tenant', + ), + migrations.RenameField( + model_name='roa', + old_name='self', + new_name='tenant', + ), + migrations.RenameField( + model_name='tenant', + old_name='self_handle', + new_name='tenant_handle', + ), + migrations.AlterUniqueTogether( + name='bsc', + unique_together=set([('tenant', 'bsc_handle')]), + ), + migrations.AlterUniqueTogether( + name='child', + unique_together=set([('tenant', 'child_handle')]), + ), + migrations.AlterUniqueTogether( + name='parent', + unique_together=set([('tenant', 'parent_handle')]), + ), + migrations.AlterUniqueTogether( + name='repository', + unique_together=set([('tenant', 'repository_handle')]), + ), + ] diff --git a/rpki/rpkidb/models.py b/rpki/rpkidb/models.py index d17b6fae..91e6e5c0 100644 --- a/rpki/rpkidb/models.py +++ b/rpki/rpkidb/models.py @@ -27,16 +27,6 @@ logger = logging.getLogger(__name__) # wait for its shave, particularly since disallowing null should be a # very simple change given migrations. -# The <self/> element was really badly named, but we weren't using -# Python when we named it. Perhaps <tenant/> would be a better name? -# Would want to rename it in left-right too. -# -# To make things worse, <self/> elements are handled slightly -# differently in many places, so there are a number of occurances of -# "self" or "self_handle" as special case magic. Feh. -# -# Cope for now, just be careful. - class XMLTemplate(object): """ Encapsulate all the voodoo for transcoding between lxml and ORM. @@ -66,8 +56,8 @@ class XMLTemplate(object): """ r_pdu = SubElement(r_msg, rpki.left_right.xmlns + self.name, nsmap = rpki.left_right.nsmap, action = q_pdu.get("action")) - if self.name != "self": - r_pdu.set("self_handle", obj.self.self_handle) + if self.name != "tenant": + r_pdu.set("tenant_handle", obj.tenant.tenant_handle) r_pdu.set(self.name + "_handle", getattr(obj, self.name + "_handle")) if q_pdu.get("tag"): r_pdu.set("tag", q_pdu.get("tag")) @@ -104,8 +94,8 @@ class XMLTemplate(object): assert q_pdu.tag == rpki.left_right.xmlns + self.name action = q_pdu.get("action") r_pdu = SubElement(r_msg, rpki.left_right.xmlns + self.name, nsmap = rpki.left_right.nsmap, action = action) - if self.name != "self": - r_pdu.set("self_handle", obj.self.self_handle) + if self.name != "tenant": + r_pdu.set("tenant_handle", obj.tenant.tenant_handle) r_pdu.set(self.name + "_handle", getattr(obj, self.name + "_handle")) if q_pdu.get("tag"): r_pdu.set("tag", q_pdu.get("tag")) @@ -126,7 +116,7 @@ class XMLTemplate(object): k = h.xml_template.name v = q_pdu.get(k + "_handle") if v is not None: - setattr(obj, k, h.objects.get(**{k + "_handle" : v, "self__exact" : obj.self})) + setattr(obj, k, h.objects.get(**{k + "_handle" : v, "tenant" : obj.tenant})) for k in self.attributes: v = q_pdu.get(k) if v is not None: @@ -153,20 +143,17 @@ class XMLManager(models.Manager): # pylint: disable=W0232 holding an XMLTemplate object (above). """ - # Additional complication: "self" is a bad keyword argument, which - # requires a two-step process. - def xml_get_or_create(self, xml): name = self.model.xml_template.name action = xml.get("action") assert xml.tag == rpki.left_right.xmlns + name and action in ("create", "set") d = { name + "_handle" : xml.get(name + "_handle") } - if name != "self" and action != "create": - d["self__self_handle"] = xml.get("self_handle") + if name != "tenant" and action != "create": + d["tenant__tenant_handle"] = xml.get("tenant_handle") logger.debug("XMLManager.xml_get_or_create(): name %s action %s filter %r", name, action, d) result = self.model(**d) if action == "create" else self.get(**d) - if name != "self" and action == "create": - result.self = Self.objects.get(self_handle = xml.get("self_handle")) + if name != "tenant" and action == "create": + result.tenant = Tenant.objects.get(tenant_handle = xml.get("tenant_handle")) logger.debug("XMLManager.xml_get_or_create(): name %s action %s filter %r result %r", name, action, d, result) return result @@ -177,8 +164,8 @@ class XMLManager(models.Manager): # pylint: disable=W0232 d = {} if action == "get": d[name + "_handle"] = xml.get(name + "_handle") - if name != "self": - d["self__self_handle"] = xml.get("self_handle") + if name != "tenant": + d["tenant__tenant_handle"] = xml.get("tenant_handle") logger.debug("XMLManager.xml_list(): name %s action %s filter %r", name, action, d) result = self.filter(**d) if d else self.all() logger.debug("XMLManager.xml_list(): name %s action %s filter %r result %r", name, action, d, result) @@ -189,8 +176,8 @@ class XMLManager(models.Manager): # pylint: disable=W0232 action = xml.get("action") assert xml.tag == rpki.left_right.xmlns + name and action == "destroy" d = { name + "_handle" : xml.get(name + "_handle") } - if name != "self": - d["self__self_handle"] = xml.get("self_handle") + if name != "tenant": + d["tenant__tenant_handle"] = xml.get("tenant_handle") logger.debug("XMLManager.xml_get_for_delete(): name %s action %s filter %r", name, action, d) result = self.get(**d) logger.debug("XMLManager.xml_get_for_delete(): name %s action %s filter %r result %r", name, action, d, result) @@ -228,8 +215,8 @@ def xml_hooks(cls): # Models @xml_hooks -class Self(models.Model): - self_handle = models.SlugField(max_length = 255) +class Tenant(models.Model): + tenant_handle = models.SlugField(max_length = 255) use_hsm = models.BooleanField(default = False) crl_interval = models.BigIntegerField(null = True) regen_margin = models.BigIntegerField(null = True) @@ -238,7 +225,7 @@ class Self(models.Model): objects = XMLManager() xml_template = XMLTemplate( - name = "self", + name = "tenant", attributes = ("crl_interval", "regen_margin"), booleans = ("use_hsm",), elements = ("bpki_cert", "bpki_glue")) @@ -311,7 +298,7 @@ class Self(models.Model): publisher.queue(uri = uri, new_obj = obj, old_hash = h, repository = repository) def done(): - for ca_detail in CADetail.objects.filter(ca__parent__self = self, state = "active"): + for ca_detail in CADetail.objects.filter(ca__parent__tenant = self, state = "active"): repository = ca_detail.ca.parent.repository reconcile(uri = ca_detail.crl_uri, obj = ca_detail.latest_crl, repository = repository) reconcile(uri = ca_detail.manifest_uri, obj = ca_detail.latest_manifest, repository = repository) @@ -332,7 +319,7 @@ class Self(models.Model): def serve_run_now(self, rpkid, cb, eb): - logger.debug("Forced immediate run of periodic actions for self %s[%r]", self.self_handle, self) + logger.debug("Forced immediate run of periodic actions for tenant %s[%r]", self.tenant_handle, self) completion = rpki.rpkid_tasks.CompletionHandler(cb) self.schedule_cron_tasks(rpkid, completion) assert completion.count > 0 @@ -351,18 +338,18 @@ class Self(models.Model): def find_covering_ca_details(self, resources): """ - Return all active CADetails for this <self/> which cover a + Return all active CADetails for this <tenant/> which cover a particular set of resources. If we expected there to be a large number of CADetails, we could add index tables and write fancy SQL query to do this, but for the expected common case where there are only one or two - active CADetails per <self/>, it's probably not worth it. In + active CADetails per <tenant/>, it's probably not worth it. In any case, this is an optimization we can leave for later. """ return set(ca_detail - for ca_detail in CADetail.objects.filter(ca__parent__self = self, state = "active") + for ca_detail in CADetail.objects.filter(ca__parent__tenant = self, state = "active") if ca_detail.covers(resources)) @@ -374,11 +361,11 @@ class BSC(models.Model): hash_alg = EnumField(choices = ("sha256",), default = "sha256") signing_cert = CertificateField(null = True) signing_cert_crl = CRLField(null = True) - self = models.ForeignKey(Self, related_name = "bscs") + tenant = models.ForeignKey(Tenant, related_name = "bscs") objects = XMLManager() class Meta: # pylint: disable=C1001,W0232 - unique_together = ("self", "bsc_handle") + unique_together = ("tenant", "bsc_handle") xml_template = XMLTemplate( name = "bsc", @@ -403,11 +390,11 @@ class Repository(models.Model): bpki_glue = CertificateField(null = True) last_cms_timestamp = SundialField(null = True) bsc = models.ForeignKey(BSC, related_name = "repositories") - self = models.ForeignKey(Self, related_name = "repositories") + tenant = models.ForeignKey(Tenant, related_name = "repositories") objects = XMLManager() class Meta: # pylint: disable=C1001,W0232 - unique_together = ("self", "repository_handle") + unique_together = ("tenant", "repository_handle") xml_template = XMLTemplate( name = "repository", @@ -450,7 +437,7 @@ class Repository(models.Model): bsc = self.bsc q_der = rpki.publication.cms_msg().wrap(q_msg, bsc.private_key_id, bsc.signing_cert, bsc.signing_cert_crl) - bpki_ta_path = (rpkid.bpki_ta, self.self.bpki_cert, self.self.bpki_glue, self.bpki_cert, self.bpki_glue) + bpki_ta_path = (rpkid.bpki_ta, self.tenant.bpki_cert, self.tenant.bpki_glue, self.bpki_cert, self.bpki_glue) def done(r_der): try: @@ -494,13 +481,13 @@ class Parent(models.Model): sender_name = models.TextField(null = True) recipient_name = models.TextField(null = True) last_cms_timestamp = SundialField(null = True) - self = models.ForeignKey(Self, related_name = "parents") + tenant = models.ForeignKey(Tenant, related_name = "parents") bsc = models.ForeignKey(BSC, related_name = "parents") repository = models.ForeignKey(Repository, related_name = "parents") objects = XMLManager() class Meta: # pylint: disable=C1001,W0232 - unique_together = ("self", "parent_handle") + unique_together = ("tenant", "parent_handle") xml_template = XMLTemplate( name = "parent", @@ -678,8 +665,8 @@ class Parent(models.Model): try: r_cms = rpki.up_down.cms_msg(DER = r_der) r_msg = r_cms.unwrap((rpkid.bpki_ta, - self.self.bpki_cert, - self.self.bpki_glue, + self.tenant.bpki_cert, + self.tenant.bpki_glue, self.bpki_cert, self.bpki_glue)) r_cms.check_replay_sql(self, self.peer_contact_uri) @@ -779,7 +766,7 @@ class CA(models.Model): if rc_cert is None: logger.warning("SKI %s in resource class %s is in database but missing from list_response to %s from %s, " "maybe parent certificate went away?", - ca_detail.public_key.gSKI(), class_name, parent.self.self_handle, parent.parent_handle) + ca_detail.public_key.gSKI(), class_name, parent.tenant.tenant_handle, parent.parent_handle) publisher = rpki.rpkid.publication_queue(rpkid) ca_detail.destroy(ca = ca_detail.ca, publisher = publisher) return publisher.call_pubd(iterator, eb) @@ -812,14 +799,14 @@ class CA(models.Model): def done(): if cert_map: logger.warning("Unknown certificate SKI%s %s in resource class %s in list_response to %s from %s, maybe you want to \"revoke_forgotten\"?", - "" if len(cert_map) == 1 else "s", ", ".join(cert_map), class_name, parent.self.self_handle, parent.parent_handle) + "" if len(cert_map) == 1 else "s", ", ".join(cert_map), class_name, parent.tenant.tenant_handle, parent.parent_handle) cb() ca_details = self.ca_details.exclude(state = "revoked") if ca_details: rpki.async.iterator(ca_details, loop, done) else: logger.warning("Existing resource class %s to %s from %s with no certificates, rekeying", - class_name, parent.self.self_handle, parent.parent_handle) + class_name, parent.tenant.tenant_handle, parent.parent_handle) self.rekey(rpkid, cb, eb) @@ -1115,7 +1102,7 @@ class CADetail(models.Model): if r_msg[0].get("ski") != gski: raise rpki.exceptions.SKIMismatch logger.debug("Parent revoked %s, starting cleanup", gski) - crl_interval = rpki.sundial.timedelta(seconds = parent.self.crl_interval) + crl_interval = rpki.sundial.timedelta(seconds = parent.tenant.crl_interval) nextUpdate = rpki.sundial.now() if self.latest_manifest is not None: self.latest_manifest.extract_if_needed() @@ -1281,7 +1268,7 @@ class CADetail(models.Model): """ self.check_failed_publication(publisher) - crl_interval = rpki.sundial.timedelta(seconds = self.ca.parent.self.crl_interval) + crl_interval = rpki.sundial.timedelta(seconds = self.ca.parent.tenant.crl_interval) now = rpki.sundial.now() if nextUpdate is None: nextUpdate = now + crl_interval @@ -1327,7 +1314,7 @@ class CADetail(models.Model): self.check_failed_publication(publisher) - crl_interval = rpki.sundial.timedelta(seconds = self.ca.parent.self.crl_interval) + crl_interval = rpki.sundial.timedelta(seconds = self.ca.parent.tenant.crl_interval) now = rpki.sundial.now() uri = self.manifest_uri if nextUpdate is None: @@ -1476,12 +1463,12 @@ class Child(models.Model): bpki_cert = CertificateField(null = True) bpki_glue = CertificateField(null = True) last_cms_timestamp = SundialField(null = True) - self = models.ForeignKey(Self, related_name = "children") + tenant = models.ForeignKey(Tenant, related_name = "children") bsc = models.ForeignKey(BSC, related_name = "children") objects = XMLManager() class Meta: # pylint: disable=C1001,W0232 - unique_together = ("self", "child_handle") + unique_together = ("tenant", "child_handle") xml_template = XMLTemplate( name = "child", @@ -1522,7 +1509,7 @@ class Child(models.Model): if irdb_resources.valid_until < rpki.sundial.now(): logger.debug("Child %s's resources expired %s", self.child_handle, irdb_resources.valid_until) else: - for ca_detail in CADetail.objects.filter(ca__parent__self = self.self, state = "active"): + for ca_detail in CADetail.objects.filter(ca__parent__tenant = self.tenant, state = "active"): resources = ca_detail.latest_ca_cert.get_3779resources() & irdb_resources if resources.empty(): logger.debug("No overlap between received resources and what child %s should get ([%s], [%s])", @@ -1540,7 +1527,7 @@ class Child(models.Model): c.text = child_cert.cert.get_Base64() SubElement(rc, rpki.up_down.tag_issuer).text = ca_detail.latest_ca_cert.get_Base64() callback() - rpkid.irdb_query_child_resources(self.self.self_handle, self.child_handle, got_resources, errback) + rpkid.irdb_query_child_resources(self.tenant.tenant_handle, self.child_handle, got_resources, errback) def up_down_handle_issue(self, rpkid, q_msg, r_msg, callback, errback): @@ -1610,12 +1597,12 @@ class Child(models.Model): sia = pkcs10.get_SIA() logger.debug("Child.up_down_handle_issue(): PKCS #10 SIA %r (%r, %r, %r, %r) %r", type(sia), type(sia[0]), type(sia[1]), type(sia[2]), type(sia[3]), sia) - + pkcs10.check_valid_request_ca() - ca_detail = CADetail.objects.get(ca__parent__self = self.self, + ca_detail = CADetail.objects.get(ca__parent__tenant = self.tenant, ca__parent_resource_class = class_name, state = "active") - rpkid.irdb_query_child_resources(self.self.self_handle, self.child_handle, got_resources, errback) + rpkid.irdb_query_child_resources(self.tenant.tenant_handle, self.child_handle, got_resources, errback) def up_down_handle_revoke(self, rpkid, q_msg, r_msg, callback, errback): @@ -1627,7 +1614,7 @@ class Child(models.Model): class_name = key.get("class_name") ski = base64.urlsafe_b64decode(key.get("ski") + "=") publisher = rpki.rpkid.publication_queue(rpkid) - for child_cert in ChildCert.objects.filter(ca_detail__ca__parent__self = self.self, + for child_cert in ChildCert.objects.filter(ca_detail__ca__parent__tenant = self.tenant, ca_detail__ca__parent_resource_class = class_name, ski = ski): child_cert.revoke(publisher = publisher) @@ -1654,8 +1641,8 @@ class Child(models.Model): raise rpki.exceptions.BSCNotFound("Could not find BSC") q_cms = rpki.up_down.cms_msg(DER = q_der) q_msg = q_cms.unwrap((rpkid.bpki_ta, - self.self.bpki_cert, - self.self.bpki_glue, + self.tenant.bpki_cert, + self.tenant.bpki_glue, self.bpki_cert, self.bpki_glue)) q_cms.check_replay_sql(self, "child", self.child_handle) @@ -1797,7 +1784,7 @@ class EECertificate(models.Model): ski = BlobField() cert = CertificateField() published = SundialField(null = True) - self = models.ForeignKey(Self, related_name = "ee_certificates") + tenant = models.ForeignKey(Tenant, related_name = "ee_certificates") ca_detail = models.ForeignKey(CADetail, related_name = "ee_certificates") @@ -1854,7 +1841,7 @@ class EECertificate(models.Model): sn = sn, eku = eku) self = cls(ca_detail = ca_detail, cert = cert, ski = subject_key.get_SKI()) - self.self = ca_detail.ca.parent.self + self.tenant = ca_detail.ca.parent.tenant publisher.queue( uri = self.uri, new_obj = self.cert, @@ -1962,7 +1949,7 @@ class Ghostbuster(models.Model): cert = CertificateField() ghostbuster = GhostbusterField() published = SundialField(null = True) - self = models.ForeignKey(Self, related_name = "ghostbusters") + tenant = models.ForeignKey(Tenant, related_name = "ghostbusters") ca_detail = models.ForeignKey(CADetail, related_name = "ghostbusters") @@ -1976,7 +1963,7 @@ class Ghostbuster(models.Model): return self.generate(publisher = publisher, fast = fast) now = rpki.sundial.now() - regen_time = self.cert.getNotAfter() - rpki.sundial.timedelta(seconds = self.self.regen_margin) + regen_time = self.cert.getNotAfter() - rpki.sundial.timedelta(seconds = self.tenant.regen_margin) if now > regen_time and self.cert.getNotAfter() < self.ca_detail.latest_ca_cert.getNotAfter(): logger.debug("%r past threshold %s, regenerating", self, regen_time) @@ -2133,7 +2120,7 @@ class ROA(models.Model): cert = CertificateField() roa = ROAField() published = SundialField(null = True) - self = models.ForeignKey(Self, related_name = "roas") + tenant = models.ForeignKey(Tenant, related_name = "roas") ca_detail = models.ForeignKey(CADetail, related_name = "roas") @@ -2155,7 +2142,7 @@ class ROA(models.Model): return self.regenerate(publisher = publisher, fast = fast) now = rpki.sundial.now() - regen_time = self.cert.getNotAfter() - rpki.sundial.timedelta(seconds = self.self.regen_margin) + regen_time = self.cert.getNotAfter() - rpki.sundial.timedelta(seconds = self.tenant.regen_margin) if now > regen_time and self.cert.getNotAfter() < self.ca_detail.latest_ca_cert.getNotAfter(): logger.debug("%r past threshold %s, regenerating", self, regen_time) @@ -2221,7 +2208,7 @@ class ROA(models.Model): logger.debug("Keeping old ca_detail %r for ROA %r", ca_detail, self) else: logger.debug("Searching for new ca_detail for ROA %r", self) - for ca_detail in CADetail.objects.filter(ca__parent__self = self.self, state = "active"): + for ca_detail in CADetail.objects.filter(ca__parent__tenant = self.tenant, state = "active"): resources = ca_detail.latest_ca_cert.get_3779resources() if not ca_detail.has_expired() and v4.issubset(resources.v4) and v6.issubset(resources.v6): logger.debug("Using new ca_detail %r for ROA %r", ca_detail, self) diff --git a/schemas/relaxng/left-right.rnc b/schemas/relaxng/left-right.rnc index b5ab56a7..91e3be28 100644 --- a/schemas/relaxng/left-right.rnc +++ b/schemas/relaxng/left-right.rnc @@ -32,7 +32,7 @@ start = element msg { } # PDUs allowed in a query -query_elt |= self_query +query_elt |= tenant_query query_elt |= bsc_query query_elt |= parent_query query_elt |= child_query @@ -45,7 +45,7 @@ query_elt |= list_published_objects_query query_elt |= list_received_resources_query # PDUs allowed in a reply -reply_elt |= self_reply +reply_elt |= tenant_reply reply_elt |= bsc_reply reply_elt |= parent_reply reply_elt |= child_reply @@ -92,34 +92,34 @@ asn_list = xsd:string { maxLength="512000" pattern="[\-,0-9]*" } ipv4_list = xsd:string { maxLength="512000" pattern="[\-,0-9/.]*" } ipv6_list = xsd:string { maxLength="512000" pattern="[\-,0-9/:a-fA-F]*" } -# <self/> element +# <tenant/> element -self_bool = (attribute rekey { "yes" }?, - attribute reissue { "yes" }?, - attribute revoke { "yes" }?, - attribute run_now { "yes" }?, - attribute publish_world_now { "yes" }?, - attribute revoke_forgotten { "yes" }?, - attribute clear_replay_protection { "yes" }?) +tenant_bool = (attribute rekey { "yes" }?, + attribute reissue { "yes" }?, + attribute revoke { "yes" }?, + attribute run_now { "yes" }?, + attribute publish_world_now { "yes" }?, + attribute revoke_forgotten { "yes" }?, + attribute clear_replay_protection { "yes" }?) + +tenant_payload = (attribute use_hsm { "yes" | "no" }?, + attribute crl_interval { xsd:positiveInteger }?, + attribute regen_margin { xsd:positiveInteger }?, + element bpki_cert { base64 }?, + element bpki_glue { base64 }?) + +tenant_handle = attribute tenant_handle { object_handle } -self_payload = (attribute use_hsm { "yes" | "no" }?, - attribute crl_interval { xsd:positiveInteger }?, - attribute regen_margin { xsd:positiveInteger }?, - element bpki_cert { base64 }?, - element bpki_glue { base64 }?) - -self_handle = attribute self_handle { object_handle } - -self_query |= element self { ctl_create, self_handle, self_bool, self_payload } -self_reply |= element self { ctl_create, self_handle } -self_query |= element self { ctl_set, self_handle, self_bool, self_payload } -self_reply |= element self { ctl_set, self_handle } -self_query |= element self { ctl_get, self_handle } -self_reply |= element self { ctl_get, self_handle, self_payload } -self_query |= element self { ctl_list } -self_reply |= element self { ctl_list, self_handle, self_payload } -self_query |= element self { ctl_destroy, self_handle } -self_reply |= element self { ctl_destroy, self_handle } +tenant_query |= element tenant { ctl_create, tenant_handle, tenant_bool, tenant_payload } +tenant_reply |= element tenant { ctl_create, tenant_handle } +tenant_query |= element tenant { ctl_set, tenant_handle, tenant_bool, tenant_payload } +tenant_reply |= element tenant { ctl_set, tenant_handle } +tenant_query |= element tenant { ctl_get, tenant_handle } +tenant_reply |= element tenant { ctl_get, tenant_handle, tenant_payload } +tenant_query |= element tenant { ctl_list } +tenant_reply |= element tenant { ctl_list, tenant_handle, tenant_payload } +tenant_query |= element tenant { ctl_destroy, tenant_handle } +tenant_reply |= element tenant { ctl_destroy, tenant_handle } # <bsc/> element. Key parameters hardwired for now. @@ -135,16 +135,16 @@ bsc_payload = (element signing_cert { base64 }?, bsc_readonly = element pkcs10_request { base64 }? -bsc_query |= element bsc { ctl_create, self_handle, bsc_handle, bsc_bool, bsc_payload } -bsc_reply |= element bsc { ctl_create, self_handle, bsc_handle, bsc_readonly } -bsc_query |= element bsc { ctl_set, self_handle, bsc_handle, bsc_bool, bsc_payload } -bsc_reply |= element bsc { ctl_set, self_handle, bsc_handle, bsc_readonly } -bsc_query |= element bsc { ctl_get, self_handle, bsc_handle } -bsc_reply |= element bsc { ctl_get, self_handle, bsc_handle, bsc_payload, bsc_readonly } -bsc_query |= element bsc { ctl_list, self_handle } -bsc_reply |= element bsc { ctl_list, self_handle, bsc_handle, bsc_payload, bsc_readonly } -bsc_query |= element bsc { ctl_destroy, self_handle, bsc_handle } -bsc_reply |= element bsc { ctl_destroy, self_handle, bsc_handle } +bsc_query |= element bsc { ctl_create, tenant_handle, bsc_handle, bsc_bool, bsc_payload } +bsc_reply |= element bsc { ctl_create, tenant_handle, bsc_handle, bsc_readonly } +bsc_query |= element bsc { ctl_set, tenant_handle, bsc_handle, bsc_bool, bsc_payload } +bsc_reply |= element bsc { ctl_set, tenant_handle, bsc_handle, bsc_readonly } +bsc_query |= element bsc { ctl_get, tenant_handle, bsc_handle } +bsc_reply |= element bsc { ctl_get, tenant_handle, bsc_handle, bsc_payload, bsc_readonly } +bsc_query |= element bsc { ctl_list, tenant_handle } +bsc_reply |= element bsc { ctl_list, tenant_handle, bsc_handle, bsc_payload, bsc_readonly } +bsc_query |= element bsc { ctl_destroy, tenant_handle, bsc_handle } +bsc_reply |= element bsc { ctl_destroy, tenant_handle, bsc_handle } # <parent/> element @@ -165,16 +165,16 @@ parent_payload = (attribute peer_contact_uri { uri }?, element bpki_cert { base64 }?, element bpki_glue { base64 }?) -parent_query |= element parent { ctl_create, self_handle, parent_handle, parent_bool, parent_payload } -parent_reply |= element parent { ctl_create, self_handle, parent_handle } -parent_query |= element parent { ctl_set, self_handle, parent_handle, parent_bool, parent_payload } -parent_reply |= element parent { ctl_set, self_handle, parent_handle } -parent_query |= element parent { ctl_get, self_handle, parent_handle } -parent_reply |= element parent { ctl_get, self_handle, parent_handle, parent_payload } -parent_query |= element parent { ctl_list, self_handle } -parent_reply |= element parent { ctl_list, self_handle, parent_handle, parent_payload } -parent_query |= element parent { ctl_destroy, self_handle, parent_handle } -parent_reply |= element parent { ctl_destroy, self_handle, parent_handle } +parent_query |= element parent { ctl_create, tenant_handle, parent_handle, parent_bool, parent_payload } +parent_reply |= element parent { ctl_create, tenant_handle, parent_handle } +parent_query |= element parent { ctl_set, tenant_handle, parent_handle, parent_bool, parent_payload } +parent_reply |= element parent { ctl_set, tenant_handle, parent_handle } +parent_query |= element parent { ctl_get, tenant_handle, parent_handle } +parent_reply |= element parent { ctl_get, tenant_handle, parent_handle, parent_payload } +parent_query |= element parent { ctl_list, tenant_handle } +parent_reply |= element parent { ctl_list, tenant_handle, parent_handle, parent_payload } +parent_query |= element parent { ctl_destroy, tenant_handle, parent_handle } +parent_reply |= element parent { ctl_destroy, tenant_handle, parent_handle } # <child/> element @@ -187,16 +187,16 @@ child_payload = (bsc_handle?, element bpki_cert { base64 }?, element bpki_glue { base64 }?) -child_query |= element child { ctl_create, self_handle, child_handle, child_bool, child_payload } -child_reply |= element child { ctl_create, self_handle, child_handle } -child_query |= element child { ctl_set, self_handle, child_handle, child_bool, child_payload } -child_reply |= element child { ctl_set, self_handle, child_handle } -child_query |= element child { ctl_get, self_handle, child_handle } -child_reply |= element child { ctl_get, self_handle, child_handle, child_payload } -child_query |= element child { ctl_list, self_handle } -child_reply |= element child { ctl_list, self_handle, child_handle, child_payload } -child_query |= element child { ctl_destroy, self_handle, child_handle } -child_reply |= element child { ctl_destroy, self_handle, child_handle } +child_query |= element child { ctl_create, tenant_handle, child_handle, child_bool, child_payload } +child_reply |= element child { ctl_create, tenant_handle, child_handle } +child_query |= element child { ctl_set, tenant_handle, child_handle, child_bool, child_payload } +child_reply |= element child { ctl_set, tenant_handle, child_handle } +child_query |= element child { ctl_get, tenant_handle, child_handle } +child_reply |= element child { ctl_get, tenant_handle, child_handle, child_payload } +child_query |= element child { ctl_list, tenant_handle } +child_reply |= element child { ctl_list, tenant_handle, child_handle, child_payload } +child_query |= element child { ctl_destroy, tenant_handle, child_handle } +child_reply |= element child { ctl_destroy, tenant_handle, child_handle } # <repository/> element @@ -210,25 +210,25 @@ repository_payload = (attribute peer_contact_uri { uri }?, element bpki_cert { base64 }?, element bpki_glue { base64 }?) -repository_query |= element repository { ctl_create, self_handle, repository_handle, repository_bool, repository_payload } -repository_reply |= element repository { ctl_create, self_handle, repository_handle } -repository_query |= element repository { ctl_set, self_handle, repository_handle, repository_bool, repository_payload } -repository_reply |= element repository { ctl_set, self_handle, repository_handle } -repository_query |= element repository { ctl_get, self_handle, repository_handle } -repository_reply |= element repository { ctl_get, self_handle, repository_handle, repository_payload } -repository_query |= element repository { ctl_list, self_handle } -repository_reply |= element repository { ctl_list, self_handle, repository_handle, repository_payload } -repository_query |= element repository { ctl_destroy, self_handle, repository_handle } -repository_reply |= element repository { ctl_destroy, self_handle, repository_handle } +repository_query |= element repository { ctl_create, tenant_handle, repository_handle, repository_bool, repository_payload } +repository_reply |= element repository { ctl_create, tenant_handle, repository_handle } +repository_query |= element repository { ctl_set, tenant_handle, repository_handle, repository_bool, repository_payload } +repository_reply |= element repository { ctl_set, tenant_handle, repository_handle } +repository_query |= element repository { ctl_get, tenant_handle, repository_handle } +repository_reply |= element repository { ctl_get, tenant_handle, repository_handle, repository_payload } +repository_query |= element repository { ctl_list, tenant_handle } +repository_reply |= element repository { ctl_list, tenant_handle, repository_handle, repository_payload } +repository_query |= element repository { ctl_destroy, tenant_handle, repository_handle } +repository_reply |= element repository { ctl_destroy, tenant_handle, repository_handle } # <list_resources/> element list_resources_query = element list_resources { - tag, self_handle, child_handle + tag, tenant_handle, child_handle } list_resources_reply = element list_resources { - tag, self_handle, child_handle, + tag, tenant_handle, child_handle, attribute valid_until { xsd:dateTime { pattern=".*Z" } }, attribute asn { asn_list }?, attribute ipv4 { ipv4_list }?, @@ -238,11 +238,11 @@ list_resources_reply = element list_resources { # <list_roa_requests/> element list_roa_requests_query = element list_roa_requests { - tag, self_handle + tag, tenant_handle } list_roa_requests_reply = element list_roa_requests { - tag, self_handle, + tag, tenant_handle, attribute asn { xsd:nonNegativeInteger }, attribute ipv4 { ipv4_list }?, attribute ipv6 { ipv6_list }? @@ -251,22 +251,22 @@ list_roa_requests_reply = element list_roa_requests { # <list_ghostbuster_requests/> element list_ghostbuster_requests_query = element list_ghostbuster_requests { - tag, self_handle, parent_handle + tag, tenant_handle, parent_handle } list_ghostbuster_requests_reply = element list_ghostbuster_requests { - tag, self_handle, parent_handle, + tag, tenant_handle, parent_handle, xsd:string } # <list_ee_certificate_requests/> element list_ee_certificate_requests_query = element list_ee_certificate_requests { - tag, self_handle + tag, tenant_handle } list_ee_certificate_requests_reply = element list_ee_certificate_requests { - tag, self_handle, + tag, tenant_handle, attribute gski { xsd:token { minLength="27" maxLength="27" } }, attribute valid_until { xsd:dateTime { pattern=".*Z" } }, attribute asn { asn_list }?, @@ -281,11 +281,11 @@ list_ee_certificate_requests_reply = element list_ee_certificate_requests { # <list_published_objects/> element list_published_objects_query = element list_published_objects { - tag, self_handle + tag, tenant_handle } list_published_objects_reply = element list_published_objects { - tag, self_handle, + tag, tenant_handle, attribute uri { uri }, attribute child_handle { object_handle }?, base64 @@ -294,11 +294,11 @@ list_published_objects_reply = element list_published_objects { # <list_received_resources/> element list_received_resources_query = element list_received_resources { - tag, self_handle + tag, tenant_handle } list_received_resources_reply = element list_received_resources { - tag, self_handle, parent_handle, + tag, tenant_handle, parent_handle, attribute notBefore { xsd:dateTime { pattern=".*Z" } }, attribute notAfter { xsd:dateTime { pattern=".*Z" } }, attribute uri { uri }, @@ -314,7 +314,7 @@ list_received_resources_reply = element list_received_resources { error = xsd:token { maxLength="1024" } report_error_reply = element report_error { - tag, self_handle?, + tag, tenant_handle?, attribute error_code { error }, xsd:string { maxLength="512000" }? } diff --git a/schemas/relaxng/left-right.rng b/schemas/relaxng/left-right.rng index c8864caf..c5e8c127 100644 --- a/schemas/relaxng/left-right.rng +++ b/schemas/relaxng/left-right.rng @@ -55,7 +55,7 @@ </start> <!-- PDUs allowed in a query --> <define name="query_elt" combine="choice"> - <ref name="self_query"/> + <ref name="tenant_query"/> </define> <define name="query_elt" combine="choice"> <ref name="bsc_query"/> @@ -89,7 +89,7 @@ </define> <!-- PDUs allowed in a reply --> <define name="reply_elt" combine="choice"> - <ref name="self_reply"/> + <ref name="tenant_reply"/> </define> <define name="reply_elt" combine="choice"> <ref name="bsc_reply"/> @@ -221,8 +221,8 @@ <param name="pattern">[\-,0-9/:a-fA-F]*</param> </data> </define> - <!-- <self/> element --> - <define name="self_bool"> + <!-- <tenant/> element --> + <define name="tenant_bool"> <optional> <attribute name="rekey"> <value>yes</value> @@ -259,7 +259,7 @@ </attribute> </optional> </define> - <define name="self_payload"> + <define name="tenant_payload"> <optional> <attribute name="use_hsm"> <choice> @@ -289,74 +289,74 @@ </element> </optional> </define> - <define name="self_handle"> - <attribute name="self_handle"> + <define name="tenant_handle"> + <attribute name="tenant_handle"> <ref name="object_handle"/> </attribute> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_create"/> - <ref name="self_handle"/> - <ref name="self_bool"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_bool"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_set"/> - <ref name="self_handle"/> - <ref name="self_bool"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_bool"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_get"/> - <ref name="self_handle"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_list"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_list"/> - <ref name="self_handle"/> - <ref name="self_payload"/> + <ref name="tenant_handle"/> + <ref name="tenant_payload"/> </element> </define> - <define name="self_query" combine="choice"> - <element name="self"> + <define name="tenant_query" combine="choice"> + <element name="tenant"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> - <define name="self_reply" combine="choice"> - <element name="self"> + <define name="tenant_reply" combine="choice"> + <element name="tenant"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <!-- <bsc/> element. Key parameters hardwired for now. --> @@ -409,7 +409,7 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_bool"/> <ref name="bsc_payload"/> @@ -418,7 +418,7 @@ <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_readonly"/> </element> @@ -426,7 +426,7 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_bool"/> <ref name="bsc_payload"/> @@ -435,7 +435,7 @@ <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_readonly"/> </element> @@ -443,14 +443,14 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_payload"/> <ref name="bsc_readonly"/> @@ -459,13 +459,13 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> <ref name="bsc_payload"/> <ref name="bsc_readonly"/> @@ -474,14 +474,14 @@ <define name="bsc_query" combine="choice"> <element name="bsc"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> <define name="bsc_reply" combine="choice"> <element name="bsc"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="bsc_handle"/> </element> </define> @@ -559,7 +559,7 @@ <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_bool"/> <ref name="parent_payload"/> @@ -568,14 +568,14 @@ <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_bool"/> <ref name="parent_payload"/> @@ -584,21 +584,21 @@ <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_payload"/> </element> @@ -606,13 +606,13 @@ <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <ref name="parent_payload"/> </element> @@ -620,14 +620,14 @@ <define name="parent_query" combine="choice"> <element name="parent"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="parent_reply" combine="choice"> <element name="parent"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> @@ -667,7 +667,7 @@ <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_bool"/> <ref name="child_payload"/> @@ -676,14 +676,14 @@ <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_bool"/> <ref name="child_payload"/> @@ -692,21 +692,21 @@ <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_payload"/> </element> @@ -714,13 +714,13 @@ <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <ref name="child_payload"/> </element> @@ -728,14 +728,14 @@ <define name="child_query" combine="choice"> <element name="child"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="child_reply" combine="choice"> <element name="child"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> @@ -780,7 +780,7 @@ <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_bool"/> <ref name="repository_payload"/> @@ -789,14 +789,14 @@ <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_create"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_bool"/> <ref name="repository_payload"/> @@ -805,21 +805,21 @@ <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_set"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_get"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_payload"/> </element> @@ -827,13 +827,13 @@ <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_list"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> <ref name="repository_payload"/> </element> @@ -841,14 +841,14 @@ <define name="repository_query" combine="choice"> <element name="repository"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> <define name="repository_reply" combine="choice"> <element name="repository"> <ref name="ctl_destroy"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="repository_handle"/> </element> </define> @@ -856,14 +856,14 @@ <define name="list_resources_query"> <element name="list_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> </element> </define> <define name="list_resources_reply"> <element name="list_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="child_handle"/> <attribute name="valid_until"> <data type="dateTime"> @@ -891,13 +891,13 @@ <define name="list_roa_requests_query"> <element name="list_roa_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_roa_requests_reply"> <element name="list_roa_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="asn"> <data type="nonNegativeInteger"/> </attribute> @@ -917,14 +917,14 @@ <define name="list_ghostbuster_requests_query"> <element name="list_ghostbuster_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> </element> </define> <define name="list_ghostbuster_requests_reply"> <element name="list_ghostbuster_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <data type="string"/> </element> @@ -933,13 +933,13 @@ <define name="list_ee_certificate_requests_query"> <element name="list_ee_certificate_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_ee_certificate_requests_reply"> <element name="list_ee_certificate_requests"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="gski"> <data type="token"> <param name="minLength">27</param> @@ -997,13 +997,13 @@ <define name="list_published_objects_query"> <element name="list_published_objects"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_published_objects_reply"> <element name="list_published_objects"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <attribute name="uri"> <ref name="uri"/> </attribute> @@ -1019,13 +1019,13 @@ <define name="list_received_resources_query"> <element name="list_received_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </element> </define> <define name="list_received_resources_reply"> <element name="list_received_resources"> <ref name="tag"/> - <ref name="self_handle"/> + <ref name="tenant_handle"/> <ref name="parent_handle"/> <attribute name="notBefore"> <data type="dateTime"> @@ -1073,7 +1073,7 @@ <element name="report_error"> <ref name="tag"/> <optional> - <ref name="self_handle"/> + <ref name="tenant_handle"/> </optional> <attribute name="error_code"> <ref name="error"/> |