3 # inspired from tophat/bin/uploadcredential.py
5 # the purpose here is to let people upload their delegated credentials
6 # to a manifold/myslice infrastructure, without the need for having to
7 # install a separate tool; so duplicating this code is suboptimal in
8 # terms of code sharing but acceptable for hopefully easier use
10 # As of Nov. 2013, the signature for the forward API call has changed
11 # and now requires authentication to be passed as an annotation
12 # We take this chance to make things much simpler here by dropping
13 # support for multiple API versions/flavours
15 # As of April 2013, manifold is moving from old-fashioned API known as
16 # v1, that offers an AddCredential API call, towards a new API v2 that
17 # manages credentials with the same set of Get/Update calls as other
21 # mostly this is intended to be used through 'sfi myslice'
22 # so the defaults below are of no real importance
23 # this for now points at demo.myslice.info, but sounds like a
24 # better default for the long run
25 DEFAULT_URL = "http://myslice.onelab.eu:7080"
26 DEFAULT_PLATFORM = 'ple'
28 # starting with 2.7.9 we need to turn off server verification
30 ssl_needs_unverified_context = hasattr(ssl, '_create_unverified_context')
35 class ManifoldUploader:
36 """A utility class for uploading delegated credentials to a manifold/MySlice infrastructure"""
38 # platform is a name internal to the manifold deployment,
39 # that maps to a testbed, like e.g. 'ple'
40 def __init__ (self, logger, url=None, platform=None, username=None, password=None, ):
42 self._platform=platform
43 self._username=username
44 self._password=password
49 if not self._username:
50 self._username=raw_input("Enter your manifold username: ")
54 if not self._password:
55 username=self.username()
56 self._password=getpass.getpass("Enter password for manifold user %s: "%username)
60 if not self._platform:
61 self._platform=raw_input("Enter your manifold platform [%s]: "%DEFAULT_PLATFORM)
62 if self._platform.strip()=="": self._platform = DEFAULT_PLATFORM
67 self._url=raw_input("Enter the URL for your manifold API [%s]: "%DEFAULT_URL)
68 if self._url.strip()=="": self._url = DEFAULT_URL
72 self.username(); self.password(); self.platform(); self.url()
74 # looks like the current implementation of manifold server
75 # won't be happy with several calls issued in the same session
76 # so we do not cache this one
80 # self.logger.info("Connecting manifold url %s"%url)
81 # self._proxy = xmlrpclib.ServerProxy(url, allow_none = True)
84 self.logger.debug("Connecting manifold url %s"%url)
85 if not ssl_needs_unverified_context:
86 proxy = xmlrpclib.ServerProxy(url, allow_none = True)
88 proxy = xmlrpclib.ServerProxy(url, allow_none = True,
89 context=ssl._create_unverified_context())
92 # does the job for one credential
93 # expects the credential (string) and an optional message (e.g. hrn) for reporting
94 # return True upon success and False otherwise
95 def upload (self, delegated_credential, message=None):
96 platform=self.platform()
97 username=self.username()
98 password=self.password()
99 auth = {'AuthMethod': 'password', 'Username': username, 'AuthString': password}
100 if not message: message=""
103 manifold=self.proxy()
104 # the code for a V2 interface
105 query = { 'action': 'update',
106 'object': 'local:account',
107 'filters': [ ['platform', '=', platform] ] ,
108 'params': {'credential': delegated_credential, },
110 annotation = {'authentication': auth, }
111 # in principle the xmlrpc call should not raise an exception
112 # but fill in error code and messages instead
113 # however this is only theoretical so let's be on the safe side
115 self.logger.debug("Using new v2 method forward+annotation@%s %s"%(platform,message))
116 retcod2=manifold.forward (query, annotation)
118 # xxx we need a constant constant for UNKNOWN, how about using 1
120 retcod2={'code':MANIFOLD_UNKNOWN,'description':"%s"%e}
121 if retcod2['code']==0:
123 if message: info += message+" "
124 info += 'v2 upload OK'
125 self.logger.info(info)
127 # everything has failed, let's report
128 self.logger.error("Could not upload %s"%(message if message else "credential"))
129 self.logger.info(" V2 Update returned code %s and error >>%s<<"%(retcod2['code'],retcod2['description']))
130 self.logger.debug("****** full retcod2")
131 for (k,v) in retcod2.items(): self.logger.debug("**** %s: %s"%(k,v))
134 if message: self.logger.error("Could not upload %s %s"%(message,e))
135 else: self.logger.error("Could not upload credential %s"%e)
136 if self.logger.debugEnabled():
138 traceback.print_exc()
141 ### this is mainly for unit testing this class but can come in handy as well
143 from argparse import ArgumentParser
144 parser = ArgumentParser (description="manifoldupoader simple tester.")
145 parser.add_argument ('credential_files',metavar='FILE',type=str,nargs='+',
146 help="the filenames to upload")
147 parser.add_argument ('-u','--url',dest='url', action='store',default=None,
148 help='the URL of the manifold API')
149 parser.add_argument ('-p','--platform',dest='platform',action='store',default=None,
150 help='the manifold platform name')
151 parser.add_argument ('-U','--user',dest='username',action='store',default=None,
152 help='the manifold username')
153 parser.add_argument ('-P','--password',dest='password',action='store',default=None,
154 help='the manifold password')
155 parser.add_argument ('-v','--verbose',dest='verbose',action='count',default=0,
156 help='more and more verbose')
157 args = parser.parse_args ()
159 from sfa.util.sfalogging import sfi_logger
160 sfi_logger.enable_console()
161 sfi_logger.setLevelFromOptVerbose(args.verbose)
162 uploader = ManifoldUploader (url=args.url, platform=args.platform,
163 username=args.username, password=args.password,
166 for filename in args.credential_files:
167 with file(filename) as f:
168 result=uploader.upload (f.read(),filename)
169 sfi_logger.info('... result=%s'%result)
171 if __name__ == '__main__':