3 # inspired from tophat/bin/uploadcredential.py
5 # the purpose here is to let people upload their delegated credentials
6 # to a manifold/myslice infrastructure, without the need for having to
7 # install a separate tool; so duplicating this code is suboptimal in
8 # terms of code sharing but acceptable for hopefully easier use
10 # As of Nov. 2013, the signature for the forward API call has changed
11 # and now requires authentication to be passed as an annotation
12 # We take this chance to make things much simpler here by dropping
13 # support for multiple API versions/flavours
15 # As of April 2013, manifold is moving from old-fashioned API known as
16 # v1, that offers an AddCredential API call, towards a new API v2 that
17 # manages credentials with the same set of Get/Update calls as other
21 # mostly this is intended to be used through 'sfi myslice'
22 # so the defaults below are of no real importance
23 # this for now points at demo.myslice.info, but sounds like a
24 # better default for the long run
25 DEFAULT_URL = "http://myslice.onelab.eu:7080"
26 DEFAULT_PLATFORM = 'ple'
28 # starting with 2.7.9 we need to turn off server verification
30 try: turn_off_server_verify = { 'context' : ssl._create_unverified_context() }
31 except: turn_off_server_verify = {}
36 class ManifoldUploader:
37 """A utility class for uploading delegated credentials to a manifold/MySlice infrastructure"""
39 # platform is a name internal to the manifold deployment,
40 # that maps to a testbed, like e.g. 'ple'
41 def __init__ (self, logger, url=None, platform=None, username=None, password=None, ):
43 self._platform=platform
44 self._username=username
45 self._password=password
50 if not self._username:
51 self._username=raw_input("Enter your manifold username: ")
55 if not self._password:
56 username=self.username()
57 self._password=getpass.getpass("Enter password for manifold user %s: "%username)
61 if not self._platform:
62 self._platform=raw_input("Enter your manifold platform [%s]: "%DEFAULT_PLATFORM)
63 if self._platform.strip()=="": self._platform = DEFAULT_PLATFORM
68 self._url=raw_input("Enter the URL for your manifold API [%s]: "%DEFAULT_URL)
69 if self._url.strip()=="": self._url = DEFAULT_URL
73 self.username(); self.password(); self.platform(); self.url()
75 # looks like the current implementation of manifold server
76 # won't be happy with several calls issued in the same session
77 # so we do not cache this one
81 # self.logger.info("Connecting manifold url %s"%url)
82 # self._proxy = xmlrpclib.ServerProxy(url, allow_none = True)
85 self.logger.debug("Connecting manifold url %s"%url)
86 proxy = xmlrpclib.ServerProxy(url, allow_none = True,
87 **turn_off_server_verify)
91 # does the job for one credential
92 # expects the credential (string) and an optional message (e.g. hrn) for reporting
93 # return True upon success and False otherwise
94 def upload (self, delegated_credential, message=None):
95 platform=self.platform()
96 username=self.username()
97 password=self.password()
98 auth = {'AuthMethod': 'password', 'Username': username, 'AuthString': password}
99 if not message: message=""
102 manifold=self.proxy()
103 # the code for a V2 interface
104 query = { 'action': 'update',
105 'object': 'local:account',
106 'filters': [ ['platform', '=', platform] ] ,
107 'params': {'credential': delegated_credential, },
109 annotation = {'authentication': auth, }
110 # in principle the xmlrpc call should not raise an exception
111 # but fill in error code and messages instead
112 # however this is only theoretical so let's be on the safe side
114 self.logger.debug("Using new v2 method forward+annotation@%s %s"%(platform,message))
115 retcod2=manifold.forward (query, annotation)
117 # xxx we need a constant constant for UNKNOWN, how about using 1
119 retcod2={'code':MANIFOLD_UNKNOWN,'description':"%s"%e}
120 if retcod2['code']==0:
122 if message: info += message+" "
123 info += 'v2 upload OK'
124 self.logger.info(info)
126 # everything has failed, let's report
127 self.logger.error("Could not upload %s"%(message if message else "credential"))
128 self.logger.info(" V2 Update returned code %s and error >>%s<<"%(retcod2['code'],retcod2['description']))
129 self.logger.debug("****** full retcod2")
130 for (k,v) in retcod2.items(): self.logger.debug("**** %s: %s"%(k,v))
133 if message: self.logger.error("Could not upload %s %s"%(message,e))
134 else: self.logger.error("Could not upload credential %s"%e)
135 if self.logger.debugEnabled():
137 traceback.print_exc()
140 ### this is mainly for unit testing this class but can come in handy as well
142 from argparse import ArgumentParser
143 parser = ArgumentParser (description="manifoldupoader simple tester.")
144 parser.add_argument ('credential_files',metavar='FILE',type=str,nargs='+',
145 help="the filenames to upload")
146 parser.add_argument ('-u','--url',dest='url', action='store',default=None,
147 help='the URL of the manifold API')
148 parser.add_argument ('-p','--platform',dest='platform',action='store',default=None,
149 help='the manifold platform name')
150 parser.add_argument ('-U','--user',dest='username',action='store',default=None,
151 help='the manifold username')
152 parser.add_argument ('-P','--password',dest='password',action='store',default=None,
153 help='the manifold password')
154 parser.add_argument ('-v','--verbose',dest='verbose',action='count',default=0,
155 help='more and more verbose')
156 args = parser.parse_args ()
158 from sfa.util.sfalogging import sfi_logger
159 sfi_logger.enable_console()
160 sfi_logger.setLevelFromOptVerbose(args.verbose)
161 uploader = ManifoldUploader (url=args.url, platform=args.platform,
162 username=args.username, password=args.password,
165 for filename in args.credential_files:
166 with file(filename) as f:
167 result=uploader.upload (f.read(),filename)
168 sfi_logger.info('... result=%s'%result)
170 if __name__ == '__main__':