4 from sfa.util.config import Config
5 from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
7 from sfa.trust.gid import create_uuid
8 from sfa.trust.certificate import convert_public_key, Keypair
10 # using global alchemy.session() here is fine
11 # as importer is on standalone one-shot process
12 from sfa.storage.alchemy import global_dbsession
13 from sfa.storage.model import RegRecord, RegAuthority, RegSlice, RegNode, RegUser, RegKey
15 from sfa.nitos.nitosshell import NitosShell
16 from sfa.nitos.nitosxrn import hostname_to_hrn, slicename_to_hrn, email_to_hrn, hrn_to_nitos_slicename, username_to_hrn
18 def _get_site_hrn(interface_hrn, site):
19 hrn = ".".join([interface_hrn, site['name']])
25 def __init__ (self, auth_hierarchy, logger):
26 self.auth_hierarchy = auth_hierarchy
29 def add_options (self, parser):
30 # we don't have any options for now
33 # hrn hash is initialized from current db
34 # remember just-created records as we go
35 # xxx might make sense to add a UNIQUE constraint in the db itself
36 def remember_record_by_hrn (self, record):
37 tuple = (record.type, record.hrn)
38 if tuple in self.records_by_type_hrn:
39 self.logger.warning ("NitosImporter.remember_record_by_hrn: duplicate (%s,%s)"%tuple)
41 self.records_by_type_hrn [ tuple ] = record
43 # ditto for pointer hash
44 def remember_record_by_pointer (self, record):
45 if record.pointer == -1:
46 self.logger.warning ("NitosImporter.remember_record_by_pointer: pointer is void")
48 tuple = (record.type, record.pointer)
49 if tuple in self.records_by_type_pointer:
50 self.logger.warning ("NitosImporter.remember_record_by_pointer: duplicate (%s,%s)"%tuple)
52 self.records_by_type_pointer [ ( record.type, record.pointer,) ] = record
54 def remember_record (self, record):
55 self.remember_record_by_hrn (record)
56 self.remember_record_by_pointer (record)
58 def locate_by_type_hrn (self, type, hrn):
59 return self.records_by_type_hrn.get ( (type, hrn), None)
61 def locate_by_type_pointer (self, type, pointer):
62 return self.records_by_type_pointer.get ( (type, pointer), None)
64 # a convenience/helper function to see if a record is already known
65 # a former, broken, attempt (in 2.1-9) had been made
66 # to try and use 'pointer' as a first, most significant attempt
67 # the idea being to preserve stuff as much as possible, and thus
68 # to avoid creating a new gid in the case of a simple hrn rename
69 # however this of course doesn't work as the gid depends on the hrn...
70 #def locate (self, type, hrn=None, pointer=-1):
72 # attempt = self.locate_by_type_pointer (type, pointer)
73 # if attempt : return attempt
75 # attempt = self.locate_by_type_hrn (type, hrn,)
76 # if attempt : return attempt
79 # this makes the run method a bit abtruse - out of the way
81 def run (self, options):
83 interface_hrn = config.SFA_INTERFACE_HRN
84 root_auth = config.SFA_REGISTRY_ROOT_AUTH
85 shell = NitosShell (config)
87 ######## retrieve all existing SFA objects
88 all_records = global_dbsession.query(RegRecord).all()
90 # create hash by (type,hrn)
91 # we essentially use this to know if a given record is already known to SFA
92 self.records_by_type_hrn = \
93 dict ( [ ( (record.type, record.hrn) , record ) for record in all_records ] )
94 # create hash by (type,pointer)
95 self.records_by_type_pointer = \
96 dict ( [ ( (record.type, record.pointer) , record ) for record in all_records
97 if record.pointer != -1] )
99 # initialize record.stale to True by default, then mark stale=False on the ones that are in use
100 for record in all_records: record.stale=True
102 ######## retrieve NITOS data
104 # retrieve only required stuf
105 site = shell.getTestbedInfo()
107 # create a hash of sites by login_base
108 # # sites_by_login_base = dict ( [ ( site['login_base'], site ) for site in sites ] )
109 # Get all NITOS users
110 users = shell.getUsers()
111 # create a hash of users by user_id
112 users_by_id = dict ( [ ( user['user_id'], user) for user in users ] )
113 # Get all NITOS public keys
114 # accumulate key ids for keys retrieval
116 # for person in persons:
117 # key_ids.extend(person['key_ids'])
118 # keys = shell.GetKeys( {'peer_id': None, 'key_id': key_ids,
119 # 'key_type': 'ssh'} )
120 # # create a hash of keys by key_id
121 # keys_by_id = dict ( [ ( key['key_id'], key ) for key in keys ] )
122 # create a dict user_id -> [ (nitos)keys ]
123 keys_by_user_id = dict ( [ ( user['user_id'], user['keys']) for user in users ] )
124 # Get all nitos nodes
125 nodes = shell.getNodes({}, [])
126 # create hash by node_id
127 nodes_by_id = dict ( [ (node['node_id'], node) for node in nodes ] )
128 # Get all nitos slices
129 slices = shell.getSlices({}, [])
130 # create hash by slice_id
131 slices_by_id = dict ( [ (slice['slice_id'], slice) for slice in slices ] )
137 site_hrn = _get_site_hrn(interface_hrn, site)
138 # import if hrn is not in list of existing hrns or if the hrn exists
139 # but its not a site record
140 site_record=self.locate_by_type_hrn ('authority', site_hrn)
143 urn = hrn_to_urn(site_hrn, 'authority')
144 if not self.auth_hierarchy.auth_exists(urn):
145 self.auth_hierarchy.create_auth(urn)
146 auth_info = self.auth_hierarchy.get_auth_info(urn)
147 site_record = RegAuthority(hrn=site_hrn, gid=auth_info.get_gid_object(),
149 authority=get_authority(site_hrn))
150 site_record.just_created()
151 global_dbsession.add(site_record)
152 global_dbsession.commit()
153 self.logger.info("NitosImporter: imported authority (site) : %s" % site_record)
154 self.remember_record (site_record)
156 # if the site import fails then there is no point in trying to import the
157 # site's child records (node, slices, persons), so skip them.
158 self.logger.log_exc("NitosImporter: failed to import site. Skipping child records")
161 # xxx update the record ...
163 site_record.stale=False
165 # import node records
167 site_auth = get_authority(site_hrn)
168 site_name = site['name']
169 node_hrn = hostname_to_hrn(site_auth, site_name, node['hostname'])
170 # xxx this sounds suspicious
171 if len(node_hrn) > 64: node_hrn = node_hrn[:64]
172 node_record = self.locate_by_type_hrn ( 'node', node_hrn )
175 pkey = Keypair(create=True)
176 urn = hrn_to_urn(node_hrn, 'node')
177 node_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
178 node_record = RegNode (hrn=node_hrn, gid=node_gid,
179 pointer =node['node_id'],
180 authority=get_authority(node_hrn))
181 node_record.just_created()
182 global_dbsession.add(node_record)
183 global_dbsession.commit()
184 self.logger.info("NitosImporter: imported node: %s" % node_record)
185 self.remember_record (node_record)
187 self.logger.log_exc("NitosImporter: failed to import node")
189 # xxx update the record ...
192 node_record.stale=False
197 user_hrn = username_to_hrn(interface_hrn, site['name'], user['username'])
198 # xxx suspicious again
199 if len(user_hrn) > 64: user_hrn = user_hrn[:64]
200 user_urn = hrn_to_urn(user_hrn, 'user')
202 user_record = self.locate_by_type_hrn ( 'user', user_hrn)
204 # return a tuple pubkey (a nitos key object) and pkey (a Keypair object)
205 def init_user_key (user):
209 # randomly pick first key in set
210 for key in user['keys']:
213 pkey = convert_public_key(pubkey)
218 self.logger.warn('NitosImporter: unable to convert public key for %s' % user_hrn)
219 pkey = Keypair(create=True)
221 # the user has no keys. Creating a random keypair for the user's gid
222 self.logger.warn("NitosImporter: user %s does not have a NITOS public key"%user_hrn)
223 pkey = Keypair(create=True)
224 return (pubkey, pkey)
229 (pubkey,pkey) = init_user_key (user)
230 user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
231 user_gid.set_email(user['email'])
232 user_record = RegUser (hrn=user_hrn, gid=user_gid,
233 pointer=user['user_id'],
234 authority=get_authority(user_hrn),
237 user_record.reg_keys=[RegKey (pubkey)]
239 self.logger.warning("No key found for user %s"%user_record)
240 user_record.just_created()
241 global_dbsession.add (user_record)
242 global_dbsession.commit()
243 self.logger.info("NitosImporter: imported user: %s" % user_record)
244 self.remember_record ( user_record )
246 # update the record ?
247 # if user's primary key has changed then we need to update the
248 # users gid by forcing an update here
249 sfa_keys = user_record.reg_keys
251 def sfa_key_in_list (sfa_key,nitos_user_keys):
252 for nitos_key in nitos_user_keys:
253 if nitos_key==sfa_key: return True
255 # are all the SFA keys known to nitos ?
257 if not sfa_keys and user['keys']:
260 for sfa_key in sfa_keys:
261 if not sfa_key_in_list (sfa_key.key,user['keys']):
265 (pubkey,pkey) = init_user_key (user)
266 user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
268 user_record.reg_keys=[]
270 user_record.reg_keys=[ RegKey (pubkey)]
271 user_record.gid = user_gid
272 user_record.just_updated()
273 self.logger.info("NitosImporter: updated user: %s" % user_record)
274 user_record.email = user['email']
275 global_dbsession.commit()
276 user_record.stale=False
278 self.logger.log_exc("NitosImporter: failed to import user %s %s"%(user['user_id'],user['email']))
283 slice_hrn = slicename_to_hrn(interface_hrn, site['name'], slice['slice_name'])
284 slice_record = self.locate_by_type_hrn ('slice', slice_hrn)
287 pkey = Keypair(create=True)
288 urn = hrn_to_urn(slice_hrn, 'slice')
289 slice_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
290 slice_record = RegSlice (hrn=slice_hrn, gid=slice_gid,
291 pointer=slice['slice_id'],
292 authority=get_authority(slice_hrn))
293 slice_record.just_created()
294 global_dbsession.add(slice_record)
295 global_dbsession.commit()
296 self.logger.info("NitosImporter: imported slice: %s" % slice_record)
297 self.remember_record ( slice_record )
299 self.logger.log_exc("NitosImporter: failed to import slice")
301 # xxx update the record ...
302 self.logger.warning ("Slice update not yet implemented")
304 # record current users affiliated with the slice
305 slice_record.reg_researchers = \
306 [ self.locate_by_type_pointer ('user',int(user_id)) for user_id in slice['user_ids'] ]
307 global_dbsession.commit()
308 slice_record.stale=False
311 ### remove stale records
312 # special records must be preserved
313 system_hrns = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
314 for record in all_records:
315 if record.hrn in system_hrns:
317 if record.peer_authority:
320 for record in all_records:
321 try: stale=record.stale
324 self.logger.warning("stale not found with %s"%record)
326 self.logger.info("NitosImporter: deleting stale record: %s" % record)
327 global_dbsession.delete(record)
328 global_dbsession.commit()