2 # SFA XML-RPC and SOAP interfaces
4 ### $Id: api.py 17793 2010-04-26 21:40:57Z tmack $
5 ### $URL: https://svn.planet-lab.org/svn/sfa/trunk/sfa/plc/api.py $
14 import sfa.util.sfalogging
15 from sfa.trust.auth import Auth
16 from sfa.util.config import *
17 from sfa.util.faults import *
18 from sfa.util.debug import *
19 from sfa.trust.rights import *
20 from sfa.trust.credential import *
21 from sfa.trust.certificate import *
22 from sfa.util.namespace import *
23 from sfa.util.api import *
24 from sfa.util.nodemanager import NodeManager
25 from collections import defaultdict
48 def __init__(self, api, records):
50 self.shell = api.plshell
51 self.auth = api.plauth
58 # put records into groups based on types
59 for record in records:
60 pointer = record['pointer']
61 if record['type'] == 'authority':
62 self.sfa_authorities[pointer] = record
63 self.records.append(record)
64 site_ids.append(record['pointer'])
65 elif record['type'] == 'slice':
66 self.sfa_slices[pointer] = record
67 self.records.append(record)
68 slice_ids.append(record['pointer'])
69 elif record['type'] == 'user':
70 self.sfa_users[pointer] = record
71 self.records.append(record)
72 person_ids.append(record['pointer'])
73 elif record['type'] == 'node':
74 self.sfa_nodes[pointer] = record
75 self.records.append(record)
76 node_ids.append(record['pointer'])
78 # get pl info for these records
79 self.update_pl_sites(site_ids)
80 self.update_pl_slices(slice_ids)
81 self.update_pl_persons(person_ids)
82 self.update_pl_nodes(node_ids)
88 # now get pl records for all ids associated with
90 for record in records:
91 if 'site_id' in record:
92 site_ids.append(record['site_id'])
93 if 'site_ids' in records:
94 site_ids.extend(record['site_ids'])
95 if 'person_ids' in record:
96 person_ids.extend(record['person_ids'])
97 if 'slice_ids' in record:
98 slice_ids.extend(record['slice_ids'])
99 if 'node_ids' in record:
100 node_ids.extend(record['node_ids'])
102 # get pl info for these records
103 self.update_pl_sites(site_ids)
104 self.update_pl_slices(slice_ids)
105 self.update_pl_persons(person_ids)
106 self.update_pl_nodes(node_ids)
108 # convert pl ids to hrns
112 self.update_sfa_info(person_ids)
114 def update_pl_sites(self, site_ids):
116 Update site records with PL info
120 sites = self.shell.GetSites(self.auth, site_ids)
122 site_id = site['site_id']
123 self.sites[site_id] = site
124 if site_id in self.sfa_authorities:
125 self.sfa_authorities[site_id].update(site)
127 def update_pl_slices(self, slice_ids):
129 Update slice records with PL info
133 slices = self.shell.GetSlices(self.auth, slice_ids)
135 slice_id = slice['slice_id']
136 self.slices[slice_id] = slice
137 if slice_id in self.sfa_slices:
138 self.sfa_slices[slice_id].update(slice)
140 def update_pl_persons(self, person_ids):
142 Update person records with PL info
147 persons = self.shell.GetPersons(self.auth, person_ids)
148 for person in persons:
149 person_id = person['person_id']
150 self.persons[person_id] = person
151 key_ids.extend(person['key_ids'])
152 if person_id in self.sfa_users:
153 self.sfa_users[person_id].update(person)
154 self.update_pl_keys(key_ids)
156 def update_pl_keys(self, key_ids):
158 Update user records with PL public key info
162 keys = self.shell.GetKeys(self.auth, key_ids)
164 person_id = key['person_id']
165 self.keys[key['key_id']] = key
166 if person_id in self.sfa_users:
167 person = self.sfa_users[person_id]
168 if not 'keys' in person:
169 person['keys'] = [key['key']]
171 person['keys'].append(key['key'])
173 def update_pl_nodes(self, node_ids):
175 Update node records with PL info
179 nodes = self.shell.GetNodes(self.auth, node_ids)
181 node_id = node['node_id']
182 self.nodes[node['node_id']] = node
183 if node_id in self.sfa_nodes:
184 self.sfa_nodes[node_id].update(node)
187 def update_hrns(self):
189 Convert pl ids to hrns
191 for record in self.records:
192 # get all necessary data
193 type = record['type']
194 pointer = record['pointer']
195 auth_hrn = self.api.hrn
200 if 'site_id' in record:
201 site = self.sites[record['site_id']]
202 login_base = site['login_base']
203 record['site'] = ".".join([auth_hrn, login_base])
204 if 'person_ids' in record:
205 emails = [self.persons[person_id]['email'] for person_id in record['person_ids'] \
206 if person_id in self.persons]
207 usernames = [email.split('@')[0] for email in emails]
208 person_hrns = [".".join([auth_hrn, login_base, username]) for username in usernames]
209 record['persons'] = person_hrns
210 if 'slice_ids' in record:
211 slicenames = [self.slices[slice_id]['name'] for slice_id in record['slice_ids'] \
212 if slice_id in self.slices]
213 slice_hrns = [slicename_to_hrn(auth_hrn, slicename) for slicename in slicenames]
214 record['slices'] = slice_hrns
215 if 'node_ids' in record:
216 hostnames = [self.nodes[node_id]['hostname'] for node_id in record['node_ids'] \
217 if node_id in self.nodes]
218 node_hrns = [hostname_to_hrn(auth_hrn, login_base, hostname) for hostname in hostnames]
219 record['nodes'] = node_hrns
220 if 'site_ids' in record:
221 login_bases = [self.sites[site_id]['login_base'] for site_id in record['site_ids'] \
222 if site_id in self.sites]
223 site_hrns = [".".join([auth_hrn, lbase]) for lbase in login_bases]
224 record['sites'] = site_hrns
226 def update_sfa_info(self, person_ids):
227 from sfa.util.table import SfaTable
229 persons = table.find({'type': 'user', 'pointer': person_ids})
230 # create a hrns keyed on the sfa record's pointer.
231 # Its possible for multiple records to have the same pointer so
232 # the dict's value will be a list of hrns.
233 person_dict = defaultdict(list)
234 for person in persons:
235 person_dict[person['pointer']].append(person['hrn'])
237 def startswith(prefix, values):
238 return [value for value in values if value.startswith(prefix)]
240 for record in self.records:
241 authority = record['authority']
242 if record['pointer'] == -1:
245 if record['type'] == 'slice':
246 # all slice users are researchers
248 record['researchers'] = []
249 for person_id in record['person_ids']:
250 record['researchers'].extend(person_dict[person_id])
251 # also add the pis at the slice's site
252 site = self.sites[record['site_id']]
253 for person_id in site['person_ids']:
254 person = self.persons[person_id]
255 if 'pi' in person['roles']:
256 # PLCAPI doesn't support per site roles
257 # (a pi has the pi role at every site he belongs to).
258 # We shouldnt allow this in SFA
259 record['PI'].extend(startswith(authority, person_dict[person_id]))
261 elif record['type'] == 'authority':
263 record['operator'] = []
265 for person_id in record['person_ids']:
266 person = self.persons[person_id]
267 if 'pi' in person['roles']:
268 # only get PI's at this site
269 record['PI'].extend(startswith(record['hrn'], person_dict[person_id]))
270 if 'tech' in person['roles']:
271 # only get PI's at this site
272 record['operator'].extend(startswith(record['hrn'], person_dict[person_id]))
273 if 'admin' in person['roles']:
274 record['owner'].extend(startswith(record['hrn'], person_dict[person_id]))
276 elif record['type'] == 'node':
277 record['dns'] = record['hostname']
279 elif record['type'] == 'user':
280 record['email'] = record['email']
286 def get_records(self):
290 class SfaAPI(BaseAPI):
292 # flat list of method names
294 methods = sfa.methods.all
296 def __init__(self, config = "/etc/sfa/sfa_config.py", encoding = "utf-8",
297 methods='sfa.methods', peer_cert = None, interface = None,
298 key_file = None, cert_file = None, cache = None):
299 BaseAPI.__init__(self, config=config, encoding=encoding, methods=methods, \
300 peer_cert=peer_cert, interface=interface, key_file=key_file, \
301 cert_file=cert_file, cache=cache)
303 self.encoding = encoding
305 from sfa.util.table import SfaTable
306 self.SfaTable = SfaTable
307 # Better just be documenting the API
312 self.config = Config(config)
313 self.auth = Auth(peer_cert)
314 self.interface = interface
315 self.key_file = key_file
316 self.key = Keypair(filename=self.key_file)
317 self.cert_file = cert_file
318 self.cert = Certificate(filename=self.cert_file)
319 self.credential = None
320 # Initialize the PLC shell only if SFA wraps a myPLC
321 rspec_type = self.config.get_aggregate_type()
322 if (rspec_type == 'pl' or rspec_type == 'vini'):
323 self.plshell = self.getPLCShell()
324 self.plshell_version = "4.3"
326 self.hrn = self.config.SFA_INTERFACE_HRN
327 self.time_format = "%Y-%m-%d %H:%M:%S"
328 self.logger=sfa.util.sfalogging.logger
330 def getPLCShell(self):
331 self.plauth = {'Username': self.config.SFA_PLC_USER,
332 'AuthMethod': 'password',
333 'AuthString': self.config.SFA_PLC_PASSWORD}
335 self.plshell_type = 'xmlrpc'
337 url = self.config.SFA_PLC_URL
338 shell = xmlrpclib.Server(url, verbose = 0, allow_none = True)
341 def getCredential(self):
342 if self.interface in ['registry']:
343 return self.getCredentialFromLocalRegistry()
345 return self.getCredentialFromRegistry()
347 def getCredentialFromRegistry(self):
349 Get our credential from a remote registry
352 path = self.config.SFA_DATA_DIR
353 filename = ".".join([self.interface, self.hrn, type, "cred"])
354 cred_filename = path + os.sep + filename
356 credential = Credential(filename = cred_filename)
357 return credential.save_to_string(save_parents=True)
359 from sfa.server.registry import Registries
360 registries = Registries(self)
361 registry = registries[self.hrn]
362 cert_string=self.cert.save_to_string(save_parents=True)
363 # get self credential
364 self_cred = registry.get_self_credential(cert_string, type, self.hrn)
366 cred = registry.get_credential(self_cred, type, self.hrn)
369 Credential(string=cred).save_to_file(cred_filename, save_parents=True)
372 def getCredentialFromLocalRegistry(self):
374 Get our current credential directly from the local registry.
378 auth_hrn = self.auth.get_authority(hrn)
380 # is this a root or sub authority
381 if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN:
383 auth_info = self.auth.get_auth_info(auth_hrn)
384 table = self.SfaTable()
385 records = table.findObjects(hrn)
389 type = record['type']
390 object_gid = record.get_gid_object()
391 new_cred = Credential(subject = object_gid.get_subject())
392 new_cred.set_gid_caller(object_gid)
393 new_cred.set_gid_object(object_gid)
394 new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
395 new_cred.set_pubkey(object_gid.get_pubkey())
396 r1 = determine_rights(type, hrn)
397 new_cred.set_privileges(r1)
399 auth_kind = "authority,ma,sa"
401 new_cred.set_parent(self.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
406 return new_cred.save_to_string(save_parents=True)
409 def loadCredential (self):
411 Attempt to load credential from file if it exists. If it doesnt get
412 credential from registry.
415 # see if this file exists
416 # XX This is really the aggregate's credential. Using this is easier than getting
417 # the registry's credential from iteslf (ssl errors).
418 ma_cred_filename = self.config.SFA_DATA_DIR + os.sep + self.interface + self.hrn + ".ma.cred"
420 self.credential = Credential(filename = ma_cred_filename)
422 self.credential = self.getCredentialFromRegistry()
425 # Convert SFA fields to PLC fields for use when registering up updating
426 # registry record in the PLC database
428 # @param type type of record (user, slice, ...)
429 # @param hrn human readable name
430 # @param sfa_fields dictionary of SFA fields
431 # @param pl_fields dictionary of PLC fields (output)
433 def sfa_fields_to_pl_fields(self, type, hrn, record):
435 def convert_ints(tmpdict, int_fields):
436 for field in int_fields:
438 tmpdict[field] = int(tmpdict[field])
441 #for field in record:
442 # pl_record[field] = record[field]
445 if not "instantiation" in pl_record:
446 pl_record["instantiation"] = "plc-instantiated"
447 pl_record["name"] = hrn_to_pl_slicename(hrn)
449 pl_record["url"] = record["url"]
450 if "description" in record:
451 pl_record["description"] = record["description"]
452 if "expires" in record:
453 pl_record["expires"] = int(record["expires"])
456 if not "hostname" in pl_record:
457 if not "hostname" in record:
458 raise MissingSfaInfo("hostname")
459 pl_record["hostname"] = record["hostname"]
460 if not "model" in pl_record:
461 pl_record["model"] = "geni"
463 elif type == "authority":
464 pl_record["login_base"] = hrn_to_pl_login_base(hrn)
466 if not "name" in pl_record:
467 pl_record["name"] = hrn
469 if not "abbreviated_name" in pl_record:
470 pl_record["abbreviated_name"] = hrn
472 if not "enabled" in pl_record:
473 pl_record["enabled"] = True
475 if not "is_public" in pl_record:
476 pl_record["is_public"] = True
481 def fill_record_info(self, records):
483 Given a SFA record, fill in the PLC specific and SFA specific
484 fields in the record.
486 if not isinstance(records, list):
489 record_info = RecordInfo(self, records)
490 return record_info.get_records()
492 def update_membership_list(self, oldRecord, record, listName, addFunc, delFunc):
493 # get a list of the HRNs tht are members of the old and new records
495 oldList = oldRecord.get(listName, [])
498 newList = record.get(listName, [])
500 # if the lists are the same, then we don't have to update anything
501 if (oldList == newList):
504 # build a list of the new person ids, by looking up each person to get
507 table = self.SfaTable()
508 records = table.find({'type': 'user', 'hrn': newList})
510 newIdList.append(rec['pointer'])
512 # build a list of the old person ids from the person_ids field
514 oldIdList = oldRecord.get("person_ids", [])
515 containerId = oldRecord.get_pointer()
517 # if oldRecord==None, then we are doing a Register, instead of an
520 containerId = record.get_pointer()
522 # add people who are in the new list, but not the oldList
523 for personId in newIdList:
524 if not (personId in oldIdList):
525 addFunc(self.plauth, personId, containerId)
527 # remove people who are in the old list, but not the new list
528 for personId in oldIdList:
529 if not (personId in newIdList):
530 delFunc(self.plauth, personId, containerId)
532 def update_membership(self, oldRecord, record):
533 if record.type == "slice":
534 self.update_membership_list(oldRecord, record, 'researcher',
535 self.plshell.AddPersonToSlice,
536 self.plshell.DeletePersonFromSlice)
537 elif record.type == "authority":
543 class ComponentAPI(BaseAPI):
545 def __init__(self, config = "/etc/sfa/sfa_config.py", encoding = "utf-8", methods='sfa.methods',
546 peer_cert = None, interface = None, key_file = None, cert_file = None):
548 BaseAPI.__init__(self, config=config, encoding=encoding, methods=methods, peer_cert=peer_cert,
549 interface=interface, key_file=key_file, cert_file=cert_file)
550 self.encoding = encoding
552 # Better just be documenting the API
556 self.nodemanager = NodeManager(self.config)
558 def sliver_exists(self):
559 sliver_dict = self.nodemanager.GetXIDs()
560 if slicename in sliver_dict.keys():