5 from sfa.senslab.OARrestapi import OARapi
6 from sfa.senslab.LDAPapi import LDAPapi
7 from sfa.senslab.slabdriver import SlabDriver
8 from sfa.senslab.slabpostgres import SlabDB
9 from sfa.util.config import Config
10 from sfa.util.plxrn import PlXrn
11 from sfa.util.xrn import hrn_to_urn, get_authority,Xrn,get_leaf
12 from sfa.storage.table import SfaTable
13 from sfa.storage.record import SfaRecord
14 from sfa.trust.hierarchy import Hierarchy
15 from sfa.trust.certificate import Keypair,convert_public_key
16 from sfa.trust.gid import create_uuid
17 from sfa.trust.trustedroots import TrustedRoots
20 interface_hrn = config.SFA_INTERFACE_HRN
21 TrustedR = TrustedRoots(Config.get_trustedroots_dir(config))
22 AuthHierarchy = Hierarchy()
28 def create_sm_client_record():
30 Create a user record for the Slicemanager service.
32 hrn = config.SFA_INTERFACE_HRN + '.slicemanager'
33 urn = hrn_to_urn(hrn, 'user')
34 if not AuthHierarchy.auth_exists(urn):
35 AuthHierarchy.create_auth(urn)
37 auth_info = AuthHierarchy.get_auth_info(hrn)
39 sm_user_record = table.find({'type': 'user', 'hrn': hrn})
40 if not sm_user_record:
41 record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="user", pointer=-1)
42 record['authority'] = get_authority(record['hrn'])
45 def create_interface_records():
47 Create a record for each SFA interface
49 # just create certs for all sfa interfaces even if they
51 interface_hrn = config.SFA_INTERFACE_HRN
52 interfaces = ['authority+sa', 'authority+am', 'authority+sm']
54 auth_info = AuthHierarchy.get_auth_info(interface_hrn)
55 pkey = auth_info.get_pkey_object()
56 for interface in interfaces:
57 interface_record = table.find({'type': interface, 'hrn': interface_hrn})
58 if not interface_record:
59 urn = hrn_to_urn(interface_hrn, interface)
60 gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
61 record = SfaRecord(hrn=interface_hrn, gid=gid, type=interface, pointer=-1)
62 record['authority'] = get_authority(interface_hrn)
63 print>>sys.stderr,"\r\n ==========create_interface_records", record['authority']
66 def create_top_level_auth_records(hrn):
68 Create top level records (includes root and sub authorities (local/remote)
71 urn = hrn_to_urn(hrn, 'authority')
72 # make sure parent exists
73 parent_hrn = get_authority(hrn)
74 print>>sys.stderr, "\r\n =========slab-import create_top_level_auth_records hrn %s urn %s parent_hrn %s \r\n" %(hrn, urn, parent_hrn)
77 if not parent_hrn == hrn:
78 create_top_level_auth_records(parent_hrn)
80 # enxure key and cert exists:
81 AuthHierarchy.create_top_level_auth(hrn)
83 # create the authority if it doesnt already exist
84 #if not AuthHierarchy.auth_exists(urn):
85 #AuthHierarchy.create_auth(urn)
87 # create the db record if it doesnt already exist
88 auth_info = AuthHierarchy.get_auth_info(hrn)
90 auth_record = table.find({'type': 'authority', 'hrn': hrn})
93 auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=-1)
94 auth_record['authority'] = get_authority(auth_record['hrn'])
95 print sys.stderr, " \r\n \t slab-import : auth record %s inserted record %s " %(auth_record['hrn'], auth_record)
96 table.insert(auth_record)
100 def import_node(hrn, node):
102 # ASN.1 will have problems with hrn's longer than 64 characters
106 node_record = table.find({'type': 'node', 'hrn': hrn})
107 pkey = Keypair(create=True)
109 urn = hrn_to_urn(hrn, 'node')
110 node_gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
111 node_record = SfaRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
112 node_record['authority'] = get_authority(node_record['hrn'])
113 extime = datetime.datetime.utcnow()
114 node_record['date_created'] = int(time.mktime(extime.timetuple()))
115 existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
116 if not existing_records:
117 print>>sys.stderr, " \r\n \t slab-import : node record %s inserted" %(node['node_id'])
118 table.insert(node_record)
120 existing_record = existing_records[0]
121 node_record['record_id'] = existing_record['record_id']
122 table.update(node_record)
124 # person is already a sfa record
125 def import_person(authname,person):
126 existing_records = table.find({'hrn': person['hrn'], 'type': 'user'})
127 extime = datetime.datetime.utcnow()
128 person['date_created'] = int(time.mktime(extime.timetuple()))
131 if not existing_records:
132 print>>sys.stderr, " \r\n \t slab-import : person record %s inserted" %(person['hrn'])
134 RSA_KEY_STRING=person['pkey']
135 pkey=convert_public_key(RSA_KEY_STRING)
136 person['gid']=AuthHierarchy.create_gid("urn:publicid:IDN+"+authname+"+user+"+person['uid'], uuid, pkey, CA=False).save_to_string()
139 existing_record = existing_records[0]
140 person['record_id'] = existing_record['record_id']
141 # handle key change ???
144 def import_slice(person):
146 hrn = person['hrn']+'_slice'
147 pkey = Keypair(create=True)
148 urn = hrn_to_urn(hrn, 'slice')
149 gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
150 slice_record= SfaRecord(hrn=hrn, gid=gid, type="slice", pointer=-1)
151 slice_record['authority'] = get_authority(slice_record['hrn'])
153 extime = datetime.datetime.utcnow()
154 slice_record['date_created'] = int(time.mktime(extime.timetuple()))
155 #special slice table for Senslab, to store nodes info (OAR)
157 existing_records = table.find({'hrn': slice_record['hrn'], 'type': 'slice'})
158 if not existing_records:
159 print>>sys.stderr, " \r\n \t slab-import : slice record %s inserted" %(slice_record['hrn'])
160 table.insert(slice_record)
161 db.insert_slab_slice(person)
164 print>>sys.stderr, " \r\n \t slab-import : slice record %s updated" %(slice_record['hrn'])
165 existing_record = existing_records[0]
166 slice_record['record_id'] = existing_record['record_id']
167 table.update(slice_record)
168 db.update_senslab_slice(slice_record)
170 def delete_record( hrn, type):
172 record_list = table.find({'type': type, 'hrn': hrn})
173 for record in record_list:
174 print>>sys.stderr, " \r\n \t slab-import : record %s deleted" %(record['hrn'])
177 def hostname_to_hrn(root_auth,login_base,hostname):
178 return PlXrn(auth=root_auth,hostname=login_base+'_'+hostname).get_hrn()
183 if not db.exists('slice'):
184 db.createtable('slice')
186 if not config.SFA_REGISTRY_ENABLED:
188 root_auth = config.SFA_REGISTRY_ROOT_AUTH
189 interface_hrn = config.SFA_INTERFACE_HRN
192 #Get all records in the sfa table
193 # create dict of all existing sfa records
194 existing_records = {}
197 results = table.find()
199 for result in results:
200 existing_records[(result['hrn'], result['type'])] = result
201 existing_hrns.append(result['hrn'])
203 # create root authority if it doesn't exist
204 if root_auth not in existing_hrns or \
205 (root_auth, 'authority') not in existing_records:
206 create_top_level_auth_records(root_auth)
207 if not root_auth == interface_hrn:
208 create_top_level_auth_records(interface_hrn)
210 # create s user record for the slice manager Do we need this?
211 create_sm_client_record()
213 # create interface records ADDED 18 nov 11 Do we need this?
215 create_interface_records()
217 # add local root authority's cert to trusted list ADDED 18 nov 11 Do we need this?
219 authority = AuthHierarchy.get_auth_info(interface_hrn)
220 TrustedR.add_gid(authority.get_gid_object())
225 Driver = SlabDriver(config)
226 nodes_dict = Driver.GetNodes()
227 #print "\r\n NODES8DICT ",nodes_dict
229 ldap_person_list = Driver.GetPersons()
231 # import node records
232 for node in nodes_dict:
234 # A changer pour l utilisation du nouveau OAR de prod, le site etant contenu dans le hostname
235 hrn = hostname_to_hrn( root_auth,node['site_login_base'], node['hostname'])
236 if hrn not in existing_hrns or \
237 (hrn, 'node') not in existing_records:
238 import_node(hrn, node)
240 # import persons and slices
241 for person in ldap_person_list:
242 if person['hrn'] not in existing_hrns or \
243 (person['hrn'], 'user') not in existing_records :
244 import_person(root_auth,person)
248 # remove stale records
249 system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
251 for (record_hrn, type) in existing_records.keys():
252 if record_hrn in system_records:
255 record = existing_records[(record_hrn, type)]
256 if record['peer_authority']:
263 if type == 'authority':
265 print "\t \t Found :", found
269 for person in ldap_person_list:
270 if person['hrn'] == record_hrn:
275 login_base = get_leaf(get_authority(record_hrn))
276 nodename = Xrn.unescape(get_leaf(record_hrn))
277 for node in nodes_dict:
278 if node['hostname'] == nodename :
282 elif type == 'slice':
283 for person in ldap_person_list:
284 if person['hrn']+'_slice' == record_hrn:
291 record_object = existing_records[(record_hrn, type)]
292 print "\t\t NOT FOUND ! ", record_hrn
293 delete_record(record_hrn, type)
295 if __name__ == "__main__":