5 from sfa.senslab.OARrestapi import OARapi
6 from sfa.senslab.LDAPapi import LDAPapi
7 from sfa.senslab.slabdriver import SlabDriver
8 from sfa.senslab.slabpostgres import SlabDB
9 from sfa.util.config import Config
10 from sfa.util.plxrn import PlXrn
11 from sfa.util.xrn import hrn_to_urn, get_authority,Xrn,get_leaf
12 from sfa.util.table import SfaTable
13 from sfa.util.record import SfaRecord
14 from sfa.trust.hierarchy import Hierarchy
15 from sfa.trust.certificate import Keypair,convert_public_key
16 from sfa.trust.gid import create_uuid
17 from sfa.trust.trustedroots import TrustedRoots
20 TrustedR = TrustedRoots(Config.get_trustedroots_dir(config))
21 AuthHierarchy = Hierarchy()
24 if not table.exists():
28 def create_sm_client_record():
30 Create a user record for the Slicemanager service.
32 hrn = config.SFA_INTERFACE_HRN + '.slicemanager'
33 urn = hrn_to_urn(hrn, 'user')
34 if not AuthHierarchy.auth_exists(urn):
35 AuthHierarchy.create_auth(urn)
37 auth_info = AuthHierarchy.get_auth_info(hrn)
39 sm_user_record = table.find({'type': 'user', 'hrn': hrn})
40 if not sm_user_record:
41 record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="user", pointer=-1)
42 record['authority'] = get_authority(record['hrn'])
45 def create_interface_records():
47 Create a record for each SFA interface
49 # just create certs for all sfa interfaces even if they
51 interface_hrn = config.SFA_INTERFACE_HRN
52 interfaces = ['authority+sa', 'authority+am', 'authority+sm']
54 auth_info = AuthHierarchy.get_auth_info(interface_hrn)
55 pkey = auth_info.get_pkey_object()
56 for interface in interfaces:
57 interface_record = table.find({'type': interface, 'hrn': interface_hrn})
58 if not interface_record:
59 urn = hrn_to_urn(interface_hrn, interface)
60 gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
61 record = SfaRecord(hrn=interface_hrn, gid=gid, type=interface, pointer=-1)
62 record['authority'] = get_authority(interface_hrn)
63 print>>sys.stderr,"\r\n ==========create_interface_records", record['authority']
66 def create_top_level_auth_records(hrn):
68 Create top level records (includes root and sub authorities (local/remote)
71 urn = hrn_to_urn(hrn, 'authority')
72 # make sure parent exists
73 parent_hrn = get_authority(hrn)
74 print>>sys.stderr, "\r\n =========slab-import create_top_level_auth_records hrn %s urn %s parent_hrn %s \r\n" %(hrn, urn, parent_hrn)
77 if not parent_hrn == hrn:
78 create_top_level_auth_records(parent_hrn)
80 # create the authority if it doesnt already exist
81 if not AuthHierarchy.auth_exists(urn):
82 AuthHierarchy.create_auth(urn)
84 # create the db record if it doesnt already exist
85 auth_info = AuthHierarchy.get_auth_info(hrn)
87 auth_record = table.find({'type': 'authority', 'hrn': hrn})
90 auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=-1)
91 auth_record['authority'] = get_authority(auth_record['hrn'])
92 print sys.stderr, " \r\n \t slab-import : auth record %s inserted record %s " %(auth_record['hrn'], auth_record)
93 table.insert(auth_record)
97 def import_node(hrn, node):
99 # ASN.1 will have problems with hrn's longer than 64 characters
103 node_record = table.find({'type': 'node', 'hrn': hrn})
104 pkey = Keypair(create=True)
105 print>>sys.stderr, " \r\n \t slab-import : hrn %s" %(hrn )
106 urn = hrn_to_urn(hrn, 'node')
107 node_gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
108 node_record = SfaRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
109 node_record['authority'] = get_authority(node_record['hrn'])
110 extime = datetime.datetime.utcnow()
111 node_record['date_created'] = int(time.mktime(extime.timetuple()))
112 existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
113 if not existing_records:
114 print>>sys.stderr, " \r\n \t slab-import : node record %s inserted" %(node_record )
115 table.insert(node_record)
117 existing_record = existing_records[0]
118 node_record['record_id'] = existing_record['record_id']
119 table.update(node_record)
121 # person is already a sfa record
122 def import_person(authname,person):
123 existing_records = table.find({'hrn': person['hrn'], 'type': 'user'})
124 extime = datetime.datetime.utcnow()
125 person['date_created'] = int(time.mktime(extime.timetuple()))
128 if not existing_records:
129 print>>sys.stderr, " \r\n \t slab-import : person record %s inserted" %(person['hrn'])
131 RSA_KEY_STRING=person['pkey']
132 pkey=convert_public_key(RSA_KEY_STRING)
133 person['gid']=AuthHierarchy.create_gid("urn:publicid:IDN+"+authname+"+user+"+person['uid'], uuid, pkey, CA=False).save_to_string()
136 existing_record = existing_records[0]
137 person['record_id'] = existing_record['record_id']
138 # handle key change ???
141 def import_slice(person):
143 hrn = person['hrn']+'_slice'
144 pkey = Keypair(create=True)
145 urn = hrn_to_urn(hrn, 'slice')
146 gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
147 slice_record= SfaRecord(hrn=hrn, gid=gid, type="slice", pointer=-1)
148 slice_record['authority'] = get_authority(slice_record['hrn'])
150 extime = datetime.datetime.utcnow()
151 slice_record['date_created'] = int(time.mktime(extime.timetuple()))
152 #special slice table for Senslab, to store nodes info (OAR)
154 existing_records = table.find({'hrn': slice_record['hrn'], 'type': 'slice'})
155 if not existing_records:
156 print>>sys.stderr, " \r\n \t slab-import : slice record %s inserted" %(slice_record['hrn'])
157 table.insert(slice_record)
158 db.insert_slab_slice(person)
161 print>>sys.stderr, " \r\n \t slab-import : slice record %s updated" %(slice_record['hrn'])
162 existing_record = existing_records[0]
163 slice_record['record_id'] = existing_record['record_id']
164 table.update(slice_record)
165 db.update_senslab_slice(slice_record)
167 def delete_record( hrn, type):
169 record_list = table.find({'type': type, 'hrn': hrn})
170 for record in record_list:
171 print>>sys.stderr, " \r\n \t slab-import : record %s deleted" %(record['hrn'])
174 def hostname_to_hrn(root_auth,login_base,hostname):
175 return PlXrn(auth=auth,hostname=login_base+'_'+hostname).get_hrn()
180 if not db.exists('slice'):
181 db.createtable('slice')
183 if not config.SFA_REGISTRY_ENABLED:
185 root_auth = config.SFA_REGISTRY_ROOT_AUTH
186 interface_hrn = config.SFA_INTERFACE_HRN
187 print interface_hrn, root_auth
189 #Get all records in the sfa table
190 # create dict of all existing sfa records
191 existing_records = {}
194 results = table.find()
196 for result in results:
197 existing_records[(result['hrn'], result['type'])] = result
198 existing_hrns.append(result['hrn'])
200 # create root authority if it doesn't exist
201 if root_auth not in existing_hrns or \
202 (root_auth, 'authority') not in existing_records:
203 create_top_level_auth_records(root_auth)
204 if not root_auth == interface_hrn:
205 create_top_level_auth_records(interface_hrn)
207 # create s user record for the slice manager Do we need this?
208 create_sm_client_record()
210 # create interface records ADDED 18 nov 11 Do we need this?
212 create_interface_records()
214 # add local root authority's cert to trusted list ADDED 18 nov 11 Do we need this?
216 authority = AuthHierarchy.get_auth_info(interface_hrn)
217 TrustedR.add_gid(authority.get_gid_object())
222 Driver = SlabDriver(config)
223 nodes_dict = Driver.GetNodes()
224 #print "\r\n NODES8DICT ",nodes_dict
226 ldap_person_list = Driver.GetPersons()
228 # import node records
229 for node in nodes_dict:
231 # A changer pour l utilisation du nouveau OAR de prod, le site etant contenu dans le hostname
232 hrn = hostname_to_hrn( root_auth,node['site_login_base'], node['hostname'])
233 if hrn not in existing_hrns or \
234 (hrn, 'node') not in existing_records:
235 import_node(hrn, node)
237 # import persons and slices
238 for person in ldap_person_list:
239 if person['hrn'] not in existing_hrns or \
240 (person['hrn'], 'user') not in existing_records :
241 import_person(root_auth,person)
245 # remove stale records
246 system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
248 for (record_hrn, type) in existing_records.keys():
249 if record_hrn in system_records:
252 record = existing_records[(record_hrn, type)]
253 if record['peer_authority']:
260 if type == 'authority':
262 print "\t \t Found :", found
266 for person in ldap_person_list:
267 if person['hrn'] == record_hrn:
272 login_base = get_leaf(get_authority(record_hrn))
273 nodename = Xrn.unescape(get_leaf(record_hrn))
274 for node in nodes_dict:
275 if node['hostname'] == nodename :
279 elif type == 'slice':
280 for person in ldap_person_list:
281 if person['hrn']+'_slice' == record_hrn:
288 record_object = existing_records[(record_hrn, type)]
289 print "\t\t NOT FOUND ! ", record_hrn
290 delete_record(record_hrn, type)
292 if __name__ == "__main__":