1 ###########################################################################
2 # Copyright (C) 2011 by root
5 # Copyright: See COPYING file that comes with this distribution
7 ###########################################################################
11 from sfa.senslab.OARrestapi import OARapi
12 from sfa.senslab.LDAPapi import LDAPapi
13 from sfa.senslab.slabdriver import SlabDriver
14 from sfa.util.config import Config
15 from sfa.util.xrn import hrn_to_urn, get_authority,Xrn,get_leaf
16 from sfa.util.table import SfaTable
17 from sfa.util.record import SfaRecord
18 from sfa.trust.hierarchy import Hierarchy
19 from sfa.trust.certificate import Keypair,convert_public_key
20 from sfa.trust.gid import create_uuid
21 from sfa.trust.trustedroots import TrustedRoots
24 TrustedR = TrustedRoots(Config.get_trustedroots_dir(config))
25 AuthHierarchy = Hierarchy()
27 if not table.exists():
31 def create_sm_client_record(self):
33 Create a user record for the Slicemanager service.
35 hrn = config.SFA_INTERFACE_HRN + '.slicemanager'
36 urn = hrn_to_urn(hrn, 'user')
37 if not AuthHierarchy.auth_exists(urn):
38 AuthHierarchy.create_auth(urn)
40 auth_info = AuthHierarchy.get_auth_info(hrn)
42 sm_user_record = table.find({'type': 'user', 'hrn': hrn})
43 if not sm_user_record:
44 record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="user", pointer=-1)
45 record['authority'] = get_authority(record['hrn'])
48 def create_interface_records():
50 Create a record for each SFA interface
52 # just create certs for all sfa interfaces even if they
54 interface_hrn = config.SFA_INTERFACE_HRN
55 interfaces = ['authority+sa', 'authority+am', 'authority+sm']
57 auth_info = AuthHierarchy.get_auth_info(interface_hrn)
58 pkey = auth_info.get_pkey_object()
59 for interface in interfaces:
60 interface_record = table.find({'type': interface, 'hrn': interface_hrn})
61 if not interface_record:
62 urn = hrn_to_urn(interface_hrn, interface)
63 gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
64 record = SfaRecord(hrn=interface_hrn, gid=gid, type=interface, pointer=-1)
65 record['authority'] = get_authority(interface_hrn)
66 print>>sys.stderr,"\r\n ==========create_interface_records", record['authority']
69 def create_top_level_auth_records(hrn):
71 Create top level records (includes root and sub authorities (local/remote)
74 urn = hrn_to_urn(hrn, 'authority')
75 # make sure parent exists
76 parent_hrn = get_authority(hrn)
77 print>>sys.stderr, "\r\n =========slab-import create_top_level_auth_records hrn %s urn %s parent_hrn %s \r\n" %(hrn, urn, parent_hrn)
80 if not parent_hrn == hrn:
81 create_top_level_auth_records(parent_hrn)
83 # create the authority if it doesnt already exist
84 if not AuthHierarchy.auth_exists(urn):
85 AuthHierarchy.create_auth(urn)
87 # create the db record if it doesnt already exist
88 auth_info = AuthHierarchy.get_auth_info(hrn)
90 auth_record = table.find({'type': 'authority', 'hrn': hrn})
93 auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=-1)
94 auth_record['authority'] = get_authority(auth_record['hrn'])
95 print sys.stderr, " \r\n \t slab-import : auth record %s inserted record %s " %(auth_record['hrn'], auth_record)
96 table.insert(auth_record)
100 def import_node(hrn, node):
102 # ASN.1 will have problems with hrn's longer than 64 characters
106 node_record = table.find({'type': 'node', 'hrn': hrn})
107 pkey = Keypair(create=True)
108 urn = hrn_to_urn(hrn, 'node')
109 node_gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
110 node_record = SfaRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
111 node_record['authority'] = get_authority(node_record['hrn'])
112 extime = datetime.datetime.utcnow()
113 node_record['date_created'] = int(time.mktime(extime.timetuple()))
114 existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
115 if not existing_records:
116 print>>sys.stderr, " \r\n \t slab-import : node record %s inserted" %(node_record['hrn'])
117 table.insert(node_record)
119 existing_record = existing_records[0]
120 node_record['record_id'] = existing_record['record_id']
121 table.update(node_record)
123 # person is already a sfa record
124 def import_person(authname,person):
125 existing_records = table.find({'hrn': person['hrn'], 'type': 'user'})
126 extime = datetime.datetime.utcnow()
127 person['date_created'] = int(time.mktime(extime.timetuple()))
130 if not existing_records:
131 print>>sys.stderr, " \r\n \t slab-import : person record %s inserted" %(person['hrn'])
133 RSA_KEY_STRING=person['pkey']
134 pkey=convert_public_key(RSA_KEY_STRING)
135 person['gid']=AuthHierarchy.create_gid("urn:publicid:IDN+"+authname+"+user+"+person['uid'], uuid, pkey, CA=False).save_to_string()
138 existing_record = existing_records[0]
139 person['record_id'] = existing_record['record_id']
140 # handle key change ???
143 def import_slice(person):
145 hrn = person['hrn']+'_slice'
146 pkey = Keypair(create=True)
147 urn = hrn_to_urn(hrn, 'slice')
148 gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
149 slice_record= SfaRecord(hrn=hrn, gid=gid, type="slice", pointer=-1)
150 slice_record['authority'] = get_authority(slice_record['hrn'])
152 extime = datetime.datetime.utcnow()
153 slice_record['date_created'] = int(time.mktime(extime.timetuple()))
156 existing_records = table.find({'hrn': slice_record['hrn'], 'type': 'slice'})
157 if not existing_records:
158 print>>sys.stderr, " \r\n \t slab-import : slice record %s inserted" %(slice_record['hrn'])
159 table.insert(slice_record)
161 print>>sys.stderr, " \r\n \t slab-import : slice record %s updated" %(slice_record['hrn'])
162 existing_record = existing_records[0]
163 slice_record['record_id'] = existing_record['record_id']
164 table.update(slice_record)
166 def delete_record( hrn, type):
168 record_list = table.find({'type': type, 'hrn': hrn})
169 for record in record_list:
170 print>>sys.stderr, " \r\n \t slab-import : record %s deleted" %(record['hrn'])
173 def hostname_to_hrn(root_auth,hostname):
174 # keep only the first part of the DNS name
175 #hrn='.'.join( [auth,hostname.split(".")[0] ] )
176 # escape the '.' in the hostname
177 hrn='.'.join( [root_auth,Xrn.escape(hostname)] )
178 return hrn_to_urn(hrn,'node')
183 if not config.SFA_REGISTRY_ENABLED:
185 root_auth = config.SFA_REGISTRY_ROOT_AUTH
186 interface_hrn = config.SFA_INTERFACE_HRN
187 print interface_hrn, root_auth
189 # initialize registry db table
191 #if not table.exists():
194 # create root authority
195 create_top_level_auth_records(root_auth)
196 if not root_auth == interface_hrn:
197 create_top_level_auth_records(interface_hrn)
199 # create s user record for the slice manager Do we need this?
200 #create_sm_client_record()
202 # create interface records ADDED 18 nov 11 Do we need this?
204 create_interface_records()
206 # add local root authority's cert to trusted list ADDED 18 nov 11 Do we need this?
208 authority = AuthHierarchy.get_auth_info(interface_hrn)
209 TrustedR.add_gid(authority.get_gid_object())
213 # create dict of all existing sfa records
215 existing_records = {}
219 results = table.find()
220 for result in results:
221 existing_records[(result['hrn'], result['type'])] = result
222 existing_hrns.append(result['hrn'])
226 Driver = SlabDriver(config)
227 nodes_dict = Driver.GetNodes()
228 #print "\r\n NODES8DICT ",nodes_dict
230 ldap_person_list = Driver.GetPersons()
234 # import node records
235 for node in nodes_dict:
236 hrn = hostname_to_hrn( root_auth, node['hostname'])
237 if hrn not in existing_hrns or \
238 (hrn, 'node') not in existing_records:
239 import_node(hrn, node)
241 # import persons and slices
242 for person in ldap_person_list:
243 if person['hrn'] not in existing_hrns or \
244 (person['hrn'], 'user') not in existing_records :
245 import_person(root_auth,person)
251 # remove stale records
252 system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
254 for (record_hrn, type) in existing_records.keys():
255 if record_hrn in system_records:
258 record = existing_records[(record_hrn, type)]
259 if record['peer_authority']:
266 if type == 'authority':
267 #for site in sites_dict:
268 #print "\t type : authority : ", site
269 #site_hrn = interface_hrn + "." + site['login_base']
270 #if site_hrn == record_hrn and site['site_id'] == record['pointer']:
272 print "\t \t Found :", found
276 for person in ldap_person_list:
277 if person['hrn'] == record_hrn:
282 login_base = get_leaf(get_authority(record_hrn))
283 nodename = Xrn.unescape(get_leaf(record_hrn))
284 for node in nodes_dict:
285 if node['hostname'] == nodename :
289 elif type == 'slice':
290 for person in ldap_person_list:
291 if person['hrn']+'_slice' == record_hrn:
298 record_object = existing_records[(record_hrn, type)]
299 print "\t\t NOT FOUND ! ", record_hrn
300 delete_record(record_hrn, type)
302 if __name__ == "__main__":