+ save_records_to_file(outfile, records)
+
+ def _record_dict(self, xrn, type, email, key,
+ slices, researchers, pis,
+ url, description, extras):
+ record_dict = {}
+ if xrn:
+ if type:
+ xrn = Xrn(xrn, type)
+ else:
+ xrn = Xrn(xrn)
+ record_dict['urn'] = xrn.get_urn()
+ record_dict['hrn'] = xrn.get_hrn()
+ record_dict['type'] = xrn.get_type()
+ if url:
+ record_dict['url'] = url
+ if description:
+ record_dict['description'] = description
+ if key:
+ try:
+ pubkey = open(key, 'r').read()
+ except IOError:
+ pubkey = key
+ record_dict['reg-keys'] = [pubkey]
+ if slices:
+ record_dict['slices'] = slices
+ if researchers:
+ record_dict['reg-researchers'] = researchers
+ if email:
+ record_dict['email'] = email
+ if pis:
+ record_dict['reg-pis'] = pis
+ if extras:
+ record_dict.update(extras)
+ return record_dict
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn', default=None)
+ @add_options('-t', '--type', dest='type', metavar='<type>', help='object type (mandatory)')
+ @add_options('-a', '--all', dest='all', metavar='<all>', action='store_true', default=False, help='check all users GID')
+ @add_options('-v', '--verbose', dest='verbose', metavar='<verbose>', action='store_true', default=False, help='verbose mode: display user\'s hrn ')
+ def check_gid(self, xrn=None, type=None, all=None, verbose=None):
+ """Check the correspondance between the GID and the PubKey"""
+
+ # db records
+ from sfa.storage.model import RegRecord
+ db_query = self.api.dbsession().query(RegRecord).filter_by(type=type)
+ if xrn and not all:
+ hrn = Xrn(xrn).get_hrn()
+ db_query = db_query.filter_by(hrn=hrn)
+ elif all and xrn:
+ print("Use either -a or -x <xrn>, not both !!!")
+ sys.exit(1)
+ elif not all and not xrn:
+ print("Use either -a or -x <xrn>, one of them is mandatory !!!")
+ sys.exit(1)
+
+ records = db_query.all()
+ if not records:
+ print("No Record found")
+ sys.exit(1)
+
+ OK = []
+ NOK = []
+ ERROR = []
+ NOKEY = []
+ for record in records:
+ # get the pubkey stored in SFA DB
+ if record.reg_keys:
+ db_pubkey_str = record.reg_keys[0].key
+ try:
+ db_pubkey_obj = convert_public_key(db_pubkey_str)
+ except:
+ ERROR.append(record.hrn)
+ continue
+ else:
+ NOKEY.append(record.hrn)
+ continue
+
+ # get the pubkey from the gid
+ gid_str = record.gid
+ gid_obj = GID(string=gid_str)
+ gid_pubkey_obj = gid_obj.get_pubkey()
+
+ # Check if gid_pubkey_obj and db_pubkey_obj are the same
+ check = gid_pubkey_obj.is_same(db_pubkey_obj)
+ if check:
+ OK.append(record.hrn)
+ else:
+ NOK.append(record.hrn)
+
+ if not verbose:
+ print("Users NOT having a PubKey: %s\n\
+Users having a non RSA PubKey: %s\n\
+Users having a GID/PubKey correpondence OK: %s\n\
+Users having a GID/PubKey correpondence Not OK: %s\n" % (len(NOKEY), len(ERROR), len(OK), len(NOK)))
+ else:
+ print("Users NOT having a PubKey: %s and are: \n%s\n\n\
+Users having a non RSA PubKey: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n" % (len(NOKEY), NOKEY, len(ERROR), ERROR, len(OK), OK, len(NOK), NOK))
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
+ @add_options('-e', '--email', dest='email', default="",
+ help="email (mandatory for users)")
+ @add_options('-u', '--url', dest='url', metavar='<url>', default=None,
+ help="URL, useful for slices")
+ @add_options('-d', '--description', dest='description', metavar='<description>',
+ help='Description, useful for slices', default=None)
+ @add_options('-k', '--key', dest='key', metavar='<key>', help='public key string or file',
+ default=None)
+ @add_options('-s', '--slices', dest='slices', metavar='<slices>', help='Set/replace slice xrns',
+ default='', type="str", action='callback', callback=optparse_listvalue_callback)
+ @add_options('-r', '--researchers', dest='researchers', metavar='<researchers>', help='Set/replace slice researchers',
+ default='', type="str", action='callback', callback=optparse_listvalue_callback)
+ @add_options('-p', '--pis', dest='pis', metavar='<PIs>',
+ help='Set/replace Principal Investigators/Project Managers',
+ default='', type="str", action='callback', callback=optparse_listvalue_callback)
+ @add_options('-X', '--extra', dest='extras', default={}, type='str', metavar="<EXTRA_ASSIGNS>",
+ action="callback", callback=optparse_dictvalue_callback, nargs=1,
+ help="set extra/testbed-dependent flags, e.g. --extra enabled=true")
+ def register(self, xrn, type=None, email='', key=None,
+ slices='', pis='', researchers='',
+ url=None, description=None, extras={}):
+ """Create a new Registry record"""
+ record_dict = self._record_dict(xrn=xrn, type=type, email=email, key=key,
+ slices=slices, researchers=researchers, pis=pis,
+ url=url, description=description, extras=extras)
+ self.api.manager.Register(self.api, record_dict)
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
+ @add_options('-u', '--url', dest='url', metavar='<url>', help='URL', default=None)
+ @add_options('-d', '--description', dest='description', metavar='<description>',
+ help='Description', default=None)
+ @add_options('-k', '--key', dest='key', metavar='<key>', help='public key string or file',
+ default=None)
+ @add_options('-s', '--slices', dest='slices', metavar='<slices>', help='Set/replace slice xrns',
+ default='', type="str", action='callback', callback=optparse_listvalue_callback)
+ @add_options('-r', '--researchers', dest='researchers', metavar='<researchers>', help='Set/replace slice researchers',
+ default='', type="str", action='callback', callback=optparse_listvalue_callback)
+ @add_options('-p', '--pis', dest='pis', metavar='<PIs>',
+ help='Set/replace Principal Investigators/Project Managers',
+ default='', type="str", action='callback', callback=optparse_listvalue_callback)
+ @add_options('-X', '--extra', dest='extras', default={}, type='str', metavar="<EXTRA_ASSIGNS>",
+ action="callback", callback=optparse_dictvalue_callback, nargs=1,
+ help="set extra/testbed-dependent flags, e.g. --extra enabled=true")
+ def update(self, xrn, type=None, email='', key=None,
+ slices='', pis='', researchers='',
+ url=None, description=None, extras={}):
+ """Update an existing Registry record"""
+ record_dict = self._record_dict(xrn=xrn, type=type, email=email, key=key,
+ slices=slices, researchers=researchers, pis=pis,
+ url=url, description=description, extras=extras)
+ self.api.manager.Update(self.api, record_dict)
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
+ def remove(self, xrn, type=None):
+ """Remove given object from the registry"""
+ xrn = Xrn(xrn, type)
+ self.api.manager.Remove(self.api, xrn)
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
+ def credential(self, xrn, type=None):
+ """Invoke GetCredential"""
+ cred = self.api.manager.GetCredential(
+ self.api, xrn, type, self.api.hrn)
+ print(cred)
+
+ def import_registry(self):
+ """Run the importer"""
+ from sfa.importer import Importer
+ importer = Importer()
+ importer.run()
+
+ def sync_db(self):
+ """Initialize or upgrade the db"""
+ from sfa.storage.dbschema import DBSchema
+ dbschema = DBSchema()
+ dbschema.init_or_upgrade()
+
+ @add_options('-a', '--all', dest='all', metavar='<all>', action='store_true', default=False,
+ help='Remove all registry records and all files in %s area' % help_basedir)
+ @add_options('-c', '--certs', dest='certs', metavar='<certs>', action='store_true', default=False,
+ help='Remove all cached certs/gids found in %s' % help_basedir)
+ @add_options('-0', '--no-reinit', dest='reinit', metavar='<reinit>', action='store_false', default=True,
+ help='Prevents new DB schema from being installed after cleanup')
+ def nuke(self, all=False, certs=False, reinit=True):
+ """Cleanup local registry DB, plus various additional filesystem cleanups optionally"""
+ from sfa.storage.dbschema import DBSchema
+ from sfa.util.sfalogging import _SfaLogger
+ logger = _SfaLogger(
+ logfile='/var/log/sfa_import.log', loggername='importlog')
+ logger.setLevelFromOptVerbose(self.api.config.SFA_API_LOGLEVEL)
+ logger.info("Purging SFA records from database")
+ dbschema = DBSchema()
+ dbschema.nuke()
+
+ # for convenience we re-create the schema here, so there's no need for an explicit
+ # service sfa restart
+ # however in some (upgrade) scenarios this might be wrong
+ if reinit:
+ logger.info("re-creating empty schema")
+ dbschema.init_or_upgrade()
+
+ # remove the server certificate and all gids found in
+ # /var/lib/sfa/authorities
+ if certs:
+ logger.info("Purging cached certificates")
+ for (dir, _, files) in os.walk('/var/lib/sfa/authorities'):
+ for file in files:
+ if file.endswith('.gid') or file == 'server.cert':
+ path = dir + os.sep + file
+ os.unlink(path)
+
+ # just remove all files that do not match 'server.key' or 'server.cert'
+ if all:
+ logger.info("Purging registry filesystem cache")
+ preserved_files = ['server.key', 'server.cert']
+ for dir, _, files in os.walk(Hierarchy().basedir):
+ for file in files:
+ if file in preserved_files:
+ continue
+ path = dir + os.sep + file
+ os.unlink(path)
+
+
+class CertCommands(Commands):