+ sfa_record = Record(dict=record)
+ sfa_record.dump(format)
+ if outfile:
+ save_records_to_file(outfile, records)
+
+ @staticmethod
+ def _record_dict(xrn, type, email, key,
+ slices, researchers, pis,
+ url, description, extras):
+ record_dict = {}
+ if xrn:
+ if type:
+ xrn = Xrn(xrn, type)
+ else:
+ xrn = Xrn(xrn)
+ record_dict['urn'] = xrn.get_urn()
+ record_dict['hrn'] = xrn.get_hrn()
+ record_dict['type'] = xrn.get_type()
+ if url:
+ record_dict['url'] = url
+ if description:
+ record_dict['description'] = description
+ if key:
+ try:
+ pubkey = open(key, 'r').read()
+ except IOError:
+ pubkey = key
+ record_dict['reg-keys'] = [pubkey]
+ if slices:
+ record_dict['slices'] = slices
+ if researchers:
+ record_dict['reg-researchers'] = researchers
+ if email:
+ record_dict['email'] = email
+ if pis:
+ record_dict['reg-pis'] = pis
+ if extras:
+ record_dict.update(extras)
+ return record_dict
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
+ help='object hrn/urn', default=None)
+ @add_options('-t', '--type', dest='type', metavar='<type>',
+ help='object type (mandatory)')
+ @add_options('-a', '--all', dest='all', metavar='<all>',
+ action='store_true', default=False,
+ help='check all users GID')
+ @add_options('-v', '--verbose', dest='verbose', metavar='<verbose>',
+ action='store_true', default=False,
+ help='verbose mode: display user\'s hrn ')
+ def check_gid(self, xrn=None, type=None, all=None, verbose=None):
+ """Check the correspondance between the GID and the PubKey"""
+
+ # db records
+ from sfa.storage.model import RegRecord
+ db_query = self.api.dbsession().query(RegRecord).filter_by(type=type)
+ if xrn and not all:
+ hrn = Xrn(xrn).get_hrn()
+ db_query = db_query.filter_by(hrn=hrn)
+ elif all and xrn:
+ print("Use either -a or -x <xrn>, not both !!!")
+ sys.exit(1)
+ elif not all and not xrn:
+ print("Use either -a or -x <xrn>, one of them is mandatory !!!")
+ sys.exit(1)
+
+ records = db_query.all()
+ if not records:
+ print("No Record found")
+ sys.exit(1)
+
+ OK = []
+ NOK = []
+ ERROR = []
+ NOKEY = []
+ for record in records:
+ # get the pubkey stored in SFA DB
+ if record.reg_keys:
+ db_pubkey_str = record.reg_keys[0].key
+ try:
+ db_pubkey_obj = convert_public_key(db_pubkey_str)
+ except Exception:
+ ERROR.append(record.hrn)
+ continue
+ else:
+ NOKEY.append(record.hrn)
+ continue
+
+ # get the pubkey from the gid
+ gid_str = record.gid
+ gid_obj = GID(string=gid_str)
+ gid_pubkey_obj = gid_obj.get_pubkey()
+
+ # Check if gid_pubkey_obj and db_pubkey_obj are the same
+ check = gid_pubkey_obj.is_same(db_pubkey_obj)
+ if check:
+ OK.append(record.hrn)
+ else:
+ NOK.append(record.hrn)
+
+ if not verbose:
+ print("Users NOT having a PubKey: %s\n\
+Users having a non RSA PubKey: %s\n\
+Users having a GID/PubKey correpondence OK: %s\n\
+Users having a GID/PubKey correpondence Not OK: %s\n"
+ % (len(NOKEY), len(ERROR), len(OK), len(NOK)))
+ else:
+ print("Users NOT having a PubKey: %s and are: \n%s\n\n\
+Users having a non RSA PubKey: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n"
+ % (len(NOKEY), NOKEY, len(ERROR), ERROR,
+ len(OK), OK, len(NOK), NOK))
+
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
+ help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>',
+ help='object type', default=None)
+ @add_options('-e', '--email', dest='email', default="",
+ help="email (mandatory for users)")
+ @add_options('-u', '--url', dest='url', metavar='<url>', default=None,
+ help="URL, useful for slices")
+ @add_options('-d', '--description', dest='description',
+ metavar='<description>',
+ help='Description, useful for slices', default=None)
+ @add_options('-k', '--key', dest='key', metavar='<key>',
+ help='public key string or file',
+ default=None)
+ @add_options('-s', '--slices', dest='slices', metavar='<slices>',
+ help='Set/replace slice xrns',
+ default='', type="str", action='callback',
+ callback=optparse_listvalue_callback)
+ @add_options('-r', '--researchers', dest='researchers',
+ metavar='<researchers>', help='Set/replace slice researchers',
+ default='', type="str", action='callback',
+ callback=optparse_listvalue_callback)
+ @add_options('-p', '--pis', dest='pis', metavar='<PIs>',
+ help='Set/replace Principal Investigators/Project Managers',
+ default='', type="str", action='callback',
+ callback=optparse_listvalue_callback)
+ @add_options('-X', '--extra', dest='extras',
+ default={}, type='str', metavar="<EXTRA_ASSIGNS>",
+ action="callback", callback=optparse_dictvalue_callback,
+ nargs=1,
+ help="set extra/testbed-dependent flags,"
+ " e.g. --extra enabled=true")
+ def register(self, xrn, type=None, email='', key=None,
+ slices='', pis='', researchers='',
+ url=None, description=None, extras={}):
+ """Create a new Registry record"""
+ record_dict = self._record_dict(
+ xrn=xrn, type=type, email=email, key=key,
+ slices=slices, researchers=researchers, pis=pis,
+ url=url, description=description, extras=extras)
+ self.api.manager.Register(self.api, record_dict)
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
+ help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>',
+ help='object type', default=None)
+ @add_options('-u', '--url', dest='url', metavar='<url>',
+ help='URL', default=None)
+ @add_options('-d', '--description', dest='description',
+ metavar='<description>',
+ help='Description', default=None)
+ @add_options('-k', '--key', dest='key', metavar='<key>',
+ help='public key string or file',
+ default=None)
+ @add_options('-s', '--slices', dest='slices', metavar='<slices>',
+ help='Set/replace slice xrns',
+ default='', type="str", action='callback',
+ callback=optparse_listvalue_callback)
+ @add_options('-r', '--researchers', dest='researchers',
+ metavar='<researchers>', help='Set/replace slice researchers',
+ default='', type="str", action='callback',
+ callback=optparse_listvalue_callback)
+ @add_options('-p', '--pis', dest='pis', metavar='<PIs>',
+ help='Set/replace Principal Investigators/Project Managers',
+ default='', type="str", action='callback',
+ callback=optparse_listvalue_callback)
+ @add_options('-X', '--extra', dest='extras', default={}, type='str',
+ metavar="<EXTRA_ASSIGNS>", nargs=1,
+ action="callback", callback=optparse_dictvalue_callback,
+ help="set extra/testbed-dependent flags,"
+ " e.g. --extra enabled=true")
+ def update(self, xrn, type=None, email='', key=None,
+ slices='', pis='', researchers='',
+ url=None, description=None, extras={}):
+ """Update an existing Registry record"""
+ record_dict = self._record_dict(
+ xrn=xrn, type=type, email=email, key=key,
+ slices=slices, researchers=researchers, pis=pis,
+ url=url, description=description, extras=extras)
+ self.api.manager.Update(self.api, record_dict)
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
+ help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>',
+ help='object type', default=None)
+ def remove(self, xrn, type=None):
+ """Remove given object from the registry"""
+ xrn = Xrn(xrn, type)
+ self.api.manager.Remove(self.api, xrn)
+
+ @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
+ help='object hrn/urn (mandatory)')
+ @add_options('-t', '--type', dest='type', metavar='<type>',
+ help='object type', default=None)
+ def credential(self, xrn, type=None):
+ """Invoke GetCredential"""
+ cred = self.api.manager.GetCredential(
+ self.api, xrn, type, self.api.hrn)
+ print(cred)
+
+
+ def import_registry(self):
+ """Run the importer"""
+ if not DEBUG:
+ init_logger('import')
+ from sfa.importer import Importer
+ importer = Importer()
+ importer.run()
+
+
+ def sync_db(self):
+ """Initialize or upgrade the db"""
+ from sfa.storage.dbschema import DBSchema
+ dbschema = DBSchema()
+ dbschema.init_or_upgrade()
+
+
+ @add_options('-a', '--all', dest='all', metavar='<all>',
+ action='store_true', default=False,
+ help='Remove all registry records and all files in %s area'
+ % help_basedir)
+ @add_options('-c', '--certs', dest='certs',
+ metavar='<certs>', action='store_true', default=False,
+ help='Remove all cached certs/gids found in %s'
+ % help_basedir)
+ @add_options('-0', '--no-reinit', dest='reinit', metavar='<reinit>',
+ action='store_false', default=True,
+ help="Prevents new DB schema"
+ " from being installed after cleanup")
+ def nuke(self, all=False, certs=False, reinit=True):
+ """
+ Cleanup local registry DB, plus various additional
+ filesystem cleanups optionally
+ """
+ from sfa.storage.dbschema import DBSchema
+ from sfa.util.sfalogging import init_logger, logger
+ init_logger('import')
+ logger.setLevelFromOptVerbose(self.api.config.SFA_API_LOGLEVEL)
+ logger.info("Purging SFA records from database")
+ dbschema = DBSchema()
+ dbschema.nuke()
+
+ # for convenience we re-create the schema here,
+ # so there's no need for an explicit
+ # service sfa restart
+ # however in some (upgrade) scenarios this might be wrong
+ if reinit:
+ logger.info("re-creating empty schema")
+ dbschema.init_or_upgrade()
+
+ # remove the server certificate and all gids found in
+ # /var/lib/sfa/authorities
+ if certs:
+ logger.info("Purging cached certificates")
+ for (dir, _, files) in os.walk('/var/lib/sfa/authorities'):
+ for file in files:
+ if file.endswith('.gid') or file == 'server.cert':
+ path = dir + os.sep + file
+ os.unlink(path)
+
+ # just remove all files that do not match 'server.key' or 'server.cert'
+ if all:
+ logger.info("Purging registry filesystem cache")
+ preserved_files = ['server.key', 'server.cert']
+ for dir, _, files in os.walk(Hierarchy().basedir):
+ for file in files:
+ if file in preserved_files:
+ continue
+ path = dir + os.sep + file
+ os.unlink(path)
+
+
+class CertCommands(Commands):