- # the key and hrn of the user who will be delegating
- user_key = Keypair(filename = get_key_file())
- user_hrn = cred.get_gid_caller().get_hrn()
-
- dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
- dcred.set_gid_caller(delegee_gid)
- dcred.set_gid_object(object_gid)
- dcred.set_privileges(cred.get_privileges())
- dcred.set_delegate(True)
- dcred.set_pubkey(object_gid.get_pubkey())
- dcred.set_issuer(user_key, user_hrn)
- dcred.set_parent(cred)
- dcred.encode()
- dcred.sign()
-
- return dcred
-
-def get_rspec_file(rspec):
- if (os.path.isabs(rspec)):
- file = rspec
- else:
- file = os.path.join(sfi_dir, rspec)
- if (os.path.isfile(file)):
- return file
- else:
- print "No such rspec file", rspec
- sys.exit(1)
-
-def get_record_file(record):
- if (os.path.isabs(record)):
- file = record
- else:
- file = os.path.join(sfi_dir, record)
- if (os.path.isfile(file)):
- return file
- else:
- print "No such registry record file", record
- sys.exit(1)
-
-def load_publickey_string(fn):
- f = file(fn,"r")
- key_string = f.read()
-
- # if the filename is a private key file, then extract the public key
- if "PRIVATE KEY" in key_string:
- outfn = tempfile.mktemp()
- cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
- os.system(cmd)
- f = file(outfn, "r")
- key_string = f.read()
- os.remove(outfn)
-
- return key_string
-#
-# Generate sub-command parser
-#
-def create_cmd_parser(command, additional_cmdargs = None):
- cmdargs = {"list": "name",
- "show": "name",
- "remove": "name",
- "add": "record",
- "update": "record",
- "slices": "",
- "resources": "[name]",
- "create": "name rspec",
- "delete": "name",
- "reset": "name",
- "start": "name",
- "stop": "name",
- "delegate": "name"
- }
-
- if additional_cmdargs:
- cmdargs.update(additional_cmdargs)
-
- if command not in cmdargs:
- print "Invalid command\n"
- print "Commands: ",
- for key in cmdargs.keys():
- print key+",",
- print ""
- sys.exit(2)
-
- parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
- % (command, cmdargs[command]))
- if command in ("resources"):
- parser.add_option("-f", "--format", dest="format",type="choice",
- help="display format (dns|ip|rspec)",default="rspec",
- choices=("dns","ip","rspec"))
- if command in ("list", "show", "remove"):
- parser.add_option("-t", "--type", dest="type",type="choice",
- help="type filter (user|slice|sa|ma|node|aggregate)",
- choices=("user","slice","sa","ma","node","aggregate", "all"),
- default="all")
- if command in ("show", "list", "resources"):
- parser.add_option("-o", "--output", dest="file",
- help="output XML to file", metavar="FILE", default=None)
- if command in ("delegate"):
- parser.add_option("-u", "--user",
- action="store_true", dest="delegate_user", default=False,
- help="delegate user credential")
- parser.add_option("-s", "--slice", dest="delegate_slice",
- help="delegate slice credential", metavar="HRN", default=None)
- return parser
-
-def create_parser():
- # Generate command line parser
- parser = OptionParser(usage="sfi [options] command [command_options] [command_args]",
- description="Commands: list,show,remove,add,update,nodes,slices,resources,create,delete,start,stop,reset")
- parser.add_option("-r", "--registry", dest="registry",
- help="root registry", metavar="URL", default=None)
- parser.add_option("-s", "--slicemgr", dest="sm",
- help="slice manager", metavar="URL", default=None)
- parser.add_option("-d", "--dir", dest="dir",
- help="working directory", metavar="PATH", default = sfi_dir)
- parser.add_option("-u", "--user", dest="user",
- help="user name", metavar="HRN", default=None)
- parser.add_option("-a", "--auth", dest="auth",
- help="authority name", metavar="HRN", default=None)
- parser.add_option("-v", "--verbose",
- action="store_true", dest="verbose", default=False,
- help="verbose mode")
- parser.add_option("-p", "--protocol",
- dest="protocol", default="xmlrpc",
- help="RPC protocol (xmlrpc or soap)")
- parser.disable_interspersed_args()
-
- return parser
-
-def dispatch(command, cmd_opts, cmd_args):
- globals()[command](cmd_opts, cmd_args)
-
-#
-# Main: parse arguments and dispatch to command
-#
-def main():
- global verbose
-
- parser = create_parser()
- (options, args) = parser.parse_args()
-
- if len(args) <= 0:
- print "No command given. Use -h for help."
- return -1
-
- command = args[0]
- (cmd_opts, cmd_args) = create_cmd_parser(command).parse_args(args[1:])
- verbose = options.verbose
- if verbose :
- print "Resgistry %s, sm %s, dir %s, user %s, auth %s" % (options.registry,
- options.sm,
- options.dir,
- options.user,
- options.auth)
- print "Command %s" %command
- if command in ("resources"):
- print "resources cmd_opts %s" %cmd_opts.format
- elif command in ("list","show","remove"):
- print "cmd_opts.type %s" %cmd_opts.type
- print "cmd_args %s" %cmd_args
-
- set_servers(options)
-
- try:
- dispatch(command, cmd_opts, cmd_args)
- except KeyError:
- raise
- print "Command not found:", command
- sys.exit(1)
-
- return
-
-#
-# Following functions implement the commands
-#
-# Registry-related commands
-#
-
-# list entires in named authority registry
-def list(opts, args):
- global registry
- user_cred = get_user_cred()
- try:
- list = registry.list(user_cred, args[0])
- except IndexError:
- raise Exception, "Not enough parameters for the 'list' command"
-
- # filter on person, slice, site, node, etc.
- # THis really should be in the filter_records funct def comment...
- list = filter_records(opts.type, list)
- for record in list:
- print "%s (%s)" % (record['hrn'], record['type'])
- if opts.file:
- save_records_to_file(opts.file, list)
- return
-
-# show named registry record
-def show(opts, args):
- global registry
- user_cred = get_user_cred()
- records = registry.resolve(user_cred, args[0])
- records = filter_records(opts.type, records)
- if not records:
- print "No record of type", opts.type
- for record in records:
- if record['type'] in ['user']:
- record = UserRecord(dict = record)
- elif record['type'] in ['slice']:
- record = SliceRecord(dict = record)
- elif record['type'] in ['node']:
- record = NodeRecord(dict = record)
- elif record['type'] in ['authority', 'ma', 'sa']:
- record = AuthorityRecord(dict = record)