+import os
+
+from sfa.util.config import Config
+from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
+from sfa.trust.gid import create_uuid
+from sfa.trust.certificate import convert_public_key, Keypair
+# using global alchemy.session() here is fine
+# as importer is on standalone one-shot process
+from sfa.storage.alchemy import global_dbsession
+from sfa.storage.model import RegRecord, RegAuthority, RegUser, RegSlice, RegNode
+from sfa.openstack.osxrn import OSXrn
+from sfa.openstack.shell import Shell
+
+
+def load_keys(filename):
+ keys = {}
+ tmp_dict = {}
+ try:
+ execfile(filename, tmp_dict)
+ if 'keys' in tmp_dict:
+ keys = tmp_dict['keys']
+ return keys
+ except:
+ return keys
+
+
+def save_keys(filename, keys):
+ f = open(filename, 'w')
+ f.write("keys = %s" % str(keys))
+ f.close()
+
+
+class OpenstackImporter:
+
+ def __init__(self, auth_hierarchy, logger):
+ self.auth_hierarchy = auth_hierarchy
+ self.logger = logger
+ self.config = Config()
+ self.interface_hrn = self.config.SFA_INTERFACE_HRN
+ self.root_auth = self.config.SFA_REGISTRY_ROOT_AUTH
+ self.shell = Shell(self.config)
+
+ def add_options(self, parser):
+ self.logger.debug("OpenstackImporter: no options yet")
+ pass
+
+ def import_users(self, existing_hrns, existing_records):
+ # Get all users
+ users = self.shell.auth_manager.users.list()
+ users_dict = {}
+ keys_filename = self.config.config_path + os.sep + 'person_keys.py'
+ old_user_keys = load_keys(keys_filename)
+ user_keys = {}
+ for user in users:
+ auth_hrn = self.config.SFA_INTERFACE_HRN
+ if user.tenantId is not None:
+ tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
+ auth_hrn = OSXrn(
+ name=tenant.name, auth=self.config.SFA_INTERFACE_HRN, type='authority').get_hrn()
+ hrn = OSXrn(name=user.name, auth=auth_hrn, type='user').get_hrn()
+ users_dict[hrn] = user
+ old_keys = old_user_keys.get(hrn, [])
+ keyname = OSXrn(xrn=hrn, type='user').get_slicename()
+ keys = [
+ k.public_key for k in self.shell.nova_manager.keypairs.findall(name=keyname)]
+ user_keys[hrn] = keys
+ update_record = False
+ if old_keys != keys:
+ update_record = True
+ if hrn not in existing_hrns or \
+ (hrn, 'user') not in existing_records or update_record:
+ urn = OSXrn(xrn=hrn, type='user').get_urn()
+
+ if keys:
+ try:
+ pkey = convert_public_key(keys[0])
+ except:
+ self.logger.log_exc(
+ 'unable to convert public key for %s' % hrn)
+ pkey = Keypair(create=True)
+ else:
+ self.logger.warning(
+ "OpenstackImporter: person %s does not have a PL public key" % hrn)
+ pkey = Keypair(create=True)
+ user_gid = self.auth_hierarchy.create_gid(
+ urn, create_uuid(), pkey, email=user.email)
+ user_record = RegUser()
+ user_record.type = 'user'
+ user_record.hrn = hrn
+ user_record.gid = user_gid
+ user_record.authority = get_authority(hrn)
+ global_dbsession.add(user_record)
+ global_dbsession.commit()
+ self.logger.info(
+ "OpenstackImporter: imported person %s" % user_record)
+
+ return users_dict, user_keys
+
+ def import_tenants(self, existing_hrns, existing_records):
+ # Get all tenants
+ # A tenant can represent an organizational group (site) or a
+ # slice. If a tenant's authorty/parent matches the root authority it is
+ # considered a group/site. All other tenants are considered slices.
+ tenants = self.shell.auth_manager.tenants.list()
+ tenants_dict = {}
+ for tenant in tenants:
+ hrn = self.config.SFA_INTERFACE_HRN + '.' + tenant.name
+ tenants_dict[hrn] = tenant
+ authority_hrn = OSXrn(
+ xrn=hrn, type='authority').get_authority_hrn()
+
+ if hrn in existing_hrns:
+ continue
+
+ if authority_hrn == self.config.SFA_INTERFACE_HRN:
+ # import group/site
+ record = RegAuthority()
+ urn = OSXrn(xrn=hrn, type='authority').get_urn()
+ if not self.auth_hierarchy.auth_exists(urn):
+ self.auth_hierarchy.create_auth(urn)
+ auth_info = self.auth_hierarchy.get_auth_info(urn)
+ gid = auth_info.get_gid_object()
+ record.type = 'authority'
+ record.hrn = hrn
+ record.gid = gid
+ record.authority = get_authority(hrn)
+ global_dbsession.add(record)
+ global_dbsession.commit()
+ self.logger.info(
+ "OpenstackImporter: imported authority: %s" % record)
+
+ else:
+ record = RegSlice()
+ urn = OSXrn(xrn=hrn, type='slice').get_urn()
+ pkey = Keypair(create=True)
+ gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
+ record.type = 'slice'
+ record.hrn = hrn
+ record.gid = gid
+ record.authority = get_authority(hrn)
+ global_dbsession.add(record)
+ global_dbsession.commit()
+ self.logger.info(
+ "OpenstackImporter: imported slice: %s" % record)
+
+ return tenants_dict
+
+ def run(self, options):
+ # we don't have any options for now
+ self.logger.info("OpenstackImporter.run : to do")
+
+ # create dict of all existing sfa records
+ existing_records = {}
+ existing_hrns = []
+ key_ids = []
+ for record in global_dbsession.query(RegRecord):
+ existing_records[(record.hrn, record.type,)] = record
+ existing_hrns.append(record.hrn)
+
+ tenants_dict = self.import_tenants(existing_hrns, existing_records)
+ users_dict, user_keys = self.import_users(
+ existing_hrns, existing_records)
+
+ # remove stale records
+ system_records = [self.interface_hrn, self.root_auth,
+ self.interface_hrn + '.slicemanager']
+ for (record_hrn, type) in existing_records.keys():
+ if record_hrn in system_records:
+ continue
+
+ record = existing_records[(record_hrn, type)]
+ if record.peer_authority:
+ continue
+
+ if type == 'user':
+ if record_hrn in users_dict:
+ continue
+ elif type in['slice', 'authority']:
+ if record_hrn in tenants_dict:
+ continue
+ else:
+ continue
+
+ record_object = existing_records[(record_hrn, type)]
+ self.logger.info("OpenstackImporter: removing %s " % record)
+ global_dbsession.delete(record_object)
+ global_dbsession.commit()
+
+ # save pub keys
+ self.logger.info('OpenstackImporter: saving current pub keys')
+ keys_filename = self.config.config_path + os.sep + 'person_keys.py'
+ save_keys(keys_filename, user_keys)