# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id$
-# $URL$
-#
-
import xmlrpclib
from types import *
import textwrap
import pprint
from types import StringTypes
-
+from PLC.NovaShell import NovaShell
from PLC.Faults import *
from PLC.Parameter import Parameter, Mixed, python_type, xmlrpc_type
from PLC.Auth import Auth
-from PLC.Debug import profile, log
-from PLC.Events import Event, Events
+from PLC.Timestamp import Timestamp
+from PLC.Debug import profile
from PLC.Nodes import Node, Nodes
from PLC.Persons import Person, Persons
dictionaries of possibly mixed types, values, and/or Parameters
(e.g., [int, bool, ...] or {'arg1': int, 'arg2': bool}).
+w
+w
Once function decorators in Python 2.4 are fully supported,
consider wrapping calls with accepts() and returns() functions
instead of performing type checking manually.
return True
- def __init__(self, api):
+ def __init__(self, api,caller=None):
self.name = self.__class__.__name__
self.api = api
+ self.api.client_shell = None
- # Auth may set this to a Person instance (if an anonymous
- # method, will remain None).
- self.caller = None
+ if caller:
+ # let a method call another one by propagating its caller
+ self.caller=caller
+ else:
+ # Auth may set this to a Person instance (if an anonymous
+ # method, will remain None).
+ self.caller = None
+
# API may set this to a (addr, port) tuple if known
self.source = None
-
+
def __call__(self, *args, **kwds):
"""
Main entry point for all PLCAPI functions. Type checks
"""
try:
- start = time.time()
+ start = time.time()
# legacy code cannot be type-checked, due to the way Method.args() works
- if not hasattr(self,"skip_typecheck"):
+ # as of 5.0-rc16 we don't use skip_type_check anymore
+ if not hasattr(self,"skip_type_check"):
(min_args, max_args, defaults) = self.args()
-
+
# Check that the right number of arguments were passed in
if len(args) < len(min_args) or len(args) > len(max_args):
raise PLCInvalidArgumentCount(len(args), len(min_args), len(max_args))
for name, value, expected in zip(max_args, args, self.accepts):
self.type_check(name, value, expected, args)
-
- result = self.call(*args, **kwds)
- runtime = time.time() - start
-
- if self.api.config.PLC_API_DEBUG or hasattr(self, 'message'):
- self.log(None, runtime, *args)
-
- return result
+
+ result = self.call(*args, **kwds)
+ runtime = time.time() - start
+
+ return result
except PLCFault, fault:
-
- caller = ""
- if isinstance(self.caller, Person):
- caller = 'person_id %s' % self.caller['person_id']
- elif isinstance(self.caller, Node):
- caller = 'node_id %s' % self.caller['node_id']
+
+ caller = ""
+ if self.caller:
+ caller = 'user: %s' % self.caller.name
# Prepend caller and method name to expected faults
fault.faultString = caller + ": " + self.name + ": " + fault.faultString
- runtime = time.time() - start
-
- if self.api.config.PLC_API_DEBUG:
- self.log(fault, runtime, *args)
-
- raise fault
-
- def log(self, fault, runtime, *args):
- """
- Log the transaction
- """
-
- # Do not log system or Get calls
- if self.name.startswith('system') or self.name.startswith('Get') or self.name.startswith('ReportRunlevel') :
- return False
-
- # Create a new event
- event = Event(self.api)
- event['fault_code'] = 0
- if fault:
- event['fault_code'] = fault.faultCode
- event['runtime'] = runtime
-
- # Redact passwords and sessions
- if args and isinstance(args[0], dict):
- # what type of auth this is
- if args[0].has_key('AuthMethod'):
- auth_methods = ['session', 'password', 'capability', 'gpg', 'hmac','anonymous']
- auth_method = args[0]['AuthMethod']
- if auth_method in auth_methods:
- event['auth_type'] = auth_method
- for password in 'AuthString', 'session':
- if args[0].has_key(password):
- auth = args[0].copy()
- auth[password] = "Removed by API"
- args = (auth,) + args[1:]
-
- # Log call representation
- # XXX Truncate to avoid DoS
- event['call'] = self.name + pprint.saferepr(args)
- event['call_name'] = self.name
-
- # Both users and nodes can call some methods
- if isinstance(self.caller, Person):
- event['person_id'] = self.caller['person_id']
- elif isinstance(self.caller, Node):
- event['node_id'] = self.caller['node_id']
-
- event.sync(commit = False)
-
- if hasattr(self, 'event_objects') and isinstance(self.event_objects, dict):
- for key in self.event_objects.keys():
- for object_id in self.event_objects[key]:
- event.add_object(key, object_id, commit = False)
-
-
- # Set the message for this event
- if fault:
- event['message'] = fault.faultString
- elif hasattr(self, 'message'):
- event['message'] = self.message
-
- # Commit
- event.sync()
+ raise fault
def help(self, indent = " "):
"""
That represents the minimum and maximum sets of arguments that
this function accepts and the defaults for the optional arguments.
"""
-
+
# Inspect call. Remove self from the argument list.
max_args = self.call.func_code.co_varnames[1:self.call.func_code.co_argcount]
defaults = self.call.func_defaults
min_args = max_args[0:len(max_args) - len(defaults)]
defaults = tuple([None for arg in min_args]) + defaults
-
+
return (min_args, max_args, defaults)
def type_check(self, name, value, expected, args):
which may be a Python type, a typed value, a Parameter, a
Mixed type, or a list or dictionary of possibly mixed types,
values, Parameters, or Mixed types.
-
+
Extraneous members of lists must be of the same type as the
last specified type. For example, if the expected argument
type is [int, bool], then [1, False] and [14, True, False,
raise PLCInvalidArgument("'%s' not specified" % key, name)
if auth is not None:
- auth.check(self, *args)
+ # assume auth structure is first argument
+ self.authenticate(args[0])
+
+ def authenticate(self, auth):
+
+ # establish nova connection
+ self.api.client_shell = NovaShell(username=auth['Username'],
+ password=auth['AuthString'],
+ tenant=auth['Tenant'])
+ self.api.client_shell.authenticate()
+ persons = Persons(self.api, {'email': auth['Username']})
+ if not persons:
+ raise PLCAuthenticationFailure, "Username not found"
+ self.caller = persons[0]
+ keystone_user = self.api.client_shell.keystone.users.find(id=self.caller['keystone_id'])
+ self.caller_tenant = self.api.client_shell.keystone.tenants.find(name=auth['Tenant'])
+ caller_roles = self.api.client_shell.keystone.roles.roles_for_user(self.caller, self.caller_tenant)
+ role_names = [role.name for role in caller_roles]
+ self.caller['roles'] = role_names
+ if not set(role_names).intersection(self.roles):
+ method_message="method %s has roles [%s]"%(self.name,','.join(self.roles))
+ person_message="caller %s has roles [%s]"%(self.caller.name,','.join(role_names))
+ raise PLCAuthenticationFailure, "PasswordAuth: missing role, %s -- %s"%(method_message,person_message)
+
+
git://git.onelab.eu / plcapi.git / blobdiff