# sfi -- slice-based facility interface
import sys
+sys.path.append('.')
import os, os.path
import tempfile
import traceback
import socket
+from lxml import etree
+from StringIO import StringIO
from types import StringTypes, ListType
from optparse import OptionParser
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
-from sfa.util.geniclient import GeniClient
from sfa.util.sfaticket import SfaTicket
from sfa.util.record import *
-from sfa.util.misc import *
-from sfa.util.rspec import RSpec
+from sfa.util.namespace import *
from sfa.util.xmlrpcprotocol import ServerException
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
from sfa.util.config import Config
+
# utility methods here
# display methods
def display_rspec(rspec, format = 'rspec'):
if format in ['dns']:
- spec = RSpec()
- spec.parseString(rspec)
- hostnames = []
- nodespecs = spec.getDictsByTagName('NodeSpec')
- for nodespec in nodespecs:
- if nodespec.has_key('name') and nodespec['name']:
- if isinstance(nodespec['name'], ListType):
- hostnames.extend(nodespec['name'])
- elif isinstance(nodespec['name'], StringTypes):
- hostnames.append(nodespec['name'])
- result = hostnames
+ tree = etree.parse(StringIO(rspec))
+ root = tree.getroot()
+ result = root.xpath("./network/site/node/hostname/text()")
elif format in ['ip']:
- spec = RSpec()
- spec.parseString(rspec)
- ips = []
- ifspecs = spec.getDictsByTagName('IfSpec')
- for ifspec in ifspecs:
- if ifspec.has_key('addr') and ifspec['addr']:
- ips.append(ifspec['addr'])
- result = ips
+ # The IP address is not yet part of the new RSpec
+ # so this doesn't do anything yet.
+ tree = etree.parse(StringIO(rspec))
+ root = tree.getroot()
+ result = root.xpath("./network/site/node/ipv4/text()")
else:
result = rspec
elif record['type'] in ['authority', 'ma', 'sa']:
record = AuthorityRecord(dict = record)
else:
- record = GeniRecord(dict = record)
+ record = SfaRecord(dict = record)
str = record.save_to_string()
file(filename, "w").write(str)
return
# load methods
def load_record_from_file(filename):
str = file(filename, "r").read()
- record = GeniRecord(string=str)
+ record = SfaRecord(string=str)
return record
"slices": "",
"resources": "[name]",
"create": "name rspec",
+ "get_trusted_certs": "cred",
"get_ticket": "name rspec",
- "redeem_ticket": "ticket rspec",
+ "redeem_ticket": "ticket",
"delete": "name",
"reset": "name",
"start": "name",
parser.add_option("-a", "--aggregate", dest="aggregate",default=None,
help="aggregate hrn")
+ if command in ("start", "stop", "reset", "delete", "slices"):
+ parser.add_option("-c", "--component", dest="component",default=None,
+ help="component hrn")
+
if command in ("list", "show", "remove"):
parser.add_option("-t", "--type", dest="type",type="choice",
help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
parser.add_option("-v", "--verbose",
action="store_true", dest="verbose", default=False,
help="verbose mode")
+ parser.add_option("-D", "--debug",
+ action="store_true", dest="debug", default=False,
+ help="Debug (xml-rpc) protocol messages")
parser.add_option("-p", "--protocol",
dest="protocol", default="xmlrpc",
help="RPC protocol (xmlrpc or soap)")
self.cert_file = cert_file
self.cert = Certificate(filename=cert_file)
# Establish connection to server(s)
- #self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol)
- #self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol)
- self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file)
- self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file)
+ self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file, self.options.debug)
+ self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file, self.options.debug)
return
#
def get_key_file(self):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey")
if (os.path.isfile(file)):
return file
else:
def get_cert_file(self,key_file):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
if (os.path.isfile(file)):
return file
else:
return file
def get_gid(self):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".gid")
if (os.path.isfile(file)):
gid = GID(filename=file)
return gid
else:
cert_str = self.cert.save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([cert_str, self.user, "user"])
- gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash)
+ gid_str = self.registry.get_gid(cert_str, self.user, "user")
gid = GID(string=gid_str)
if self.options.verbose:
print "Writing user gid to", file
return gid
def get_user_cred(self):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
if (os.path.isfile(file)):
user_cred = Credential(filename=file)
return user_cred
else:
# bootstrap user credential
cert_string = self.cert.save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([cert_string, "user", self.user])
- user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash)
+ user_name=self.user.replace(self.authority+".", '')
+ if user_name.count(".") > 0:
+ user_name = user_name.replace(".", '_')
+ self.user=self.authority + "." + user_name
+
+ user_cred = self.registry.get_self_credential(cert_string, "user", self.user)
if user_cred:
cred = Credential(string=user_cred)
cred.save_to_file(file, save_parents=True)
else:
# bootstrap authority credential from user credential
user_cred = self.get_user_cred().save_to_string(save_parents=True)
- request_hash = None
- if self.hashrequest:
- request_hash = self.key.compute_hash([user_cred, "authority", self.authority])
- auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash)
+ auth_cred = self.registry.get_credential(user_cred, "authority", self.authority)
if auth_cred:
cred = Credential(string=auth_cred)
cred.save_to_file(file, save_parents=True)
# bootstrap slice credential from user credential
user_cred = self.get_user_cred().save_to_string(save_parents=True)
arg_list = [user_cred, "slice", name]
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash(arg_list)
- slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash)
+ slice_cred_str = self.registry.get_credential(user_cred, "slice", name)
if slice_cred_str:
slice_cred = Credential(string=slice_cred_str)
slice_cred.save_to_file(file, save_parents=True)
def delegate_cred(self,cred, hrn, type = 'authority'):
# the gid and hrn of the object we are delegating
- object_gid = cred.get_gid_object()
+ user_cred = Credential(string=cred)
+ object_gid = user_cred.get_gid_object()
object_hrn = object_gid.get_hrn()
- cred.set_delegate(True)
- if not cred.get_delegate():
- raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
+ #cred.set_delegate(True)
+ #if not cred.get_delegate():
+ # raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
records = self.registry.resolve(cred, hrn)
raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
# the gid of the user who will be delegated too
- delegee_gid = records[0].get_gid_object()
+ record = SfaRecord(dict=records[0])
+ delegee_gid = record.get_gid_object()
delegee_hrn = delegee_gid.get_hrn()
# the key and hrn of the user who will be delegating
user_key = Keypair(filename = self.get_key_file())
- user_hrn = cred.get_gid_caller().get_hrn()
+ user_hrn = user_cred.get_gid_caller().get_hrn()
dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
dcred.set_gid_caller(delegee_gid)
dcred.set_gid_object(object_gid)
- dcred.set_privileges(cred.get_privileges())
+ dcred.set_privileges(user_cred.get_privileges())
dcred.set_delegate(True)
dcred.set_pubkey(object_gid.get_pubkey())
dcred.set_issuer(user_key, user_hrn)
- dcred.set_parent(cred)
+ dcred.set_parent(user_cred)
dcred.encode()
dcred.sign()
- return dcred
+ return dcred.save_to_string(save_parents=True)
def get_rspec_file(self,rspec):
if (os.path.isabs(rspec)):
os.remove(outfn)
return key_string
+
+ def get_component_server_from_hrn(self, hrn):
+ # direct connection to the nodes component manager interface
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ records = self.registry.resolve(user_cred, hrn)
+ records = filter_records('node', records)
+ if not records:
+ print "No such component:", opts.component
+ record = records[0]
+ cm_port = "12346"
+ url = "https://%s:%s" % (record['hostname'], cm_port)
+ return xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.debug)
#
# Following functions implement the commands
def list(self,opts, args):
user_cred = self.get_user_cred().save_to_string(save_parents=True)
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([user_cred, hrn])
try:
- list = self.registry.list(user_cred, hrn, request_hash)
+ list = self.registry.list(user_cred, hrn)
except IndexError:
raise Exception, "Not enough parameters for the 'list' command"
if opts.file:
file = opts.file
if not file.startswith(os.sep):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
+ file = os.path.join(self.options.sfi_dir, file)
save_records_to_file(file, list)
return
def show(self,opts, args):
user_cred = self.get_user_cred().save_to_string(save_parents=True)
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([user_cred, hrn])
- records = self.registry.resolve(user_cred, hrn, request_hash)
+ records = self.registry.resolve(user_cred, hrn)
records = filter_records(opts.type, records)
if not records:
print "No record of type", opts.type
elif record['type'] in ['authority', 'ma', 'sa']:
record = AuthorityRecord(dict = record)
else:
- record = GeniRecord(dict = record)
+ record = SfaRecord(dict = record)
if (opts.format=="text"):
record.dump()
- else:
+ else:
print record.save_to_string()
if opts.file:
print "Error: Object credential", object_hrn, "does not have delegate bit set"
return
- records = self.registry.resolve(user_cred, args[0])
+ records = self.registry.resolve(user_cred.save_to_string(save_parents=True), args[0])
records = filter_records("user", records)
if not records:
return
# the gid of the user who will be delegated too
- delegee_gid = records[0].get_gid_object()
+ delegee_gid = GID(string=records[0]['gid'])
delegee_hrn = delegee_gid.get_hrn()
-
+
# the key and hrn of the user who will be delegating
user_key = Keypair(filename = self.get_key_file())
user_hrn = user_cred.get_gid_caller().get_hrn()
-
- dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
+ subject_string = "%s delegated to %s" % (object_hrn, delegee_hrn)
+ dcred = Credential(subject=subject_string)
dcred.set_gid_caller(delegee_gid)
dcred.set_gid_object(object_gid)
dcred.set_privileges(object_cred.get_privileges())
type = opts.type
if type in ['all']:
type = '*'
- request_hash=None
- if self.hashrequest:
- arg_list = [auth_cred, type, hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.registry.remove(auth_cred, type, hrn, request_hash)
+ return self.registry.remove(auth_cred, type, hrn)
# add named registry record
def add(self,opts, args):
record_filepath = args[0]
rec_file = self.get_record_file(record_filepath)
record = load_record_from_file(rec_file).as_dict()
- request_hash=None
- if self.hashrequest:
- arg_list = [auth_cred]
- request_hash = self.key.compute_hash(arg_list)
- return self.registry.register(auth_cred, record, request_hash)
+ return self.registry.register(auth_cred, record)
# update named registry entry
def update(self,opts, args):
else:
raise "unknown record type" + record.get_type()
record = record.as_dict()
- request_hash=None
- if self.hashrequest:
- arg_list = [cred]
- request_hash = self.key.compute_hash(arg_list)
- return self.registry.update(cred, record, request_hash)
-
-
+ return self.registry.update(cred, record)
+
+ def get_trusted_certs(self, opts, args):
+ """
+ return the trusted certs at this interface
+ """
+ trusted_certs = self.registry.get_trusted_certs()
+ for trusted_cert in trusted_certs:
+ cert = Certificate(string=trusted_cert)
+ print cert.get_subject()
+ return
+
def aggregates(self, opts, args):
"""
return a list of details about known aggregates
hrn = None
if args:
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- arg_list = [user_cred, hrn]
- request_hash = self.key.compute_hash(arg_list)
- result = self.registry.get_aggregates(user_cred, hrn, request_hash)
+ result = self.registry.get_aggregates(user_cred, hrn)
display_list(result)
return
hrn = None
if args:
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- arg_list = [user_cred, hrn]
- request_hash = self.key.compute_hash(arg_list)
- result = self.registry.get_registries(user_cred, hrn, request_hash)
+ result = self.registry.get_registries(user_cred, hrn)
display_list(result)
return
# list instantiated slices
def slices(self,opts, args):
user_cred = self.get_user_cred().save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [user_cred]
- request_hash = self.key.compute_hash(arg_list)
- results = self.slicemgr.get_slices(user_cred, request_hash)
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+ results = server.get_slices(user_cred)
display_list(results)
return
server = self.slicemgr
if opts.aggregate:
agg_hrn = opts.aggregate
- arg_list = [user_cred, arg_hrn]
- request_hash = self.key.compute_hash(arg_list)
- aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash)
+ aggregates = self.registry.get_aggregates(user_cred, agg_hrn)
if not aggregates:
raise Exception, "No such aggregate %s" % agg_hrn
aggregate = aggregates[0]
url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
- server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
+ server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.debug)
if args:
cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
hrn = args[0]
cred = user_cred
hrn = None
- request_hash=None
- if self.hashrequest:
- arg_list = [cred, hrn]
- request_hash = self.key.compute_hash(arg_list)
- result = server.get_resources(cred, hrn, request_hash)
+ result = server.get_resources(cred, hrn)
format = opts.format
display_rspec(result, format)
raise Exception, "No such aggregate %s" % opts.aggregate
aggregate = aggregates[0]
url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
- server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn, rspec]
- request_hash = self.key.compute_hash(arg_list)
- return server.create_slice(slice_cred, slice_hrn, rspec, request_hash)
+ server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.debug)
+ return server.create_slice(slice_cred, slice_hrn, rspec)
# get a ticket for the specified slice
def get_ticket(self, opts, args):
raise Exception, "No such aggregate %s" % opts.aggregate
aggregate = aggregates[0]
url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
- server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn, rspec]
- request_hash = self.key.compute_hash(arg_list)
- ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec, request_hash)
+ server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.debug)
+ ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec)
file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
print "writing ticket to ", file
ticket = SfaTicket(string=ticket_string)
# use this to get the right slice credential
ticket = SfaTicket(filename=ticket_file)
ticket.decode()
- slice_hrn = ticket.attributes['slivers'][0]['hrn']
+ slice_hrn=ticket.gidObject.get_hrn()
+ #slice_hrn = ticket.attributes['slivers'][0]['hrn']
user_cred = self.get_user_cred()
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
- # get a list node hostnames from the nodespecs in the rspec
- rspec = RSpec()
- rspec.parseString(ticket.rspec)
- nodespecs = rspec.getDictsByTagName('NodeSpec')
- hostnames = [nodespec['name'] for nodespec in nodespecs]
+ # get a list of node hostnames from the RSpec
+ tree = etree.parse(StringIO(ticket.rspec))
+ root = tree.getroot()
+ hostnames = root.xpath("./network/site/node/hostname/text()")
# create an xmlrpc connection to the component manager at each of these
# components and gall redeem_ticket
try:
cm_port = "12346"
url = "https://%(hostname)s:%(cm_port)s" % locals()
- print "Calling get_ticket at %(url)s " % locals(),
- cm = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
+ print "Calling redeem_ticket at %(url)s " % locals(),
+ cm = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.debug)
cm.redeem_ticket(slice_cred, ticket.save_to_string(save_parents=True))
print "Success"
except socket.gaierror:
# delete named slice
def delete(self,opts, args):
slice_hrn = args[0]
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.delete_slice(slice_cred, slice_hrn, request_hash)
+ return server.delete_slice(slice_cred, slice_hrn)
# start named slice
def start(self,opts, args):
slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.start_slice(slice_cred, slice_hrn, request_hash)
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+
+ slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ return server.start_slice(slice_cred, slice_hrn)
# stop named slice
def stop(self,opts, args):
slice_hrn = args[0]
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.stop_slice(slice_cred, slice_hrn, request_hash)
+ return server.stop_slice(slice_cred, slice_hrn)
# reset named slice
def reset(self,opts, args):
slice_hrn = args[0]
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.reset_slice(slice_cred, slice_hrn, request_hash)
+ return server.reset_slice(slice_cred, slice_hrn)
#
# Main: parse arguments and dispatch to command