CM_PORT=12346
-# utility methods here
-def optparse_listvalue_callback(option, option_string, value, parser):
- setattr(parser.values, option.dest, value.split(','))
-
-# a code fragment that could be helpful for argparse which unfortunately is
-# available with 2.7 only, so this feels like too strong a requirement for the client side
-#class ExtraArgAction (argparse.Action):
-# def __call__ (self, parser, namespace, values, option_string=None):
-# would need a try/except of course
-# (k,v)=values.split('=')
-# d=getattr(namespace,self.dest)
-# d[k]=v
-#####
-#parser.add_argument ("-X","--extra",dest='extras', default={}, action=ExtraArgAction,
-# help="set extra flags, testbed dependent, e.g. --extra enabled=true")
-
-def optparse_dictvalue_callback (option, option_string, value, parser):
- try:
- (k,v)=value.split('=',1)
- d=getattr(parser.values, option.dest)
- d[k]=v
- except:
- parser.print_help()
- sys.exit(1)
+from sfa.client.common import optparse_listvalue_callback, optparse_dictvalue_callback, \
+ terminal_render, filter_records
# display methods
def display_rspec(rspec, format='rspec'):
return
-def filter_records(type, records):
- filtered_records = []
- for record in records:
- if (record['type'] == type) or (type == "all"):
- filtered_records.append(record)
- return filtered_records
-
-
def credential_printable (credential_string):
credential=Credential(string=credential_string)
result=""
f.close()
return
-# used in sfi list
-def terminal_render (records,options):
- # sort records by type
- grouped_by_type={}
- for record in records:
- type=record['type']
- if type not in grouped_by_type: grouped_by_type[type]=[]
- grouped_by_type[type].append(record)
- group_types=grouped_by_type.keys()
- group_types.sort()
- for type in group_types:
- group=grouped_by_type[type]
-# print 20 * '-', type
- try: renderer=eval('terminal_render_'+type)
- except: renderer=terminal_render_default
- for record in group: renderer(record,options)
-
-def render_plural (how_many, name,names=None):
- if not names: names="%ss"%name
- if how_many<=0: return "No %s"%name
- elif how_many==1: return "1 %s"%name
- else: return "%d %s"%(how_many,names)
-
-def terminal_render_default (record,options):
- print "%s (%s)" % (record['hrn'], record['type'])
-def terminal_render_user (record, options):
- print "%s (User)"%record['hrn'],
- if record.get('reg-pi-authorities',None): print " [PI at %s]"%(" and ".join(record['reg-pi-authorities'])),
- if record.get('reg-slices',None): print " [IN slices %s]"%(" and ".join(record['reg-slices'])),
- user_keys=record.get('reg-keys',[])
- if not options.verbose:
- print " [has %s]"%(render_plural(len(user_keys),"key"))
- else:
- print ""
- for key in user_keys: print 8*' ',key.strip("\n")
-
-def terminal_render_slice (record, options):
- print "%s (Slice)"%record['hrn'],
- if record.get('reg-researchers',None): print " [USERS %s]"%(" and ".join(record['reg-researchers'])),
-# print record.keys()
- print ""
-def terminal_render_authority (record, options):
- print "%s (Authority)"%record['hrn'],
- if record.get('reg-pis',None): print " [PIS %s]"%(" and ".join(record['reg-pis'])),
- print ""
-def terminal_render_node (record, options):
- print "%s (Node)"%record['hrn']
-
# minimally check a key argument
def check_ssh_key (key):
good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$'
("version", ""),
("list", "authority"),
("show", "name"),
- ("add", "record"),
- ("update", "record"),
+ ("add", "[record]"),
+ ("update", "[record]"),
("remove", "name"),
("slices", ""),
("resources", "[slice_hrn]"),
("shutdown", "slice_hrn"),
("get_ticket", "slice_hrn rspec"),
("redeem_ticket", "ticket"),
- ("delegate", "name"),
+ ("delegate", "to_hrn"),
("gid", "[name]"),
("trusted", "cred"),
("config", ""),
help="gives details, like user keys", default=False)
if command in ("delegate"):
parser.add_option("-u", "--user",
- action="store_true", dest="delegate_user", default=False,
- help="delegate your own credentials")
- parser.add_option("-s", "--slice", dest="delegate_slice",
- help="delegate slice credential", metavar="HRN", default=None)
- parser.add_option("-a", "--authority", dest='delegate_to_authority', default=None, action='store_true',
- help="""by default the only argument is expected to be a user,
+ action="store_true", dest="delegate_user", default=False,
+ help="delegate your own credentials; default if no other option is provided")
+ parser.add_option("-s", "--slice", dest="delegate_slices",action='append',default=[],
+ metavar="slice_hrn", help="delegate cred. for slice HRN")
+ parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[],
+ metavar='auth_hrn', help="delegate cred for auth HRN")
+ # this primarily is a shorthand for -a my_hrn^
+ parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true',
+ help="delegate your PI credentials, so s.t. like -a your_hrn^")
+ parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False,
+ help="""by default the mandatory argument is expected to be a user,
use this if you mean an authority instead""")
if command in ("version"):
sys.exit(-1)
return self.client_bootstrap.authority_credential_string (self.authority)
+ def authority_credential_string(self, auth_hrn):
+ return self.client_bootstrap.authority_credential_string (auth_hrn)
+
def slice_credential_string(self, name):
return self.client_bootstrap.slice_credential_string (name)
return
def add(self, options, args):
- "add record into registry from xml file (Register)"
+ "add record into registry by using the command options (Recommended) or from xml file (Register)"
auth_cred = self.my_authority_credential_string()
if options.show_credential:
show_credentials(auth_cred)
record_dict = {}
- if len(args) > 0:
- record_filepath = args[0]
- rec_file = self.get_record_file(record_filepath)
- record_dict.update(load_record_from_file(rec_file).todict())
+ if len(args) > 1:
+ self.print_help()
+ sys.exit(1)
+ if len(args)==1:
+ try:
+ record_filepath = args[0]
+ rec_file = self.get_record_file(record_filepath)
+ record_dict.update(load_record_from_file(rec_file).todict())
+ except:
+ print "Cannot load record file %s"%record_filepath
+ sys.exit(1)
if options:
record_dict.update(load_record_from_opts(options).todict())
# we should have a type by now
return self.registry().Register(record_dict, auth_cred)
def update(self, options, args):
- "update record into registry from xml file (Update)"
+ "update record into registry by using the command options (Recommended) or from xml file (Update)"
record_dict = {}
if len(args) > 0:
record_filepath = args[0]
self.print_help()
sys.exit(1)
target_hrn = args[0]
- gid = self.registry().CreateGid(self.my_credential_string, target_hrn, self.client_bootstrap.my_gid_string())
+ my_gid_string = open(self.client_bootstrap.my_gid()).read()
+ gid = self.registry().CreateGid(self.my_credential_string, target_hrn, my_gid_string)
if options.file:
filename = options.file
else:
self.print_help()
sys.exit(1)
to_hrn = args[0]
- print 'to_hrn',to_hrn
- if options.delegate_to_authority: to_type='authority'
- else: to_type='user'
+ # support for several delegations in the same call
+ # so first we gather the things to do
+ tuples=[]
+ for slice_hrn in options.delegate_slices:
+ message="%s.slice"%slice_hrn
+ original = self.slice_credential_string(slice_hrn)
+ tuples.append ( (message, original,) )
+ if options.delegate_pi:
+ my_authority=self.authority
+ message="%s.pi"%my_authority
+ original = self.my_authority_credential_string()
+ tuples.append ( (message, original,) )
+ for auth_hrn in options.delegate_auths:
+ message="%s.auth"%auth_hrn
+ original=self.authority_credential_string(auth_hrn)
+ tuples.append ( (message, original, ) )
+ # if nothing was specified at all at this point, let's assume -u
+ if not tuples: options.delegate_user=True
+ # this user cred
if options.delegate_user:
message="%s.user"%self.user
original = self.my_credential_string
- elif options.delegate_slice:
- message="%s.slice"%options.delegate_slice
- original = self.slice_credential_string(options.delegate_slice)
- else:
- self.logger.warning("Must specify either --user or --slice <hrn>")
- return
- delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type)
- delegated_credential = Credential (string=delegated_string)
- filename = os.path.join ( self.options.sfi_dir,
- "%s_for_%s.%s.cred"%(message,to_hrn,to_type))
- delegated_credential.save_to_file(filename, save_parents=True)
- self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename))
+ tuples.append ( (message, original, ) )
+
+ # default type for beneficial is user unless -A
+ if options.delegate_to_authority: to_type='authority'
+ else: to_type='user'
+
+ # let's now handle all this
+ # it's all in the filenaming scheme
+ for (message,original) in tuples:
+ delegated_string = self.client_bootstrap.delegate_credential_string(original, to_hrn, to_type)
+ delegated_credential = Credential (string=delegated_string)
+ filename = os.path.join ( self.options.sfi_dir,
+ "%s_for_%s.%s.cred"%(message,to_hrn,to_type))
+ delegated_credential.save_to_file(filename, save_parents=True)
+ self.logger.info("delegated credential for %s to %s and wrote to %s"%(message,to_hrn,filename))
def trusted(self, options, args):
"""