# sfi -- slice-based facility interface
import sys
+sys.path.append('.')
import os, os.path
import tempfile
import traceback
from optparse import OptionParser
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
-from sfa.util.geniclient import GeniClient
from sfa.util.sfaticket import SfaTicket
from sfa.util.record import *
-from sfa.util.misc import *
+from sfa.util.namespace import *
from sfa.util.rspec import RSpec
from sfa.util.xmlrpcprotocol import ServerException
import sfa.util.xmlrpcprotocol as xmlrpcprotocol
elif record['type'] in ['authority', 'ma', 'sa']:
record = AuthorityRecord(dict = record)
else:
- record = GeniRecord(dict = record)
+ record = SfaRecord(dict = record)
str = record.save_to_string()
file(filename, "w").write(str)
return
# load methods
def load_record_from_file(filename):
str = file(filename, "r").read()
- record = GeniRecord(string=str)
+ record = SfaRecord(string=str)
return record
"slices": "",
"resources": "[name]",
"create": "name rspec",
+ "get_trusted_certs": "cred",
"get_ticket": "name rspec",
- "redeem_ticket": "ticket rspec",
+ "redeem_ticket": "ticket",
"delete": "name",
"reset": "name",
"start": "name",
parser.add_option("-a", "--aggregate", dest="aggregate",default=None,
help="aggregate hrn")
+ if command in ("start", "stop", "reset", "delete", "slices"):
+ parser.add_option("-c", "--component", dest="component",default=None,
+ help="component hrn")
+
if command in ("list", "show", "remove"):
parser.add_option("-t", "--type", dest="type",type="choice",
help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
self.cert_file = cert_file
self.cert = Certificate(filename=cert_file)
# Establish connection to server(s)
- #self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol)
- #self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol)
self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file)
self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file)
return
def get_key_file(self):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".pkey")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".pkey")
if (os.path.isfile(file)):
return file
else:
def get_cert_file(self,key_file):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cert")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert")
if (os.path.isfile(file)):
return file
else:
return file
def get_gid(self):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".gid")
if (os.path.isfile(file)):
gid = GID(filename=file)
return gid
else:
cert_str = self.cert.save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([cert_str, self.user, "user"])
- gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash)
+ gid_str = self.registry.get_gid(cert_str, self.user, "user")
gid = GID(string=gid_str)
if self.options.verbose:
print "Writing user gid to", file
return gid
def get_user_cred(self):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
+ #file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
+ file=os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
if (os.path.isfile(file)):
user_cred = Credential(filename=file)
return user_cred
else:
# bootstrap user credential
cert_string = self.cert.save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([cert_string, "user", self.user])
+ request_hash = self.key.compute_hash([cert_string, "user", self.user])
+ user_name=self.user.replace(self.authority+".", '')
+ if user_name.count(".") > 0:
+ user_name = user_name.replace(".", '_')
+ self.user=self.authority + "." + user_name
+
user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash)
if user_cred:
cred = Credential(string=user_cred)
else:
# bootstrap authority credential from user credential
user_cred = self.get_user_cred().save_to_string(save_parents=True)
- request_hash = None
- if self.hashrequest:
- request_hash = self.key.compute_hash([user_cred, "authority", self.authority])
- auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash)
+ auth_cred = self.registry.get_credential(user_cred, "authority", self.authority)
if auth_cred:
cred = Credential(string=auth_cred)
cred.save_to_file(file, save_parents=True)
# bootstrap slice credential from user credential
user_cred = self.get_user_cred().save_to_string(save_parents=True)
arg_list = [user_cred, "slice", name]
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash(arg_list)
- slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash)
+ slice_cred_str = self.registry.get_credential(user_cred, "slice", name)
if slice_cred_str:
slice_cred = Credential(string=slice_cred_str)
slice_cred.save_to_file(file, save_parents=True)
def delegate_cred(self,cred, hrn, type = 'authority'):
# the gid and hrn of the object we are delegating
- object_gid = cred.get_gid_object()
+ user_cred = Credential(string=cred)
+ object_gid = user_cred.get_gid_object()
object_hrn = object_gid.get_hrn()
- cred.set_delegate(True)
- if not cred.get_delegate():
- raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
+ #cred.set_delegate(True)
+ #if not cred.get_delegate():
+ # raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
records = self.registry.resolve(cred, hrn)
raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
# the gid of the user who will be delegated too
- delegee_gid = records[0].get_gid_object()
+ record = SfaRecord(dict=records[0])
+ delegee_gid = record.get_gid_object()
delegee_hrn = delegee_gid.get_hrn()
# the key and hrn of the user who will be delegating
user_key = Keypair(filename = self.get_key_file())
- user_hrn = cred.get_gid_caller().get_hrn()
+ user_hrn = user_cred.get_gid_caller().get_hrn()
dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
dcred.set_gid_caller(delegee_gid)
dcred.set_gid_object(object_gid)
- dcred.set_privileges(cred.get_privileges())
+ dcred.set_privileges(user_cred.get_privileges())
dcred.set_delegate(True)
dcred.set_pubkey(object_gid.get_pubkey())
dcred.set_issuer(user_key, user_hrn)
- dcred.set_parent(cred)
+ dcred.set_parent(user_cred)
dcred.encode()
dcred.sign()
- return dcred
+ return dcred.save_to_string(save_parents=True)
def get_rspec_file(self,rspec):
if (os.path.isabs(rspec)):
os.remove(outfn)
return key_string
+
+ def get_component_server_from_hrn(self, hrn):
+ # direct connection to the nodes component manager interface
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ records = self.registry.resolve(user_cred, hrn)
+ records = filter_records('node', records)
+ if not records:
+ print "No such component:", opts.component
+ record = records[0]
+ cm_port = "12346"
+ url = "https://%s:%s" % (record['hostname'], cm_port)
+ return xmlrpcprotocol.get_server(url, self.key_file, self.cert_file)
#
# Following functions implement the commands
def list(self,opts, args):
user_cred = self.get_user_cred().save_to_string(save_parents=True)
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([user_cred, hrn])
try:
- list = self.registry.list(user_cred, hrn, request_hash)
+ list = self.registry.list(user_cred, hrn)
except IndexError:
raise Exception, "Not enough parameters for the 'list' command"
if opts.file:
file = opts.file
if not file.startswith(os.sep):
- file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".gid")
+ file = os.path.join(self.options.sfi_dir, file)
save_records_to_file(file, list)
return
def show(self,opts, args):
user_cred = self.get_user_cred().save_to_string(save_parents=True)
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- request_hash = self.key.compute_hash([user_cred, hrn])
- records = self.registry.resolve(user_cred, hrn, request_hash)
+ records = self.registry.resolve(user_cred, hrn)
records = filter_records(opts.type, records)
if not records:
print "No record of type", opts.type
elif record['type'] in ['authority', 'ma', 'sa']:
record = AuthorityRecord(dict = record)
else:
- record = GeniRecord(dict = record)
+ record = SfaRecord(dict = record)
if (opts.format=="text"):
record.dump()
- else:
+ else:
print record.save_to_string()
if opts.file:
type = opts.type
if type in ['all']:
type = '*'
- request_hash=None
- if self.hashrequest:
- arg_list = [auth_cred, type, hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.registry.remove(auth_cred, type, hrn, request_hash)
+ return self.registry.remove(auth_cred, type, hrn)
# add named registry record
def add(self,opts, args):
record_filepath = args[0]
rec_file = self.get_record_file(record_filepath)
record = load_record_from_file(rec_file).as_dict()
- request_hash=None
- if self.hashrequest:
- arg_list = [auth_cred]
- request_hash = self.key.compute_hash(arg_list)
- return self.registry.register(auth_cred, record, request_hash)
+ return self.registry.register(auth_cred, record)
# update named registry entry
def update(self,opts, args):
else:
raise "unknown record type" + record.get_type()
record = record.as_dict()
- request_hash=None
- if self.hashrequest:
- arg_list = [cred]
- request_hash = self.key.compute_hash(arg_list)
- return self.registry.update(cred, record, request_hash)
-
-
+ return self.registry.update(cred, record)
+
+ def get_trusted_certs(self, opts, args):
+ """
+ return the trusted certs at this interface
+ """
+ trusted_certs = self.registry.get_trusted_certs()
+ for trusted_cert in trusted_certs:
+ cert = Certificate(string=trusted_cert)
+ print cert.get_subject()
+ return
+
def aggregates(self, opts, args):
"""
return a list of details about known aggregates
hrn = None
if args:
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- arg_list = [user_cred, hrn]
- request_hash = self.key.compute_hash(arg_list)
- result = self.registry.get_aggregates(user_cred, hrn, request_hash)
+ result = self.registry.get_aggregates(user_cred, hrn)
display_list(result)
return
hrn = None
if args:
hrn = args[0]
- request_hash=None
- if self.hashrequest:
- arg_list = [user_cred, hrn]
- request_hash = self.key.compute_hash(arg_list)
- result = self.registry.get_registries(user_cred, hrn, request_hash)
+ result = self.registry.get_registries(user_cred, hrn)
display_list(result)
return
# list instantiated slices
def slices(self,opts, args):
user_cred = self.get_user_cred().save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [user_cred]
- request_hash = self.key.compute_hash(arg_list)
- results = self.slicemgr.get_slices(user_cred, request_hash)
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+ results = server.get_slices(user_cred)
display_list(results)
return
server = self.slicemgr
if opts.aggregate:
agg_hrn = opts.aggregate
- arg_list = [user_cred, arg_hrn]
- request_hash = self.key.compute_hash(arg_list)
- aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash)
+ aggregates = self.registry.get_aggregates(user_cred, agg_hrn)
if not aggregates:
raise Exception, "No such aggregate %s" % agg_hrn
aggregate = aggregates[0]
cred = user_cred
hrn = None
- request_hash=None
- if self.hashrequest:
- arg_list = [cred, hrn]
- request_hash = self.key.compute_hash(arg_list)
- result = server.get_resources(cred, hrn, request_hash)
+ result = server.get_resources(cred, hrn)
format = opts.format
display_rspec(result, format)
raise Exception, "No such aggregate %s" % opts.aggregate
aggregate = aggregates[0]
url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
- server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn, rspec]
- request_hash = self.key.compute_hash(arg_list)
- return server.create_slice(slice_cred, slice_hrn, rspec, request_hash)
+ server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.protocol)
+ return server.create_slice(slice_cred, slice_hrn, rspec)
# get a ticket for the specified slice
def get_ticket(self, opts, args):
raise Exception, "No such aggregate %s" % opts.aggregate
aggregate = aggregates[0]
url = "http://%s:%s" % (aggregate['addr'], aggregate['port'])
- server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn, rspec]
- request_hash = self.key.compute_hash(arg_list)
- ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec, request_hash)
+ server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.protocol)
+ ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec)
file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket")
print "writing ticket to ", file
ticket = SfaTicket(string=ticket_string)
# delete named slice
def delete(self,opts, args):
slice_hrn = args[0]
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+
slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.delete_slice(slice_cred, slice_hrn, request_hash)
+ return server.delete_slice(slice_cred, slice_hrn)
# start named slice
def start(self,opts, args):
slice_hrn = args[0]
- slice_cred = self.get_slice_cred(args[0])
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.start_slice(slice_cred, slice_hrn, request_hash)
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+
+ slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
+ return server.start_slice(slice_cred, slice_hrn)
# stop named slice
def stop(self,opts, args):
slice_hrn = args[0]
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.stop_slice(slice_cred, slice_hrn, request_hash)
+ return server.stop_slice(slice_cred, slice_hrn)
# reset named slice
def reset(self,opts, args):
slice_hrn = args[0]
+ server = self.slicemgr
+ # direct connection to the nodes component manager interface
+ if opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True)
- request_hash=None
- if self.hashrequest:
- arg_list = [slice_cred, slice_hrn]
- request_hash = self.key.compute_hash(arg_list)
- return self.slicemgr.reset_slice(slice_cred, slice_hrn, request_hash)
+ return server.reset_slice(slice_cred, slice_hrn)
#
# Main: parse arguments and dispatch to command