import traceback
import socket
import random
+import datetime
from lxml import etree
from StringIO import StringIO
from types import StringTypes, ListType
for result in results:
print result
-
def display_records(recordList, dump=False):
''' Print all fields in the record'''
for record in recordList:
parser = OptionParser(usage="sfi [sfi_options] %s [options] %s" \
% (command, cmdargs[command]))
- if command in ("resources"):
- parser.add_option("-f", "--format", dest="format", type="choice",
- help="display format ([xml]|dns|ip)", default="xml",
- choices=("xml", "dns", "ip"))
-
- if command in ("resources", "slices", "create", "delete", "start", "stop", "get_ticket"):
+ # user specifies remote aggregate/sm/component
+ if command in ("resources", "slices", "create", "delete", "start", "stop", "restart", "get_ticket", "redeem_ticket"):
parser.add_option("-a", "--aggregate", dest="aggregate",
default=None, help="aggregate host")
parser.add_option("-p", "--port", dest="port",
default=AGGREGATE_PORT, help="aggregate port")
-
- if command in ("start", "stop", "reset", "delete", "slices"):
parser.add_option("-c", "--component", dest="component", default=None,
help="component hrn")
-
+
+ # registy filter option
if command in ("list", "show", "remove"):
parser.add_option("-t", "--type", dest="type", type="choice",
- help="type filter ([all]|user|slice|sa|ma|node|aggregate)",
- choices=("all", "user", "slice", "sa", "ma", "node", "aggregate"),
+ help="type filter ([all]|user|slice|authority|node|aggregate)",
+ choices=("all", "user", "slice", "authority", "node", "aggregate"),
default="all")
+ # display formats
+ if command in ("resources"):
+ parser.add_option("-f", "--format", dest="format", type="choice",
+ help="display format ([xml]|dns|ip)", default="xml",
+ choices=("xml", "dns", "ip"))
+
if command in ("resources", "show", "list"):
parser.add_option("-o", "--output", dest="file",
help="output XML to file", metavar="FILE", default=None)
print "Writing user gid to", file
gid.save_to_file(file, save_parents=True)
return gid
+
+ def get_cached_credential(self, file):
+ """
+ Return a cached credential only if it hasn't expired.
+ """
+ if (os.path.isfile(file)):
+ credential = Credential(filename=file)
+ # make sure it isnt expired
+ if not credential.get_lifetime or \
+ datetime.datetime.today() < credential.get_lifetime():
+ return credential
+ return None
def get_user_cred(self):
#file = os.path.join(self.options.sfi_dir, get_leaf(self.user) + ".cred")
file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cred")
- if (os.path.isfile(file)):
- user_cred = Credential(filename=file)
- return user_cred
- else:
- # bootstrap user credential
- cert_string = self.cert.save_to_string(save_parents=True)
- user_name = self.user.replace(self.authority + ".", '')
- if user_name.count(".") > 0:
- user_name = user_name.replace(".", '_')
- self.user = self.authority + "." + user_name
+ return self.get_cred(file, 'user', self.user)
- user_cred = self.registry.get_self_credential(cert_string, "user", self.user)
- if user_cred:
- cred = Credential(string=user_cred)
- cred.save_to_file(file, save_parents=True)
- if self.options.verbose:
- print "Writing user credential to", file
- return cred
- else:
- print "Failed to get user credential"
- sys.exit(-1)
-
def get_auth_cred(self):
if not self.authority:
print "no authority specified. Use -a or set SF_AUTH"
sys.exit(-1)
-
file = os.path.join(self.options.sfi_dir, get_leaf("authority") + ".cred")
- if (os.path.isfile(file)):
- auth_cred = Credential(filename=file)
- return auth_cred
- else:
- # bootstrap authority credential from user credential
- user_cred = self.get_user_cred().save_to_string(save_parents=True)
- auth_cred = self.registry.get_credential(user_cred, "authority", self.authority)
- if auth_cred:
- cred = Credential(string=auth_cred)
- cred.save_to_file(file, save_parents=True)
- if self.options.verbose:
- print "Writing authority credential to", file
- return cred
- else:
- print "Failed to get authority credential"
- sys.exit(-1)
-
+ return self.get_cred(file, 'authority', name)
+
def get_slice_cred(self, name):
file = os.path.join(self.options.sfi_dir, "slice_" + get_leaf(name) + ".cred")
- if (os.path.isfile(file)):
- slice_cred = Credential(filename=file)
- return slice_cred
- else:
- # bootstrap slice credential from user credential
- user_cred = self.get_user_cred().save_to_string(save_parents=True)
- arg_list = [user_cred, "slice", name]
- slice_cred_str = self.registry.get_credential(user_cred, "slice", name)
- if slice_cred_str:
- slice_cred = Credential(string=slice_cred_str)
- slice_cred.save_to_file(file, save_parents=True)
- if self.options.verbose:
- print "Writing slice credential to", file
- return slice_cred
+ return self.get_cred(file, 'slice', name)
+
+ def get_cred(self, file, type, hrn):
+ # attempt to load a cached credential
+ cred = self.get_cached_credential(file)
+ if not cred:
+ if type in ['user']:
+ cert_string = self.cert.save_to_string(save_parents=True)
+ user_name = self.user.replace(self.authority + ".", '')
+ if user_name.count(".") > 0:
+ user_name = user_name.replace(".", '_')
+ self.user = self.authority + "." + user_name
+ cred_str = self.registry.get_self_credential(cert_string, "user", hrn)
else:
- print "Failed to get slice credential"
+ # bootstrap slice credential from user credential
+ user_cred = self.get_user_cred().save_to_string(save_parents=True)
+ cred_str = self.registry.get_credential(user_cred, type, hrn)
+
+ if not cred_str:
+ print "Failed to get %s credential" % (type)
sys.exit(-1)
-
- def delegate_cred(self, cred, hrn, type='authority'):
- # the gid and hrn of the object we are delegating
- user_cred = Credential(string=cred)
- object_gid = user_cred.get_gid_object()
- object_hrn = object_gid.get_hrn()
- #cred.set_delegate(True)
- #if not cred.get_delegate():
- # raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals()
-
-
- records = self.registry.resolve(cred, hrn)
- records = filter_records(type, records)
-
- if not records:
- raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals()
-
- # the gid of the user who will be delegated too
- record = SfaRecord(dict=records[0])
- delegee_gid = record.get_gid_object()
- delegee_hrn = delegee_gid.get_hrn()
-
- # the key and hrn of the user who will be delegating
- user_key = Keypair(filename=self.get_key_file())
- user_hrn = user_cred.get_gid_caller().get_hrn()
-
- dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn)
- dcred.set_gid_caller(delegee_gid)
- dcred.set_gid_object(object_gid)
- dcred.set_privileges(user_cred.get_privileges())
- dcred.get_privileges().delegate_all_privileges(True)
-
+
+ cred = Credential(string=cred_str)
+ cred.save_to_file(file, save_parents=True)
+ if self.options.verbose:
+ print "Writing %s credential to %s" %(type, file)
- # Save the issuer's gid to a file
- fname = self.options.sfi_dir + os.sep + "gid_%d" % random.randint(0, 999999999)
- f = open(fname, "w")
- f.write(user_cred.get_gid_caller().save_to_string())
- f.close()
- dcred.set_issuer_keys(self.get_key_file(), fname)
- os.remove(fname)
-
- dcred.set_parent(user_cred)
- dcred.encode()
- dcred.sign()
-
- return dcred.save_to_string(save_parents=True)
+ return cred
+
def get_rspec_file(self, rspec):
if (os.path.isabs(rspec)):
"""
url = "http://%s:%s" % (host, port)
return xmlrpcprotocol.get_server(url, keyfile, certfile, debug)
+
+ def get_server_from_opts(self, opts):
+ """
+ Return instance of an xmlrpc connection to a slice manager, aggregate
+ or component server depending on the specified opts
+ """
+ server = self.slicemgr
+ # direct connection to an aggregate
+ if hasattr(opts, 'aggregate') and opts.aggregate:
+ server = self.get_server(opts.aggregate, opts.port, self.key_file, \
+ self.cert_file, self.options.debug)
+ # direct connection to the nodes component manager interface
+ if hasattr(opts, 'component') and opts.component:
+ server = self.get_component_server_from_hrn(opts.component)
+ return server
#==========================================================================
# Following functions implement the commands
#
# =====================================================================
def GetVersion(self, opts, args):
- server = self.geni_am
+ server = self.get_server_from_opts(opts)
print server.GetVersion()
def ListResources(self, opts, args):
git://git.onelab.eu / sfa.git / blobdiff