-###########################################################################
-# Copyright (C) 2011 by root
-# <root@FlabFedora2>
-#
-# Copyright: See COPYING file that comes with this distribution
-#
-###########################################################################
+
import sys
+import datetime
+import time
from sfa.senslab.OARrestapi import OARapi
from sfa.senslab.LDAPapi import LDAPapi
from sfa.senslab.slabdriver import SlabDriver
+from sfa.senslab.slabpostgres import SlabDB
from sfa.util.config import Config
+from sfa.util.plxrn import PlXrn
from sfa.util.xrn import hrn_to_urn, get_authority,Xrn,get_leaf
from sfa.util.table import SfaTable
from sfa.util.record import SfaRecord
from sfa.trust.hierarchy import Hierarchy
-from sfa.trust.certificate import Keypair
+from sfa.trust.certificate import Keypair,convert_public_key
from sfa.trust.gid import create_uuid
+from sfa.trust.trustedroots import TrustedRoots
-
+config = Config()
+TrustedR = TrustedRoots(Config.get_trustedroots_dir(config))
AuthHierarchy = Hierarchy()
table = SfaTable()
+db = SlabDB()
if not table.exists():
table.create()
+
+def create_sm_client_record():
+ """
+ Create a user record for the Slicemanager service.
+ """
+ hrn = config.SFA_INTERFACE_HRN + '.slicemanager'
+ urn = hrn_to_urn(hrn, 'user')
+ if not AuthHierarchy.auth_exists(urn):
+ AuthHierarchy.create_auth(urn)
+
+ auth_info = AuthHierarchy.get_auth_info(hrn)
+ table = SfaTable()
+ sm_user_record = table.find({'type': 'user', 'hrn': hrn})
+ if not sm_user_record:
+ record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="user", pointer=-1)
+ record['authority'] = get_authority(record['hrn'])
+ table.insert(record)
+
+def create_interface_records():
+ """
+ Create a record for each SFA interface
+ """
+ # just create certs for all sfa interfaces even if they
+ # arent enabled
+ interface_hrn = config.SFA_INTERFACE_HRN
+ interfaces = ['authority+sa', 'authority+am', 'authority+sm']
+
+ auth_info = AuthHierarchy.get_auth_info(interface_hrn)
+ pkey = auth_info.get_pkey_object()
+ for interface in interfaces:
+ interface_record = table.find({'type': interface, 'hrn': interface_hrn})
+ if not interface_record:
+ urn = hrn_to_urn(interface_hrn, interface)
+ gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
+ record = SfaRecord(hrn=interface_hrn, gid=gid, type=interface, pointer=-1)
+ record['authority'] = get_authority(interface_hrn)
+ print>>sys.stderr,"\r\n ==========create_interface_records", record['authority']
+ table.insert(record)
+
def create_top_level_auth_records(hrn):
"""
Create top level records (includes root and sub authorities (local/remote)
"""
- print>>sys.stderr, "\r\n =========SenslabImport create_top_level_auth_records\r\n"
+
urn = hrn_to_urn(hrn, 'authority')
# make sure parent exists
parent_hrn = get_authority(hrn)
+ print>>sys.stderr, "\r\n =========slab-import create_top_level_auth_records hrn %s urn %s parent_hrn %s \r\n" %(hrn, urn, parent_hrn)
if not parent_hrn:
parent_hrn = hrn
if not parent_hrn == hrn:
create_top_level_auth_records(parent_hrn)
-
-
+
# create the authority if it doesnt already exist
if not AuthHierarchy.auth_exists(urn):
AuthHierarchy.create_auth(urn)
if not auth_record:
auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=-1)
auth_record['authority'] = get_authority(auth_record['hrn'])
- print sys.stderr, " \r\n \t slab-import : auth record %s inserted" %(auth_record['hrn'])
+ print sys.stderr, " \r\n \t slab-import : auth record %s inserted record %s " %(auth_record['hrn'], auth_record)
table.insert(auth_record)
- print>>sys.stderr, "\r\n ========= \t\t SenslabImport NO AUTH RECORD \r\n" ,auth_record['authority']
+
def import_node(hrn, node):
hrn = hrn[:64]
node_record = table.find({'type': 'node', 'hrn': hrn})
- pkey = Keypair(create=True)
+ pkey = Keypair(create=True)
+
urn = hrn_to_urn(hrn, 'node')
node_gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
node_record = SfaRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
node_record['authority'] = get_authority(node_record['hrn'])
+ extime = datetime.datetime.utcnow()
+ node_record['date_created'] = int(time.mktime(extime.timetuple()))
existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
if not existing_records:
- print>>sys.stderr, " \r\n \t slab-import : node record %s inserted" %(node_record['hrn'])
+ print>>sys.stderr, " \r\n \t slab-import : node record %s inserted" %(node_record )
table.insert(node_record)
else:
existing_record = existing_records[0]
table.update(node_record)
# person is already a sfa record
-def import_person(person):
+def import_person(authname,person):
existing_records = table.find({'hrn': person['hrn'], 'type': 'user'})
+ extime = datetime.datetime.utcnow()
+ person['date_created'] = int(time.mktime(extime.timetuple()))
+
+
if not existing_records:
print>>sys.stderr, " \r\n \t slab-import : person record %s inserted" %(person['hrn'])
+ uuid=create_uuid()
+ RSA_KEY_STRING=person['pkey']
+ pkey=convert_public_key(RSA_KEY_STRING)
+ person['gid']=AuthHierarchy.create_gid("urn:publicid:IDN+"+authname+"+user+"+person['uid'], uuid, pkey, CA=False).save_to_string()
table.insert(person)
else:
existing_record = existing_records[0]
person['record_id'] = existing_record['record_id']
- table.update(person)
-
+ # handle key change ???
+ table.update(person)
+def import_slice(person):
+
+ hrn = person['hrn']+'_slice'
+ pkey = Keypair(create=True)
+ urn = hrn_to_urn(hrn, 'slice')
+ gid = AuthHierarchy.create_gid(urn, create_uuid(), pkey)
+ slice_record= SfaRecord(hrn=hrn, gid=gid, type="slice", pointer=-1)
+ slice_record['authority'] = get_authority(slice_record['hrn'])
+
+ extime = datetime.datetime.utcnow()
+ slice_record['date_created'] = int(time.mktime(extime.timetuple()))
+ #special slice table for Senslab, to store nodes info (OAR)
+
+ existing_records = table.find({'hrn': slice_record['hrn'], 'type': 'slice'})
+ if not existing_records:
+ print>>sys.stderr, " \r\n \t slab-import : slice record %s inserted" %(slice_record['hrn'])
+ table.insert(slice_record)
+ db.insert_slab_slice(person)
+
+ else:
+ print>>sys.stderr, " \r\n \t slab-import : slice record %s updated" %(slice_record['hrn'])
+ existing_record = existing_records[0]
+ slice_record['record_id'] = existing_record['record_id']
+ table.update(slice_record)
+ db.update_senslab_slice(slice_record)
def delete_record( hrn, type):
# delete the record
print>>sys.stderr, " \r\n \t slab-import : record %s deleted" %(record['hrn'])
table.remove(record)
-def hostname_to_hrn(root_auth,hostname):
- # keep only the first part of the DNS name
- #hrn='.'.join( [auth,hostname.split(".")[0] ] )
- # escape the '.' in the hostname
- hrn='.'.join( [root_auth,Xrn.escape(hostname)] )
- return hrn_to_urn(hrn,'node')
+def hostname_to_hrn(root_auth,login_base,hostname):
+ return PlXrn(auth=root_auth,hostname=login_base+'_'+hostname).get_hrn()
+
def main():
- config = Config()
+ if not db.exists('slice'):
+ db.createtable('slice')
+
if not config.SFA_REGISTRY_ENABLED:
sys.exit(0)
root_auth = config.SFA_REGISTRY_ROOT_AUTH
interface_hrn = config.SFA_INTERFACE_HRN
- print interface_hrn, root_auth
-
- # initialize registry db table
- #table = SfaTable()
- #if not table.exists():
- #table.create()
- # create root authority
- create_top_level_auth_records(root_auth)
-
- # create s user record for the slice manager
- #Do we need this?
- #SenslabImporter.create_sm_client_record()
- # create interface records
- #Do we need this?
- #SenslabImporter.logger.info("Import: creating interface records")
- #SenslabImporter.create_interface_records()
- # create dict of all existing sfa records
-
+ #Get all records in the sfa table
+ # create dict of all existing sfa records
existing_records = {}
existing_hrns = []
key_ids = []
- person_keys = {}
results = table.find()
+
for result in results:
existing_records[(result['hrn'], result['type'])] = result
existing_hrns.append(result['hrn'])
+ # create root authority if it doesn't exist
+ if root_auth not in existing_hrns or \
+ (root_auth, 'authority') not in existing_records:
+ create_top_level_auth_records(root_auth)
+ if not root_auth == interface_hrn:
+ create_top_level_auth_records(interface_hrn)
+
+ # create s user record for the slice manager Do we need this?
+ create_sm_client_record()
+
+ # create interface records ADDED 18 nov 11 Do we need this?
+
+ create_interface_records()
+
+ # add local root authority's cert to trusted list ADDED 18 nov 11 Do we need this?
+
+ authority = AuthHierarchy.get_auth_info(interface_hrn)
+ TrustedR.add_gid(authority.get_gid_object())
+
+
#Get Senslab nodes
Driver = SlabDriver(config)
#print "\r\n NODES8DICT ",nodes_dict
ldap_person_list = Driver.GetPersons()
-
- #slices_list = SenslabUsers.GetSlices()
- #print "\r\n SLICES_LIST ",slices_list
-
- # Get all Senslab sites
- #sites_dict = OARImporter.GetSites()
- #print "\r\n sSITES_DICT" , sites_dict
-
- # start importing
- #for site in sites_dict:
- #site_hrn = interface_hrn + "." + site['login_base']
- ##sfa_logger().info("Importing site: %s" % site_hrn)
- #print "HRN %s %s site existing in hrn ? %s" %( site['login_base'],site_hrn, site_hrn in existing_hrns)
- ## import if hrn is not in list of existing hrns or if the hrn exists
- ## but its not a site record
- #if site_hrn not in existing_hrns or \
- #(site_hrn, 'authority') not in existing_records:
- #print "SITE HRN UNKNOWN" , site, site_hrn
- #site_hrn = SenslabImporter.import_site(interface_hrn, site)
-
# import node records
for node in nodes_dict:
- hrn = hostname_to_hrn( root_auth, node['hostname'])
+ # Sandrine
+ # A changer pour l utilisation du nouveau OAR de prod, le site etant contenu dans le hostname
+ hrn = hostname_to_hrn( root_auth,node['site_login_base'], node['hostname'])
if hrn not in existing_hrns or \
(hrn, 'node') not in existing_records:
import_node(hrn, node)
- # import persons
+ # import persons and slices
for person in ldap_person_list:
if person['hrn'] not in existing_hrns or \
(person['hrn'], 'user') not in existing_records :
- import_person( person)
-# import slices
- #for slice_id in site['slice_ids']:
- #print >>sys.stderr, "\r\n\r\n \t ^^^^^^^\\\\\\\\\\\\\\\^^^^^^ slice_id %s " %(slice_id)
- #for sl in slices_list:
- #if slice_id is sl['slice_id']:
- ##hrn = slicename_to_hrn(interface_hrn, sl['name'])
- #hrn = email_to_hrn(site_hrn, sl['name'])
- #print >>sys.stderr, "\r\n\r\n^^^^^^^^^^^^^SLICE ID hrn %s site_hrn %s" %(hrn,site_hrn)
- #if hrn not in existing_hrns or \
- #(hrn, 'slice') not in existing_records:
- #SenslabImporter.import_slice(site_hrn, sl)
-
-
+ import_person(root_auth,person)
+ import_slice(person)
+
+
# remove stale records
system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
found = False
if type == 'authority':
- #for site in sites_dict:
- #print "\t type : authority : ", site
- #site_hrn = interface_hrn + "." + site['login_base']
- #if site_hrn == record_hrn and site['site_id'] == record['pointer']:
found = True
print "\t \t Found :", found
break
elif type == 'node':
login_base = get_leaf(get_authority(record_hrn))
nodename = Xrn.unescape(get_leaf(record_hrn))
- print "type: node : nodename %s" %(nodename)
for node in nodes_dict:
if node['hostname'] == nodename :
found = True
break
-
+
+ elif type == 'slice':
+ for person in ldap_person_list:
+ if person['hrn']+'_slice' == record_hrn:
+ found = True
+ break
else:
continue
git://git.onelab.eu / sfa.git / blobdiff