from collections import defaultdict
import sys
from sfa.util.xrn import get_leaf, get_authority, urn_to_hrn
-from sfa.util.plxrn import hrn_to_pl_slicename
+from sfa.planetlab.plxrn import hrn_to_pl_slicename
from sfa.util.policy import Policy
from sfa.rspecs.rspec import RSpec
-from sfa.plc.vlink import VLink
+
from sfa.util.xrn import Xrn
from sfa.util.sfalogging import logger
- slice = self.driver.GetSlices(slice_filter = slice_name, filter_type = 'slice_hrn')
+ slice = self.driver.GetSlices(slice_filter = slice_name, slice_filter_type = 'slice_hrn')
# Get user information
- #def get_slivers(self, xrn, node=None):
- #hrn, type = urn_to_hrn(xrn)
-
- #slice_name = hrn_to_pl_slicename(hrn)
- ## XX Should we just call PLCAPI.GetSliceTicket(slice_name) instead
- ## of doing all of this?
- ##return self.api.driver.GetSliceTicket(self.auth, slice_name)
-
- ## from PLCAPI.GetSlivers.get_slivers()
- #slice_fields = ['slice_id', 'name', 'instantiation', 'expires', 'person_ids', 'slice_tag_ids']
- #slices = self.api.driver.GetSlices(slice_name, slice_fields)
- ## Build up list of users and slice attributes
- #person_ids = set()
- #all_slice_tag_ids = set()
- #for slice in slices:
- #person_ids.update(slice['person_ids'])
- #all_slice_tag_ids.update(slice['slice_tag_ids'])
- #person_ids = list(person_ids)
- #all_slice_tag_ids = list(all_slice_tag_ids)
- ## Get user information
- #all_persons_list = self.api.driver.GetPersons({'person_id':person_ids,'enabled':True}, ['person_id', 'enabled', 'key_ids'])
- #all_persons = {}
- #for person in all_persons_list:
- #all_persons[person['person_id']] = person
-
- ## Build up list of keys
- #key_ids = set()
- #for person in all_persons.values():
- #key_ids.update(person['key_ids'])
- #key_ids = list(key_ids)
- ## Get user account keys
- #all_keys_list = self.api.driver.GetKeys(key_ids, ['key_id', 'key', 'key_type'])
- #all_keys = {}
- #for key in all_keys_list:
- #all_keys[key['key_id']] = key
- ## Get slice attributes
- #all_slice_tags_list = self.api.driver.GetSliceTags(all_slice_tag_ids)
- #all_slice_tags = {}
- #for slice_tag in all_slice_tags_list:
- #all_slice_tags[slice_tag['slice_tag_id']] = slice_tag
-
- #slivers = []
- #for slice in slices:
- #keys = []
- #for person_id in slice['person_ids']:
- #if person_id in all_persons:
- #person = all_persons[person_id]
- #if not person['enabled']:
- #continue
- #for key_id in person['key_ids']:
- #if key_id in all_keys:
- #key = all_keys[key_id]
- #keys += [{'key_type': key['key_type'],
- #'key': key['key']}]
- #attributes = []
- ## All (per-node and global) attributes for this slice
- #slice_tags = []
- #for slice_tag_id in slice['slice_tag_ids']:
- #if slice_tag_id in all_slice_tags:
- #slice_tags.append(all_slice_tags[slice_tag_id])
- ## Per-node sliver attributes take precedence over global
- ## slice attributes, so set them first.
- ## Then comes nodegroup slice attributes
- ## Followed by global slice attributes
- #sliver_attributes = []
-
- #if node is not None:
- #for sliver_attribute in filter(lambda a: a['node_id'] == node['node_id'], slice_tags):
- #sliver_attributes.append(sliver_attribute['tagname'])
- #attributes.append({'tagname': sliver_attribute['tagname'],
- #'value': sliver_attribute['value']})
-
- ## set nodegroup slice attributes
- #for slice_tag in filter(lambda a: a['nodegroup_id'] in node['nodegroup_ids'], slice_tags):
- ## Do not set any nodegroup slice attributes for
- ## which there is at least one sliver attribute
- ## already set.
- #if slice_tag not in slice_tags:
- #attributes.append({'tagname': slice_tag['tagname'],
- #'value': slice_tag['value']})
-
- #for slice_tag in filter(lambda a: a['node_id'] is None, slice_tags):
- ## Do not set any global slice attributes for
- ## which there is at least one sliver attribute
- ## already set.
- #if slice_tag['tagname'] not in sliver_attributes:
- #attributes.append({'tagname': slice_tag['tagname'],
- #'value': slice_tag['value']})
-
- ## XXX Sanity check; though technically this should be a system invariant
- ## checked with an assertion
- #if slice['expires'] > MAXINT: slice['expires']= MAXINT
-
- #slivers.append({
- #'hrn': hrn,
- #'name': slice['name'],
- #'slice_id': slice['slice_id'],
- #'instantiation': slice['instantiation'],
- #'expires': slice['expires'],
- #'keys': keys,
- #'attributes': attributes
- #})
+
#return slivers
def get_peer(self, xrn):
# add nodes from rspec
added_nodes = list(set(requested_slivers).difference(current_slivers))
- #print>>sys.stderr , "\r\n \r\n \t slices.py verify_slice_nodes added_nodes %s slice %s" %( added_nodes,slice)
try:
#if peer:
#self.driver.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname'])
login_base = slice_hrn.split(".")[0]
slicename = slice_hrn
- sl = self.driver.GetSlices(slice_filter=slicename, filter_type = 'slice_hrn')
+ sl = self.driver.GetSlices(slice_filter=slicename, slice_filter_type = 'slice_hrn')
if sl:
print>>sys.stderr, " \r\n \r\rn Slices.py verify_slice slicename %s sl %s slice_record %s"%(slicename ,sl, slice_record)
users_by_hrn[user['hrn']] = user
users_dict[user['hrn']] = {'person_id':user['person_id'], 'hrn':user['hrn']}
- print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person users_dict %s \r\n user_by_hrn %s \r\n \tusers_by_id %s " %( users_dict,users_by_hrn, users_by_id)
+ logger.debug( "\r\n \r\n SLABSLICE.PY \tverify_person users_dict %s \r\n user_by_hrn %s \r\n \tusers_by_id %s " %( users_dict,users_by_hrn, users_by_id) )
existing_user_ids = []
existing_user_hrns = []
#Check if user is in LDAP using its hrn.
#Assuming Senslab is centralised : one LDAP for all sites, user_id unknown from LDAP
# LDAP does not provide users id, therfore we rely on hrns
- if users_by_hrn:
- existing_users = self.driver.GetPersons({'hrn': users_by_hrn.keys()})
+ if users_by_hrn:
+ #Construct the list of filters for GetPersons
+ filter_user = []
+ for hrn in users_by_hrn:
+ #filter_user.append ( {'hrn':hrn})
+ filter_user.append (users_by_hrn[hrn])
+ logger.debug(" SLABSLICE.PY \tverify_person filter_user %s " %(filter_user) )
+ existing_users = self.driver.GetPersons(filter_user)
+ #existing_users = self.driver.GetPersons({'hrn': users_by_hrn.keys()})
#existing_users = self.driver.GetPersons({'hrn': users_by_hrn.keys()},
#['hrn','pkey'])
if existing_users:
#for k in users_dict[user['hrn']] :
existing_user_hrns.append (users_dict[user['hrn']]['hrn'])
existing_user_ids.append (users_dict[user['hrn']]['person_id'])
- #print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person existing_user_ids.append (users_dict[user['hrn']][k]) %s \r\n existing_users %s " %( existing_user_ids,existing_users)
#User from another federated site , does not have a senslab account yet?
#or have multiple SFA accounts
else:
if isinstance(users,list):
- ldap_reslt = self.driver.ldap.ldapSearch(users[0])
+ ldap_reslt = self.driver.ldap.LdapSearch(users[0])
else:
- ldap_reslt = self.driver.ldap.ldapSearch(users)
+ ldap_reslt = self.driver.ldap.LdapSearch(users)
if ldap_result:
existing_users = ldap_reslt[0]
existing_user_hrns.append (users_dict[user['hrn']]['hrn'])
else:
#User not existing in LDAP
- print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person users HUMHUMHUMHUM ... %s \r\n \t ldap_reslt %s " %(users, ldap_reslt)
+ logger.debug(" SLABSLICE.PY \tverify_person users HUMHUMHUMHUM ... %s \r\n \t ldap_reslt %s " %(users, ldap_reslt))
# requested slice users
requested_user_ids = users_by_id.keys()
requested_user_hrns = users_by_hrn.keys()
- print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person requested_user_ids %s user_by_hrn %s " %( requested_user_ids,users_by_hrn)
+ logger.debug(" SLABSLICE.PY \tverify_person requested_user_ids %s user_by_hrn %s " %( requested_user_ids,users_by_hrn))
# existing slice users
- existing_slice_users_filter = {'hrn': slice_record.get('PI', [])}
- print>>sys.stderr, " \r\n \r\n slices.py verify_person requested_user_ids %s existing_slice_users_filter %s slice_record %s" %(requested_user_ids,existing_slice_users_filter,slice_record)
+
+ #existing_slice_users_filter = {'hrn': slice_record['PI'][0]}
+ #logger.debug(" SLABSLICE.PY \tverify_person requested_user_ids %s existing_slice_users_filter %s slice_record %s" %(requested_user_ids,existing_slice_users_filter,slice_record))
- existing_slice_users = self.driver.GetPersons(existing_slice_users_filter)
+ #existing_slice_users = self.driver.GetPersons([existing_slice_users_filter])
#existing_slice_users = self.driver.GetPersons(existing_slice_users_filter,['hrn','pkey'])
- print>>sys.stderr, " \r\n \r\n slices.py verify_person existing_slice_users %s " %(existing_slice_users)
-
- existing_slice_user_hrns = [user['hrn'] for user in existing_slice_users]
+ #logger.debug(" SLABSLICE.PY \tverify_person existing_slice_users %s " %(existing_slice_users))
+ #Check that the user of the slice in the slice record
+ #matches the existing users
+ try:
+ if slice_record['record_id_user'] in requested_user_ids and slice_record['PI'][0] in requested_user_hrns:
+ logger.debug(" SLABSLICE.PY \tverify_person requested_user_ids %s = slice_record['record_id_user'] %s" %(requested_user_ids,slice_record['record_id_user']))
+
+ except KeyError:
+ pass
+
+ #existing_slice_user_hrns = [user['hrn'] for user in existing_slice_users]
- #print>>sys.stderr, " \r\n \r\n slices.py verify_person requested_user_ids %s existing_slice_user_hrns %s " %(requested_user_ids,existing_slice_user_hrns)
# users to be added, removed or updated
+ #One user in one senslab slice : there should be no need
+ #to remove/ add any user from/to a slice.
+ #However a user from SFA which is not registered in Senslab yet
+ #should be added to the LDAP.
added_user_hrns = set(requested_user_hrns).difference(set(existing_user_hrns))
- added_slice_user_hrns = set(requested_user_hrns).difference(existing_slice_user_hrns)
-
- removed_user_hrns = set(existing_slice_user_hrns).difference(requested_user_hrns)
-
-
- updated_user_hrns = set(existing_slice_user_hrns).intersection(requested_user_hrns)
- #print>>sys.stderr, " \r\n \r\n slices.py verify_persons added_user_ids %s added_slice_user_ids %s " %(added_user_ids,added_slice_user_ids)
- #print>>sys.stderr, " \r\n \r\n slices.py verify_persons removed_user_hrns %s updated_user_hrns %s " %(removed_user_hrns,updated_user_hrns)
- # Remove stale users (only if we are not appending)
- append = options.get('append', True)
- if append == False:
- for removed_user_hrn in removed_user_hrns:
- self.driver.DeletePersonFromSlice(removed_user_hrn, slice_record['name'])
- # update_existing users
- updated_users_list = [user for user in existing_slice_users if user['hrn'] in \
- updated_user_hrns]
- #print>>sys.stderr, " \r\n \r\n slices.py verify_persons removed_user_hrns %s updated_users_list %s " %(removed_user_hrns,updated_users_list)
#self.verify_keys(existing_slice_users, updated_users_list, peer, append)
added_persons = []
added_user = users_dict[added_user_hrn]
#hrn, type = urn_to_hrn(added_user['urn'])
person = {
- #'first_name': added_user.get('first_name', hrn),
- #'last_name': added_user.get('last_name', hrn),
+ 'first_name': added_user.get('first_name', hrn),
+ 'last_name': added_user.get('last_name', hrn),
'person_id': added_user['person_id'],
- #'peer_person_id': None,
- #'keys': [],
- #'key_ids': added_user.get('key_ids', []),
+ 'peer_person_id': None,
+ 'keys': [],
+ 'key_ids': added_user.get('key_ids', []),
}
- #print>>sys.stderr, " \r\n \r\n slices.py verify_persons added_user_ids %s " %(added_user_ids)
person['person_id'] = self.driver.AddPerson(person)
if peer:
person['peer_person_id'] = added_user['person_id']
#peer_dict = {'type': 'user', 'hrn': hrn, 'peer_authority': sfa_peer, \
#'pointer': person['person_id']}
#self.registry.register_peer_object(self.credential, peer_dict)
- for added_slice_user_hrn in added_slice_user_hrns.union(added_user_hrns):
- self.driver.AddPersonToSlice(added_slice_user_hrn, slice_record['name'])
+ #for added_slice_user_hrn in added_slice_user_hrns.union(added_user_hrns):
+ #self.driver.AddPersonToSlice(added_slice_user_hrn, slice_record['name'])
#for added_slice_user_id in added_slice_user_ids.union(added_user_ids):
# add person to the slice
#self.driver.AddPersonToSlice(added_slice_user_id, slice_record['name'])