self.interfaces[interface['hrn']] = interface
- def sync_interfaces(self):
- """
- Install missing trusted gids and db records for our federated
- interfaces
- """
- # Attempt to get any missing peer gids
- # There should be a gid file in /etc/sfa/trusted_roots for every
- # peer registry found in in the registries.xml config file. If there
- # are any missing gids, request a new one from the peer registry.
- gids_current = self.api.auth.trusted_cert_list
- hrns_current = [gid.get_hrn() for gid in gids_current]
- hrns_expected = self.interfaces.keys()
- new_hrns = set(hrns_expected).difference(hrns_current)
- gids = self.get_peer_gids(new_hrns) + gids_current
- # make sure there is a record for every gid
- self.update_db_records(self.type, gids)
-
- def get_peer_gids(self, new_hrns):
- """
- Install trusted gids from the specified interfaces.
- """
- peer_gids = []
- if not new_hrns:
- return peer_gids
- trusted_certs_dir = self.api.config.get_trustedroots_dir()
- for new_hrn in new_hrns:
- if not new_hrn:
- continue
- # the gid for this interface should already be installed
- if new_hrn == self.api.config.SFA_INTERFACE_HRN:
- continue
- try:
- # get gid from the registry
- interface_info = self.interfaces[new_hrn]
- interface = self[new_hrn]
- trusted_gids = interface.get_trusted_certs()
- if trusted_gids:
- # the gid we want shoudl be the first one in the list,
- # but lets make sure
- for trusted_gid in trusted_gids:
- # default message
- message = "interface: %s\t" % (self.api.interface)
- message += "unable to install trusted gid for %s" % \
- (new_hrn)
- gid = GID(string=trusted_gids[0])
- peer_gids.append(gid)
- if gid.get_hrn() == new_hrn:
- gid_filename = os.path.join(trusted_certs_dir, '%s.gid' % new_hrn)
- gid.save_to_file(gid_filename, save_parents=True)
- message = "interface: %s\tinstalled trusted gid for %s" % \
- (self.api.interface, new_hrn)
- # log the message
- self.api.logger.info(message)
- except:
- message = "interface: %s\tunable to install trusted gid for %s" % \
- (self.api.interface, new_hrn)
- self.api.logger.log_exc(message)
-
- # reload the trusted certs list
- self.api.auth.load_trusted_certs()
- return peer_gids
-
- def update_db_records(self, type, gids):
- """
- Make sure there is a record in the local db for allowed registries
- defined in the config file (registries.xml). Removes old records from
- the db.
- """
- # import SfaTable here so this module can be loaded by ComponentAPI
- from sfa.util.table import SfaTable
- if not gids:
- return
-
- # hrns that should have a record
- hrns_expected = [gid.get_hrn() for gid in gids]
-
- # get hrns that actually exist in the db
- table = SfaTable()
- records = table.find({'type': type, 'pointer': -1})
- hrns_found = [record['hrn'] for record in records]
-
- # remove old records
- for record in records:
- if record['hrn'] not in hrns_expected and \
- record['hrn'] != self.api.config.SFA_INTERFACE_HRN:
- table.remove(record)
-
- # add new records
- for gid in gids:
- hrn = gid.get_hrn()
- if hrn not in hrns_found:
- record = {
- 'hrn': hrn,
- 'type': type,
- 'pointer': -1,
- 'authority': get_authority(hrn),
- 'gid': gid.save_to_string(save_parents=True),
- }
- record = SfaRecord(dict=record)
- table.insert(record)
-
def get_connections(self):
"""
read connection details for the trusted peer registries from file return
git://git.onelab.eu / sfa.git / blobdiff