X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfi.py;h=b1a4379e69a48d079595efe3c2aec138d2c25952;hb=3d7237fa0b5f2b4a60cb97c7fb3b6aecfd94558a;hp=bb7918b4cc325de32f3be71155f417e4b76e024f;hpb=8f1632014f8c4d59cdef5a5891cb2180c8abc7cf;p=sfa.git diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index bb7918b4..b1a4379e 100755 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -3,6 +3,7 @@ # sfi -- slice-based facility interface import sys +sys.path.append('.') import os, os.path import tempfile import traceback @@ -11,10 +12,9 @@ from types import StringTypes, ListType from optparse import OptionParser from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential -from sfa.util.geniclient import GeniClient from sfa.util.sfaticket import SfaTicket from sfa.util.record import * -from sfa.util.misc import * +from sfa.util.namespace import * from sfa.util.rspec import RSpec from sfa.util.xmlrpcprotocol import ServerException import sfa.util.xmlrpcprotocol as xmlrpcprotocol @@ -106,7 +106,7 @@ def save_record_to_file(filename, record): elif record['type'] in ['authority', 'ma', 'sa']: record = AuthorityRecord(dict = record) else: - record = GeniRecord(dict = record) + record = SfaRecord(dict = record) str = record.save_to_string() file(filename, "w").write(str) return @@ -115,7 +115,7 @@ def save_record_to_file(filename, record): # load methods def load_record_from_file(filename): str = file(filename, "r").read() - record = GeniRecord(string=str) + record = SfaRecord(string=str) return record @@ -176,7 +176,7 @@ class Sfi: parser.add_option("-a", "--aggregate", dest="aggregate",default=None, help="aggregate hrn") - if command in ("start", "stop", "reset", "delete"): + if command in ("start", "stop", "reset", "delete", "slices"): parser.add_option("-c", "--component", dest="component",default=None, help="component hrn") @@ -303,8 +303,6 @@ class Sfi: self.cert_file = cert_file self.cert = Certificate(filename=cert_file) # Establish connection to server(s) - #self.slicemgr = GeniClient(sm_url, key_file, cert_file, self.options.protocol) - #self.registry = GeniClient(reg_url, key_file, cert_file, self.options.protocol) self.registry = xmlrpcprotocol.get_server(reg_url, key_file, cert_file) self.slicemgr = xmlrpcprotocol.get_server(sm_url, key_file, cert_file) return @@ -358,10 +356,7 @@ class Sfi: return gid else: cert_str = self.cert.save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([cert_str, self.user, "user"]) - gid_str = self.registry.get_gid(cert_str, self.user, "user", request_hash) + gid_str = self.registry.get_gid(cert_str, self.user, "user") gid = GID(string=gid_str) if self.options.verbose: print "Writing user gid to", file @@ -377,13 +372,12 @@ class Sfi: else: # bootstrap user credential cert_string = self.cert.save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([cert_string, "user", self.user]) - user_name=self.user.replace(self.authority+".", '') - if user_name.count(".") > 0: - user_name = user_name.replace(".", '_') - self.user=self.authority + "." + user_name + request_hash = self.key.compute_hash([cert_string, "user", self.user]) + user_name=self.user.replace(self.authority+".", '') + if user_name.count(".") > 0: + user_name = user_name.replace(".", '_') + self.user=self.authority + "." + user_name + user_cred = self.registry.get_self_credential(cert_string, "user", self.user, request_hash) if user_cred: cred = Credential(string=user_cred) @@ -407,10 +401,7 @@ class Sfi: else: # bootstrap authority credential from user credential user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash = None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, "authority", self.authority]) - auth_cred = self.registry.get_credential(user_cred, "authority", self.authority, request_hash) + auth_cred = self.registry.get_credential(user_cred, "authority", self.authority) if auth_cred: cred = Credential(string=auth_cred) cred.save_to_file(file, save_parents=True) @@ -430,10 +421,7 @@ class Sfi: # bootstrap slice credential from user credential user_cred = self.get_user_cred().save_to_string(save_parents=True) arg_list = [user_cred, "slice", name] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash(arg_list) - slice_cred_str = self.registry.get_credential(user_cred, "slice", name, request_hash) + slice_cred_str = self.registry.get_credential(user_cred, "slice", name) if slice_cred_str: slice_cred = Credential(string=slice_cred_str) slice_cred.save_to_file(file, save_parents=True) @@ -446,11 +434,12 @@ class Sfi: def delegate_cred(self,cred, hrn, type = 'authority'): # the gid and hrn of the object we are delegating - object_gid = cred.get_gid_object() + user_cred = Credential(string=cred) + object_gid = user_cred.get_gid_object() object_hrn = object_gid.get_hrn() - cred.set_delegate(True) - if not cred.get_delegate(): - raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals() + #cred.set_delegate(True) + #if not cred.get_delegate(): + # raise Exception, "Error: Object credential %(object_hrn)s does not have delegate bit set" % locals() records = self.registry.resolve(cred, hrn) @@ -460,25 +449,26 @@ class Sfi: raise Exception, "Error: Didn't find a %(type)s record for %(hrn)s" % locals() # the gid of the user who will be delegated too - delegee_gid = records[0].get_gid_object() + record = SfaRecord(dict=records[0]) + delegee_gid = record.get_gid_object() delegee_hrn = delegee_gid.get_hrn() # the key and hrn of the user who will be delegating user_key = Keypair(filename = self.get_key_file()) - user_hrn = cred.get_gid_caller().get_hrn() + user_hrn = user_cred.get_gid_caller().get_hrn() dcred = Credential(subject=object_hrn + " delegated to " + delegee_hrn) dcred.set_gid_caller(delegee_gid) dcred.set_gid_object(object_gid) - dcred.set_privileges(cred.get_privileges()) + dcred.set_privileges(user_cred.get_privileges()) dcred.set_delegate(True) dcred.set_pubkey(object_gid.get_pubkey()) dcred.set_issuer(user_key, user_hrn) - dcred.set_parent(cred) + dcred.set_parent(user_cred) dcred.encode() dcred.sign() - return dcred + return dcred.save_to_string(save_parents=True) def get_rspec_file(self,rspec): if (os.path.isabs(rspec)): @@ -517,11 +507,10 @@ class Sfi: return key_string - def get_component_server_from_hrn(hrn): + def get_component_server_from_hrn(self, hrn): # direct connection to the nodes component manager interface user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash = self.key.compute_hash([user_cred, hrn]) - records = self.registry.resolve(user_cred, hrn, request_hash) + records = self.registry.resolve(user_cred, hrn) records = filter_records('node', records) if not records: print "No such component:", opts.component @@ -548,11 +537,8 @@ class Sfi: def list(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = args[0] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, hrn]) try: - list = self.registry.list(user_cred, hrn, request_hash) + list = self.registry.list(user_cred, hrn) except IndexError: raise Exception, "Not enough parameters for the 'list' command" @@ -572,10 +558,7 @@ class Sfi: def show(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) hrn = args[0] - request_hash=None - if self.hashrequest: - request_hash = self.key.compute_hash([user_cred, hrn]) - records = self.registry.resolve(user_cred, hrn, request_hash) + records = self.registry.resolve(user_cred, hrn) records = filter_records(opts.type, records) if not records: print "No record of type", opts.type @@ -589,10 +572,10 @@ class Sfi: elif record['type'] in ['authority', 'ma', 'sa']: record = AuthorityRecord(dict = record) else: - record = GeniRecord(dict = record) + record = SfaRecord(dict = record) if (opts.format=="text"): record.dump() - else: + else: print record.save_to_string() if opts.file: @@ -665,11 +648,7 @@ class Sfi: type = opts.type if type in ['all']: type = '*' - request_hash=None - if self.hashrequest: - arg_list = [auth_cred, type, hrn] - request_hash = self.key.compute_hash(arg_list) - return self.registry.remove(auth_cred, type, hrn, request_hash) + return self.registry.remove(auth_cred, type, hrn) # add named registry record def add(self,opts, args): @@ -677,11 +656,7 @@ class Sfi: record_filepath = args[0] rec_file = self.get_record_file(record_filepath) record = load_record_from_file(rec_file).as_dict() - request_hash=None - if self.hashrequest: - arg_list = [auth_cred] - request_hash = self.key.compute_hash(arg_list) - return self.registry.register(auth_cred, record, request_hash) + return self.registry.register(auth_cred, record) # update named registry entry def update(self,opts, args): @@ -710,11 +685,7 @@ class Sfi: else: raise "unknown record type" + record.get_type() record = record.as_dict() - request_hash=None - if self.hashrequest: - arg_list = [cred] - request_hash = self.key.compute_hash(arg_list) - return self.registry.update(cred, record, request_hash) + return self.registry.update(cred, record) def get_trusted_certs(self, opts, args): """ @@ -734,11 +705,7 @@ class Sfi: hrn = None if args: hrn = args[0] - request_hash=None - if self.hashrequest: - arg_list = [user_cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = self.registry.get_aggregates(user_cred, hrn, request_hash) + result = self.registry.get_aggregates(user_cred, hrn) display_list(result) return @@ -750,11 +717,7 @@ class Sfi: hrn = None if args: hrn = args[0] - request_hash=None - if self.hashrequest: - arg_list = [user_cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = self.registry.get_registries(user_cred, hrn, request_hash) + result = self.registry.get_registries(user_cred, hrn) display_list(result) return @@ -768,11 +731,11 @@ class Sfi: # list instantiated slices def slices(self,opts, args): user_cred = self.get_user_cred().save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [user_cred] - request_hash = self.key.compute_hash(arg_list) - results = self.slicemgr.get_slices(user_cred, request_hash) + server = self.slicemgr + # direct connection to the nodes component manager interface + if opts.component: + server = self.get_component_server_from_hrn(opts.component) + results = server.get_slices(user_cred) display_list(results) return @@ -782,9 +745,7 @@ class Sfi: server = self.slicemgr if opts.aggregate: agg_hrn = opts.aggregate - arg_list = [user_cred, agg_hrn] - request_hash = self.key.compute_hash(arg_list) - aggregates = self.registry.get_aggregates(user_cred, agg_hrn, request_hash) + aggregates = self.registry.get_aggregates(user_cred, agg_hrn) if not aggregates: raise Exception, "No such aggregate %s" % agg_hrn aggregate = aggregates[0] @@ -797,11 +758,7 @@ class Sfi: cred = user_cred hrn = None - request_hash=None - if self.hashrequest: - arg_list = [cred, hrn] - request_hash = self.key.compute_hash(arg_list) - result = server.get_resources(cred, hrn, request_hash) + result = server.get_resources(cred, hrn) format = opts.format display_rspec(result, format) @@ -826,12 +783,8 @@ class Sfi: raise Exception, "No such aggregate %s" % opts.aggregate aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) - server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn, rspec] - request_hash = self.key.compute_hash(arg_list) - return server.create_slice(slice_cred, slice_hrn, rspec, request_hash) + server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.protocol) + return server.create_slice(slice_cred, slice_hrn, rspec) # get a ticket for the specified slice def get_ticket(self, opts, args): @@ -847,12 +800,8 @@ class Sfi: raise Exception, "No such aggregate %s" % opts.aggregate aggregate = aggregates[0] url = "http://%s:%s" % (aggregate['addr'], aggregate['port']) - server = GeniClient(url, self.key_file, self.cert_file, self.options.protocol) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn, rspec] - request_hash = self.key.compute_hash(arg_list) - ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec, request_hash) + server = xmlrpcprotocol.get_server(url, self.key_file, self.cert_file, self.options.protocol) + ticket_string = server.get_ticket(slice_cred, slice_hrn, rspec) file = os.path.join(self.options.sfi_dir, get_leaf(slice_hrn) + ".ticket") print "writing ticket to ", file ticket = SfaTicket(string=ticket_string) @@ -903,11 +852,7 @@ class Sfi: server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(slice_hrn).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.delete_slice(slice_cred, slice_hrn, request_hash) + return server.delete_slice(slice_cred, slice_hrn) # start named slice def start(self,opts, args): @@ -917,12 +862,8 @@ class Sfi: if opts.component: server = self.get_component_server_from_hrn(opts.component) - slice_cred = self.get_slice_cred(args[0]) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.start_slice(slice_cred, slice_hrn, request_hash) + slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) + return server.start_slice(slice_cred, slice_hrn) # stop named slice def stop(self,opts, args): @@ -933,11 +874,7 @@ class Sfi: server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.stop_slice(slice_cred, slice_hrn, request_hash) + return server.stop_slice(slice_cred, slice_hrn) # reset named slice def reset(self,opts, args): @@ -947,11 +884,7 @@ class Sfi: if opts.component: server = self.get_component_server_from_hrn(opts.component) slice_cred = self.get_slice_cred(args[0]).save_to_string(save_parents=True) - request_hash=None - if self.hashrequest: - arg_list = [slice_cred, slice_hrn] - request_hash = self.key.compute_hash(arg_list) - return server.reset_slice(slice_cred, slice_hrn, request_hash) + return server.reset_slice(slice_cred, slice_hrn) # # Main: parse arguments and dispatch to command