X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fimporter%2Fopenstackimporter.py;h=7ced620383c5bfb4bd736d1a7d4d9b67f6028d21;hb=7eb34251548a271ae964b2f7d7e0fad7a1e41f5a;hp=c6f7ac1df49e4b2ce756150df1f2fb1813e53634;hpb=a8cceb364861025f9a833c7c32d328a7640caa8b;p=sfa.git diff --git a/sfa/importer/openstackimporter.py b/sfa/importer/openstackimporter.py index c6f7ac1d..7ced6203 100644 --- a/sfa/importer/openstackimporter.py +++ b/sfa/importer/openstackimporter.py @@ -1 +1,192 @@ -class OpenstackImporter: pass +import os + +from sfa.util.config import Config +from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn +from sfa.trust.gid import create_uuid +from sfa.trust.certificate import convert_public_key, Keypair +# using global alchemy.session() here is fine +# as importer is on standalone one-shot process +from sfa.storage.alchemy import global_dbsession +from sfa.storage.model import RegRecord, RegAuthority, RegUser, RegSlice, RegNode +from sfa.openstack.osxrn import OSXrn +from sfa.openstack.shell import Shell + + +def load_keys(filename): + keys = {} + tmp_dict = {} + try: + execfile(filename, tmp_dict) + if 'keys' in tmp_dict: + keys = tmp_dict['keys'] + return keys + except: + return keys + + +def save_keys(filename, keys): + f = open(filename, 'w') + f.write("keys = %s" % str(keys)) + f.close() + + +class OpenstackImporter: + + def __init__(self, auth_hierarchy, logger): + self.auth_hierarchy = auth_hierarchy + self.logger = logger + self.config = Config() + self.interface_hrn = self.config.SFA_INTERFACE_HRN + self.root_auth = self.config.SFA_REGISTRY_ROOT_AUTH + self.shell = Shell(self.config) + + def add_options(self, parser): + self.logger.debug("OpenstackImporter: no options yet") + pass + + def import_users(self, existing_hrns, existing_records): + # Get all users + users = self.shell.auth_manager.users.list() + users_dict = {} + keys_filename = self.config.config_path + os.sep + 'person_keys.py' + old_user_keys = load_keys(keys_filename) + user_keys = {} + for user in users: + auth_hrn = self.config.SFA_INTERFACE_HRN + if user.tenantId is not None: + tenant = self.shell.auth_manager.tenants.find(id=user.tenantId) + auth_hrn = OSXrn( + name=tenant.name, auth=self.config.SFA_INTERFACE_HRN, type='authority').get_hrn() + hrn = OSXrn(name=user.name, auth=auth_hrn, type='user').get_hrn() + users_dict[hrn] = user + old_keys = old_user_keys.get(hrn, []) + keyname = OSXrn(xrn=hrn, type='user').get_slicename() + keys = [ + k.public_key for k in self.shell.nova_manager.keypairs.findall(name=keyname)] + user_keys[hrn] = keys + update_record = False + if old_keys != keys: + update_record = True + if hrn not in existing_hrns or \ + (hrn, 'user') not in existing_records or update_record: + urn = OSXrn(xrn=hrn, type='user').get_urn() + + if keys: + try: + pkey = convert_public_key(keys[0]) + except: + self.logger.log_exc( + 'unable to convert public key for %s' % hrn) + pkey = Keypair(create=True) + else: + self.logger.warning( + "OpenstackImporter: person %s does not have a PL public key" % hrn) + pkey = Keypair(create=True) + user_gid = self.auth_hierarchy.create_gid( + urn, create_uuid(), pkey, email=user.email) + user_record = RegUser() + user_record.type = 'user' + user_record.hrn = hrn + user_record.gid = user_gid + user_record.authority = get_authority(hrn) + global_dbsession.add(user_record) + global_dbsession.commit() + self.logger.info( + "OpenstackImporter: imported person %s" % user_record) + + return users_dict, user_keys + + def import_tenants(self, existing_hrns, existing_records): + # Get all tenants + # A tenant can represent an organizational group (site) or a + # slice. If a tenant's authorty/parent matches the root authority it is + # considered a group/site. All other tenants are considered slices. + tenants = self.shell.auth_manager.tenants.list() + tenants_dict = {} + for tenant in tenants: + hrn = self.config.SFA_INTERFACE_HRN + '.' + tenant.name + tenants_dict[hrn] = tenant + authority_hrn = OSXrn( + xrn=hrn, type='authority').get_authority_hrn() + + if hrn in existing_hrns: + continue + + if authority_hrn == self.config.SFA_INTERFACE_HRN: + # import group/site + record = RegAuthority() + urn = OSXrn(xrn=hrn, type='authority').get_urn() + if not self.auth_hierarchy.auth_exists(urn): + self.auth_hierarchy.create_auth(urn) + auth_info = self.auth_hierarchy.get_auth_info(urn) + gid = auth_info.get_gid_object() + record.type = 'authority' + record.hrn = hrn + record.gid = gid + record.authority = get_authority(hrn) + global_dbsession.add(record) + global_dbsession.commit() + self.logger.info( + "OpenstackImporter: imported authority: %s" % record) + + else: + record = RegSlice() + urn = OSXrn(xrn=hrn, type='slice').get_urn() + pkey = Keypair(create=True) + gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey) + record.type = 'slice' + record.hrn = hrn + record.gid = gid + record.authority = get_authority(hrn) + global_dbsession.add(record) + global_dbsession.commit() + self.logger.info( + "OpenstackImporter: imported slice: %s" % record) + + return tenants_dict + + def run(self, options): + # we don't have any options for now + self.logger.info("OpenstackImporter.run : to do") + + # create dict of all existing sfa records + existing_records = {} + existing_hrns = [] + key_ids = [] + for record in global_dbsession.query(RegRecord): + existing_records[(record.hrn, record.type,)] = record + existing_hrns.append(record.hrn) + + tenants_dict = self.import_tenants(existing_hrns, existing_records) + users_dict, user_keys = self.import_users( + existing_hrns, existing_records) + + # remove stale records + system_records = [self.interface_hrn, self.root_auth, + self.interface_hrn + '.slicemanager'] + for (record_hrn, type) in existing_records.keys(): + if record_hrn in system_records: + continue + + record = existing_records[(record_hrn, type)] + if record.peer_authority: + continue + + if type == 'user': + if record_hrn in users_dict: + continue + elif type in['slice', 'authority']: + if record_hrn in tenants_dict: + continue + else: + continue + + record_object = existing_records[(record_hrn, type)] + self.logger.info("OpenstackImporter: removing %s " % record) + global_dbsession.delete(record_object) + global_dbsession.commit() + + # save pub keys + self.logger.info('OpenstackImporter: saving current pub keys') + keys_filename = self.config.config_path + os.sep + 'person_keys.py' + save_keys(keys_filename, user_keys)