X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmanagers%2Fregistry_manager_pl.py;h=31496c2b74f60366ce6cecc7a5474c6a29cfba05;hb=dbce495b6f2e7d8dccbfb18c5507907d784c143b;hp=5c70ee7c283211e155e0760577dff831adf7fb9a;hpb=b073401948a91054f0963f9b3ca0fbbb9a5b2ecc;p=sfa.git diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py index 5c70ee7c..31496c2b 100644 --- a/sfa/managers/registry_manager_pl.py +++ b/sfa/managers/registry_manager_pl.py @@ -1,25 +1,36 @@ import types import time -from sfa.server.registry import Registries from sfa.util.prefixTree import prefixTree -from sfa.util.record import GeniRecord -from sfa.util.genitable import GeniTable -from sfa.util.record import GeniRecord -from sfa.util.genitable import GeniTable +from sfa.util.record import SfaRecord +from sfa.util.table import SfaTable +from sfa.util.record import SfaRecord from sfa.trust.gid import GID -from sfa.util.namespace import * +from sfa.util.namespace import get_leaf, get_authority, hrn_to_urn, hrn_to_pl_login_base, urn_to_hrn from sfa.trust.credential import * from sfa.trust.certificate import * from sfa.util.faults import * +from sfa.trust.gid import create_uuid -def get_credential(api, hrn, type, is_self=False): +def get_version(api): + version = {} + version['geni_api'] = 1 + version['sfa'] = 1 + return version + +def get_credential(api, xrn, type, is_self=False): + # convert xrn to hrn + if type: + hrn = urn_to_hrn(xrn)[0] + else: + hrn, type = urn_to_hrn(xrn) + # Is this a root or sub authority auth_hrn = api.auth.get_authority(hrn) if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN: auth_hrn = hrn # get record info auth_info = api.auth.get_auth_info(auth_hrn) - table = GeniTable() + table = SfaTable() records = table.findObjects({'type': type, 'hrn': hrn}) if not records: raise RecordNotFound(hrn) @@ -28,6 +39,9 @@ def get_credential(api, hrn, type, is_self=False): # verify_cancreate_credential requires that the member lists # (researchers, pis, etc) be filled in api.fill_record_info(record) + if record['type']=='user': + if not record['enabled']: + raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email'])) # get the callers gid # if this is a self cred the record's gid is the caller's gid @@ -48,39 +62,47 @@ def get_credential(api, hrn, type, is_self=False): new_cred = Credential(subject = object_gid.get_subject()) new_cred.set_gid_caller(caller_gid) new_cred.set_gid_object(object_gid) - new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn) - new_cred.set_pubkey(object_gid.get_pubkey()) + new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename()) + #new_cred.set_pubkey(object_gid.get_pubkey()) new_cred.set_privileges(rights) - new_cred.set_delegate(True) + new_cred.get_privileges().delegate_all_privileges(True) auth_kind = "authority,ma,sa" - new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind)) + # Parent not necessary, verify with certs + #new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind)) new_cred.encode() new_cred.sign() return new_cred.save_to_string(save_parents=True) -def resolve(api, hrns, type=None, origin_hrn): + +# The GENI GetVersion call +def GetVersion(): + version = {} + version['geni_api'] = 1 + return version + +def resolve(api, xrns, type=None, full=True): # load all know registry names into a prefix tree and attempt to find # the longest matching prefix - if not isinstance(hrns, types.ListType): - hrns = [hrns] - + if not isinstance(xrns, types.ListType): + xrns = [xrns] + hrns = [urn_to_hrn(xrn)[0] for xrn in xrns] # create a dict whre key is an registry hrn and its value is a # hrns at that registry (determined by the known prefix tree). - hrn_dict = {} - registries = Registries(api) + xrn_dict = {} + registries = api.registries tree = prefixTree() registry_hrns = registries.keys() tree.load(registry_hrns) - for hrn in hrns: - registry_hrn = tree.best_match(hrn) - if registry_hrn not in hrn_dict: - hrn_dict[registry_hrn] = [] - hrn_dict[registry_hrn].append(hrn) + for xrn in xrns: + registry_hrn = tree.best_match(urn_to_hrn(xrn)[0]) + if registry_hrn not in xrn_dict: + xrn_dict[registry_hrn] = [] + xrn_dict[registry_hrn].append(xrn) records = [] - for registry_hrn in hrn_dict: + for registry_hrn in xrn_dict: # skip the hrn without a registry hrn # XX should we let the user know the authority is unknown? if not registry_hrn: @@ -88,62 +110,60 @@ def resolve(api, hrns, type=None, origin_hrn): # if the best match (longest matching hrn) is not the local registry, # forward the request - hrns = hrn_dict[registry_hrn] + xrns = xrn_dict[registry_hrn] if registry_hrn != api.hrn: credential = api.getCredential() - peer_records = registries[registry_hrn].resolve(credential, hrn, origin_hrn) - records.extend([GeniRecord(dict=record).as_dict() for record in peer_records]) + peer_records = registries[registry_hrn].Resolve(xrns, credential) + records.extend([SfaRecord(dict=record).as_dict() for record in peer_records]) # try resolving the remaining unfound records at the local registry - remaining_hrns = set(hrns).difference([record['hrn'] for record in records]) - table = GeniTable() + remaining_hrns = set(hrns).difference([record['hrn'] for record in records]) + # convert set to list + remaining_hrns = [hrn for hrn in remaining_hrns] + table = SfaTable() local_records = table.findObjects({'hrn': remaining_hrns}) - for record in local_records: - try: - api.fill_record_info(record) - records.append(dict(record)) - except PlanetLabRecordDoesNotExist: - # silently drop the ones that are missing in PL - print >> log, "ignoring geni record ", record['hrn'], \ - " because pl record does not exist" - table.remove(record) - + if full: + api.fill_record_info(local_records) + + # convert local record objects to dicts + records.extend([dict(record) for record in local_records]) if not records: raise RecordNotFound(str(hrns)) if type: - records = filter(lambda rec: rec['type'] == type, records) + records = filter(lambda rec: rec['type'] in [type], records) return records -def list(api, hrn): +def list(api, xrn, origin_hrn=None): + hrn, type = urn_to_hrn(xrn) # load all know registry names into a prefix tree and attempt to find # the longest matching prefix records = [] - registries = Registries(api) - hrns = registries.keys() + registries = api.registries + registry_hrns = registries.keys() tree = prefixTree() - tree.load(hrns) + tree.load(registry_hrns) registry_hrn = tree.best_match(hrn) - + #if there was no match then this record belongs to an unknow registry if not registry_hrn: - raise MissingAuthority(hrn) + raise MissingAuthority(xrn) # if the best match (longest matching hrn) is not the local registry, # forward the request records = [] if registry_hrn != api.hrn: credential = api.getCredential() - record_list = registries[registry_hrn].list(credential, hrn, origin_hrn) - records = [GeniRecord(dict=record).as_dict() for record in record_list] + record_list = registries[registry_hrn].list(credential, xrn, origin_hrn) + records = [SfaRecord(dict=record).as_dict() for record in record_list] # if we still havnt found the record yet, try the local registry if not records: if not api.auth.hierarchy.auth_exists(hrn): raise MissingAuthority(hrn) - table = GeniTable() + table = SfaTable() records = table.find({'authority': hrn}) return records @@ -152,18 +172,18 @@ def list(api, hrn): def register(api, record): hrn, type = record['hrn'], record['type'] - + urn = hrn_to_urn(hrn,type) # validate the type if type not in ['authority', 'slice', 'node', 'user']: - raise UnknownGeniType(type) + raise UnknownSfaType(type) # check if record already exists - table = GeniTable() + table = SfaTable() existing_records = table.find({'type': type, 'hrn': hrn}) if existing_records: raise ExistingRecord(hrn) - record = GeniRecord(dict = record) + record = SfaRecord(dict = record) record['authority'] = get_authority(record['hrn']) type = record['type'] hrn = record['hrn'] @@ -175,13 +195,13 @@ def register(api, record): uuid = create_uuid() pkey = Keypair(create=True) if 'key' in record and record['key']: - if isinstance(record['key'], list): + if isinstance(record['key'], types.ListType): pub_key = record['key'][0] else: pub_key = record['key'] pkey = convert_public_key(pub_key) - gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey) + gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey) gid = gid_object.save_to_string(save_parents=True) record['gid'] = gid record.set_gid(gid) @@ -189,12 +209,12 @@ def register(api, record): if type in ["authority"]: # update the tree if not api.auth.hierarchy.auth_exists(hrn): - api.auth.hierarchy.create_auth(hrn) + api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority')) # get the GID from the newly created authority gid = auth_info.get_gid_object() record.set_gid(gid.save_to_string(save_parents=True)) - pl_record = api.geni_fields_to_pl_fields(type, hrn, record) + pl_record = api.sfa_fields_to_pl_fields(type, hrn, record) sites = api.plshell.GetSites(api.plauth, [pl_record['login_base']]) if not sites: pointer = api.plshell.AddSite(api.plauth, pl_record) @@ -206,17 +226,17 @@ def register(api, record): elif (type == "slice"): acceptable_fields=['url', 'instantiation', 'name', 'description'] - pl_record = api.geni_fields_to_pl_fields(type, hrn, record) + pl_record = api.sfa_fields_to_pl_fields(type, hrn, record) for key in pl_record.keys(): if key not in acceptable_fields: pl_record.pop(key) - slices = api.plshell.GetSlices(api.plauth, [pl_record['name']]) - if not slices: - pointer = api.plshell.AddSlice(api.plauth, pl_record) - else: - pointer = slices[0]['slice_id'] - record.set_pointer(pointer) - record['pointer'] = pointer + slices = api.plshell.GetSlices(api.plauth, [pl_record['name']]) + if not slices: + pointer = api.plshell.AddSlice(api.plauth, pl_record) + else: + pointer = slices[0]['slice_id'] + record.set_pointer(pointer) + record['pointer'] = pointer elif (type == "user"): persons = api.plshell.GetPersons(api.plauth, [record['email']]) @@ -240,7 +260,7 @@ def register(api, record): api.plshell.AddPersonKey(api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key}) elif (type == "node"): - pl_record = api.geni_fields_to_pl_fields(type, hrn, record) + pl_record = api.sfa_fields_to_pl_fields(type, hrn, record) login_base = hrn_to_pl_login_base(record['authority']) nodes = api.plshell.GetNodes(api.plauth, [pl_record['hostname']]) if not nodes: @@ -259,11 +279,12 @@ def register(api, record): return record.get_gid_object().save_to_string(save_parents=True) def update(api, record_dict): - new_record = GeniRecord(dict = record_dict) + new_record = SfaRecord(dict = record_dict) type = new_record['type'] hrn = new_record['hrn'] + urn = hrn_to_urn(hrn,type) api.auth.verify_object_permission(hrn) - table = GeniTable() + table = SfaTable() # make sure the record exists records = table.findObjects({'type': type, 'hrn': hrn}) if not records: @@ -284,7 +305,7 @@ def update(api, record_dict): api.plshell.UpdateSite(api.plauth, pointer, new_record) elif type == "slice": - pl_record=api.geni_fields_to_pl_fields(type, hrn, new_record) + pl_record=api.sfa_fields_to_pl_fields(type, hrn, new_record) if 'name' in pl_record: pl_record.pop('name') api.plshell.UpdateSlice(api.plauth, pointer, pl_record) @@ -309,7 +330,7 @@ def update(api, record_dict): keys = person['key_ids'] keys = api.plshell.GetKeys(api.plauth, person['key_ids']) key_exists = False - if isinstance(new_record['key'], list): + if isinstance(new_record['key'], types.ListType): new_key = new_record['key'][0] else: new_key = new_record['key'] @@ -326,27 +347,33 @@ def update(api, record_dict): # update the openssl key and gid pkey = convert_public_key(new_key) uuid = create_uuid() - gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey) + gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey) gid = gid_object.save_to_string(save_parents=True) record['gid'] = gid - record = GeniRecord(dict=record) + record = SfaRecord(dict=record) table.update(record) elif type == "node": api.plshell.UpdateNode(api.plauth, pointer, new_record) else: - raise UnknownGeniType(type) + raise UnknownSfaType(type) # update membership for researchers, pis, owners, operators api.update_membership(record, new_record) return 1 -def remove(api, hrn, type, origin_hrn=None): - table = GeniTable() +def remove(api, xrn, type, origin_hrn=None): + # convert xrn to hrn + if type: + hrn = urn_to_hrn(xrn)[0] + else: + hrn, type = urn_to_hrn(xrn) + + table = SfaTable() filter = {'hrn': hrn} - if type not in ['all', '*']: + if type and type not in ['all', '*']: filter['type'] = type records = table.find(filter) if not records: @@ -355,7 +382,7 @@ def remove(api, hrn, type, origin_hrn=None): type = record['type'] credential = api.getCredential() - registries = Registries(api) + registries = api.registries # Try to remove the object from the PLCDB of federated agg. # This is attempted before removing the object from the local agg's PLCDB and sfa table @@ -382,7 +409,7 @@ def remove(api, hrn, type, origin_hrn=None): if api.plshell.GetSites(api.plauth, record['pointer']): api.plshell.DeleteSite(api.plauth, record['pointer']) else: - raise UnknownGeniType(type) + raise UnknownSfaType(type) table.remove(record)