X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fplanetlab%2Fplslices.py;h=2b59a01723a169b9bbdbc8d5ea5b09de64472a42;hb=30d9951e075d93127c3909dcb41be09b420b3525;hp=65e2164a907218564434d561bd196da90dba50ab;hpb=f58accad0a467774fa451ef690147d0b93671f44;p=sfa.git diff --git a/sfa/planetlab/plslices.py b/sfa/planetlab/plslices.py index 65e2164a..2b59a017 100644 --- a/sfa/planetlab/plslices.py +++ b/sfa/planetlab/plslices.py @@ -1,5 +1,4 @@ import time -from types import StringTypes from collections import defaultdict from sfa.util.sfatime import utcparse, datetime_to_epoch @@ -8,15 +7,14 @@ from sfa.util.xrn import Xrn, get_leaf, get_authority, urn_to_hrn from sfa.rspecs.rspec import RSpec from sfa.planetlab.vlink import VLink from sfa.planetlab.topology import Topology -from sfa.planetlab.plxrn import PlXrn, hrn_to_pl_slicename, xrn_to_hostname, xrn_to_ext_slicename, hrn_to_ext_loginbase, top_auth +from sfa.planetlab.plxrn import PlXrn, hrn_to_pl_slicename, xrn_to_hostname, top_auth, hash_loginbase from sfa.storage.model import SliverAllocation -from sfa.storage.alchemy import dbsession MAXINT = 2L**31-1 class PlSlices: - rspec_to_slice_tag = {'max_rate':'net_max_rate'} + rspec_to_slice_tag = {'max_rate' : 'net_max_rate'} def __init__(self, driver): self.driver = driver @@ -41,7 +39,8 @@ class PlSlices: person_ids = list(person_ids) all_slice_tag_ids = list(all_slice_tag_ids) # Get user information - all_persons_list = self.driver.shell.GetPersons({'person_id':person_ids,'enabled':True}, ['person_id', 'enabled', 'key_ids']) + all_persons_list = self.driver.shell.GetPersons({'person_id':person_ids,'enabled':True}, + ['person_id', 'enabled', 'key_ids']) all_persons = {} for person in all_persons_list: all_persons[person['person_id']] = person @@ -112,7 +111,8 @@ class PlSlices: # XXX Sanity check; though technically this should be a system invariant # checked with an assertion - if slice['expires'] > MAXINT: slice['expires']= MAXINT + if slice['expires'] > MAXINT: + slice['expires'] = MAXINT slivers.append({ 'hrn': hrn, @@ -126,27 +126,6 @@ class PlSlices: return slivers - def get_peer(self, xrn): - hrn, type = urn_to_hrn(xrn) - # Becaues of myplc federation, we first need to determine if this - # slice belongs to out local plc or a myplc peer. We will assume it - # is a local site, unless we find out otherwise - peer = None - - # get this slice's authority (site) - slice_authority = get_authority(hrn) - - # get this site's authority (sfa root authority or sub authority) - site_authority = get_authority(slice_authority).lower() - - # check if we are already peered with this site_authority, if so - peers = self.driver.shell.GetPeers({}, ['peer_id', 'peername', 'shortname', 'hrn_root']) - for peer_record in peers: - names = [name.lower() for name in peer_record.values() if isinstance(name, StringTypes)] - if site_authority in names: - peer = peer_record - - return peer def get_sfa_peer(self, xrn): hrn, type = urn_to_hrn(xrn) @@ -161,20 +140,27 @@ class PlSlices: return sfa_peer - def verify_slice_leases(self, slice, rspec_requested_leases, peer): + def verify_slice_leases(self, slice, rspec_requested_leases): - leases = self.driver.shell.GetLeases({'name':slice['name'], 'clip':int(time.time())}, ['lease_id','name', 'hostname', 't_from', 't_until']) + leases = self.driver.shell.GetLeases({'name':slice['name'], 'clip':int(time.time())}, + ['lease_id','name', 'hostname', 't_from', 't_until']) grain = self.driver.shell.GetLeaseGranularity() requested_leases = [] for lease in rspec_requested_leases: requested_lease = {} slice_hrn, _ = urn_to_hrn(lease['slice_id']) + top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) + slice_part = slice_hrn.split('.')[-1] if top_auth_hrn == self.driver.hrn: - slice_name = hrn_to_pl_slicename(lease['slice_id']) + login_base = slice_hrn.split('.')[-2][:12] else: - slice_name = xrn_to_ext_slicename(lease['slice_id']) + login_base = hash_loginbase(site_hrn) + + slice_name = '_'.join([login_base, slice_part]) + if slice_name != slice['name']: continue elif Xrn(lease['component_id']).get_authority_urn().split(':')[0] != self.driver.hrn: @@ -209,8 +195,6 @@ class PlSlices: try: - if peer: - self.driver.shell.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname']) self.driver.shell.DeleteLeases(deleted_leases_id) for lease in added_leases: self.driver.shell.AddLeases(lease['hostname'], slice['name'], lease['t_from'], lease['t_until']) @@ -221,7 +205,7 @@ class PlSlices: return leases - def verify_slice_nodes(self, slice_urn, slice, rspec_nodes, peer): + def verify_slice_nodes(self, slice_urn, slice, rspec_nodes): slivers = {} for node in rspec_nodes: @@ -245,8 +229,6 @@ class PlSlices: added_nodes = list(set(slivers.keys()).difference(current_slivers)) try: - if peer: - self.driver.shell.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname']) self.driver.shell.AddSliceToNodes(slice['name'], added_nodes) self.driver.shell.DeleteSliceFromNodes(slice['name'], deleted_nodes) @@ -260,13 +242,13 @@ class PlSlices: for node in resulting_nodes: client_id = slivers[node['hostname']]['client_id'] component_id = slivers[node['hostname']]['component_id'] - sliver_hrn = '%s.%s-%s' % (self.driver.hrn, slice['slice_id'], node['node_id']) + sliver_hrn = '{}.{}-{}'.format(self.driver.hrn, slice['slice_id'], node['node_id']) sliver_id = Xrn(sliver_hrn, type='sliver').urn record = SliverAllocation(sliver_id=sliver_id, client_id=client_id, component_id=component_id, slice_urn = slice_urn, allocation_state='geni_allocated') - record.sync() + record.sync(self.driver.api.dbsession()) return resulting_nodes def free_egre_key(self): @@ -320,6 +302,7 @@ class PlSlices: for link in requested_links: # get the ip address of the first node in the link ifname1 = Xrn(link['interface1']['component_id']).get_leaf() + if ifname1: ifname_parts = ifname1.split(':') node_raw = ifname_parts[0] @@ -337,402 +320,334 @@ class PlSlices: slice_tags.append({'name': 'vini_topo', 'value': 'manual', 'node_id': node_id}) #self.driver.shell.AddSliceTag(slice['name'], 'topo_rspec', str([topo_rspec]), node_id) - self.verify_slice_attributes(slice, slice_tags, {'append': True}, admin=True) - + self.verify_slice_tags(slice, slice_tags, {'pltags':'append'}, admin=True) - def handle_peer(self, site, slice, persons, peer): - if peer: - # bind site - try: - if site: - self.driver.shell.BindObjectToPeer('site', site['site_id'], peer['shortname'], slice['site_id']) - except Exception,e: - self.driver.shell.DeleteSite(site['site_id']) - raise e - - # bind slice - try: - if slice: - self.driver.shell.BindObjectToPeer('slice', slice['slice_id'], peer['shortname'], slice['slice_id']) - except Exception,e: - self.driver.shell.DeleteSlice(slice['slice_id']) - raise e - - # bind persons - for person in persons: - try: - self.driver.shell.BindObjectToPeer('person', - person['person_id'], peer['shortname'], person['peer_person_id']) - - for (key, remote_key_id) in zip(person['keys'], person['key_ids']): - try: - self.driver.shell.BindObjectToPeer( 'key', key['key_id'], peer['shortname'], remote_key_id) - except: - self.driver.shell.DeleteKey(key['key_id']) - logger("failed to bind key: %s to peer: %s " % (key['key_id'], peer['shortname'])) - except Exception,e: - self.driver.shell.DeletePerson(person['person_id']) - raise e - - return slice - - def verify_site(self, slice_xrn, slice_record={}, peer=None, sfa_peer=None, options={}): + def verify_site(self, slice_xrn, slice_record=None, sfa_peer=None, options=None): + if slice_record is None: slice_record={} + if options is None: options={} (slice_hrn, type) = urn_to_hrn(slice_xrn) top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) if top_auth_hrn == self.driver.hrn: - # login base can't be longer than 20 characters - slicename = hrn_to_pl_slicename(slice_hrn) - authority_name = slicename.split('_')[0] - login_base = authority_name[:20] + login_base = slice_hrn.split('.')[-2][:12] else: - login_base = hrn_to_ext_loginbase(slice_hrn) - authority_name = login_base + login_base = hash_loginbase(site_hrn) + + # filter sites by hrn + sites = self.driver.shell.GetSites({'peer_id': None, 'hrn':site_hrn}, + ['site_id','name','abbreviated_name','login_base','hrn']) - sites = self.driver.shell.GetSites(login_base) - if not sites: + # alredy exists + if sites: + site = sites[0] + else: # create new site record - site = {'name': 'sfa.%s' % authority_name, - 'abbreviated_name': authority_name, + site = {'name': 'sfa:{}'.format(site_hrn), + 'abbreviated_name': site_hrn, 'login_base': login_base, 'max_slices': 100, 'max_slivers': 1000, 'enabled': True, - 'peer_site_id': None} - if peer: - site['peer_site_id'] = slice_record.get('site_id', None) - site['site_id'] = self.driver.shell.AddSite(site) + 'peer_site_id': None, + 'hrn':site_hrn, + 'sfa_created': 'True', + } + site_id = self.driver.shell.AddSite(site) + # plcapi tends to mess with the incoming hrn so let's make sure + self.driver.shell.SetSiteHrn (site_id, site_hrn) + site['site_id'] = site_id # exempt federated sites from monitor policies - self.driver.shell.AddSiteTag(site['site_id'], 'exempt_site_until', "20200101") - -# # is this still necessary? -# # add record to the local registry -# if sfa_peer and slice_record: -# peer_dict = {'type': 'authority', 'hrn': site_hrn, \ -# 'peer_authority': sfa_peer, 'pointer': site['site_id']} -# self.registry.register_peer_object(self.credential, peer_dict) - else: - site = sites[0] - if peer: - # unbind from peer so we can modify if necessary. Will bind back later - self.driver.shell.UnBindObjectFromPeer('site', site['site_id'], peer['shortname']) + self.driver.shell.AddSiteTag(site_id, 'exempt_site_until', "20200101") return site - def verify_slice(self, slice_hrn, slice_record, peer, sfa_peer, expiration, options={}): + def verify_slice(self, slice_hrn, slice_record, sfa_peer, expiration, options=None): + if options is None: options={} top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) + slice_part = slice_hrn.split('.')[-1] if top_auth_hrn == self.driver.hrn: - slicename = hrn_to_pl_slicename(slice_hrn) - parts = slicename.split("_") - login_base = parts[0] + login_base = slice_hrn.split('.')[-2][:12] else: - login_base = hrn_to_ext_loginbase(slice_hrn) - slicename = xrn_to_ext_slicename(slice_hrn) + login_base = hash_loginbase(site_hrn) + slice_name = '_'.join([login_base, slice_part]) - slices = self.driver.shell.GetSlices([slicename]) expires = int(datetime_to_epoch(utcparse(expiration))) - if not slices: - slice = {'name': slicename, - 'url': slice_record.get('url', slice_hrn), - 'description': slice_record.get('description', slice_hrn)} - # add the slice - slice['slice_id'] = self.driver.shell.AddSlice(slice) - slice['node_ids'] = [] - slice['person_ids'] = [] - # set the slice HRN - self.driver.shell.SetSliceHrn(int(slice['slice_id']), slice_hrn) - - if peer and slice_record: - slice['peer_slice_id'] = slice_record.get('slice_id', None) - # set the expiration - self.driver.shell.UpdateSlice(slice['slice_id'], {'expires': expires}) - else: + # Filter slices by HRN + slices = self.driver.shell.GetSlices({'peer_id': None, 'hrn':slice_hrn}, + ['slice_id','name','hrn','expires']) + + if slices: slice = slices[0] - # Check slice HRN - if self.driver.shell.GetSliceHrn(slice['slice_id']) != slice_hrn: - self.driver.shell.SetSliceHrn(slice['slice_id'], slice_hrn) - - if peer and slice_record: - slice['peer_slice_id'] = slice_record.get('slice_id', None) - # unbind from peer so we can modify if necessary. Will bind back later - self.driver.shell.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname']) - - #Update expiration if necessary - if slice['expires'] != expires: - self.driver.shell.UpdateSlice( slice['slice_id'], {'expires' : expires}) - - return slice - - #def get_existing_persons(self, users): - def verify_persons(self, slice_hrn, slice_record, users, peer, sfa_peer, options={}): - users_by_email = {} - users_by_site = defaultdict(list) - users_dict = {} + slice_id = slice['slice_id'] + #Update expiration if necessary + if slice.get('expires', None) != expires: + self.driver.shell.UpdateSlice( slice_id, {'expires' : expires}) + else: + if slice_record: + url = slice_record.get('url', slice_hrn) + description = slice_record.get('description', slice_hrn) + else: + url = slice_hrn + description = slice_hrn + slice = {'name': slice_name, + 'url': url, + 'description': description, + 'hrn': slice_hrn, + 'sfa_created': 'True', + #'expires': expires, + } + # add the slice + slice_id = self.driver.shell.AddSlice(slice) + # plcapi tends to mess with the incoming hrn so let's make sure + self.driver.shell.SetSliceHrn (slice_id, slice_hrn) + # cannot be set with AddSlice + # set the expiration + self.driver.shell.UpdateSlice(slice_id, {'expires': expires}) + + return self.driver.shell.GetSlices(slice_id)[0] + + + # in the following code, we use + # 'person' to denote a PLCAPI-like record with typically 'person_id' and 'email' + # 'user' to denote an incoming record with typically 'urn' and 'email' - we add 'hrn' in there + # 'slice_record': it seems like the first of these 'users' also contains a 'slice_record' + # key that holds stuff like 'hrn', 'slice_id', 'authority',... + # + def create_person_from_user (self, user, site_id): + user_hrn = user['hrn'] + # the value to use if 'user' has no 'email' attached - or if the attached email already exists + # typically + ( auth_hrn, _ , leaf ) = user_hrn.rpartition('.') + # somehow this has backslashes, get rid of them + auth_hrn = auth_hrn.replace('\\','') + default_email = "{}@{}.stub".format(leaf, auth_hrn) + + person_record = { + # required + 'first_name': user.get('first_name',user_hrn), + 'last_name': user.get('last_name',user_hrn), + 'email': user.get('email', default_email), + # our additions + 'enabled': True, + 'sfa_created': 'True', + 'hrn': user_hrn, + } + + logger.debug ("about to attempt to AddPerson with {}".format(person_record)) + try: + # the thing is, the PLE db has a limitation on re-using the same e-mail + # in the case where people have an account on ple.upmc and then then come + # again from onelab.upmc, they will most likely have the same e-mail, and so kaboom.. + # so we first try with the accurate email + person_id = int (self.driver.shell.AddPerson(person_record)) + except: + logger.log_exc("caught during first attempt at AddPerson") + # and if that fails we start again with the email based on the hrn, which this time is unique.. + person_record['email'] = default_email + logger.debug ("second chance with email={}".format(person_record['email'])) + person_id = int (self.driver.shell.AddPerson(person_record)) + self.driver.shell.AddRoleToPerson('user', person_id) + self.driver.shell.AddPersonToSite(person_id, site_id) + # plcapi tends to mess with the incoming hrn so let's make sure + self.driver.shell.SetPersonHrn (person_id, user_hrn) + # also 'enabled':True does not seem to pass through with AddPerson + self.driver.shell.UpdatePerson (person_id, {'enabled': True}) + + return person_id + + def verify_persons(self, slice_hrn, slice_record, users, sfa_peer, options=None): + if options is None: options={} + + # first we annotate the incoming users arg with a 'hrn' key for user in users: - user['urn'] = user['urn'].lower() - hrn, type = urn_to_hrn(user['urn']) - username = get_leaf(hrn) - user['username'] = username + user['hrn'], _ = urn_to_hrn(user['urn']) + # this is for retrieving users from a hrn + users_by_hrn = { user['hrn'] : user for user in users } - top_auth_hrn = top_auth(hrn) + for user in users: logger.debug("incoming user {}".format(user)) - if top_auth_hrn == self.driver.hrn: - login_base = PlXrn(xrn=user['urn']).pl_login_base() - else: - login_base = hrn_to_ext_loginbase(hrn) + # compute the hrn's for the authority and site + top_auth_hrn = top_auth(slice_hrn) + site_hrn = '.'.join(slice_hrn.split('.')[:-1]) + slice_part = slice_hrn.split('.')[-1] + # deduce login_base and slice_name + if top_auth_hrn == self.driver.hrn: + login_base = slice_hrn.split('.')[-2][:12] + else: + login_base = hash_loginbase(site_hrn) + slice_name = '_'.join([login_base, slice_part]) + + # locate the site object + # due to a limitation in PLCAPI, we have to specify 'hrn' as part of the return fields + site = self.driver.shell.GetSites ({'peer_id':None, 'hrn':site_hrn}, ['site_id','hrn'])[0] + site_id = site['site_id'] + + # locate the slice object + slice = self.driver.shell.GetSlices ({'peer_id':None, 'hrn':slice_hrn}, ['slice_id','hrn','person_ids'])[0] + slice_id = slice['slice_id'] + slice_person_ids = slice['person_ids'] + + # the common set of attributes for our calls to GetPersons + person_fields = ['person_id','email','hrn'] + + # for the intended set of hrns, locate existing persons + target_hrns = [ user['hrn'] for user in users ] + target_existing_persons = self.driver.shell.GetPersons ({'peer_id':None, 'hrn': target_hrns}, person_fields) + target_existing_person_ids = [ person ['person_id'] for person in target_existing_persons ] + # find out the hrns that *do not* have a corresponding person + existing_hrns = [ person['hrn'] for person in target_existing_persons ] + tocreate_hrns = set (target_hrns) - set (existing_hrns) + # create these + target_created_person_ids = [ self.create_person_from_user (users_by_hrn[hrn], site_id) for hrn in tocreate_hrns ] + + # we can partition the persons of interest into one of these 3 classes + add_person_ids = set(target_created_person_ids) | set(target_existing_person_ids) - set(slice_person_ids) + keep_person_ids = set(target_existing_person_ids) & set(slice_person_ids) + del_person_ids = set(slice_person_ids) - set(target_existing_person_ids) + + # delete + for person_id in del_person_ids: + self.driver.shell.DeletePersonFromSlice (person_id, slice_id) + + # about the last 2 sets, for managing keys, we need to trace back person_id -> user + # and for this we need all the Person objects; we already have the target_existing ones + # also we avoid issuing a call if possible + target_created_persons = [] if not target_created_person_ids \ + else self.driver.shell.GetPersons \ + ({'peer_id':None, 'person_id':target_created_person_ids}, person_fields) + persons_by_person_id = { person['person_id'] : person \ + for person in target_existing_persons + target_created_persons } + + def user_by_person_id (person_id): + person = persons_by_person_id [person_id] + hrn = person ['hrn'] + return users_by_hrn [hrn] + + persons_to_verify_keys = {} + # add + for person_id in add_person_ids: + self.driver.shell.AddPersonToSlice(person_id, slice_id) + persons_to_verify_keys[person_id] = user_by_person_id(person_id) + # Update kept persons + for person_id in keep_person_ids: + persons_to_verify_keys[person_id] = user_by_person_id(person_id) + self.verify_keys(persons_to_verify_keys, options) + + # return hrns of the newly added persons + + return [ persons_by_person_id[person_id]['hrn'] for person_id in add_person_ids ] + + def verify_keys(self, persons_to_verify_keys, options=None): + if options is None: options={} + # we only add keys that comes from sfa to persons in PL + for person_id in persons_to_verify_keys: + person_sfa_keys = persons_to_verify_keys[person_id].get('keys', []) + person_pl_keys = self.driver.shell.GetKeys({'person_id': int(person_id)}) + person_pl_keys_list = [key['key'] for key in person_pl_keys] + + keys_to_add = set(person_sfa_keys).difference(person_pl_keys_list) + + for key_string in keys_to_add: + key = {'key': key_string, 'key_type': 'ssh'} + self.driver.shell.AddPersonKey(int(person_id), key) + + + def verify_slice_tags(self, slice, requested_slice_attributes, options=None, admin=False): + """ + This function deals with slice tags, and supports 3 modes described + in the 'pltags' option that can be either + (*) 'ignore' (default) - do nothing + (*) 'append' - only add incoming tags, that do not match an existing tag + (*) 'sync' - tries to do the plain wholesale thing, + i.e. to leave the db in sync with incoming tags + """ + if options is None: options={} + + # lookup 'pltags' in options to find out which mode is requested here + pltags = options.get('pltags', 'ignore') + # make sure the default is 'ignore' + if pltags not in ('ignore', 'append', 'sync'): + pltags = 'ignore' + + if pltags == 'ignore': + logger.info('verify_slice_tags in ignore mode - leaving slice tags as-is') + return + + # incoming data (attributes) have a (name, value) pair + # while PLC data (tags) have a (tagname, value) pair + # we must be careful not to mix these up - user['site'] = login_base - if 'email' in user: - user['email'] = user['email'].lower() - users_by_email[user['email']] = user - users_dict[user['email']] = user - else: - users_by_site[user['site']].append(user) - - # start building a list of existing users - existing_user_ids = [] - existing_user_ids_filter = [] - if users_by_email: - existing_user_ids_filter.extend(users_by_email.keys()) - if users_by_site: - for login_base in users_by_site: - users = users_by_site[login_base] - for user in users: - existing_user_ids_filter.append(user['username']+'@geni.net') - - if existing_user_ids_filter: - # get existing users by email - existing_users = self.driver.shell.GetPersons({'email': existing_user_ids_filter}, - ['person_id', 'key_ids', 'email']) - existing_user_ids.extend([user['email'] for user in existing_users]) - - if users_by_site: - # get a list of user sites (based on requeste user urns - site_list = self.driver.shell.GetSites(users_by_site.keys(), \ - ['site_id', 'login_base', 'person_ids']) - # get all existing users at these sites - sites = {} - site_user_ids = [] - for site in site_list: - sites[site['site_id']] = site - site_user_ids.extend(site['person_ids']) - - existing_site_persons_list = self.driver.shell.GetPersons(site_user_ids, - ['person_id', 'key_ids', 'email', 'site_ids']) - - # all requested users are either existing users or new (added) users - for login_base in users_by_site: - requested_site_users = users_by_site[login_base] - for requested_user in requested_site_users: - user_found = False - for existing_user in existing_site_persons_list: - for site_id in existing_user['site_ids']: - if site_id in sites: - site = sites[site_id] - if login_base == site['login_base'] and \ - existing_user['email'].startswith(requested_user['username']+'@'): - existing_user_ids.append(existing_user['email']) - requested_user['email'] = existing_user['email'] - users_dict[existing_user['email']] = requested_user - user_found = True - break - if user_found: - break - - if user_found == False: - fake_email = requested_user['username'] + '@geni.net' - requested_user['email'] = fake_email - users_dict[fake_email] = requested_user - - # requested slice users - requested_user_ids = users_dict.keys() - # existing slice users - existing_slice_users_filter = {'person_id': slice_record.get('person_ids', [])} - existing_slice_users = self.driver.shell.GetPersons(existing_slice_users_filter, - ['person_id', 'key_ids', 'email']) - existing_slice_user_ids = [user['email'] for user in existing_slice_users] - - # users to be added, removed or updated - added_user_ids = set(requested_user_ids).difference(existing_user_ids) - added_slice_user_ids = set(requested_user_ids).difference(existing_slice_user_ids) - removed_user_ids = set(existing_slice_user_ids).difference(requested_user_ids) - updated_user_ids = set(existing_slice_user_ids).intersection(requested_user_ids) - - # Remove stale users (only if we are not appending). - # Append by default. - append = options.get('append', True) - if append == False: - for removed_user_id in removed_user_ids: - self.driver.shell.DeletePersonFromSlice(removed_user_id, slice_record['name']) - # update_existing users - updated_users_list = [user for user in users_dict.values() if user['email'] in \ - updated_user_ids] - self.verify_keys(existing_slice_users, updated_users_list, peer, options) - - added_persons = [] - # add new users - for added_user_id in added_user_ids: - added_user = users_dict[added_user_id] - hrn, type = urn_to_hrn(added_user['urn']) - person = { - 'first_name': added_user.get('first_name', hrn), - 'last_name': added_user.get('last_name', hrn), - 'email': added_user_id, - #'peer_person_id': None, - #'keys': [], - #'key_ids': added_user.get('key_ids', []), - } - person['person_id'] = self.driver.shell.AddPerson(person) - self.driver.shell.AddRoleToPerson('user', int(person['person_id'])) - # check user HRN - if self.driver.shell.GetPersonHrn(int(person['person_id'])) != hrn: - self.driver.shell.SetPersonHrn(int(person['person_id']), hrn) - - if peer: - person['peer_person_id'] = added_user['person_id'] - added_persons.append(person) - - # enable the account - self.driver.shell.UpdatePerson(person['person_id'], {'enabled': True}) - - # add person to site - self.driver.shell.AddPersonToSite(added_user_id, added_user['site']) - - for key_string in added_user.get('keys', []): - key = {'key':key_string, 'key_type':'ssh'} - key['key_id'] = self.driver.shell.AddPersonKey(person['person_id'], key) - if 'keys' not in person: - person['keys'] = [] - person['keys'].append(key) - - # add the registry record -# if sfa_peer: -# peer_dict = {'type': 'user', 'hrn': hrn, 'peer_authority': sfa_peer, \ -# 'pointer': person['person_id']} -# self.registry.register_peer_object(self.credential, peer_dict) - - for added_slice_user_id in added_slice_user_ids.union(added_user_ids): - # add person to the slice - self.driver.shell.AddPersonToSlice(added_slice_user_id, slice_record['name']) - # if this is a peer record then it should already be bound to a peer. - # no need to return worry about it getting bound later - - return added_persons - - - def verify_keys(self, persons, users, peer, options={}): - # existing keys - key_ids = [] - for person in persons: - key_ids.extend(person['key_ids']) - keylist = self.driver.shell.GetKeys(key_ids, ['key_id', 'key']) - keydict = {} - for key in keylist: - keydict[key['key']] = key['key_id'] - existing_keys = keydict.keys() - persondict = {} - for person in persons: - persondict[person['email']] = person - - # add new keys - requested_keys = [] - updated_persons = [] - for user in users: - user_keys = user.get('keys', []) - updated_persons.append(user) - for key_string in user_keys: - requested_keys.append(key_string) - if key_string not in existing_keys: - key = {'key': key_string, 'key_type': 'ssh'} - try: - if peer: - person = persondict[user['email']] - self.driver.shell.UnBindObjectFromPeer('person', person['person_id'], peer['shortname']) - key['key_id'] = self.driver.shell.AddPersonKey(user['email'], key) - if peer: - key_index = user_keys.index(key['key']) - remote_key_id = user['key_ids'][key_index] - self.driver.shell.BindObjectToPeer('key', key['key_id'], peer['shortname'], remote_key_id) - - finally: - if peer: - self.driver.shell.BindObjectToPeer('person', person['person_id'], peer['shortname'], user['person_id']) - - # remove old keys (only if we are not appending) - append = options.get('append', True) - if append == False: - removed_keys = set(existing_keys).difference(requested_keys) - for existing_key_id in keydict: - if keydict[existing_key_id] in removed_keys: - try: - if peer: - self.driver.shell.UnBindObjectFromPeer('key', existing_key_id, peer['shortname']) - self.driver.shell.DeleteKey(existing_key_id) - except: - pass - - def verify_slice_attributes(self, slice, requested_slice_attributes, options={}, admin=False): - append = options.get('append', True) - # get list of attributes users ar able to manage + # get list of tags users are able to manage - based on category filter = {'category': '*slice*'} if not admin: filter['|roles'] = ['user'] - slice_attributes = self.driver.shell.GetTagTypes(filter) - valid_slice_attribute_names = [attribute['tagname'] for attribute in slice_attributes] - - # get sliver attributes - added_slice_attributes = [] - removed_slice_attributes = [] - ignored_slice_attribute_names = [] - existing_slice_attributes = self.driver.shell.GetSliceTags({'slice_id': slice['slice_id']}) - - # get attributes that should be removed - for slice_tag in existing_slice_attributes: - if slice_tag['tagname'] in ignored_slice_attribute_names: + valid_tag_types = self.driver.shell.GetTagTypes(filter) + valid_tag_names = [ tag_type['tagname'] for tag_type in valid_tag_types ] + logger.debug("verify_slice_attributes: valid names={}".format(valid_tag_names)) + + # get slice tags + slice_attributes_to_add = [] + slice_tags_to_remove = [] + # we need to keep the slice hrn anyway + ignored_slice_tag_names = ['hrn'] + existing_slice_tags = self.driver.shell.GetSliceTags({'slice_id': slice['slice_id']}) + + # get tags that should be removed + for slice_tag in existing_slice_tags: + if slice_tag['tagname'] in ignored_slice_tag_names: # If a slice already has a admin only role it was probably given to them by an # admin, so we should ignore it. - ignored_slice_attribute_names.append(slice_tag['tagname']) + ignored_slice_tag_names.append(slice_tag['tagname']) + tag_found = True else: - # If an existing slice attribute was not found in the request it should + # If an existing slice tag was not found in the request it should # be removed - attribute_found=False + tag_found = False for requested_attribute in requested_slice_attributes: if requested_attribute['name'] == slice_tag['tagname'] and \ requested_attribute['value'] == slice_tag['value']: - attribute_found=True + tag_found = True break + # remove tags only if not in append mode + if not tag_found and pltags != 'append': + slice_tags_to_remove.append(slice_tag) - if not attribute_found and not append: - removed_slice_attributes.append(slice_tag) - - # get attributes that should be added: + # get tags that should be added: for requested_attribute in requested_slice_attributes: # if the requested attribute wasn't found we should add it - if requested_attribute['name'] in valid_slice_attribute_names: - attribute_found = False - for existing_attribute in existing_slice_attributes: + if requested_attribute['name'] in valid_tag_names: + tag_found = False + for existing_attribute in existing_slice_tags: if requested_attribute['name'] == existing_attribute['tagname'] and \ requested_attribute['value'] == existing_attribute['value']: - attribute_found=True + tag_found = True break - if not attribute_found: - added_slice_attributes.append(requested_attribute) - - - # remove stale attributes - for attribute in removed_slice_attributes: + if not tag_found: + slice_attributes_to_add.append(requested_attribute) + + def friendly_message (tag_or_att): + name = tag_or_att['tagname'] if 'tagname' in tag_or_att else tag_or_att['name'] + return "SliceTag slice={}, tagname={} value={}, node_id={}"\ + .format(slice['name'], tag_or_att['name'], tag_or_att['value'], tag_or_att.get('node_id')) + + # remove stale tags + for tag in slice_tags_to_remove: try: - self.driver.shell.DeleteSliceTag(attribute['slice_tag_id']) - except Exception, e: - logger.warn('Failed to remove sliver attribute. name: %s, value: %s, node_id: %s\nCause:%s'\ - % (slice['name'], attribute['value'], attribute.get('node_id'), str(e))) - - # add requested_attributes - for attribute in added_slice_attributes: + logger.info("Removing Slice Tag {}".format(friendly_message(tag))) + self.driver.shell.DeleteSliceTag(tag['slice_tag_id']) + except Exception as e: + logger.warn("Failed to remove slice tag {}\nCause:{}"\ + .format(friendly_message(tag), e)) + + # add requested_tags + for attribute in slice_attributes_to_add: try: - self.driver.shell.AddSliceTag(slice['name'], attribute['name'], attribute['value'], attribute.get('node_id', None)) - except Exception, e: - logger.warn('Failed to add sliver attribute. name: %s, value: %s, node_id: %s\nCause:%s'\ - % (slice['name'], attribute['value'], attribute.get('node_id'), str(e))) - + logger.info("Adding Slice Tag {}".format(friendly_message(attribute))) + self.driver.shell.AddSliceTag(slice['name'], attribute['name'], + attribute['value'], attribute.get('node_id', None)) + except Exception as e: + logger.warn("Failed to add slice tag {}\nCause:{}"\ + .format(friendly_message(attribute), e))