X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fplc%2Fapi.py;h=ed8883f31421412efb31e2bc7762eace3815c2f8;hb=16d2197289b87a2f290fe0ad887dc36de7866892;hp=4d4055b9f27360bae6d076dc1558b0a5a7172215;hpb=de7169d5a658dbd2cc3543cc1b744708d58b35c9;p=sfa.git diff --git a/sfa/plc/api.py b/sfa/plc/api.py index 4d4055b9..ed8883f3 100644 --- a/sfa/plc/api.py +++ b/sfa/plc/api.py @@ -17,91 +17,23 @@ from sfa.util.faults import * from sfa.util.debug import * from sfa.trust.rights import * from sfa.trust.credential import * +from sfa.trust.certificate import * from sfa.util.misc import * +from sfa.util.sfalogging import * +from sfa.util.genitable import * +from sfa.util.api import * -# See "2.2 Characters" in the XML specification: -# -# #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] -# avoiding -# [#x7F-#x84], [#x86-#x9F], [#xFDD0-#xFDDF] - -invalid_xml_ascii = map(chr, range(0x0, 0x8) + [0xB, 0xC] + range(0xE, 0x1F)) -xml_escape_table = string.maketrans("".join(invalid_xml_ascii), "?" * len(invalid_xml_ascii)) - -def xmlrpclib_escape(s, replace = string.replace): - """ - xmlrpclib does not handle invalid 7-bit control characters. This - function augments xmlrpclib.escape, which by default only replaces - '&', '<', and '>' with entities. - """ - - # This is the standard xmlrpclib.escape function - s = replace(s, "&", "&") - s = replace(s, "<", "<") - s = replace(s, ">", ">",) - - # Replace invalid 7-bit control characters with '?' - return s.translate(xml_escape_table) - -def xmlrpclib_dump(self, value, write): - """ - xmlrpclib cannot marshal instances of subclasses of built-in - types. This function overrides xmlrpclib.Marshaller.__dump so that - any value that is an instance of one of its acceptable types is - marshalled as that type. - - xmlrpclib also cannot handle invalid 7-bit control characters. See - above. - """ - - # Use our escape function - args = [self, value, write] - if isinstance(value, (str, unicode)): - args.append(xmlrpclib_escape) - - try: - # Try for an exact match first - f = self.dispatch[type(value)] - except KeyError: - raise - # Try for an isinstance() match - for Type, f in self.dispatch.iteritems(): - if isinstance(value, Type): - f(*args) - return - raise TypeError, "cannot marshal %s objects" % type(value) - else: - f(*args) - -# You can't hide from me! -xmlrpclib.Marshaller._Marshaller__dump = xmlrpclib_dump - -# SOAP support is optional -try: - import SOAPpy - from SOAPpy.Parser import parseSOAPRPC - from SOAPpy.Types import faultType - from SOAPpy.NS import NS - from SOAPpy.SOAPBuilder import buildSOAP -except ImportError: - SOAPpy = None - - -def import_deep(name): - mod = __import__(name) - components = name.split('.') - for comp in components[1:]: - mod = getattr(mod, comp) - return mod - -class GeniAPI: +class GeniAPI(BaseAPI): # flat list of method names import sfa.methods methods = sfa.methods.all - def __init__(self, config = "/etc/sfa/sfa_config", encoding = "utf-8", + def __init__(self, config = "/etc/sfa/sfa_config", encoding = "utf-8", methods='sfa.methods', peer_cert = None, interface = None, key_file = None, cert_file = None): + BaseAPI.__init__(self, config=config, encoding=encoding, methods=methods, peer_cert=peer_cert, + interface=interface, key_file=key_file, cert_file=cert_file) + self.encoding = encoding # Better just be documenting the API @@ -113,27 +45,35 @@ class GeniAPI: self.auth = Auth(peer_cert) self.interface = interface self.key_file = key_file + self.key = Keypair(filename=self.key_file) self.cert_file = cert_file + self.cert = Certificate(filename=self.cert_file) self.credential = None - self.plshell = self.getPLCShell() - self.plshell_version = self.getPLCShellVersion() + + # Initialize the PLC shell only if SFA wraps a myPLC + rspec_type = self.config.get_aggregate_rspec_type() + if (rspec_type == 'pl' or rspec_type == 'vini'): + self.plshell = self.getPLCShell() + self.plshell_version = self.getPLCShellVersion() + self.hrn = self.config.SFA_INTERFACE_HRN self.time_format = "%Y-%m-%d %H:%M:%S" - + self.logger=get_sfa_logger() def getPLCShell(self): self.plauth = {'Username': self.config.SFA_PLC_USER, 'AuthMethod': 'password', 'AuthString': self.config.SFA_PLC_PASSWORD} try: + self.plshell_type = 'direct' import PLC.Shell shell = PLC.Shell.Shell(globals = globals()) shell.AuthCheck(self.plauth) return shell except ImportError: + self.plshell_type = 'xmlrpc' # connect via xmlrpc url = self.config.SFA_PLC_URL - shell = xmlrpclib.Server(url, verbose = 0, allow_none = True) shell.AuthCheck(self.plauth) return shell @@ -159,25 +99,33 @@ class GeniAPI: else: return self.getCredentialFromRegistry() - def getCredentialFromRegistry(self): """ Get our credential from a remote registry using a geniclient connection """ type = 'authority' - path = self.config.SFA_BASE_DIR + path = self.config.SFA_DATA_DIR filename = ".".join([self.interface, self.hrn, type, "cred"]) cred_filename = path + os.sep + filename try: credential = Credential(filename = cred_filename) - return credential + return credential.save_to_string(save_parents=True) except IOError: from sfa.server.registry import Registries registries = Registries(self) registry = registries[self.hrn] - self_cred = registry.get_credential(None, type, self.hrn) - cred = registry.get_credential(self_cred, type, self.hrn) - cred.save_to_file(cred_filename, save_parents=True) + cert_string=self.cert.save_to_string(save_parents=True) + # get self credential + arg_list = [cert_string,type,self.hrn] + request_hash=self.key.compute_hash(arg_list) + self_cred = registry.get_self_credential(cert_string, type, self.hrn, request_hash) + # get credential + arg_list = [self_cred,type,self.hrn] + request_hash=self.key.compute_hash(arg_list) + cred = registry.get_credential(self_cred, type, self.hrn, request_hash) + + # save cred to file + Credential(string=cred).save_to_file(cred_filename, save_parents=True) return cred def getCredentialFromLocalRegistry(self): @@ -187,15 +135,17 @@ class GeniAPI: hrn = self.hrn auth_hrn = self.auth.get_authority(hrn) - if not auth_hrn: + + # is this a root or sub authority + if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN: auth_hrn = hrn auth_info = self.auth.get_auth_info(auth_hrn) - table = self.auth.get_auth_table(auth_hrn) - records = table.resolve('*', hrn) + table = GeniTable() + records = table.findObjects(hrn) if not records: raise RecordNotFound record = records[0] - type = record.get_type() + type = record['type'] object_gid = record.get_gid_object() new_cred = Credential(subject = object_gid.get_subject()) new_cred.set_gid_caller(object_gid) @@ -212,7 +162,7 @@ class GeniAPI: new_cred.encode() new_cred.sign() - return new_cred + return new_cred.save_to_string(save_parents=True) def loadCredential (self): @@ -224,7 +174,7 @@ class GeniAPI: # see if this file exists # XX This is really the aggregate's credential. Using this is easier than getting # the registry's credential from iteslf (ssl errors). - ma_cred_filename = self.config.SFA_BASE_DIR + os.sep + self.interface + self.hrn + ".ma.cred" + ma_cred_filename = self.config.SFA_DATA_DIR + os.sep + self.interface + self.hrn + ".ma.cred" try: self.credential = Credential(filename = ma_cred_filename) except IOError: @@ -294,8 +244,8 @@ class GeniAPI: @param record: record to fill in field (in/out param) """ - type = record.get_type() - pointer = record.get_pointer() + type = record['type'] + pointer = record['pointer'] auth_hrn = self.hrn login_base = '' # records with pointer==-1 do not have plc info associated with them. @@ -305,7 +255,7 @@ class GeniAPI: record.update({}) return - if (type in ["authority", "sa", "ma"]): + if (type in ["authority"]): pl_res = self.plshell.GetSites(self.plauth, [pointer]) elif (type == "slice"): pl_res = self.plshell.GetSlices(self.plauth, [pointer]) @@ -317,7 +267,7 @@ class GeniAPI: raise UnknownGeniType(type) if not pl_res: - raise PlanetLabRecordDoesNotExist(record.get_name()) + raise PlanetLabRecordDoesNotExist(record['hrn']) # convert ids to hrns pl_record = pl_res[0] @@ -357,35 +307,42 @@ class GeniAPI: record.update(pl_record) - def lookup_users(self, auth_table, user_id_list, role="*"): - record_list = [] - for person_id in user_id_list: - user_records = auth_table.find("user", person_id, "pointer") - for user_record in user_records: - self.fill_record_info(user_record) - user_roles = user_record.get("roles") - if (role=="*") or (role in user_roles): - record_list.append(user_record.get_name()) - return record_list def fill_record_geni_info(self, record): geni_info = {} - type = record.get_type() + type = record['type'] + table = GeniTable() if (type == "slice"): - auth_table = self.auth.get_auth_table(self.auth.get_authority(record.get_name())) person_ids = record.get("person_ids", []) - researchers = self.lookup_users(auth_table, person_ids) + persons = table.find({'type': 'user', 'pointer': person_ids}) + researchers = [person['hrn'] for person in persons] geni_info['researcher'] = researchers elif (type == "authority"): - auth_table = self.auth.get_auth_table(record.get_name()) person_ids = record.get("person_ids", []) - pis = self.lookup_users(auth_table, person_ids, "pi") - operators = self.lookup_users(auth_table, person_ids, "tech") - owners = self.lookup_users(auth_table, person_ids, "admin") - geni_info['pi'] = pis - geni_info['operator'] = operators - geni_info['owner'] = owners + persons = table.find({'type': 'user', 'pointer': person_ids}) + persons_dict = {} + for person in persons: + persons_dict[person['pointer']] = person + pl_persons = self.plshell.GetPersons(self.plauth, person_ids, ['person_id', 'roles']) + pis, techs, admins = [], [], [] + for person in pl_persons: + pointer = person['person_id'] + + if pointer not in persons_dict: + # this means there is not sfa record for this user + continue + hrn = persons_dict[pointer]['hrn'] + if 'pi' in person['roles']: + pis.append(hrn) + if 'tech' in person['roles']: + techs.append(hrn) + if 'admin' in person['roles']: + admins.append(hrn) + + geni_info['PI'] = pis + geni_info['operator'] = techs + geni_info['owner'] = admins # xxx TODO: OrganizationName elif (type == "node"): @@ -421,16 +378,10 @@ class GeniAPI: # build a list of the new person ids, by looking up each person to get # their pointer newIdList = [] - for hrn in newList: - auth_hrn = self.auth.get_authority(hrn) - if not auth_hrn: - auth_hrn = hrn - auth_info = self.auth.get_auth_info(auth_hrn) - table = self.auth.get_auth_table(auth_hrn) - records = table.resolve('user', hrn) - if records: - userRecord = records[0] - newIdList.append(userRecord.get_pointer()) + table = GeniTable() + records = table.find({'type': 'user', 'hrn': newList}) + for rec in records: + newIdList.append(rec['pointer']) # build a list of the old person ids from the person_ids field if oldRecord: @@ -445,13 +396,11 @@ class GeniAPI: # add people who are in the new list, but not the oldList for personId in newIdList: if not (personId in oldIdList): - print "adding id", personId, "to", record.get_name() addFunc(self.plauth, personId, containerId) # remove people who are in the old list, but not the new list for personId in oldIdList: if not (personId in newIdList): - print "removing id", personId, "from", record.get_name() delFunc(self.plauth, personId, containerId) def update_membership(self, oldRecord, record): @@ -464,74 +413,32 @@ class GeniAPI: pass - def callable(self, method): - """ - Return a new instance of the specified method. - """ - # Look up method - if method not in self.methods: - raise GeniInvalidAPIMethod, method - - # Get new instance of method - try: - classname = method.split(".")[-1] - module = __import__("sfa.methods." + method, globals(), locals(), [classname]) - callablemethod = getattr(module, classname)(self) - return getattr(module, classname)(self) - except ImportError, AttributeError: - raise - raise GeniInvalidAPIMethod, method - - def call(self, source, method, *args): - """ - Call the named method from the specified source with the - specified arguments. - """ - function = self.callable(method) - function.source = source - return function(*args) - def handle(self, source, data): - """ - Handle an XML-RPC or SOAP request from the specified source. - """ +class ComponentAPI(BaseAPI): - # Parse request into method name and arguments - try: - interface = xmlrpclib - (args, method) = xmlrpclib.loads(data) - methodresponse = True - except Exception, e: - if SOAPpy is not None: - interface = SOAPpy - (r, header, body, attrs) = parseSOAPRPC(data, header = 1, body = 1, attrs = 1) - method = r._name - args = r._aslist() - # XXX Support named arguments - else: - raise e + def __init__(self, config = "/etc/sfa/sfa_config", encoding = "utf-8", methods='sfa.methods', + peer_cert = None, interface = None, key_file = None, cert_file = None): - try: - result = self.call(source, method, *args) - except Exception, fault: - traceback.print_exc(file = log) - # Handle expected faults - if interface == xmlrpclib: - result = fault - methodresponse = None - elif interface == SOAPpy: - result = faultParameter(NS.ENV_T + ":Server", "Method Failed", method) - result._setDetail("Fault %d: %s" % (fault.faultCode, fault.faultString)) - else: - raise - - # Return result - if interface == xmlrpclib: - if not isinstance(result, GeniFault): - result = (result,) - - data = xmlrpclib.dumps(result, methodresponse = True, encoding = self.encoding, allow_none = 1) - elif interface == SOAPpy: - data = buildSOAP(kw = {'%sResponse' % method: {'Result': result}}, encoding = self.encoding) - - return data + BaseAPI.__init__(self, config=config, encoding=encoding, methods=methods, peer_cert=peer_cert, + interface=interface, key_file=key_file, cert_file=cert_file) + self.encoding = encoding + + # Better just be documenting the API + if config is None: + return + + self.nodemanager = self.getNodeManagerShell() + + def getNodeManagerShell(self): + # just import the nm api source + sys.path.append('/usr/share/NodeManager') + import api_calls + return api_calls + + + def sliver_exists(self): + sliver_dict = self.nodemanager.GetXIDs() + if slicename in sliver_dict.keys(): + return True + else: + return False