From: Sandrine Avakian Date: Wed, 10 Oct 2012 13:25:22 +0000 (+0200) Subject: Modified slabimporter to import X-Git-Tag: sfa-2.1-24~3^2~66 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=94d75f03bf809fdbc124d76bf4f4daeb30657594;p=sfa.git Modified slabimporter to import only user who have a valid ssh key. Does not import slice if user's key is invalid. --- diff --git a/sfa/importer/slabimporter.py b/sfa/importer/slabimporter.py index 325e526b..9dee88f5 100644 --- a/sfa/importer/slabimporter.py +++ b/sfa/importer/slabimporter.py @@ -12,7 +12,7 @@ from sfa.trust.gid import create_uuid from sfa.storage.alchemy import dbsession from sfa.storage.model import RegRecord, RegAuthority, RegSlice, RegNode, \ RegUser, RegKey - +from sfa.util.sfalogging import logger from sqlalchemy.exc import SQLAlchemyError @@ -23,9 +23,10 @@ def _get_site_hrn(site): class SlabImporter: - def __init__ (self, auth_hierarchy, logger): + def __init__ (self, auth_hierarchy, loc_logger): self.auth_hierarchy = auth_hierarchy - self.logger=logger + self.logger = loc_logger + self.logger.setLevelDebug() def hostname_to_hrn_escaped(self, root_auth, hostname): return '.'.join( [root_auth,Xrn.escape(hostname)] ) @@ -170,24 +171,33 @@ class SlabImporter: if len(person_hrn) > 64: person_hrn = person_hrn[:64] person_urn = hrn_to_urn(person_hrn, 'user') - user_record = self.find_record_by_type_hrn( 'user', person_hrn) + user_record = self.find_record_by_type_hrn('user', person_hrn) slice_record = self.find_record_by_type_hrn ('slice', slice_hrn) # return a tuple pubkey (a plc key object) and pkey (a Keypair object) def init_person_key (person, slab_key): - pubkey=None - if person['pkey']: + pubkey = None + if person['pkey'] and 'ssh-rsa' in person['pkey']: # randomly pick first key in set pubkey = slab_key + try: pkey = convert_public_key(pubkey) - except: - self.logger.warn('SlabImporter: unable to convert public key for %s' % person_hrn) + except TypeError: + #key not good. create another pkey + self.logger.warn('SlabImporter: \ + unable to convert public \ + key for %s' % person_hrn) pkey = Keypair(create=True) + else: # the user has no keys. Creating a random keypair for the user's gid - self.logger.warn("SlabImporter: person %s does not have a PL public key"%person_hrn) - pkey = Keypair(create=True) + #self.logger.warn("SlabImporter: person %s does not have a PL public key"%person_hrn) + #pkey = Keypair(create=True) commented out SA 10/10/12 + #TODO SA 10/10/12 If no valid key in ldap,user and slice + #not imported + pubkey = None + pkey = None return (pubkey, pkey) @@ -196,29 +206,30 @@ class SlabImporter: # new person if not user_record: (pubkey,pkey) = init_person_key (person, slab_key ) - person_gid = self.auth_hierarchy.create_gid(person_urn, create_uuid(), pkey) - if person['email']: - print>>sys.stderr, "\r\n \r\n SLAB IMPORTER PERSON EMAIL OK email %s " %(person['email']) - person_gid.set_email(person['email']) - user_record = RegUser (hrn=person_hrn, gid=person_gid, - pointer='-1', - authority=get_authority(person_hrn), - email=person['email']) - else: - user_record = RegUser (hrn=person_hrn, gid=person_gid, - pointer='-1', - authority=get_authority(person_hrn)) - - if pubkey: - user_record.reg_keys=[RegKey (pubkey)] - else: - self.logger.warning("No key found for user %s"%user_record) - user_record.just_created() - dbsession.add (user_record) - dbsession.commit() - self.logger.info("SlabImporter: imported person: %s" % user_record) - print>>sys.stderr, "\r\n \r\n SLAB IMPORTER PERSON IMPORT NOTuser_record %s " %(user_record) - self.update_just_added_records_dict( user_record ) + if pubkey is not None and pkey is not None : + person_gid = self.auth_hierarchy.create_gid(person_urn, create_uuid(), pkey) + if person['email']: + print>>sys.stderr, "\r\n \r\n SLAB IMPORTER PERSON EMAIL OK email %s " %(person['email']) + person_gid.set_email(person['email']) + user_record = RegUser (hrn=person_hrn, gid=person_gid, + pointer='-1', + authority=get_authority(person_hrn), + email=person['email']) + else: + user_record = RegUser (hrn=person_hrn, gid=person_gid, + pointer='-1', + authority=get_authority(person_hrn)) + + if pubkey: + user_record.reg_keys = [RegKey (pubkey)] + else: + self.logger.warning("No key found for user %s"%user_record) + user_record.just_created() + dbsession.add (user_record) + dbsession.commit() + self.logger.info("SlabImporter: imported person: %s" % user_record) + print>>sys.stderr, "\r\n \r\n SLAB IMPORTER PERSON IMPORT NOTuser_record %s " %(user_record) + self.update_just_added_records_dict( user_record ) else: # update the record ? # if user's primary key has changed then we need to update the @@ -246,9 +257,9 @@ class SlabImporter: try: slice = slices_by_userid[user_record.record_id] except: - self.logger.warning ("SlabImporter: cannot locate slices_by_userid[user_record.record_id] %s - ignored"%user_record.record_id ) - if not slice_record: - + self.logger.warning ("SlabImporter: cannot locate slices_by_userid[user_record.record_id] %s - ignored"%user_record) + + if not slice_record and user_record: try: pkey = Keypair(create=True) urn = hrn_to_urn(slice_hrn, 'slice') @@ -271,6 +282,9 @@ class SlabImporter: slab_dbsession.commit() self.logger.info("SlabImporter: imported slice: %s" % slice_record) self.update_just_added_records_dict ( slice_record ) + slice_record.reg_researchers = [user_record] + dbsession.commit() + slice_record.stale=False except: self.logger.log_exc("SlabImporter: failed to import slice") @@ -281,9 +295,11 @@ class SlabImporter: pass # record current users affiliated with the slice - slice_record.reg_researchers = [user_record] - dbsession.commit() - slice_record.stale=False + #TODO SA 10/10/12 commented out No slice if user does not have + #valide ssh key + #slice_record.reg_researchers = [user_record] + #dbsession.commit() + #slice_record.stale=False diff --git a/sfa/senslab/config/bash_nukem b/sfa/senslab/config/bash_nukem index 8bcbf3fc..28aa5581 100755 --- a/sfa/senslab/config/bash_nukem +++ b/sfa/senslab/config/bash_nukem @@ -65,7 +65,7 @@ sudo python setup.py install sudo cp $git_local_repo/sfa/senslab/config/$vm/sfa_config.xml /etc/sfa/sfa_config.xml sudo cp $git_local_repo/sfa/senslab/config/$vm/default_config.xml /etc/sfa/default_config.xml # sudo cp $git_local_repo/sfa/senslab/config/$vm/site.xml /etc/sfa/site.xml -sudo cp $git_local_repo/sfa/senslab/config/$vm/site_config /etc/sfa/configs/site_config +# sudo cp $git_local_repo/sfa/senslab/config/$vm/site_config /etc/sfa/configs/site_config # sudo ln -s ldap_config.py /etc/sfa/ldap_config.py sudo cp $git_local_repo/sfa/senslab/config/ldap_config.py /etc/sfa/ldap_config.py sudo service sfa restart diff --git a/sfa/senslab/tests/TestSuite.py b/sfa/senslab/tests/TestSuite.py index 2f33f5d9..e3720f5a 100644 --- a/sfa/senslab/tests/TestSuite.py +++ b/sfa/senslab/tests/TestSuite.py @@ -152,26 +152,26 @@ def TestLdap(job_id = None): record_avakian['first_name'] = 'sandrine' record_avakian['mail'] = 'sandrine.avakian@inria.fr' pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwSUkJ+cr3xM47h8lFkIXJoJhg4wHakTaLJmgTXkzvUmQsQeFB2MjUZ6WAelMXj/EFz2+XkK+bcWNXwfbrLptJQ+XwGpPZlu9YV/kzO63ghVrAyEg0+p7Pn1TO9f1ZYg4R6JfP/3qwH1AsE+X3PNpIewsuEIKwd2wUCJDf5RXJTpl39GizcBFemrRqgs0bdqAN/vUT9YvtWn8fCYR5EfJHVXOK8P1KmnbuGZpk7ryz21pDMlgw13+8aYB+LPkxdv5zG54A5c6o9N3zOCblvRFWaNBqathS8y04cOYWPmyu+Q0Xccwi7vM3Ktm8RoJw+raQNwsmneJOm6KXKnjoOQeiQ== savakian@sfa2.grenoble.senslab.info" - - record_myslice = {} - record_myslice['hrn']= 'senslab2.myslice' - record_myslice['last_name'] = 'myslice' - record_myslice['first_name'] = 'myslice' - record_myslice['mail'] = 'nturro@inria.fr' - pubkeymyslice = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuyRPwn8PZxjdhu+ciRuPyM0eVBn7XS7i3tym9F30UVhaCd09a/UEmGn7WJZdfsxV3hXqG1Wc766FEst97NuzHzELSuvy/rT96J0UHG4wae4pnzOLd6NwFdZh7pkPsgHMHxK9ALVE68Puu+EDSOB5bBZ9Q624wCIGxEpmuS/+X+dDBTKgG5Hi0WA1uKJwhLSbbXb38auh4FlYgXPsdpljTIJatt+zGL0Zsy6fdrsVRc5W8kr3/SmE4OMNyabKBNyxioSEuYhRSjoQAHnYoevEjZniP8IzscKK7qwelzGUfnJEzexikhsQamhAFti2ReiFfoHBRZxnSc49ioH7Kaci5w== root@rhoecos3.ipv6.lip6.fr" - - pubkeytestuser = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYS8tzufciTm6GdNUGHQc64OfTxFebMYUwh/Jl04IPTvjjr26uakbM0M2v33HxZ5Q7PnmPN9pB/w+a+f7a7J4cNs/tApOMg2hb6UrLaOrdnDMOs4KZlfElyDsF3Zx5QwxPYvzsKADAbDVoX4NF9PttuDLdm2l3nLSvm89jfla00GBg+K8grdOCHyYZVX/Wt7kxhXDK3AidQhKJgn+iD5GxvtWMBE+7S5kJGdRW1W10lSLBW3+VNsCrKJB2s8L55Xz/l2HNBScU7T0VcMQJrFxEXKzLPagZsMz0lfLzHESoGHIZ3Tz85DfECbTtMxLts/4KoAEc3EE+PYr2VDeAggDx testuser@myslice" ret = ldap.LdapModifyUser(record_avakian, {'sshPublicKey':pubkey}) + print "\r\n Sandrine \tChange pubkey LdapModifyUser ", ret + #record_myslice = {} + #record_myslice['hrn']= 'senslab2.myslice' + #record_myslice['last_name'] = 'myslice' + #record_myslice['first_name'] = 'myslice' + #record_myslice['mail'] = 'nturro@inria.fr' + #pubkeymyslice = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuyRPwn8PZxjdhu+ciRuPyM0eVBn7XS7i3tym9F30UVhaCd09a/UEmGn7WJZdfsxV3hXqG1Wc766FEst97NuzHzELSuvy/rT96J0UHG4wae4pnzOLd6NwFdZh7pkPsgHMHxK9ALVE68Puu+EDSOB5bBZ9Q624wCIGxEpmuS/+X+dDBTKgG5Hi0WA1uKJwhLSbbXb38auh4FlYgXPsdpljTIJatt+zGL0Zsy6fdrsVRc5W8kr3/SmE4OMNyabKBNyxioSEuYhRSjoQAHnYoevEjZniP8IzscKK7qwelzGUfnJEzexikhsQamhAFti2ReiFfoHBRZxnSc49ioH7Kaci5w== root@rhoecos3.ipv6.lip6.fr" - print "\r\n Sandrine \tChange pubkey LdapModifyUser ", ret + #pubkeytestuser = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYS8tzufciTm6GdNUGHQc64OfTxFebMYUwh/Jl04IPTvjjr26uakbM0M2v33HxZ5Q7PnmPN9pB/w+a+f7a7J4cNs/tApOMg2hb6UrLaOrdnDMOs4KZlfElyDsF3Zx5QwxPYvzsKADAbDVoX4NF9PttuDLdm2l3nLSvm89jfla00GBg+K8grdOCHyYZVX/Wt7kxhXDK3AidQhKJgn+iD5GxvtWMBE+7S5kJGdRW1W10lSLBW3+VNsCrKJB2s8L55Xz/l2HNBScU7T0VcMQJrFxEXKzLPagZsMz0lfLzHESoGHIZ3Tz85DfECbTtMxLts/4KoAEc3EE+PYr2VDeAggDx testuser@myslice" - password = "ReptileFight" - enc = ldap.encrypt_password(password) - print "\r\n sandrine \tencrypt_password ", enc + + + #password = "ReptileFight" + #enc = ldap.encrypt_password(password) + #print "\r\n sandrine \tencrypt_password ", enc - ret = ldap.LdapModifyUser(record_avakian, {'userPassword':enc}) - print "\r\n sandrine \tChange password LdapModifyUser ", ret + #ret = ldap.LdapModifyUser(record_avakian, {'userPassword':enc}) + #print "\r\n sandrine \tChange password LdapModifyUser ", ret return