Thierry Parmentelat [Thu, 9 Apr 2015 09:27:42 +0000 (11:27 +0200)]
Setting tag sfa-3.1-14
for SSL & python-2.7.9: ignore server verification
assume 2.7: remove compat code - always use HTTPSConnection (not HTTPS anymore)
fix: Reset GIDs works even if user has no pub_key
tweak for ubuntu (that does not have systemctl)
iotlab driver: fix ldap account creation at each lease
miscell cosmetic & layout
Thierry Parmentelat [Tue, 17 Mar 2015 13:43:19 +0000 (14:43 +0100)]
remove spurrious print
Thierry Parmentelat [Tue, 17 Mar 2015 13:42:21 +0000 (14:42 +0100)]
clean up code for python < 2.7
Thierry Parmentelat [Tue, 17 Mar 2015 13:38:48 +0000 (14:38 +0100)]
Merge branch 'geni-v3' of ssh://git.onelab.eu/git/sfa into geni-v3
Thierry Parmentelat [Tue, 17 Mar 2015 13:38:18 +0000 (14:38 +0100)]
turn off server verification for python-2.7.9
Loic Baron [Wed, 4 Mar 2015 12:51:58 +0000 (13:51 +0100)]
Merge branch 'geni-v3' of ssh://git.onelab.eu/git/sfa into geni-v3
Loic Baron [Wed, 4 Mar 2015 12:47:47 +0000 (13:47 +0100)]
Fix: Reset GIDs works even if user has no pub_key
Thierry Parmentelat [Mon, 2 Mar 2015 20:05:05 +0000 (21:05 +0100)]
fix typo that caused a syntax error
Thierry Parmentelat [Mon, 2 Mar 2015 16:34:27 +0000 (17:34 +0100)]
clean up unneeded imports
Thierry Parmentelat [Mon, 2 Mar 2015 16:34:09 +0000 (17:34 +0100)]
cosmetic
Thierry Parmentelat [Mon, 2 Mar 2015 16:33:35 +0000 (17:33 +0100)]
sfi to log the url is uses to bootstrap client stuff
Thierry Parmentelat [Mon, 2 Mar 2015 16:32:50 +0000 (17:32 +0100)]
force not using systemctl if not present - suggested by Ciro for ubuntu
Thierry Parmentelat [Tue, 20 Jan 2015 08:57:36 +0000 (09:57 +0100)]
for fedora21
tweak the way the result of xmlsec1 verify is deemed fine or not
formerly we scanned stdout and looked for OK on the first line
now we rely on the exit code of xmlsec1, and read its output only for informating about the error
Thierry Parmentelat [Tue, 20 Jan 2015 08:54:54 +0000 (09:54 +0100)]
narrower text again
Thierry Parmentelat [Tue, 20 Jan 2015 08:03:11 +0000 (09:03 +0100)]
add debug trace when invoking xmlsec1
+ miscell reformatting for narrower text
fsaintma [Thu, 8 Jan 2015 16:13:29 +0000 (17:13 +0100)]
fix ldap bug account creation at each lease
Thierry Parmentelat [Mon, 1 Dec 2014 15:15:08 +0000 (16:15 +0100)]
Setting tag sfa-3.1-13
bugfix - was adding extraneous backslashes in email address when attempting to AddPerson
Thierry Parmentelat [Tue, 18 Nov 2014 22:31:11 +0000 (23:31 +0100)]
fix for Brecht; when forging the email we were adding a hrn that had backslashes; get rid of those
Thierry Parmentelat [Thu, 25 Sep 2014 17:21:57 +0000 (19:21 +0200)]
check for python-2.7 so that pip installs get a proper message when not under 2.7
Thierry Parmentelat [Mon, 15 Sep 2014 18:56:02 +0000 (20:56 +0200)]
Setting tag sfa-3.1-12
getting closer with the pip/pypi packaging
Thierry Parmentelat [Mon, 15 Sep 2014 18:54:07 +0000 (20:54 +0200)]
protect for cases where index.html and/or LICENSE.txt are not found (like on the pip-install side apparently)
Thierry Parmentelat [Mon, 15 Sep 2014 15:10:30 +0000 (17:10 +0200)]
remove setup.cfg and put everythin in setup.py
also the field names need to be description and long_description - and not summary and description that I had read before; this I believe is for a more recent version of setup.py (or older, go figure)
Thierry Parmentelat [Mon, 15 Sep 2014 14:16:33 +0000 (16:16 +0200)]
Setting tag sfa-3.1-11
various tweaks for the openlab demo
first stab at uploading onto a pypi (for pip install sfa)
Thierry Parmentelat [Mon, 15 Sep 2014 14:14:12 +0000 (16:14 +0200)]
a first step towards publishing on pypi (so that one can install this using pip install sfa)
Thierry Parmentelat [Mon, 15 Sep 2014 07:46:01 +0000 (09:46 +0200)]
provide a more decent default to SCMURL for version.py when not run from within a build box
hopefully useful for when pushing onto pypi - if we can get that to work
Thierry Parmentelat [Mon, 15 Sep 2014 07:45:11 +0000 (09:45 +0200)]
use markdown for the README - updated that one with more deatils and links
Thierry Parmentelat [Wed, 10 Sep 2014 15:40:15 +0000 (17:40 +0200)]
Merge branch 'geni-v3' of ssh://git.onelab.eu/git/sfa into geni-v3
# Please enter a commit message to explain why this merge is necessary,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
Thierry Parmentelat [Wed, 10 Sep 2014 14:53:18 +0000 (16:53 +0200)]
updated licence
Loic Baron [Thu, 4 Sep 2014 17:08:14 +0000 (19:08 +0200)]
RSpecs optional parameter expires to manage reservation of resources in WiLab.t
Loic Baron [Thu, 4 Sep 2014 12:14:16 +0000 (14:14 +0200)]
SFA RSpec ttl param set expires tag to 60 min as default
Loic Baron [Thu, 4 Sep 2014 12:13:27 +0000 (14:13 +0200)]
MyPLC fix: slice expires set with UpdateSlice, not possbile with AddSlice
Loic Baron [Tue, 2 Sep 2014 16:06:27 +0000 (18:06 +0200)]
Reset GIDs in SFA DB - allows to use email in SubjectAltName of the GIDs
Loic Baron [Tue, 2 Sep 2014 13:29:01 +0000 (15:29 +0200)]
GID using email in SubjectAltName
Thierry Parmentelat [Fri, 22 Aug 2014 16:14:06 +0000 (18:14 +0200)]
AddPerson ignores 'enabled':True, need to issue an UpdatePerson specifically
Thierry Parmentelat [Wed, 20 Aug 2014 14:19:29 +0000 (16:19 +0200)]
Setting tag sfa-3.1-10
rewrote an optimized version of verify_persons in the PL driver:
Allocate and Provision should now perform much faster
in the bargain, changed the way dummy persons are created by SFA:
the sfa email is used when free, otherwise a fake email is made up from hrn
e.g. hrn=onelab.inria.thierry_parmentelat -> email=thierry_parmentelat@onelab.inria.stub
verify_chain debug flow does not up any more by default
various fixes in the iotlab driver
Jordan Augé [Wed, 20 Aug 2014 13:25:07 +0000 (15:25 +0200)]
Merge branch 'geni-v3' of ssh://git.onelab.eu/git/sfa into geni-v3
Jordan Augé [Wed, 20 Aug 2014 13:24:30 +0000 (15:24 +0200)]
iotlab driver fixed for OneLab in Production
Thierry Parmentelat [Wed, 20 Aug 2014 11:00:58 +0000 (13:00 +0200)]
allow allocate to receive an empty rspec, which is the only way a user can release her resources
Thierry Parmentelat [Wed, 20 Aug 2014 10:25:11 +0000 (12:25 +0200)]
debug statements about verify_chain are very verbose, so they are now disabled by default
Thierry Parmentelat [Wed, 20 Aug 2014 10:24:21 +0000 (12:24 +0200)]
Hopefully this version of plslices.py should be usable
Slightly changed the strategy for creating dummy person instances
It is first attempted with the email provided by the caller, but that might fail because of email duplication
In this case we use an email that is derived from the hrn, like e.g.
hrn=onelab.inria.thierry_parmentelat -> email=thierry_parmentelat@onelab.inria.stub
Thierry Parmentelat [Tue, 19 Aug 2014 22:33:00 +0000 (00:33 +0200)]
further refinements to plslices
avoid retrieving all sites
set all attributes at creation time instead of creating and then updating multiple times
Thierry Parmentelat [Tue, 19 Aug 2014 18:07:27 +0000 (20:07 +0200)]
avoiding an API call if possible
Thierry Parmentelat [Tue, 19 Aug 2014 18:07:09 +0000 (20:07 +0200)]
various bug fixes on the new release of verify_persons
Thierry Parmentelat [Tue, 19 Aug 2014 13:21:52 +0000 (15:21 +0200)]
rewrote verify_persons
this takes advantage of (and requires) plcapi-5.3.5, so we don't need to query the whole set of Persons and Slices and all
result is much more efficient than the previous release
also it is expected to fix the issue with onelab users coming with the same email as their ple counterpart
Thierry Parmentelat [Mon, 18 Aug 2014 15:57:50 +0000 (17:57 +0200)]
cleanup
Loic Baron [Thu, 31 Jul 2014 09:41:39 +0000 (11:41 +0200)]
ofelia rspecs: default parameter for filter is None
Loic Baron [Wed, 30 Jul 2014 16:16:05 +0000 (18:16 +0200)]
iotlab driver: wip fixing Timur's bug when a user already has an account in LDAP, the system doesn't know how to choose between 2 accounts, we maybe should add a user_hrn or user_urn in iotlab LDAP
Loic Baron [Wed, 30 Jul 2014 14:40:15 +0000 (16:40 +0200)]
Merge branch 'iotlab_fixes' into geni-v3
Conflicts:
sfa/iotlab/OARrestapi.py
sfa/iotlab/iotlabaggregate.py
sfa/iotlab/iotlabdriver.py
sfa/iotlab/iotlabshell.py
sfa/iotlab/iotlabslices.py
Loic Baron [Wed, 30 Jul 2014 14:03:10 +0000 (16:03 +0200)]
iotlab driver: OAR rest API sends back error messages, Applying Jordan's changes
Loic Baron [Wed, 30 Jul 2014 14:01:24 +0000 (16:01 +0200)]
iotlab driver: Applying Jordan's changes in iotlabslices.py
Loic Baron [Wed, 30 Jul 2014 13:52:33 +0000 (15:52 +0200)]
iotlab driver: Removed the 4 minutes, which were added by default to the leases in order to have aligned timeslots in MySlice
Loic Baron [Wed, 30 Jul 2014 13:47:32 +0000 (15:47 +0200)]
iotlab driver: applying Jordan's fixes to the driver
Loic Baron [Wed, 30 Jul 2014 12:05:03 +0000 (14:05 +0200)]
iotlab driver: Merge allowing to validate delegated credentials, Fix of Allocate and Provision
Loic Baron [Wed, 30 Jul 2014 08:15:32 +0000 (10:15 +0200)]
Merge branch 'geni-v3' of ssh://git.onelab.eu/git/sfa into geni-v3
Conflicts:
sfa/iotlab/iotlabaggregate.py
sfa/iotlab/iotlabslices.py
Loic Baron [Wed, 30 Jul 2014 05:17:49 +0000 (07:17 +0200)]
Trying to fix iotlab driver, need to be tested
Loic Baron [Wed, 23 Jul 2014 13:01:29 +0000 (15:01 +0200)]
Merge branch 'geni-v3' of ssh://git.onelab.eu/git/sfa into geni-v3
Conflicts:
sfa/rspecs/rspec.py
Loic Baron [Wed, 23 Jul 2014 12:53:58 +0000 (14:53 +0200)]
RSpec: added a ttl parameter, this duration will set the expires tag in request rspec, default=60 minutes
Thierry Parmentelat [Mon, 21 Jul 2014 20:46:40 +0000 (22:46 +0200)]
Setting tag sfa-3.1-9
Register can change the user keys using 'reg-keys' as well as 'keys'
also accept a single string rather than a list of keys
remove 'geni_api' from the registry GetVersion (which is not based on geni anymore)
bump the 'sfa' tag in the same registry GetVersion to 3
remove all mutable used as default arguments
Thierry Parmentelat [Fri, 18 Jul 2014 14:52:38 +0000 (16:52 +0200)]
accept a 'reg-keys' argument as a simple string insted of a list of strings in Register
Thierry Parmentelat [Fri, 18 Jul 2014 14:31:01 +0000 (16:31 +0200)]
previous change was not correct
Thierry Parmentelat [Fri, 18 Jul 2014 13:51:31 +0000 (15:51 +0200)]
dealing with reg-keys vs just keys
because of the high number of occurrences of 'keys' in the code, I do a quick and dirty thing but it could probably use more care
Thierry Parmentelat [Fri, 18 Jul 2014 10:48:49 +0000 (12:48 +0200)]
remove 'geni_api' from the registry GetVersion (which is not based on geni anymore)
and bump the 'sfa' tag in the same registry GetVersion to 3
Thierry Parmentelat [Thu, 17 Jul 2014 11:14:15 +0000 (13:14 +0200)]
huge cleanup for removing mutables used as default
http://stackoverflow.com/questions/1132941/least-astonishment-in-python-the-mutable-default-argument
Thierry Parmentelat [Thu, 5 Jun 2014 07:03:32 +0000 (09:03 +0200)]
Setting tag sfa-3.1-8
bugfix, sfi remove was broken
Thierry Parmentelat [Thu, 5 Jun 2014 07:01:03 +0000 (09:01 +0200)]
bugfix - sfi remove was broken
Thierry Parmentelat [Wed, 4 Jun 2014 09:53:38 +0000 (11:53 +0200)]
Setting tag sfa-3.1-7
sfi return code should be more meaningful - not yet for all commands though
DEFAULT_CREDENTIAL_LIFETIME now 28 days (was 31)
dropped support for legacy credentials
bugfix: short-lived credentials triggered a bug with UTC translated into localtime
further minor cleanup of timestamp formats
Thierry Parmentelat [Wed, 4 Jun 2014 08:22:41 +0000 (10:22 +0200)]
cleanup
Thierry Parmentelat [Wed, 4 Jun 2014 07:46:45 +0000 (09:46 +0200)]
restore default credential validity period to 28 days
had been inadvertantly committed as 2 hours for a while when debugging the short-lived credential issue
used to be 31 days prior to that
Thierry Parmentelat [Wed, 4 Jun 2014 07:44:23 +0000 (09:44 +0200)]
cosmetic, rename variable expected to be a datetime as 'dt' as opposed to 'input' that can be a string or number or datetime
Thierry Parmentelat [Wed, 4 Jun 2014 07:42:55 +0000 (09:42 +0200)]
bugfix for the issue reported by Brecht when using short-lived credentials
there was one conversion that mixed UTC and localtime in datetime_to_epoch
Thierry Parmentelat [Tue, 3 Jun 2014 15:06:24 +0000 (17:06 +0200)]
more cleanup on timestamps - issue with short-lived credentials still present though
Thierry Parmentelat [Tue, 3 Jun 2014 15:05:47 +0000 (17:05 +0200)]
debug msgs
Thierry Parmentelat [Tue, 3 Jun 2014 15:03:43 +0000 (17:03 +0200)]
a little more robust against odd conditions
Thierry Parmentelat [Tue, 3 Jun 2014 14:54:05 +0000 (16:54 +0200)]
sfi retcod should now be a bit more meaningful - maybe not for all commands though
not quite sure how a returnvalue should be analyzed - see method 'success' here
Thierry Parmentelat [Mon, 2 Jun 2014 14:56:41 +0000 (16:56 +0200)]
more accurate comment
Thierry Parmentelat [Mon, 2 Jun 2014 14:56:23 +0000 (16:56 +0200)]
this goes with previous commit
Thierry Parmentelat [Mon, 2 Jun 2014 14:55:41 +0000 (16:55 +0200)]
drop support for legacy credentials
Thierry Parmentelat [Mon, 2 Jun 2014 08:09:39 +0000 (10:09 +0200)]
Setting tag sfa-3.1-6
iotlab driver: Allocate uses OAR
iotlab driver: using actual_caller_hrn
Loic Baron [Fri, 30 May 2014 15:55:38 +0000 (17:55 +0200)]
iotlab driver: using actual_caller_hrn form options on Allocate call, allow the testbed to know which of the users of the slice launched the call, works even with delegated creds
Loic Baron [Fri, 30 May 2014 15:00:15 +0000 (17:00 +0200)]
Merge branch 'geni-v3' of git.onelab.eu/sfa into geni-v3
Loic Baron [Fri, 30 May 2014 14:58:57 +0000 (16:58 +0200)]
iotlab driver: updated the Allocate function to work with the iotlab testbed using OAR
Thierry Parmentelat [Wed, 28 May 2014 22:28:50 +0000 (00:28 +0200)]
Setting tag sfa-3.1-5
Slice Manager is down by default
sfi renew -l/--as-long-as-possible and e.g. sfi renew <> +2[d|w|m]
also renew tries to find a max date for renewal instead of bailing out
sfaclientlib file names scheme keeps track of user as well as object for credentials
none fields get removed before sending over xmlrpc - partially for now
cleanup on time formats and - hopefully timezones
cleanup on speaking_for
Allocate passes actual_caller_hrn as part of options to driver
iotlab driver and leases
new modules abac_credential, credential_factory and speaksfor_util
Thierry Parmentelat [Wed, 28 May 2014 22:22:49 +0000 (00:22 +0200)]
dos2unix'ed abac_credential
Thierry Parmentelat [Wed, 28 May 2014 15:49:17 +0000 (17:49 +0200)]
oops this was meant in the previous commit
Thierry Parmentelat [Wed, 28 May 2014 15:41:29 +0000 (17:41 +0200)]
always using utcnow on datetime objects
Thierry Parmentelat [Wed, 28 May 2014 14:37:46 +0000 (16:37 +0200)]
substantial cleanup of the renew method and client
* sfi -l aka --as-long-as-possible is supported in sfi
* sfi renew <> +2d / +3w / +4m is now working as well as the other time formats (int, rfc3339...)
* most importantly the final expiration time is trimmed to the min of credential expiration and max_slice_renewal, but goes on with these values instead of whining
Thierry Parmentelat [Wed, 28 May 2014 13:43:03 +0000 (15:43 +0200)]
provide an example to sfi renew help
Thierry Parmentelat [Wed, 28 May 2014 10:57:00 +0000 (12:57 +0200)]
more helpful log line for Renew
Thierry Parmentelat [Wed, 28 May 2014 10:52:06 +0000 (12:52 +0200)]
remove duplicate log line
Thierry Parmentelat [Wed, 28 May 2014 10:30:56 +0000 (12:30 +0200)]
describe now returns something so we can properly fetch the rspec in there
Thierry Parmentelat [Wed, 28 May 2014 10:30:26 +0000 (12:30 +0200)]
review and clean up the speaks_for mess
some methods seem to need this addition too but for now I'd rather not mix both issues
Thierry Parmentelat [Wed, 28 May 2014 08:36:35 +0000 (10:36 +0200)]
turn off slice manager by default
Thierry Parmentelat [Wed, 28 May 2014 07:47:18 +0000 (09:47 +0200)]
cosmetic again
Thierry Parmentelat [Tue, 27 May 2014 20:48:18 +0000 (22:48 +0200)]
cosmetic, create a single Credential instance named the_credential
Thierry Parmentelat [Tue, 27 May 2014 20:45:47 +0000 (22:45 +0200)]
Credential.actual_caller_hrn tries to find out who is really calling, for delegated credentials
Allocate takes advantage of this to pass options['actual_caller_hrn'] to its driver
Tony Mack [Mon, 26 May 2014 21:30:08 +0000 (17:30 -0400)]
remove references to speaking_for_hrn
Thierry Parmentelat [Mon, 26 May 2014 11:05:31 +0000 (13:05 +0200)]
another attempts at working arouns the options issue
Thierry Parmentelat [Mon, 26 May 2014 11:05:15 +0000 (13:05 +0200)]
undo woraround before we try something else
Thierry Parmentelat [Mon, 26 May 2014 09:48:50 +0000 (11:48 +0200)]
it is wrong and dangerous to define defaut arguments as a mutable like []
Thierry Parmentelat [Mon, 26 May 2014 09:48:06 +0000 (11:48 +0200)]
woraround for undefined 'options' in checkCredentials