From 6a9f8253aa3830363b1ac4917b77c287aabc9cc2 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Fri, 9 Mar 2012 16:52:34 -0500 Subject: [PATCH] implemnt more certificate and aggregate commands --- sfa/clientbin/sfaadmin.py | 110 +++++++++++++++++++++++++++++++++----- 1 file changed, 97 insertions(+), 13 deletions(-) diff --git a/sfa/clientbin/sfaadmin.py b/sfa/clientbin/sfaadmin.py index 90c3f745..276943b6 100755 --- a/sfa/clientbin/sfaadmin.py +++ b/sfa/clientbin/sfaadmin.py @@ -8,8 +8,10 @@ from pprint import PrettyPrinter from sfa.util.xrn import Xrn from sfa.storage.record import Record from sfa.client.sfi import save_records_to_file -pprinter = PrettyPrinter(indent=4) +from sfa.trust.hierarchy import Hierarchy +from sfa.trust.gid import GID +pprinter = PrettyPrinter(indent=4) def args(*args, **kwargs): def _decorator(func): @@ -26,8 +28,8 @@ class Commands(object): available_methods.append(attrib) return available_methods -class RegistryCommands(Commands): +class RegistryCommands(Commands): def __init__(self, *args, **kwds): self.api= Generic.the_flavour().make_api(interface='registry') @@ -76,21 +78,91 @@ class RegistryCommands(Commands): def credential(self, xrn, type=None): cred = self.api.manager.GetCredential(self.api, xrn, type, self.api.hrn) print cred + + + def import_registry(self): + pass + + @args('-a', '--all', dest='all', metavar='', action='store_true', default=False, + help='Remove all registry records and all files in %s area' % Hierarchy().basedir) + @args('-c', '--certs', dest='certs', metavar='', action='store_true', default=False, + help='Remove all cached certs/gids found in %s' % Hierarchy().basedir ) + @args('-0', '--no-reinit', dest='reinit', metavar='', action='store_false', default=True, + help='By default a new DB schema is installed after the cleanup; this option prevents that') + def nuke(self, all=False, certs=False, reinit=True): + from sfa.storage.dbschema import DBSchema + from sfa.util.sfalogging import _SfaLogger + logger = _SfaLogger(logfile='/var/log/sfa_import.log', loggername='importlog') + logger.setLevelFromOptVerbose(self.api.config.SFA_API_LOGLEVEL) + logger.info("Purging SFA records from database") + dbschema=DBSchema() + dbschema.nuke() + + # for convenience we re-create the schema here, so there's no need for an explicit + # service sfa restart + # however in some (upgrade) scenarios this might be wrong + if options.reinit: + logger.info("re-creating empty schema") + dbschema.init_or_upgrade() + + # remove the server certificate and all gids found in /var/lib/sfa/authorities + if options.clean_certs: + logger.info("Purging cached certificates") + for (dir, _, files) in os.walk('/var/lib/sfa/authorities'): + for file in files: + if file.endswith('.gid') or file == 'server.cert': + path=dir+os.sep+file + os.unlink(path) + + # just remove all files that do not match 'server.key' or 'server.cert' + if options.all: + logger.info("Purging registry filesystem cache") + preserved_files = [ 'server.key', 'server.cert'] + for (dir,_,files) in os.walk(Hierarchy().basedir): + for file in files: + if file in preserved_files: continue + path=dir+os.sep+file + os.unlink(path) + class CerficiateCommands(Commands): - def import_records(self, xrn): + def import_gid(self, xrn): pass - def export(self, xrn): - pass - - def display(self, xrn): - pass - - def nuke(self): - pass + @args('-x', '--xrn', dest='xrn', metavar='', help='object hrn/urn') + @args('-t', '--type', dest='type', metavar='', help='object type', default=None) + @args('-o', '--outfile', dest='outfile', metavar='', help='output file', default=None) + def export(self, xrn, type=None, outfile=None): + request=dbsession.query(RegRecord).filter_by(hrn=hrn) + if type: request = request.filter_by(type=type) + record=request.first() + if record: + gid = GID(string=record.gid) + else: + # check the authorities hierarchy + hierarchy = Hierarchy() + try: + auth_info = hierarchy.get_auth_info(hrn) + gid = auth_info.gid_object + except: + print "Record: %s not found" % hrn + sys.exit(1) + # save to file + if not outfile: + outfile = os.path.abspath('./%s.gid' % gid.get_hrn()) + gid.save_to_file(outfile, save_parents=True) + + @args('-g', '--gidfile', dest='gid', metavar='', help='path of gid file to display') + def display(self, gidfile): + gid_path = os.path.abspath(gidfile) + if not gid_path or not os.path.isfile(gid_path): + print "No such gid file: %s" % gidfile + sys.exit(1) + gid = GID(filename=gid_path) + gid.dump(dump_parents=True) + class AggregateCommands(Commands): @@ -122,8 +194,19 @@ class AggregateCommands(Commands): @args('-x', '--xrn', dest='xrn', metavar='', help='object hrn/urn', default=None) @args('-r', '--rspec', dest='rspec', metavar='', help='rspec file') - def create(self, xrn, rspec): - pass + @args('-u', '--user', dest='user', metavar='', help='hrn/urn of slice user') + @args('-k', '--key', dest='key', metavar='', help="path to user's public key file") + def create(self, xrn, rspec, user, key): + xrn = Xrn(xrn) + slice_urn=xrn.get_urn() + slice_hrn=xrn.get_hrn() + rspec_string = open(rspec).read() + user_xrn = Xrn(user, 'user') + user_urn = user_xrn.get_urn() + user_key_string = open(key).read() + users = [{'urn': user_urn, 'keys': [user_key_string]}] + options={} + self.api.manager.CreateSliver(self, slice_urn, slice_hrn, [], rspec_string, users, options) @args('-x', '--xrn', dest='xrn', metavar='', help='object hrn/urn', default=None) def delete(self, xrn): @@ -148,6 +231,7 @@ class AggregateCommands(Commands): pass + class SliceManagerCommands(AggregateCommands): def __init__(self, *args, **kwds): -- 2.43.0