plugins/sliverauth.py

   1 #!/usr/bin/python -tt
   2 # vim:set ts=4 sw=4 expandtab:
   3 # NodeManager plugin to empower slivers to make API calls
   4
   5 """
   6 Sliver authentication support for NodeManager.
   7
   8 """
   9
  10 import errno
  11 import os
  12 import random
  13 import string
  14 import tempfile
  15
  16 import logger
  17 import tools
  18
  19 def start(options, conf):
  20     # XXX REMOVE ME
  21     return
  22
  23     logger.log("sliverauth plugin starting up...")
  24
  25 def SetSliverTag(plc, slice, tagname, value):
  26     node_id = tools.node_id()
  27     slivertags=plc.GetSliceTags({"name":slice,"node_id":node_id})
  28     if len(slivertags)==0:
  29         slivertag_id=plc.AddSliceTag(slice,tagname,value,node_id)
  30     else:
  31         slivertag_id=slivertags[0]['slice_tag_id']
  32         plc.UpdateSliceTag(slivertag_id,value)
  33
  34 def GetSlivers(plc, data, conf):
  35     # XXX REMOVE ME
  36     logger.log("sliverauth: DISABLED!")
  37     return
  38
  39     if 'slivers' not in data:
  40         logger.log("sliverauth: getslivers data lack's sliver information. IGNORING!")
  41         return
  42
  43     random.seed(42)
  44     for sliver in data['slivers']:
  45         found_hmac = False
  46         for attribute in sliver['attributes']:
  47             name = attribute.get('tagname',attribute.get('name',''))
  48             if name == 'hmac':
  49                 found_hmac = True
  50                 hmac = attribute['value']
  51                 break
  52
  53         if not found_hmac:
  54             d = [random.choice(string.letters) for x in xrange(32)]
  55             hmac = "".join(d)
  56             SetSliverTag(plc,sliver['name'],'hmac',hmac)
  57
  58         path = '/vservers/%s/etc/planetlab' % sliver['name']
  59         if os.path.exists(path):
  60             keyfile = '%s/key' % path
  61             oldhmac = ''
  62             if os.path.exists(keyfile):
  63                 f = open(keyfile,'r')
  64                 oldhmac = f.read()
  65                 f.close()
  66
  67             if oldhmac <> hmac:
  68                 # create a temporary file in the vserver
  69                 fd, name = tempfile.mkstemp('','key',path)
  70                 os.write(fd,hmac)
  71                 os.close(fd)
  72                 if os.path.exists(keyfile):
  73                     os.unlink(keyfile)
  74                 os.rename(name,keyfile)
  75
  76             os.chmod(keyfile,0400)
  77