#!/usr/bin/python -tt
# vim:set ts=4 sw=4 expandtab:
#
# $Id$
# $URL$
#
# NodeManager plugin to empower slivers to make API calls

"""
Sliver authentication support for NodeManager.

"""

import errno
import os
import random
import string
import tempfile
import time

import logger
import tools

def start(options, conf):
    logger.log("sliverauth: plugin starting up...")

def SetSliverTag(plc, slice, tagname, value):
    node_id = tools.node_id()
    slivertags=plc.GetSliceTags({"name":slice,"node_id":node_id,"tagname":tagname})
    if len(slivertags)==0:
        # looks like GetSlivers reports about delegated/nm-controller slices that do *not* belong to this node
        # and this is something that AddSliceTag does not like
        try:
            slivertag_id=plc.AddSliceTag(slice,tagname,value,node_id)
        except:
            logger.log ("sliverauth: SetSliverTag - CAUGHT exception for (probably delegated) slice=%(slice)s tag=%(tagname)s node_id=%(node_id)d"%locals())
            pass
    else:
        slivertag_id=slivertags[0]['slice_tag_id']
        plc.UpdateSliceTag(slivertag_id,value)

def GetSlivers(data, config, plc):
    if 'OVERRIDES' in dir(config):
        if config.OVERRIDES.get('sliverauth') == '-1':
            logger.log("sliverauth:  Disabled", 2)
            return

    if 'slivers' not in data:
        logger.log_missing_data("sliverauth.GetSlivers", 'slivers')
        return

    for sliver in data['slivers']:
        path = '/vservers/%s' % sliver['name']
        if not os.path.exists(path):
            # ignore all non-plc-instantiated slivers
            instantiation = sliver.get('instantiation','')
            if instantiation == 'plc-instantiated':
                logger.log("sliverauth: plc-instantiated slice %s does not yet exist. IGNORING!" % sliver['name'])
            continue

        found_hmac = False
        for attribute in sliver['attributes']:
            name = attribute.get('tagname',attribute.get('name',''))
            if name == 'hmac':
                found_hmac = True
                hmac = attribute['value']
                break

        if not found_hmac:
            # XXX need a better random seed?!
            random.seed(time.time())
            d = [random.choice(string.letters) for x in xrange(32)]
            hmac = "".join(d)
            SetSliverTag(plc,sliver['name'],'hmac',hmac)
            logger.log("sliverauth: setting %s hmac" % sliver['name'])

        path = '/vservers/%s/etc/planetlab' % sliver['name']
        if os.path.exists(path):
            keyfile = '%s/key' % path
            oldhmac = ''
            if os.path.exists(keyfile):
                f = open(keyfile,'r')
                oldhmac = f.read()
                f.close()

            if oldhmac <> hmac:
                # create a temporary file in the vserver
                fd, name = tempfile.mkstemp('','key',path)
                os.write(fd,hmac)
                os.close(fd)
                if os.path.exists(keyfile):
                    os.unlink(keyfile)
                os.rename(name,keyfile)
                logger.log("sliverauth: writing hmac to %s " % keyfile)

            os.chmod(keyfile,0400)