3 # pylint: disable=c0111, c0103, w0402, w0622
10 from pprint import PrettyPrinter
11 from optparse import OptionParser
13 from sfa.generic import Generic
14 from sfa.util.xrn import Xrn
15 from sfa.util.sfalogging import logger, init_logger
17 from sfa.storage.record import Record
19 from sfa.trust.hierarchy import Hierarchy
20 from sfa.trust.gid import GID
21 from sfa.trust.certificate import convert_public_key
23 from sfa.client.common import (optparse_listvalue_callback,
24 optparse_dictvalue_callback,
25 terminal_render, filter_records)
26 from sfa.client.candidates import Candidates
27 from sfa.client.sfi import save_records_to_file
29 pprinter = PrettyPrinter(indent=4)
31 # if set, will output on stdout
35 help_basedir = Hierarchy().basedir
37 help_basedir = '*unable to locate Hierarchy().basedir'
40 def add_options(*args, **kwargs):
42 func.__dict__.setdefault('add_options', []).insert(0, (args, kwargs))
47 class Commands(object):
49 def _get_commands(self):
51 for attrib in dir(self):
52 if callable(getattr(self, attrib)) and not attrib.startswith('_'):
53 command_names.append(attrib)
57 class RegistryCommands(Commands):
59 def __init__(self, *args, **kwds):
60 self.api = Generic.the_flavour().make_api(interface='registry')
63 """Display the Registry version"""
64 version = self.api.manager.GetVersion(self.api, {})
65 pprinter.pprint(version)
67 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
68 help='authority to list (hrn/urn - mandatory)')
69 @add_options('-t', '--type', dest='type', metavar='<type>',
70 help='object type', default='all')
71 @add_options('-r', '--recursive', dest='recursive', metavar='<recursive>',
72 help='list all child records',
73 action='store_true', default=False)
74 @add_options('-v', '--verbose', dest='verbose',
75 action='store_true', default=False)
76 def list(self, xrn, type=None, recursive=False, verbose=False):
78 List names registered at a given authority, possibly filtered by type
81 options_dict = {'recursive': recursive}
82 records = self.api.manager.List(
83 self.api, xrn.get_hrn(), options=options_dict)
84 list = filter_records(type, records)
85 # terminal_render expects an options object
87 class Options: # pylint: disable=r0903
88 def __init__(self, verbose):
89 self.verbose = verbose
91 options = Options(verbose)
92 terminal_render(list, options)
94 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
95 help='object hrn/urn (mandatory)')
96 @add_options('-t', '--type', dest='type', metavar='<type>',
97 help='object type', default=None)
98 @add_options('-o', '--outfile', dest='outfile', metavar='<outfile>',
99 help='save record to file')
100 @add_options('-f', '--format', dest='format', metavar='<display>',
101 type='choice', choices=('text', 'xml', 'simple'),
102 help='display record in different formats')
103 def show(self, xrn, type=None, format=None, outfile=None):
104 """Display details for a registered object"""
105 records = self.api.manager.Resolve(self.api, xrn, type, details=True)
106 for record in records:
107 sfa_record = Record(dict=record)
108 sfa_record.dump(format)
110 save_records_to_file(outfile, records)
113 def _record_dict(xrn, type, email, key,
114 slices, researchers, pis,
115 url, description, extras):
122 record_dict['urn'] = xrn.get_urn()
123 record_dict['hrn'] = xrn.get_hrn()
124 record_dict['type'] = xrn.get_type()
126 record_dict['url'] = url
128 record_dict['description'] = description
131 pubkey = open(key, 'r').read()
134 record_dict['reg-keys'] = [pubkey]
136 record_dict['slices'] = slices
138 record_dict['reg-researchers'] = researchers
140 record_dict['email'] = email
142 record_dict['reg-pis'] = pis
144 record_dict.update(extras)
147 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
148 help='object hrn/urn', default=None)
149 @add_options('-t', '--type', dest='type', metavar='<type>',
150 help='object type (mandatory)')
151 @add_options('-a', '--all', dest='all', metavar='<all>',
152 action='store_true', default=False,
153 help='check all users GID')
154 @add_options('-v', '--verbose', dest='verbose', metavar='<verbose>',
155 action='store_true', default=False,
156 help='verbose mode: display user\'s hrn ')
157 def check_gid(self, xrn=None, type=None, all=None, verbose=None):
158 """Check the correspondance between the GID and the PubKey"""
161 from sfa.storage.model import RegRecord
162 db_query = self.api.dbsession().query(RegRecord).filter_by(type=type)
164 hrn = Xrn(xrn).get_hrn()
165 db_query = db_query.filter_by(hrn=hrn)
167 print("Use either -a or -x <xrn>, not both !!!")
169 elif not all and not xrn:
170 print("Use either -a or -x <xrn>, one of them is mandatory !!!")
173 records = db_query.all()
175 print("No Record found")
182 for record in records:
183 # get the pubkey stored in SFA DB
185 db_pubkey_str = record.reg_keys[0].key
187 db_pubkey_obj = convert_public_key(db_pubkey_str)
189 ERROR.append(record.hrn)
192 NOKEY.append(record.hrn)
195 # get the pubkey from the gid
197 gid_obj = GID(string=gid_str)
198 gid_pubkey_obj = gid_obj.get_pubkey()
200 # Check if gid_pubkey_obj and db_pubkey_obj are the same
201 check = gid_pubkey_obj.is_same(db_pubkey_obj)
203 OK.append(record.hrn)
205 NOK.append(record.hrn)
208 print("Users NOT having a PubKey: %s\n\
209 Users having a non RSA PubKey: %s\n\
210 Users having a GID/PubKey correpondence OK: %s\n\
211 Users having a GID/PubKey correpondence Not OK: %s\n"
212 % (len(NOKEY), len(ERROR), len(OK), len(NOK)))
214 print("Users NOT having a PubKey: %s and are: \n%s\n\n\
215 Users having a non RSA PubKey: %s and are: \n%s\n\n\
216 Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\
217 Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n"
218 % (len(NOKEY), NOKEY, len(ERROR), ERROR,
219 len(OK), OK, len(NOK), NOK))
222 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
223 help='object hrn/urn (mandatory)')
224 @add_options('-t', '--type', dest='type', metavar='<type>',
225 help='object type', default=None)
226 @add_options('-e', '--email', dest='email', default="",
227 help="email (mandatory for users)")
228 @add_options('-u', '--url', dest='url', metavar='<url>', default=None,
229 help="URL, useful for slices")
230 @add_options('-d', '--description', dest='description',
231 metavar='<description>',
232 help='Description, useful for slices', default=None)
233 @add_options('-k', '--key', dest='key', metavar='<key>',
234 help='public key string or file',
236 @add_options('-s', '--slices', dest='slices', metavar='<slices>',
237 help='Set/replace slice xrns',
238 default='', type="str", action='callback',
239 callback=optparse_listvalue_callback)
240 @add_options('-r', '--researchers', dest='researchers',
241 metavar='<researchers>', help='Set/replace slice researchers',
242 default='', type="str", action='callback',
243 callback=optparse_listvalue_callback)
244 @add_options('-p', '--pis', dest='pis', metavar='<PIs>',
245 help='Set/replace Principal Investigators/Project Managers',
246 default='', type="str", action='callback',
247 callback=optparse_listvalue_callback)
248 @add_options('-X', '--extra', dest='extras',
249 default={}, type='str', metavar="<EXTRA_ASSIGNS>",
250 action="callback", callback=optparse_dictvalue_callback,
252 help="set extra/testbed-dependent flags,"
253 " e.g. --extra enabled=true")
254 def register(self, xrn, type=None, email='', key=None,
255 slices='', pis='', researchers='',
256 url=None, description=None, extras={}):
257 """Create a new Registry record"""
258 record_dict = self._record_dict(
259 xrn=xrn, type=type, email=email, key=key,
260 slices=slices, researchers=researchers, pis=pis,
261 url=url, description=description, extras=extras)
262 self.api.manager.Register(self.api, record_dict)
264 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
265 help='object hrn/urn (mandatory)')
266 @add_options('-t', '--type', dest='type', metavar='<type>',
267 help='object type', default=None)
268 @add_options('-u', '--url', dest='url', metavar='<url>',
269 help='URL', default=None)
270 @add_options('-d', '--description', dest='description',
271 metavar='<description>',
272 help='Description', default=None)
273 @add_options('-k', '--key', dest='key', metavar='<key>',
274 help='public key string or file',
276 @add_options('-s', '--slices', dest='slices', metavar='<slices>',
277 help='Set/replace slice xrns',
278 default='', type="str", action='callback',
279 callback=optparse_listvalue_callback)
280 @add_options('-r', '--researchers', dest='researchers',
281 metavar='<researchers>', help='Set/replace slice researchers',
282 default='', type="str", action='callback',
283 callback=optparse_listvalue_callback)
284 @add_options('-p', '--pis', dest='pis', metavar='<PIs>',
285 help='Set/replace Principal Investigators/Project Managers',
286 default='', type="str", action='callback',
287 callback=optparse_listvalue_callback)
288 @add_options('-X', '--extra', dest='extras', default={}, type='str',
289 metavar="<EXTRA_ASSIGNS>", nargs=1,
290 action="callback", callback=optparse_dictvalue_callback,
291 help="set extra/testbed-dependent flags,"
292 " e.g. --extra enabled=true")
293 def update(self, xrn, type=None, email='', key=None,
294 slices='', pis='', researchers='',
295 url=None, description=None, extras={}):
296 """Update an existing Registry record"""
297 record_dict = self._record_dict(
298 xrn=xrn, type=type, email=email, key=key,
299 slices=slices, researchers=researchers, pis=pis,
300 url=url, description=description, extras=extras)
301 self.api.manager.Update(self.api, record_dict)
303 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
304 help='object hrn/urn (mandatory)')
305 @add_options('-t', '--type', dest='type', metavar='<type>',
306 help='object type', default=None)
307 def remove(self, xrn, type=None):
308 """Remove given object from the registry"""
310 self.api.manager.Remove(self.api, xrn)
312 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
313 help='object hrn/urn (mandatory)')
314 @add_options('-t', '--type', dest='type', metavar='<type>',
315 help='object type', default=None)
316 def credential(self, xrn, type=None):
317 """Invoke GetCredential"""
318 cred = self.api.manager.GetCredential(
319 self.api, xrn, type, self.api.hrn)
323 def import_registry(self):
324 """Run the importer"""
326 init_logger('import')
327 from sfa.importer import Importer
328 importer = Importer()
333 """Initialize or upgrade the db"""
334 from sfa.storage.dbschema import DBSchema
335 dbschema = DBSchema()
336 dbschema.init_or_upgrade()
339 @add_options('-a', '--all', dest='all', metavar='<all>',
340 action='store_true', default=False,
341 help='Remove all registry records and all files in %s area'
343 @add_options('-c', '--certs', dest='certs',
344 metavar='<certs>', action='store_true', default=False,
345 help='Remove all cached certs/gids found in %s'
347 @add_options('-0', '--no-reinit', dest='reinit', metavar='<reinit>',
348 action='store_false', default=True,
349 help="Prevents new DB schema"
350 " from being installed after cleanup")
351 def nuke(self, all=False, certs=False, reinit=True):
353 Cleanup local registry DB, plus various additional
354 filesystem cleanups optionally
356 from sfa.storage.dbschema import DBSchema
357 from sfa.util.sfalogging import init_logger, logger
358 init_logger('import')
359 logger.setLevelFromOptVerbose(self.api.config.SFA_API_LOGLEVEL)
360 logger.info("Purging SFA records from database")
361 dbschema = DBSchema()
364 # for convenience we re-create the schema here,
365 # so there's no need for an explicit
366 # service sfa restart
367 # however in some (upgrade) scenarios this might be wrong
369 logger.info("re-creating empty schema")
370 dbschema.init_or_upgrade()
372 # remove the server certificate and all gids found in
373 # /var/lib/sfa/authorities
375 logger.info("Purging cached certificates")
376 for (dir, _, files) in os.walk('/var/lib/sfa/authorities'):
378 if file.endswith('.gid') or file == 'server.cert':
379 path = dir + os.sep + file
382 # just remove all files that do not match 'server.key' or 'server.cert'
384 logger.info("Purging registry filesystem cache")
385 preserved_files = ['server.key', 'server.cert']
386 for dir, _, files in os.walk(Hierarchy().basedir):
388 if file in preserved_files:
390 path = dir + os.sep + file
394 class CertCommands(Commands):
396 def __init__(self, *args, **kwds):
397 self.api = Generic.the_flavour().make_api(interface='registry')
399 def import_gid(self, xrn):
402 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
403 help='object hrn/urn (mandatory)')
404 @add_options('-t', '--type', dest='type', metavar='<type>',
405 help='object type', default=None)
406 @add_options('-o', '--outfile', dest='outfile', metavar='<outfile>',
407 help='output file', default=None)
408 def export(self, xrn, type=None, outfile=None):
409 """Fetch an object's GID from the Registry"""
410 from sfa.storage.model import RegRecord
411 hrn = Xrn(xrn).get_hrn()
412 request = self.api.dbsession().query(RegRecord).filter_by(hrn=hrn)
414 request = request.filter_by(type=type)
415 record = request.first()
417 gid = GID(string=record.gid)
419 # check the authorities hierarchy
420 hierarchy = Hierarchy()
422 auth_info = hierarchy.get_auth_info(hrn)
423 gid = auth_info.gid_object
425 print("Record: %s not found" % hrn)
429 outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
430 gid.save_to_file(outfile, save_parents=True)
432 @add_options('-g', '--gidfile', dest='gid', metavar='<gid>',
433 help='path of gid file to display (mandatory)')
434 def display(self, gidfile):
435 """Print contents of a GID file"""
436 gid_path = os.path.abspath(gidfile)
437 if not gid_path or not os.path.isfile(gid_path):
438 print("No such gid file: %s" % gidfile)
440 gid = GID(filename=gid_path)
441 gid.dump(dump_parents=True)
444 class AggregateCommands(Commands):
446 def __init__(self, *args, **kwds):
447 self.api = Generic.the_flavour().make_api(interface='aggregate')
450 """Display the Aggregate version"""
451 version = self.api.manager.GetVersion(self.api, {})
452 pprinter.pprint(version)
454 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
455 help='object hrn/urn (mandatory)')
456 def status(self, xrn):
458 Retrieve the status of the slivers
459 belonging to the named slice (Status)
461 urns = [Xrn(xrn, 'slice').get_urn()]
462 status = self.api.manager.Status(self.api, urns, [], {})
463 pprinter.pprint(status)
465 @add_options('-r', '--rspec-version', dest='rspec_version',
466 metavar='<rspec_version>', default='GENI',
467 help='version/format of the resulting rspec response')
468 def resources(self, rspec_version='GENI'):
469 """Display the available resources at an aggregate"""
470 options = {'geni_rspec_version': rspec_version}
472 resources = self.api.manager.ListResources(self.api, [], options)
475 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
476 help='slice hrn/urn (mandatory)')
477 @add_options('-r', '--rspec', dest='rspec', metavar='<rspec>',
478 help='rspec file (mandatory)')
479 def allocate(self, xrn, rspec):
480 """Allocate slivers"""
481 xrn = Xrn(xrn, 'slice')
482 slice_urn = xrn.get_urn()
483 rspec_string = open(rspec).read()
485 manifest = self.api.manager.Allocate(
486 self.api, slice_urn, [], rspec_string, options)
489 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
490 help='slice hrn/urn (mandatory)')
491 def provision(self, xrn):
492 """Provision slivers"""
493 xrn = Xrn(xrn, 'slice')
494 slice_urn = xrn.get_urn()
496 manifest = self.api.manager.provision(
497 self.api, [slice_urn], [], options)
500 @add_options('-x', '--xrn', dest='xrn', metavar='<xrn>',
501 help='slice hrn/urn (mandatory)')
502 def delete(self, xrn):
504 self.api.manager.Delete(self.api, [xrn], [], {})
510 'certificate': CertCommands,
511 'registry': RegistryCommands,
512 'aggregate': AggregateCommands,
515 # returns (name,class) or (None,None)
516 def find_category(self, input):
517 full_name = Candidates(list(SfaAdmin.CATEGORIES.keys())).only_match(input)
520 return (full_name, SfaAdmin.CATEGORIES[full_name])
522 def summary_usage(self, category=None):
523 print("Usage:", self.script_name + " category command [<options>]")
524 if category and category in SfaAdmin.CATEGORIES:
525 categories = [category]
527 categories = SfaAdmin.CATEGORIES
529 cls = SfaAdmin.CATEGORIES[c]
530 print("==================== category=%s" % c)
531 names = list(cls.__dict__.keys())
534 method = cls.__dict__[name]
535 if name.startswith('_'):
538 print("%-15s" % name, end=' ')
539 doc = getattr(method, '__doc__', None)
541 print("<missing __doc__>")
543 lines = [line.strip() for line in doc.split("\n")]
546 for extra_line in lines:
547 print(margin * " ", extra_line)
551 argv = copy.deepcopy(sys.argv)
552 self.script_name = argv.pop(0)
553 # ensure category is specified
557 # ensure category is valid
558 category_input = argv.pop(0)
559 (category_name, category_class) = self.find_category(category_input)
560 if not category_name or not category_class:
561 self.summary_usage(category_name)
563 usage = "%%prog %s command [options]" % (category_name)
564 parser = OptionParser(usage=usage)
566 # ensure command is valid
567 category_instance = category_class()
568 commands = category_instance._get_commands()
570 # xxx what is this about ?
571 command_name = '__call__'
573 command_input = argv.pop(0)
574 command_name = Candidates(commands).only_match(command_input)
576 if command_name and hasattr(category_instance, command_name):
577 command = getattr(category_instance, command_name)
579 self.summary_usage(category_name)
581 # ensure options are valid
582 usage = "%%prog %s %s [options]" % (category_name, command_name)
583 parser = OptionParser(usage=usage)
584 for args, kwdargs in getattr(command, 'add_options', []):
585 parser.add_option(*args, **kwdargs)
586 (opts, cmd_args) = parser.parse_args(argv)
587 cmd_kwds = vars(opts)
589 # dont overrride meth
590 for k, v in list(cmd_kwds.items()):
596 # print "invoking %s *=%s **=%s"%(command.__name__, cmd_args,
598 command(*cmd_args, **cmd_kwds)
601 print("Possible wrong number of arguments supplied")
602 print(command.__doc__)
607 print("Command failed, please check log for more info")
git://git.onelab.eu / sfa.git / blob