[sfa.git] / sfa / importer / __init__.py

#!/usr/bin/python

import sys
from datetime import datetime

from sfa.util.xrn import get_authority, hrn_to_urn
from sfa.generic import Generic
from sfa.util.config import Config
from sfa.util.sfalogging import _SfaLogger
from sfa.trust.hierarchy import Hierarchy
#from sfa.trust.trustedroots import TrustedRoots
from sfa.trust.gid import create_uuid
# using global alchemy.session() here is fine
# as importer is on standalone one-shot process
from sfa.storage.alchemy import global_dbsession
from sfa.storage.model import RegRecord, RegAuthority, RegUser
from sfa.trust.certificate import convert_public_key, Keypair


class Importer:

    def __init__(self, auth_hierarchy=None, logger=None):
        self.config = Config()
        if auth_hierarchy is not None:
            self.auth_hierarchy = auth_hierarchy
        else:
            self.auth_hierarchy = Hierarchy()
        if logger is not None:
            self.logger = logger
        else:
            self.logger = _SfaLogger(
                logfile='/var/log/sfa_import.log', loggername='importlog')
            self.logger.setLevelFromOptVerbose(self.config.SFA_API_LOGLEVEL)
# ugly side effect so that other modules get it right
        import sfa.util.sfalogging
        sfa.util.sfalogging.logger = logger
#        self.TrustedRoots = TrustedRoots(self.config.get_trustedroots_dir())

    # check before creating a RegRecord entry as we run this over and over
    def record_exists(self, type, hrn):
        return global_dbsession.query(RegRecord).filter_by(hrn=hrn, type=type).count() != 0

    def create_top_level_auth_records(self, hrn):
        """
        Create top level db records (includes root and sub authorities (local/remote)
        """
        # make sure parent exists
        parent_hrn = get_authority(hrn)
        if not parent_hrn:
            parent_hrn = hrn
        if not parent_hrn == hrn:
            self.create_top_level_auth_records(parent_hrn)

        # ensure key and cert exists:
        self.auth_hierarchy.create_top_level_auth(hrn)
        # create the db record if it doesnt already exist
        if not self.record_exists('authority', hrn):
            auth_info = self.auth_hierarchy.get_auth_info(hrn)
            auth_record = RegAuthority(hrn=hrn, gid=auth_info.get_gid_object(),
                                       authority=get_authority(hrn))
            auth_record.just_created()
            global_dbsession.add(auth_record)
            global_dbsession.commit()
            self.logger.info(
                "SfaImporter: imported authority (parent) %s " % auth_record)

    def create_sm_client_record(self):
        """
        Create a user record for the Slicemanager service.
        """
        hrn = self.interface_hrn + '.slicemanager'
        urn = hrn_to_urn(hrn, 'user')
        if not self.auth_hierarchy.auth_exists(urn):
            self.logger.info("SfaImporter: creating Slice Manager user")
            self.auth_hierarchy.create_auth(urn)

        if self.record_exists('user', hrn):
            return
        auth_info = self.auth_hierarchy.get_auth_info(hrn)
        user_record = RegUser(hrn=hrn, gid=auth_info.get_gid_object(),
                              authority=get_authority(hrn))
        user_record.just_created()
        global_dbsession.add(user_record)
        global_dbsession.commit()
        self.logger.info(
            "SfaImporter: importing user (slicemanager) %s " % user_record)

    def create_interface_records(self):
        """
        Create a record for each SFA interface
        """
        # just create certs for all sfa interfaces even if they
        # aren't enabled
        auth_info = self.auth_hierarchy.get_auth_info(
            self.config.SFA_INTERFACE_HRN)
        pkey = auth_info.get_pkey_object()
        hrn = self.config.SFA_INTERFACE_HRN
        for type in ['authority+sa', 'authority+am', 'authority+sm', ]:
            urn = hrn_to_urn(hrn, type)
            gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
            # for now we have to preserve the authority+<> stuff
            if self.record_exists(type, hrn):
                continue
            interface_record = RegAuthority(type=type, hrn=hrn, gid=gid,
                                            authority=get_authority(hrn))
            interface_record.just_created()
            global_dbsession.add(interface_record)
            global_dbsession.commit()
            self.logger.info("SfaImporter: imported authority (%s) %s " % (
                type, interface_record))

    def run(self, options=None):
        if not self.config.SFA_REGISTRY_ENABLED:
            self.logger.critical(
                "Importer: need SFA_REGISTRY_ENABLED to run import")

        # testbed-neutral : create local certificates and the like
        auth_hierarchy = Hierarchy()
        self.create_top_level_auth_records(self.config.SFA_INTERFACE_HRN)
        self.create_interface_records()

        # testbed-specific
        testbed_importer = None
        generic = Generic.the_flavour()
        importer_class = generic.importer_class()
        if importer_class:
            begin_time = datetime.utcnow()
            self.logger.info(30 * '=')
            self.logger.info("Starting import on %s, using class %s from flavour %s" %
                             (begin_time, importer_class.__name__, generic.flavour))
            testbed_importer = importer_class(auth_hierarchy, self.logger)
            if testbed_importer:
                testbed_importer.add_options(options)
                testbed_importer.run(options)
            end_time = datetime.utcnow()
            duration = end_time - begin_time
            self.logger.info("Import took %s" % duration)
            self.logger.info(30 * '=')