sfa/importer/openstackimporter.py

   1 import os
   2
   3 from sfa.util.config import Config
   4 from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
   5 from sfa.trust.gid import create_uuid
   6 from sfa.trust.certificate import convert_public_key, Keypair
   7 from sfa.storage.alchemy import dbsession
   8 from sfa.storage.model import RegRecord, RegAuthority, RegUser, RegSlice, RegNode
   9 from sfa.openstack.osxrn import OSXrn
  10 from sfa.openstack.shell import Shell
  11
  12 def load_keys(filename):
  13     keys = {}
  14     tmp_dict = {}
  15     try:
  16         execfile(filename, tmp_dict)
  17         if 'keys' in tmp_dict:
  18             keys = tmp_dict['keys']
  19         return keys
  20     except:
  21         return keys
  22
  23 def save_keys(filename, keys):
  24     f = open(filename, 'w')
  25     f.write("keys = %s" % str(keys))
  26     f.close()
  27
  28 class OpenstackImporter:
  29
  30     def __init__ (self, auth_hierarchy, logger):
  31         self.auth_hierarchy = auth_hierarchy
  32         self.logger=logger
  33         self.config = Config ()
  34         self.interface_hrn = self.config.SFA_INTERFACE_HRN
  35         self.root_auth = self.config.SFA_REGISTRY_ROOT_AUTH
  36         self.shell = Shell (self.config)
  37
  38     def add_options (self, parser):
  39         self.logger.debug ("OpenstackImporter: no options yet")
  40         pass
  41
  42     def import_users(self, existing_hrns, existing_records):
  43         # Get all users
  44         users = self.shell.auth_manager.users.list()
  45         users_dict = {}
  46         keys_filename = self.config.config_path + os.sep + 'person_keys.py'
  47         old_user_keys = load_keys(keys_filename)
  48         user_keys = {}
  49         for user in users:
  50             auth_hrn = self.config.SFA_INTERFACE_HRN
  51             if user.tenantId is not None:
  52                 tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
  53                 auth_hrn = OSXrn(name=tenant.name, auth=self.config.SFA_INTERFACE_HRN, type='authority').get_hrn()
  54             hrn = OSXrn(name=user.name, auth=auth_hrn, type='user').get_hrn()
  55             users_dict[hrn] = user
  56             old_keys = old_user_keys.get(hrn, [])
  57             keyname = OSXrn(xrn=hrn, type='user').get_slicename()
  58             keys = [k.public_key for k in self.shell.nova_manager.keypairs.findall(name=keyname)]
  59             user_keys[hrn] = keys
  60             update_record = False
  61             if old_keys != keys:
  62                 update_record = True
  63             if hrn not in existing_hrns or \
  64                    (hrn, 'user') not in existing_records or update_record:
  65                 urn = OSXrn(xrn=hrn, type='user').get_urn()
  66
  67                 if keys:
  68                     try:
  69                         pkey = convert_public_key(keys[0])
  70                     except:
  71                         self.logger.log_exc('unable to convert public key for %s' % hrn)
  72                         pkey = Keypair(create=True)
  73                 else:
  74                     self.logger.warn("OpenstackImporter: person %s does not have a PL public key"%hrn)
  75                     pkey = Keypair(create=True)
  76                 user_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey, email=user.email)
  77                 user_record = RegUser ()
  78                 user_record.type='user'
  79                 user_record.hrn=hrn
  80                 user_record.gid=user_gid
  81                 user_record.authority=get_authority(hrn)
  82                 dbsession.add(user_record)
  83                 dbsession.commit()
  84                 self.logger.info("OpenstackImporter: imported person %s" % user_record)
  85
  86         return users_dict, user_keys
  87
  88     def import_tenants(self, existing_hrns, existing_records):
  89         # Get all tenants
  90         # A tenant can represent an organizational group (site) or a
  91         # slice. If a tenant's authorty/parent matches the root authority it is
  92         # considered a group/site. All other tenants are considered slices.
  93         tenants = self.shell.auth_manager.tenants.list()
  94         tenants_dict = {}
  95         for tenant in tenants:
  96             hrn = self.config.SFA_INTERFACE_HRN + '.' + tenant.name
  97             tenants_dict[hrn] = tenant
  98             authority_hrn = OSXrn(xrn=hrn, type='authority').get_authority_hrn()
  99
 100             if hrn in existing_hrns:
 101                 continue
 102
 103             if authority_hrn == self.config.SFA_INTERFACE_HRN:
 104                 # import group/site
 105                 record = RegAuthority()
 106                 urn = OSXrn(xrn=hrn, type='authority').get_urn()
 107                 if not self.auth_hierarchy.auth_exists(urn):
 108                     self.auth_hierarchy.create_auth(urn)
 109                 auth_info = self.auth_hierarchy.get_auth_info(urn)
 110                 gid = auth_info.get_gid_object()
 111                 record.type='authority'
 112                 record.hrn=hrn
 113                 record.gid=gid
 114                 record.authority=get_authority(hrn)
 115                 dbsession.add(record)
 116                 dbsession.commit()
 117                 self.logger.info("OpenstackImporter: imported authority: %s" % record)
 118
 119             else:
 120                 record = RegSlice ()
 121                 urn = OSXrn(xrn=hrn, type='slice').get_urn()
 122                 pkey = Keypair(create=True)
 123                 gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
 124                 record.type='slice'
 125                 record.hrn=hrn
 126                 record.gid=gid
 127                 record.authority=get_authority(hrn)
 128                 dbsession.add(record)
 129                 dbsession.commit()
 130                 self.logger.info("OpenstackImporter: imported slice: %s" % record)
 131
 132         return tenants_dict
 133
 134     def run (self, options):
 135         # we don't have any options for now
 136         self.logger.info ("OpenstackImporter.run : to do")
 137
 138         # create dict of all existing sfa records
 139         existing_records = {}
 140         existing_hrns = []
 141         key_ids = []
 142         for record in dbsession.query(RegRecord):
 143             existing_records[ (record.hrn, record.type,) ] = record
 144             existing_hrns.append(record.hrn)
 145
 146
 147         tenants_dict = self.import_tenants(existing_hrns, existing_records)
 148         users_dict, user_keys = self.import_users(existing_hrns, existing_records)
 149
 150         # remove stale records
 151         system_records = [self.interface_hrn, self.root_auth, self.interface_hrn + '.slicemanager']
 152         for (record_hrn, type) in existing_records.keys():
 153             if record_hrn in system_records:
 154                 continue
 155
 156             record = existing_records[(record_hrn, type)]
 157             if record.peer_authority:
 158                 continue
 159
 160             if type == 'user':
 161                 if record_hrn in users_dict:
 162                     continue
 163             elif type in['slice', 'authority']:
 164                 if record_hrn in tenants_dict:
 165                     continue
 166             else:
 167                 continue
 168
 169             record_object = existing_records[ (record_hrn, type) ]
 170             self.logger.info("OpenstackImporter: removing %s " % record)
 171             dbsession.delete(record_object)
 172             dbsession.commit()
 173
 174         # save pub keys
 175         self.logger.info('OpenstackImporter: saving current pub keys')
 176         keys_filename = self.config.config_path + os.sep + 'person_keys.py'
 177         save_keys(keys_filename, user_keys)
 178