git://git.onelab.eu / sfa.git / blob
? search:


c8233bda83d5adfb0d39e1d245c4ab9a3e820234
[sfa.git] / sfa / importer / openstackimporter.py
1 import os
2
3 from sfa.util.config import Config
4 from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
5 from sfa.trust.gid import create_uuid    
6 from sfa.trust.certificate import convert_public_key, Keypair
7 # using global alchemy.session() here is fine 
8 # as importer is on standalone one-shot process
9 from sfa.storage.alchemy import global_dbsession
10 from sfa.storage.model import RegRecord, RegAuthority, RegUser, RegSlice, RegNode
11 from sfa.openstack.osxrn import OSXrn
12 from sfa.openstack.shell import Shell    
13
14 def load_keys(filename):
15     keys = {}
16     tmp_dict = {}
17     try:
18         execfile(filename, tmp_dict)
19         if 'keys' in tmp_dict:
20             keys = tmp_dict['keys']
21         return keys
22     except:
23         return keys
24
25 def save_keys(filename, keys):
26     f = open(filename, 'w')
27     f.write("keys = %s" % str(keys))
28     f.close()
29
30 class OpenstackImporter:
31
32     def __init__ (self, auth_hierarchy, logger):
33         self.auth_hierarchy = auth_hierarchy
34         self.logger=logger
35         self.config = Config ()
36         self.interface_hrn = self.config.SFA_INTERFACE_HRN
37         self.root_auth = self.config.SFA_REGISTRY_ROOT_AUTH
38         self.shell = Shell (self.config)
39
40     def add_options (self, parser):
41         self.logger.debug ("OpenstackImporter: no options yet")
42         pass
43
44     def import_users(self, existing_hrns, existing_records):
45         # Get all users
46         users = self.shell.auth_manager.users.list()
47         users_dict = {}
48         keys_filename = self.config.config_path + os.sep + 'person_keys.py'
49         old_user_keys = load_keys(keys_filename)
50         user_keys = {}
51         for user in users:
52             auth_hrn = self.config.SFA_INTERFACE_HRN
53             if user.tenantId is not None:
54                 tenant = self.shell.auth_manager.tenants.find(id=user.tenantId)
55                 auth_hrn = OSXrn(name=tenant.name, auth=self.config.SFA_INTERFACE_HRN, type='authority').get_hrn()
56             hrn = OSXrn(name=user.name, auth=auth_hrn, type='user').get_hrn()
57             users_dict[hrn] = user
58             old_keys = old_user_keys.get(hrn, [])
59             keyname = OSXrn(xrn=hrn, type='user').get_slicename()
60             keys = [k.public_key for k in self.shell.nova_manager.keypairs.findall(name=keyname)]
61             user_keys[hrn] = keys
62             update_record = False
63             if old_keys != keys:
64                 update_record = True
65             if hrn not in existing_hrns or \
66                    (hrn, 'user') not in existing_records or update_record:
67                 urn = OSXrn(xrn=hrn, type='user').get_urn()
68
69                 if keys:
70                     try:
71                         pkey = convert_public_key(keys[0])
72                     except:
73                         self.logger.log_exc('unable to convert public key for %s' % hrn)
74                         pkey = Keypair(create=True)
75                 else:
76                     self.logger.warn("OpenstackImporter: person %s does not have a PL public key"%hrn)
77                     pkey = Keypair(create=True)
78                 user_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey, email=user.email)
79                 user_record = RegUser ()
80                 user_record.type='user'
81                 user_record.hrn=hrn
82                 user_record.gid=user_gid
83                 user_record.authority=get_authority(hrn)
84                 global_dbsession.add(user_record)
85                 global_dbsession.commit()
86                 self.logger.info("OpenstackImporter: imported person %s" % user_record)   
87
88         return users_dict, user_keys
89
90     def import_tenants(self, existing_hrns, existing_records):
91         # Get all tenants
92         # A tenant can represent an organizational group (site) or a
93         # slice. If a tenant's authorty/parent matches the root authority it is
94         # considered a group/site. All other tenants are considered slices.
95         tenants = self.shell.auth_manager.tenants.list()
96         tenants_dict = {}
97         for tenant in tenants:
98             hrn = self.config.SFA_INTERFACE_HRN + '.' + tenant.name
99             tenants_dict[hrn] = tenant
100             authority_hrn = OSXrn(xrn=hrn, type='authority').get_authority_hrn()
101
102             if hrn in existing_hrns:
103                 continue
104
105             if authority_hrn == self.config.SFA_INTERFACE_HRN:
106                 # import group/site
107                 record = RegAuthority()
108                 urn = OSXrn(xrn=hrn, type='authority').get_urn()
109                 if not self.auth_hierarchy.auth_exists(urn):
110                     self.auth_hierarchy.create_auth(urn)
111                 auth_info = self.auth_hierarchy.get_auth_info(urn)
112                 gid = auth_info.get_gid_object()
113                 record.type='authority'
114                 record.hrn=hrn
115                 record.gid=gid
116                 record.authority=get_authority(hrn)
117                 global_dbsession.add(record)
118                 global_dbsession.commit()
119                 self.logger.info("OpenstackImporter: imported authority: %s" % record)
120
121             else:
122                 record = RegSlice ()
123                 urn = OSXrn(xrn=hrn, type='slice').get_urn()
124                 pkey = Keypair(create=True)
125                 gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
126                 record.type='slice'
127                 record.hrn=hrn
128                 record.gid=gid
129                 record.authority=get_authority(hrn)
130                 global_dbsession.add(record)
131                 global_dbsession.commit()
132                 self.logger.info("OpenstackImporter: imported slice: %s" % record) 
133
134         return tenants_dict
135
136     def run (self, options):
137         # we don't have any options for now
138         self.logger.info ("OpenstackImporter.run : to do")
139
140         # create dict of all existing sfa records
141         existing_records = {}
142         existing_hrns = []
143         key_ids = []
144         for record in global_dbsession.query(RegRecord):
145             existing_records[ (record.hrn, record.type,) ] = record
146             existing_hrns.append(record.hrn) 
147             
148
149         tenants_dict = self.import_tenants(existing_hrns, existing_records)
150         users_dict, user_keys = self.import_users(existing_hrns, existing_records)
151                 
152         # remove stale records    
153         system_records = [self.interface_hrn, self.root_auth, self.interface_hrn + '.slicemanager']
154         for (record_hrn, type) in existing_records.keys():
155             if record_hrn in system_records:
156                 continue
157         
158             record = existing_records[(record_hrn, type)]
159             if record.peer_authority:
160                 continue
161
162             if type == 'user':
163                 if record_hrn in users_dict:
164                     continue  
165             elif type in['slice', 'authority']:
166                 if record_hrn in tenants_dict:
167                     continue
168             else:
169                 continue 
170         
171             record_object = existing_records[ (record_hrn, type) ]
172             self.logger.info("OpenstackImporter: removing %s " % record)
173             global_dbsession.delete(record_object)
174             global_dbsession.commit()
175                                    
176         # save pub keys
177         self.logger.info('OpenstackImporter: saving current pub keys')
178         keys_filename = self.config.config_path + os.sep + 'person_keys.py'
179         save_keys(keys_filename, user_keys)                
180         
sfa