sfa/importer/openstackimporter.py

   1 import os
   2
   3 from sfa.util.config import Config
   4 from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
   5 from sfa.trust.gid import create_uuid
   6 from sfa.trust.certificate import convert_public_key, Keypair
   7 from sfa.storage.alchemy import dbsession
   8 from sfa.storage.model import RegRecord, RegAuthority, RegUser, RegSlice, RegNode
   9 from sfa.openstack.osxrn import OSXrn
  10 from sfa.openstack.shell import Shell
  11
  12 def load_keys(filename):
  13     keys = {}
  14     tmp_dict = {}
  15     try:
  16         execfile(filename, tmp_dict)
  17         if 'keys' in tmp_dict:
  18             keys = tmp_dict['keys']
  19         return keys
  20     except:
  21         return keys
  22
  23 def save_keys(filename, keys):
  24     f = open(filename, 'w')
  25     f.write("keys = %s" % str(keys))
  26     f.close()
  27
  28 class OpenstackImporter:
  29
  30     def __init__ (self, auth_hierarchy, logger):
  31         self.auth_hierarchy = auth_hierarchy
  32         self.logger=logger
  33
  34     def add_options (self, parser):
  35         self.logger.debug ("OpenstackImporter: no options yet")
  36         pass
  37
  38     def run (self, options):
  39         # we don't have any options for now
  40         self.logger.info ("OpenstackImporter.run : to do")
  41
  42         config = Config ()
  43         interface_hrn = config.SFA_INTERFACE_HRN
  44         root_auth = config.SFA_REGISTRY_ROOT_AUTH
  45         shell = Shell (config)
  46
  47         # create dict of all existing sfa records
  48         existing_records = {}
  49         existing_hrns = []
  50         key_ids = []
  51         for record in dbsession.query(RegRecord):
  52             existing_records[ (record.hrn, record.type,) ] = record
  53             existing_hrns.append(record.hrn)
  54
  55         # Get all users
  56         users = shell.auth_manager.users.list()
  57         users_dict = {}
  58         keys_filename = config.config_path + os.sep + 'person_keys.py'
  59         old_user_keys = load_keys(keys_filename)
  60         user_keys = {}
  61         for user in users:
  62             auth_hrn = config.SFA_INTERFACE_HRN
  63             if user.tenantId is not None:
  64                 tenant = shell.auth_manager.tenants.find(id=user.tenantId)
  65                 auth_hrn = OSXrn(name=tenant.name, auth=config.SFA_INTERFACE_HRN, type='authority').get_hrn()
  66             hrn = OSXrn(name=user.name, auth=auth_hrn, type='user').get_hrn()
  67             users_dict[hrn] = user
  68             old_keys = old_user_keys.get(hrn, [])
  69             keys = [k.public_key for k in shell.nova_manager.keypairs.findall(name=hrn)]
  70             user_keys[hrn] = keys
  71             update_record = False
  72             if old_keys != keys:
  73                 update_record = True
  74             if hrn not in existing_hrns or \
  75                    (hrn, 'user') not in existing_records or update_record:
  76                 urn = OSXrn(xrn=hrn, type='user').get_urn()
  77
  78                 if keys:
  79                     try:
  80                         pkey = convert_public_key(keys[0])
  81                     except:
  82                         self.logger.log_exc('unable to convert public key for %s' % hrn)
  83                         pkey = Keypair(create=True)
  84                 else:
  85                     self.logger.warn("OpenstackImporter: person %s does not have a PL public key"%hrn)
  86                     pkey = Keypair(create=True)
  87                 user_gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
  88                 user_record = RegUser ()
  89                 user_record.type='user'
  90                 user_record.hrn=hrn
  91                 user_record.gid=user_gid
  92                 user_record.authority=get_authority(hrn)
  93                 dbsession.add(user_record)
  94                 dbsession.commit()
  95                 self.logger.info("OpenstackImporter: imported person %s" % user_record)
  96
  97         # Get all tenants
  98         # A tenant can represent an organizational group (site) or a
  99         # slice. If a tenant's authorty/parent matches the root authority it is
 100         # considered a group/site. All other tenants are considered slices.
 101         tenants = shell.auth_manager.tenants.list()
 102         tenants_dict = {}
 103         for tenant in tenants:
 104             hrn = config.SFA_INTERFACE_HRN + '.' + tenant.name
 105             tenants_dict[hrn] = tenant
 106             authority_hrn = OSXrn(xrn=hrn, type='authority').get_authority_hrn()
 107
 108             if hrn in existing_hrns:
 109                 continue
 110
 111             if authority_hrn == config.SFA_INTERFACE_HRN:
 112                 # import group/site
 113                 record = RegAuthority()
 114                 urn = OSXrn(xrn=hrn, type='authority').get_urn()
 115                 if not self.auth_hierarchy.auth_exists(urn):
 116                     self.auth_hierarchy.create_auth(urn)
 117                 auth_info = self.auth_hierarchy.get_auth_info(urn)
 118                 gid = auth_info.get_gid_object()
 119                 record.type='authority'
 120                 record.hrn=hrn
 121                 record.gid=gid
 122                 record.authority=get_authority(hrn)
 123                 dbsession.add(record)
 124                 dbsession.commit()
 125                 self.logger.info("OpenstackImporter: imported authority: %s" % record)
 126
 127             else:
 128                 record = RegSlice ()
 129                 urn = OSXrn(xrn=hrn, type='slice').get_urn()
 130                 pkey = Keypair(create=True)
 131                 gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey)
 132                 record.type='slice'
 133                 record.hrn=hrn
 134                 record.gid=gid
 135                 record.authority=get_authority(hrn)
 136                 dbsession.add(record)
 137                 dbsession.commit()
 138                 self.logger.info("OpenstackImporter: imported slice: %s" % record)
 139
 140         # remove stale records
 141         system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
 142         for (record_hrn, type) in existing_records.keys():
 143             if record_hrn in system_records:
 144                 continue
 145
 146             record = existing_records[(record_hrn, type)]
 147             if record.peer_authority:
 148                 continue
 149
 150             if type == 'user':
 151                 if record_hrn in users_dict:
 152                     continue
 153             elif type == 'slice':
 154                 if record_hrn in tenants_dict:
 155                     continue
 156             else:
 157                 continue
 158
 159             record_object = existing_records[ (record_hrn, type) ]
 160             self.logger.info("OpenstackImporter: removing %s " % record)
 161             dbsession.delete(record_object)
 162             dbsession.commit()
 163
 164         # save pub keys
 165         self.logger.info('OpenstackImporter: saving current pub keys')
 166         save_keys(keys_filename, user_keys)
 167