initial checkin of openstack import script

[sfa.git] / sfa / importer / sfa-import-openstack.py

#!/usr/bin/python
#
##
# Import PLC records into the SFA database. It is indended that this tool be
# run once to create SFA records that reflect the current state of the
# planetlab database.
#
# The import tool assumes that the existing PLC hierarchy should all be part
# of "planetlab.us" (see the root_auth and level1_auth variables below).
#
# Public keys are extracted from the users' SSH keys automatically and used to
# create GIDs. This is relatively experimental as a custom tool had to be
# written to perform conversion from SSH to OpenSSL format. It only supports
# RSA keys at this time, not DSA keys.
##

import os
import getopt
import sys

from sfa.util.config import Config
from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
from sfa.util.plxrn import hostname_to_hrn, slicename_to_hrn, email_to_hrn, hrn_to_pl_slicename
from sfa.storage.table import SfaTable
from sfa.storage.record import SfaRecord
from sfa.trust.certificate import convert_public_key, Keypair
from sfa.trust.gid import create_uuid
from sfa.importer.sfaImport import sfaImport, _cleanup_string
from sfa.util.sfalogging import logger
try:
    from nova.auth.manager import AuthManager, db, context
except ImportError:
    AuthManager = None
    

def process_options():

   (options, args) = getopt.getopt(sys.argv[1:], '', [])
   for opt in options:
       name = opt[0]
       val = opt[1]


def load_keys(filename):
    keys = {}
    tmp_dict = {}
    try:
        execfile(filename, tmp_dict)
        if 'keys' in tmp_dict:
            keys = tmp_dict['keys']
        return keys
    except:
        return keys

def save_keys(filename, keys):
    f = open(filename, 'w')
    f.write("keys = %s" % str(keys))
    f.close()

def main():

    process_options()
    config = Config()
    sfaImporter = sfaImport()
    logger=sfaImporter.logger
    logger.setLevelFromOptVerbose(config.SFA_API_LOGLEVEL)
    if not config.SFA_REGISTRY_ENABLED:
        sys.exit(0)
    root_auth = config.SFA_REGISTRY_ROOT_AUTH
    interface_hrn = config.SFA_INTERFACE_HRN
    if  AuthManager:
        auth_manager = AuthManager()
    else:    
        logger.info("Unable to import nova.auth.manager. Doesn't look like openstack-copute is installed. Exiting...")
        sys.exit(0)    
    sfaImporter.create_top_level_records()
    
    # create dict of all existing sfa records
    existing_records = {}
    existing_hrns = []
    key_ids = []
    table = SfaTable()
    results = table.find()
    for result in results:
        existing_records[(result['hrn'], result['type'])] = result
        existing_hrns.append(result['hrn']) 
            
        
    # Get all users
    persons = auth_manager.get_users()
    persons_dict = {}
    keys_filename = config.config_path + os.sep + 'person_keys.py' 
    old_person_keys = load_keys(keys_filename)    
    person_keys = {} 
    for person in persons:
        hrn = config.SFA_INTERFACE_HRN + "." + person.id
        old_keys = old_person_keys.get(person.id, [])
        keys = db.key_pair_get_all_by_user(context.get_admin_context(), person.id)
        person_keys[person.id] = [key.public_key for key in keys]
        update_record = False
        if old_keys != keys:
            update_record = True
        if hrn not in existing_hrns or \
               (hrn, 'user') not in existing_records or update_record:    
            urn = hrn_to_urn(hrn, 'user')
            if keys:
                try:
                    pkey = convert_public_key(key)
                except:
                    logger.warn('unable to convert public key for %s' % hrn)
                    pkey = Keypair(create=True)
            else:
                logger.warn("Import: person %s does not have a PL public key"%hrn)
                pkey = Keypair(create=True) 
                person_gid = sfaImporter.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
                person_record = SfaRecord(hrn=hrn, gid=person_gid, type="user", \
                                              authority=get_authority(hrn))
                persons_dict[person_record['hrn']] = person_record
                person_record.sync()

    # Get all projects
    projects = db.project_get_all(context.get_admin_context())
    projects_dict = {}
    for project in projects:
        hrn = config.SFA_INTERFACE_HRN + '.' + project.id
        if hrn not in existing_hrns or \
        (hrn, 'slice') not in existing_records:
            pkey = Keypair(create=True)
            urn = hrn_to_urn(hrn, 'slice')
            project_gid = sfaImporter.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
            project_record = SfaRecord(hrn=hrn, gid=project_gid, type="slice",
                                       authority=get_authority(hrn))
            projects_dict[project_record['hrn']] = project_record
            project_record.sync(verbose=True) 
    
    # remove stale records    
    system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
    for (record_hrn, type) in existing_records.keys():
        if record_hrn in system_records:
            continue
        
        record = existing_records[(record_hrn, type)]
        if record['peer_authority']:
            continue

        if type == 'user':
            if record_hrn in persons_dict:
                continue  
        elif type == 'slice':
            if record_hrn in projects_dict:
                continue
        else:
            continue 
        
        record_object = existing_records[(record_hrn, type)]
        record = SfaRecord(dict=record_object)
        record.delete()
                                   
    # save pub keys
    logger.info('Import: saving current pub keys')
    save_keys(keys_filename, person_keys)                
        
if __name__ == "__main__":
    main()