2 from sfa.util.faults import *
3 from sfa.util.storage import *
4 from sfa.util.xrn import get_authority, hrn_to_urn
5 from sfa.trust.gid import GID
6 from sfa.util.record import SfaRecord
8 import sfa.util.xmlrpcprotocol as xmlrpcprotocol
9 import sfa.util.soapprotocol as soapprotocol
11 # GeniLight client support is optional
13 from egeni.geniLight_client import *
15 GeniClientLight = None
19 # In is a dictionary of registry connections keyed on the registry
22 class Interfaces(dict):
24 Interfaces is a base class for managing information on the
25 peers we are federated with. It is responsible for the following:
27 1) Makes sure a record exist in the local registry for the each
29 2) Attepts to fetch and install trusted gids
30 3) Provides connections (xmlrpc or soap) to federated peers
33 # fields that must be specified in the config file
40 # defined by the class
45 def __init__(self, api, conf_file, type='authority'):
46 if type not in self.types:
47 raise SfaInfaildArgument('Invalid type %s: must be in %s' % (type, self.types))
48 dict.__init__(self, {})
52 self.interface_info = XmlStorage(conf_file, self.default_dict)
53 self.interface_info.load()
54 interfaces = self.interface_info.values()[0].values()[0]
55 if not isinstance(interfaces, list):
56 interfaces = [self.interfaces]
58 for interface in interfaces:
59 # port is appended onto the domain, before the path. Should look like:
60 # http://domain:port/path
61 hrn, address, port = interface['hrn'], interface['addr'], interface['port']
62 address_parts = address.split('/')
63 address_parts[0] = address_parts[0] + ":" + str(port)
64 url = "http://%s" % "/".join(address_parts)
65 interface['url'] = url
66 interface['urn'] = hrn_to_urn(hrn, 'authority')
69 required_fields = self.default_fields.keys()
70 for interface in interfaces:
72 # skp any interface definition that has a null hrn,
74 for field in required_fields:
75 if field not in interface or not interface[field]:
79 self.interfaces[interface['hrn']] = interface
82 def sync_interfaces(self):
84 Install missing trusted gids and db records for our federated
87 # Attempt to get any missing peer gids
88 # There should be a gid file in /etc/sfa/trusted_roots for every
89 # peer registry found in in the registries.xml config file. If there
90 # are any missing gids, request a new one from the peer registry.
91 gids_current = self.api.auth.trusted_cert_list
92 hrns_current = [gid.get_hrn() for gid in gids_current]
93 hrns_expected = self.interfaces.keys()
94 new_hrns = set(hrns_expected).difference(hrns_current)
95 gids = self.get_peer_gids(new_hrns) + gids_current
96 # make sure there is a record for every gid
97 self.update_db_records(self.type, gids)
99 def get_peer_gids(self, new_hrns):
101 Install trusted gids from the specified interfaces.
106 trusted_certs_dir = self.api.config.get_trustedroots_dir()
107 for new_hrn in new_hrns:
110 # the gid for this interface should already be installed
111 if new_hrn == self.api.config.SFA_INTERFACE_HRN:
114 # get gid from the registry
115 interface_info = self.interfaces[new_hrn]
116 interface = self[new_hrn]
117 trusted_gids = interface.get_trusted_certs()
119 # the gid we want shoudl be the first one in the list,
121 for trusted_gid in trusted_gids:
123 message = "interface: %s\t" % (self.api.interface)
124 message += "unable to install trusted gid for %s" % \
126 gid = GID(string=trusted_gids[0])
127 peer_gids.append(gid)
128 if gid.get_hrn() == new_hrn:
129 gid_filename = os.path.join(trusted_certs_dir, '%s.gid' % new_hrn)
130 gid.save_to_file(gid_filename, save_parents=True)
131 message = "interface: %s\tinstalled trusted gid for %s" % \
132 (self.api.interface, new_hrn)
134 self.api.logger.info(message)
136 message = "interface: %s\tunable to install trusted gid for %s" % \
137 (self.api.interface, new_hrn)
138 self.api.logger.log_exc(message)
140 # reload the trusted certs list
141 self.api.auth.load_trusted_certs()
144 def update_db_records(self, type, gids):
146 Make sure there is a record in the local db for allowed registries
147 defined in the config file (registries.xml). Removes old records from
150 # import SfaTable here so this module can be loaded by ComponentAPI
151 from sfa.util.table import SfaTable
155 # hrns that should have a record
156 hrns_expected = [gid.get_hrn() for gid in gids]
158 # get hrns that actually exist in the db
160 records = table.find({'type': type, 'pointer': -1})
161 hrns_found = [record['hrn'] for record in records]
164 for record in records:
165 if record['hrn'] not in hrns_expected and \
166 record['hrn'] != self.api.config.SFA_INTERFACE_HRN:
172 if hrn not in hrns_found:
177 'authority': get_authority(hrn),
178 'gid': gid.save_to_string(save_parents=True),
180 record = SfaRecord(dict=record)
183 def get_connections(self):
185 read connection details for the trusted peer registries from file return
186 a dictionary of connections keyed on interface hrn.
189 required_fields = self.default_fields.keys()
190 for interface in self.interfaces.values():
191 # make sure the required fields are present and not null
193 url = interface['url']
194 # check which client we should use
195 # sfa.util.xmlrpcprotocol is default
196 client_type = 'xmlrpcprotocol'
197 if interface.has_key('client') and \
198 interface['client'] in ['geniclientlight'] and \
200 client_type = 'geniclientlight'
201 connections[hrn] = GeniClientLight(url, self.api.key_file, self.api.cert_file)
203 connections[interface['hrn']] = xmlrpcprotocol.get_server(url, self.api.key_file, self.api.cert_file)