import types
import time
-from sfa.server.registry import Registries
from sfa.util.prefixTree import prefixTree
-from sfa.util.record import GeniRecord
-from sfa.util.genitable import GeniTable
-from sfa.util.record import GeniRecord
-from sfa.util.genitable import GeniTable
+from sfa.util.record import SfaRecord
+from sfa.util.table import SfaTable
+from sfa.util.record import SfaRecord
from sfa.trust.gid import GID
-from sfa.util.namespace import *
+from sfa.util.namespace import get_leaf, get_authority, hrn_to_urn, hrn_to_pl_login_base, urn_to_hrn
from sfa.trust.credential import *
from sfa.trust.certificate import *
from sfa.util.faults import *
+from sfa.trust.gid import create_uuid
-def get_credential(api, hrn, type, is_self=False):
+def get_version(api):
+ version = {}
+ version['geni_api'] = 1
+ version['sfa'] = 1
+ return version
+
+def get_credential(api, xrn, type, is_self=False):
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
+
# Is this a root or sub authority
auth_hrn = api.auth.get_authority(hrn)
if not auth_hrn or hrn == api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
# get record info
auth_info = api.auth.get_auth_info(auth_hrn)
- table = GeniTable()
+ table = SfaTable()
records = table.findObjects({'type': type, 'hrn': hrn})
if not records:
raise RecordNotFound(hrn)
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
api.fill_record_info(record)
+ if record['type']=='user':
+ if not record['enabled']:
+ raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record['email']))
# get the callers gid
# if this is a self cred the record's gid is the caller's gid
new_cred = Credential(subject = object_gid.get_subject())
new_cred.set_gid_caller(caller_gid)
new_cred.set_gid_object(object_gid)
- new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
- new_cred.set_pubkey(object_gid.get_pubkey())
+ new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
+ #new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
- new_cred.set_delegate(True)
+ new_cred.get_privileges().delegate_all_privileges(True)
auth_kind = "authority,ma,sa"
- new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
+ # Parent not necessary, verify with certs
+ #new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
new_cred.encode()
new_cred.sign()
return new_cred.save_to_string(save_parents=True)
-def resolve(api, hrns, type=None, origin_hrn):
+
+# The GENI GetVersion call
+def GetVersion():
+ version = {}
+ version['geni_api'] = 1
+ return version
+
+def resolve(api, xrns, type=None, full=True):
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
- if not isinstance(hrns, types.ListType):
- hrns = [hrns]
-
+ if not isinstance(xrns, types.ListType):
+ xrns = [xrns]
+ hrns = [urn_to_hrn(xrn)[0] for xrn in xrns]
# create a dict whre key is an registry hrn and its value is a
# hrns at that registry (determined by the known prefix tree).
- hrn_dict = {}
- registries = Registries(api)
+ xrn_dict = {}
+ registries = api.registries
tree = prefixTree()
registry_hrns = registries.keys()
tree.load(registry_hrns)
- for hrn in hrns:
- registry_hrn = tree.best_match(hrn)
- if registry_hrn not in hrn_dict:
- hrn_dict[registry_hrn] = []
- hrn_dict[registry_hrn].append(hrn)
+ for xrn in xrns:
+ registry_hrn = tree.best_match(urn_to_hrn(xrn)[0])
+ if registry_hrn not in xrn_dict:
+ xrn_dict[registry_hrn] = []
+ xrn_dict[registry_hrn].append(xrn)
records = []
- for registry_hrn in hrn_dict:
+ for registry_hrn in xrn_dict:
# skip the hrn without a registry hrn
# XX should we let the user know the authority is unknown?
if not registry_hrn:
# if the best match (longest matching hrn) is not the local registry,
# forward the request
- hrns = hrn_dict[registry_hrn]
+ xrns = xrn_dict[registry_hrn]
if registry_hrn != api.hrn:
credential = api.getCredential()
- peer_records = registries[registry_hrn].resolve(credential, hrn, origin_hrn)
- records.extend([GeniRecord(dict=record).as_dict() for record in peer_records])
+ peer_records = registries[registry_hrn].Resolve(xrns, credential)
+ records.extend([SfaRecord(dict=record).as_dict() for record in peer_records])
# try resolving the remaining unfound records at the local registry
- remaining_hrns = set(hrns).difference([record['hrn'] for record in records])
- table = GeniTable()
+ remaining_hrns = set(hrns).difference([record['hrn'] for record in records])
+ # convert set to list
+ remaining_hrns = [hrn for hrn in remaining_hrns]
+ table = SfaTable()
local_records = table.findObjects({'hrn': remaining_hrns})
- for record in local_records:
- try:
- api.fill_record_info(record)
- records.append(dict(record))
- except PlanetLabRecordDoesNotExist:
- # silently drop the ones that are missing in PL
- print >> log, "ignoring geni record ", record['hrn'], \
- " because pl record does not exist"
- table.remove(record)
-
+ if full:
+ api.fill_record_info(local_records)
+
+ # convert local record objects to dicts
+ records.extend([dict(record) for record in local_records])
if not records:
raise RecordNotFound(str(hrns))
if type:
- records = filter(lambda rec: rec['type'] == type, records)
+ records = filter(lambda rec: rec['type'] in [type], records)
return records
-def list(api, hrn):
+def list(api, xrn, origin_hrn=None):
+ hrn, type = urn_to_hrn(xrn)
# load all know registry names into a prefix tree and attempt to find
# the longest matching prefix
records = []
- registries = Registries(api)
- hrns = registries.keys()
+ registries = api.registries
+ registry_hrns = registries.keys()
tree = prefixTree()
- tree.load(hrns)
+ tree.load(registry_hrns)
registry_hrn = tree.best_match(hrn)
-
+
#if there was no match then this record belongs to an unknow registry
if not registry_hrn:
- raise MissingAuthority(hrn)
+ raise MissingAuthority(xrn)
# if the best match (longest matching hrn) is not the local registry,
# forward the request
records = []
if registry_hrn != api.hrn:
credential = api.getCredential()
- record_list = registries[registry_hrn].list(credential, hrn, origin_hrn)
- records = [GeniRecord(dict=record).as_dict() for record in record_list]
+ record_list = registries[registry_hrn].list(credential, xrn, origin_hrn)
+ records = [SfaRecord(dict=record).as_dict() for record in record_list]
# if we still havnt found the record yet, try the local registry
if not records:
if not api.auth.hierarchy.auth_exists(hrn):
raise MissingAuthority(hrn)
- table = GeniTable()
+ table = SfaTable()
records = table.find({'authority': hrn})
return records
def register(api, record):
hrn, type = record['hrn'], record['type']
-
+ urn = hrn_to_urn(hrn,type)
# validate the type
if type not in ['authority', 'slice', 'node', 'user']:
- raise UnknownGeniType(type)
+ raise UnknownSfaType(type)
# check if record already exists
- table = GeniTable()
+ table = SfaTable()
existing_records = table.find({'type': type, 'hrn': hrn})
if existing_records:
raise ExistingRecord(hrn)
- record = GeniRecord(dict = record)
+ record = SfaRecord(dict = record)
record['authority'] = get_authority(record['hrn'])
type = record['type']
hrn = record['hrn']
uuid = create_uuid()
pkey = Keypair(create=True)
if 'key' in record and record['key']:
- if isinstance(record['key'], list):
+ if isinstance(record['key'], types.ListType):
pub_key = record['key'][0]
else:
pub_key = record['key']
pkey = convert_public_key(pub_key)
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
if type in ["authority"]:
# update the tree
if not api.auth.hierarchy.auth_exists(hrn):
- api.auth.hierarchy.create_auth(hrn)
+ api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
# get the GID from the newly created authority
gid = auth_info.get_gid_object()
record.set_gid(gid.save_to_string(save_parents=True))
- pl_record = api.geni_fields_to_pl_fields(type, hrn, record)
+ pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
sites = api.plshell.GetSites(api.plauth, [pl_record['login_base']])
if not sites:
pointer = api.plshell.AddSite(api.plauth, pl_record)
elif (type == "slice"):
acceptable_fields=['url', 'instantiation', 'name', 'description']
- pl_record = api.geni_fields_to_pl_fields(type, hrn, record)
+ pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
- slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
- if not slices:
- pointer = api.plshell.AddSlice(api.plauth, pl_record)
- else:
- pointer = slices[0]['slice_id']
- record.set_pointer(pointer)
- record['pointer'] = pointer
+ slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
+ if not slices:
+ pointer = api.plshell.AddSlice(api.plauth, pl_record)
+ else:
+ pointer = slices[0]['slice_id']
+ record.set_pointer(pointer)
+ record['pointer'] = pointer
elif (type == "user"):
persons = api.plshell.GetPersons(api.plauth, [record['email']])
api.plshell.AddPersonKey(api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key})
elif (type == "node"):
- pl_record = api.geni_fields_to_pl_fields(type, hrn, record)
+ pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
login_base = hrn_to_pl_login_base(record['authority'])
nodes = api.plshell.GetNodes(api.plauth, [pl_record['hostname']])
if not nodes:
return record.get_gid_object().save_to_string(save_parents=True)
def update(api, record_dict):
- new_record = GeniRecord(dict = record_dict)
+ new_record = SfaRecord(dict = record_dict)
type = new_record['type']
hrn = new_record['hrn']
+ urn = hrn_to_urn(hrn,type)
api.auth.verify_object_permission(hrn)
- table = GeniTable()
+ table = SfaTable()
# make sure the record exists
records = table.findObjects({'type': type, 'hrn': hrn})
if not records:
api.plshell.UpdateSite(api.plauth, pointer, new_record)
elif type == "slice":
- pl_record=api.geni_fields_to_pl_fields(type, hrn, new_record)
+ pl_record=api.sfa_fields_to_pl_fields(type, hrn, new_record)
if 'name' in pl_record:
pl_record.pop('name')
api.plshell.UpdateSlice(api.plauth, pointer, pl_record)
keys = person['key_ids']
keys = api.plshell.GetKeys(api.plauth, person['key_ids'])
key_exists = False
- if isinstance(new_record['key'], list):
+ if isinstance(new_record['key'], types.ListType):
new_key = new_record['key'][0]
else:
new_key = new_record['key']
# update the openssl key and gid
pkey = convert_public_key(new_key)
uuid = create_uuid()
- gid_object = api.auth.hierarchy.create_gid(hrn, uuid, pkey)
+ gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
- record = GeniRecord(dict=record)
+ record = SfaRecord(dict=record)
table.update(record)
elif type == "node":
api.plshell.UpdateNode(api.plauth, pointer, new_record)
else:
- raise UnknownGeniType(type)
+ raise UnknownSfaType(type)
# update membership for researchers, pis, owners, operators
api.update_membership(record, new_record)
return 1
-def remove(api, hrn, type, origin_hrn=None):
- table = GeniTable()
+def remove(api, xrn, type, origin_hrn=None):
+ # convert xrn to hrn
+ if type:
+ hrn = urn_to_hrn(xrn)[0]
+ else:
+ hrn, type = urn_to_hrn(xrn)
+
+ table = SfaTable()
filter = {'hrn': hrn}
- if type not in ['all', '*']:
+ if type and type not in ['all', '*']:
filter['type'] = type
records = table.find(filter)
if not records:
type = record['type']
credential = api.getCredential()
- registries = Registries(api)
+ registries = api.registries
# Try to remove the object from the PLCDB of federated agg.
# This is attempted before removing the object from the local agg's PLCDB and sfa table
if api.plshell.GetSites(api.plauth, record['pointer']):
api.plshell.DeleteSite(api.plauth, record['pointer'])
else:
- raise UnknownGeniType(type)
+ raise UnknownSfaType(type)
table.remove(record)
git://git.onelab.eu / sfa.git / blobdiff