%define name sfa
%define version 1.0
-%define taglevel 24
+%define taglevel 25
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
%global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
%changelog
+* Thu Jun 16 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-25
+- fix typo that prevented aggregates from operating properly
+
* Tue Jun 14 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-24
- load trusted certs into ssl context prior to handshake
- client's logfile lives in ~/.sfi/sfi.log
cache and use in more general ways.
%changelog
+* Thu Jun 16 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-25
+- fix typo that prevented aggregates from operating properly
+
* Tue Jun 14 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-1.0-24
- load trusted certs into ssl context prior to handshake
- client's logfile lives in ~/.sfi/sfi.log
self.user = None
self.authority = None
self.hashrequest = False
- #sfa_logger_goes_to_console()
- #self.logger=sfa_logger()
self.logger = _SfaLogger(self.sfi_dir + 'sfi.log', level = logging.INFO)
def create_cmd_parser(self, command, additional_cmdargs=None):
cert.set_issuer(k, self.user)
cert.sign()
self.logger.info("Writing self-signed certificate to %s"%cert_file)
- print "Writing self-signed certificate to %s"%cert_file
cert.save_to_file(cert_file)
self.cert = cert
# try to get registry issued cert
try:
self.logger.info("Getting Registry issued cert")
- print "Getting Registry issued cert"
self.read_config()
# *hack. need to set registyr before _get_gid() is called
self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, self.options)
self.logger.info("Writing certificate to %s"%cert_file)
gid.save_to_file(cert_file)
except:
-
- print "Failed to download Registry issued cert"
self.logger.info("Failed to download Registry issued cert")
return cert_file
hrn = self.user
gidfile = os.path.join(self.options.sfi_dir, hrn + ".gid")
+ print gidfile
gid = self.get_cached_gid(gidfile)
if not gid:
user_cred = self.get_user_cred()
"""
trusted_certs = self.registry.get_trusted_certs()
for trusted_cert in trusted_certs:
+ gid = GID(string=trusted_cert)
+ gid.dump()
cert = Certificate(string=trusted_cert)
self.logger.debug('Sfi.get_trusted_certs -> %r'%cert.get_subject())
return
# mmh, it is expected that all results carry the same urn
overall['geni_urn'] = results[0]['geni_urn']
-
- # consolidate geni_status - simple model using max on a total order
- states = [ 'ready', 'configuring', 'failed', 'unknown' ]
- # hash name to index
- shash = dict ( zip ( states, range(len(states)) ) )
- def combine_status (x,y):
- return shash [ max (shash(x),shash(y)) ]
- overall['geni_status'] = reduce (combine_status, [ result['geni_status'] for result in results], 'ready' )
-
- # {'ready':0,'configuring':1,'failed':2,'unknown':3}
+ overall['pl_login'] = results[0]['pl_login']
# append all geni_resources
overall['geni_resources'] = \
reduce (lambda x,y: x+y, [ result['geni_resources'] for result in results] , [])
+ overall['status'] = 'unknown'
+ if overall['geni_resources']:
+ overall['status'] = 'ready'
return overall
gid = GID(filename=gidfile)
gid.dump(dump_parents=True)
-def sign_gid(gid, parent_key, parent_gid):
- gid.set_issuer(parent_key, parent_gid.get_hrn())
- gid.set_parent(parent_gid)
- gid.set_intermediate_ca(True)
- gid.set_pubkey(gid.get_pubkey())
- gid.sign()
- return gid
-
def sign(options):
"""
Sign the specified gid
sys.exit(1)
gid = GID(filename=gidfile)
- # remove previous parent
- gid = GID(string=gid.save_to_string(save_parents=False))
-
- # load the parent private info
- authority = options.authority
- # if no pkey was specified, then use the this authority's key
- if not authority:
- authority = default_authority
-
- if not hierarchy.auth_exists(authority):
- print "no such authority: %s" % authority
-
- # load the parent gid and key
- auth_info = hierarchy.get_auth_info(authority)
- pkeyfile = auth_info.privkey_filename
- parent_key = Keypair(filename=pkeyfile)
- parent_gid = auth_info.gid_object
+ # extract pub_key and create new gid
+ pkey = gid.get_pubkey()
+ urn = gid.get_urn()
+ gid = hierarchy.create_gid(urn, create_uuid(), pkey)
# get the outfile
outfile = options.outfile
if not outfile:
outfile = os.path.abspath('./signed-%s.gid' % gid.get_hrn())
- # check if gid already has a parent
-
- # sign the gid
- if options.verbose:
- print "Signing %s gid with parent %s" % \
- (gid.get_hrn(), parent_gid.get_hrn())
- gid = sign_gid(gid, parent_key, parent_gid)
# save the signed gid
if options.verbose:
print "Writing signed gid %s" % outfile
if options.verbose:
print "Writing %s gid to %s" % (gid.get_hrn(), filename)
- # re-sign all existing gids signed by this authority
- # create a dictionary of records keyed on the record's authority
- record_dict = defaultdict(list)
- # only get regords that belong to this authority
- # or any of its sub authorities
- child_records = table.find({'hrn': '%s*' % gid.get_hrn()})
- if not child_records:
- return
-
- for record in child_records:
- record_dict[record['authority']].append(record)
-
- # start with the authority we just imported
- authorities = [gid.get_hrn()]
- while authorities:
- next_authorities = []
- for authority in authorities:
- # create a new signed gid for each record at this authority
- # and update the registry
- auth_info = hierarchy.get_auth_info(authority)
- records = record_dict[authority]
- for record in records:
- record_gid = GID(string=record['gid'])
- parent_pkey = Keypair(filename=auth_info.privkey_filename)
- parent_gid = GID(filename=auth_info.gid_filename)
- if options.verbose:
- print "re-signing %s gid with parent %s" % \
- (record['hrn'], parent_gid.get_hrn())
- signed_gid = sign_gid(record_gid, parent_pkey, parent_gid)
- record['gid'] = signed_gid.save_to_string(save_parents=True)
- table.update(record)
-
- # if this is an authority then update the hierarchy
- if record['type'] == 'authority':
- record_info = hierarchy.get_auth_info(record['hrn'])
- if options.verbose:
- print "Writing %s gid to %s" % (record['hrn'], record_info.gid_filename)
- signed_gid.save_to_file(filename=record_info.gid_filename, save_parents=True)
-
- # update list of next authorities
- tmp_authorities = set([record['hrn'] for record in records \
- if record['type'] == 'authority'])
- next_authorities.extend(tmp_authorities)
-
- # move on to next set of authorities
- authorities = next_authorities
+ # ending here
+ return
if __name__ == '__main__':
main()