--- /dev/null
+import os
+
+from sfa.util.config import Config
+from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
+
+from sfa.trust.gid import create_uuid
+from sfa.trust.certificate import convert_public_key, Keypair
+
+from sfa.storage.alchemy import dbsession
+from sfa.storage.model import RegRecord, RegAuthority, RegSlice, RegNode, RegUser, RegKey
+
+class Importer:
+
+ def __init__ (self, auth_hierarchy, logger):
+ self.auth_hierarchy = auth_hierarchy
+ self.logger=logger
+
+ def add_options (self, parser):
+ # We don't have any options for now
+ pass
+
+ # hrn hash is initialized from current db
+ # remember just-created records as we go
+ # xxx might make sense to add a UNIQUE constraint in the db itself
+ def remember_record_by_hrn (self, record):
+ tuple = (record.type, record.hrn)
+ if tuple in self.records_by_type_hrn:
+ self.logger.warning ("Importer.remember_record_by_hrn: duplicate (%s,%s)"%tuple)
+ return
+ self.records_by_type_hrn [ tuple ] = record
+
+ # ditto for pointer hash
+ def remember_record_by_pointer (self, record):
+ if record.pointer == -1:
+ self.logger.warning ("Importer.remember_record_by_pointer: pointer is void")
+ return
+ tuple = (record.type, record.pointer)
+ if tuple in self.records_by_type_pointer:
+ self.logger.warning ("Importer.remember_record_by_pointer: duplicate (%s,%s)"%tuple)
+ return
+ self.records_by_type_pointer [ ( record.type, record.pointer,) ] = record
+
+ def remember_record (self, record):
+ self.remember_record_by_hrn (record)
+ self.remember_record_by_pointer (record)
+
+ def locate_by_type_hrn (self, type, hrn):
+ return self.records_by_type_hrn.get ( (type, hrn), None)
+
+ def locate_by_type_pointer (self, type, pointer):
+ return self.records_by_type_pointer.get ( (type, pointer), None)
+
+ ############################################################################
+ # Object import functions (authorities, resources, users, slices)
+ #
+
+ def import_auth(self, auth, parent_auth_hrn):
+ """
+ @return HRN of the newly created authority
+ """
+ auth_hrn = self.get_auth_naming(auth, parent_auth_hrn)
+ auth_urn = hrn_to_urn(auth_hrn, 'authority')
+
+ # import if hrn is not in list of existing hrns or if the hrn exists
+ # but its not a auth record
+ auth_record=self.locate_by_type_hrn ('authority', auth_hrn)
+ if not auth_record:
+ try:
+ # We ensure the parent is created through the root
+ #if not self.auth_hierarchy.auth_exists(auth_urn):
+ # self.auth_hierarchy.create_auth(auth_urn)
+ auth_info = self.auth_hierarchy.get_auth_info(auth_urn)
+ auth_record = RegAuthority(hrn = auth_hrn, gid = auth_info.get_gid_object(),
+ pointer = 0,
+ authority = get_authority(auth_hrn))
+ auth_record.just_created()
+ dbsession.add(auth_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported authority (auth) : %s" % auth_record)
+ self.remember_record (auth_record)
+ except Exception, e:
+ # if the auth import fails then there is no point in trying to import the
+ # auth's child records (node, slices, persons), so skip them.
+ raise Exception, "Importer: failed to import auth. Skipping child records : %s" % e
+ else:
+ # xxx update the record ...
+ pass
+ auth_record.stale=False
+
+ return auth_hrn
+
+ def import_resource(self, resource, parent_auth_hrn):
+ """
+ @return HRN of the newly created resource
+ """
+ resource_hrn = self.get_resource_naming(resource, parent_auth_hrn)
+ resource_urn = hrn_to_urn(resource_hrn, 'node')
+
+ resource_record = self.locate_by_type_hrn ('node', resource_hrn )
+ if not resource_record:
+ try:
+ pkey = Keypair(create=True)
+ resource_gid = self.auth_hierarchy.create_gid(resource_urn, create_uuid(), pkey)
+ resource_record = RegNode (hrn = resource_hrn, gid = resource_gid,
+ pointer = resource['id'],
+ authority = get_authority(resource_hrn))
+ resource_record.just_created()
+ dbsession.add(resource_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported resource: %s" % resource_record)
+ self.remember_record (resource_record)
+ except:
+ self.logger.log_exc("Importer: failed to import resource")
+ else:
+ # xxx update the record ...
+ pass
+
+ resource_record.stale=False
+
+ return resource_hrn
+
+ def init_user_key(self, user):
+ pubkey = None
+ pkey = None
+ if user['keys']:
+ # pick first working key in set
+ for pubkey in user['keys']:
+ try:
+ pkey = convert_public_key(pubkey)
+ break
+ except:
+ continue
+ if not pkey:
+ self.logger.warn('Importer: unable to convert public key for %s' % user_hrn)
+ pkey = Keypair(create=True)
+ else:
+ # the user has no keys. Creating a random keypair for the user's gid
+ self.logger.warn("Importer: user %s does not have a public key on the testbed"%user_hrn)
+ pkey = Keypair(create=True)
+ return (pubkey, pkey)
+
+ def import_user(self, user, parent_auth_hrn):
+ """
+ @return HRN of the newly created user
+ """
+ user_hrn = self.get_user_naming(user, parent_auth_hrn)
+ user_urn = hrn_to_urn(user_hrn, 'user')
+
+ # return a tuple pubkey (a public key) and pkey (a Keypair object)
+
+ user_record = self.locate_by_type_hrn ( 'user', user_hrn)
+ try:
+ if not user_record:
+ (pubkey,pkey) = self.init_user_key (user)
+ user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
+ user_gid.set_email(user['email'])
+ user_record = RegUser(hrn = user_hrn, gid = user_gid,
+ pointer = user['id'],
+ authority = get_authority(user_hrn),
+ email = user['email'])
+ if pubkey:
+ user_record.reg_keys=[RegKey(pubkey)]
+ else:
+ self.logger.warning("No key found for user %s" % user_record)
+ user_record.just_created()
+ dbsession.add (user_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported user: %s" % user_record)
+ self.remember_record ( user_record )
+ else:
+ # update the record ?
+ # if user's primary key has changed then we need to update the
+ # users gid by forcing an update here
+ sfa_keys = user_record.reg_keys
+ def key_in_list (key,sfa_keys):
+ for reg_key in sfa_keys:
+ if reg_key.key==key: return True
+ return False
+ # is there a new key ? XXX understand ?
+ new_keys=False
+ for key in user['keys']:
+ if not key_in_list (key,sfa_keys):
+ new_keys = True
+ if new_keys:
+ (pubkey,pkey) = init_user_key (user)
+ user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
+ if not pubkey:
+ user_record.reg_keys=[]
+ else:
+ user_record.reg_keys=[ RegKey (pubkey)]
+ self.logger.info("Importer: updated user: %s" % user_record)
+ user_record.email = user['email']
+ dbsession.commit()
+ user_record.stale=False
+ except:
+ self.logger.log_exc("Importer: failed to import user %s %s"%(user['id'],user['email']))
+
+ return user_hrn
+
+ def import_slice(self, slice, parent_auth_hrn):
+ """
+ @return HRN of the newly created slice
+ """
+ slice_hrn = self.get_slice_naming(slice, parent_auth_hrn)
+ slice_urn = hrn_to_urn(slice_hrn, 'slice')
+
+ slice_record = self.locate_by_type_hrn ('slice', slice_hrn)
+ if not slice_record:
+ try:
+ pkey = Keypair(create=True)
+ slice_gid = self.auth_hierarchy.create_gid(slice_urn, create_uuid(), pkey)
+ slice_record = RegSlice (hrn=slice_hrn, gid=slice_gid,
+ pointer=slice['id'],
+ authority=get_authority(slice_hrn))
+ slice_record.just_created()
+ dbsession.add(slice_record)
+ dbsession.commit()
+ self.logger.info("Importer: imported slice: %s" % slice_record)
+ self.remember_record ( slice_record )
+ except:
+ self.logger.log_exc("Importer: failed to import slice")
+ else:
+ # xxx update the record ...
+ self.logger.warning ("Slice update not yet implemented")
+ pass
+ # record current users affiliated with the slice
+ slice_record.reg_researchers = \
+ [ self.locate_by_type_pointer ('user',int(id)) for id in slice['user_ids'] ]
+ dbsession.commit()
+ slice_record.stale=False
+
+ return slice_hrn
+
+ ############################################################################
+ # Recursive import
+ #
+ def import_auth_rec(self, auth, parent=None):
+ """
+ Import authority and related objects (resources, users, slices), then
+ recurse through all subauthorities.
+
+ @param auth authority to be processed.
+ @return 1 if successful, exception otherwise
+ """
+
+ # Create entry for current authority
+ try:
+ auth_hrn = self.import_auth(auth, parent)
+
+ # Import objects related to current authority
+ if auth['resource_ids']:
+ for resource_id in auth['resource_ids']:
+ self.import_resource(self.resources_by_id[resource_id], auth_hrn)
+ if auth['user_ids']:
+ for user_id in auth['user_ids']:
+ self.import_user(self.users_by_id[user_id], auth_hrn)
+ if auth['slice_ids']:
+ for slice_id in auth['slice_ids']:
+ self.import_slice(self.slices_by_id[slice_id], auth_hrn)
+
+ # Recursive import of subauthorities
+ if auth['auth_ids']:
+ for auth_id in auth['auth_ids']:
+ self.import_auth_rec(self.authorities_by_id[auth_id], auth_hrn)
+ except Exception, e:
+ self.logger.log_exc(e)
+ pass
+
+ def locate_by_type_hrn (self, type, hrn):
+ return self.records_by_type_hrn.get ( (type, hrn), None)
+
+ ############################################################################
+ # Main processing function
+ #
+ def run (self, options):
+ config = Config ()
+ interface_hrn = config.SFA_INTERFACE_HRN
+ root_auth = config.SFA_REGISTRY_ROOT_AUTH
+ # <mytestbed> shell = NitosShell (config)
+
+ ######## retrieve all existing SFA objects
+ all_records = dbsession.query(RegRecord).all()
+
+ # create hash by (type,hrn)
+ # we essentially use this to know if a given record is already known to SFA
+ self.records_by_type_hrn = \
+ dict ( [ ( (record.type, record.hrn) , record ) for record in all_records ] )
+ # create hash by (type,pointer)
+ self.records_by_type_pointer = \
+ dict ( [ ( (record.type, record.pointer) , record ) for record in all_records
+ if record.pointer != -1] )
+
+ # initialize record.stale to True by default, then mark stale=False on the ones that are in use
+ for record in all_records: record.stale=True
+
+ ######## Data collection
+
+ # Here we make the adaptation between the testbed API, and dictionaries with required fields
+
+ # AUTHORITIES
+ authorities = self.get_authorities()
+ self.authorities_by_id = {}
+ if authorities:
+ self.authorities_by_id = dict([(auth['id'], auth) for auth in authorities])
+
+ # USERS & KEYS
+ users = self.get_users()
+ self.users_by_id = {}
+ self.keys_by_id = {}
+ if users:
+ self.users_by_id = dict ( [ ( user['id'], user) for user in users ] )
+ self.keys_by_id = dict ( [ ( user['id'], user['keys']) for user in users ] )
+
+ # RESOURCES
+ resources = self.get_resources()
+ self.resources_by_id = {}
+ if resources:
+ self.resources_by_id = dict ( [ (resource['id'], resource) for resource in resources ] )
+
+ # SLICES
+ slices = self.get_slices()
+ self.slices_by_id = {}
+ if slices:
+ self.slices_by_id = dict ( [ (slice['id'], slice) for slice in slices ] )
+
+ ######## Import process
+
+ if authorities:
+ # Everybody belongs to sub-authorities, and we rely on the different
+ # subauthorities to give appropriate pointers to objects.
+ root = {
+ 'id': 0,
+ 'name': interface_hrn,
+ 'auth_ids': self.authorities_by_id.keys(),
+ 'user_ids': None,
+ 'resource_ids': None,
+ 'slice_ids': None
+ }
+ else:
+ # We create a root authority with all objects linked to it.
+ root = {
+ 'id': 0,
+ 'name': interface_hrn,
+ 'auth_ids': self.authorities_by_id.keys(),
+ 'user_ids': self.users_by_id.keys(),
+ 'resource_ids': self.resources_by_id.keys(),
+ 'slice_ids': self.slices_by_id.keys()
+ }
+
+ # Recurse through authorities and import the different objects
+ self.import_auth_rec(root)
+
+ ######## Remove stale records
+
+ # special records must be preserved
+ system_hrns = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
+ for record in all_records:
+ if record.hrn in system_hrns:
+ record.stale=False
+ if record.peer_authority:
+ record.stale=False
+
+ for record in all_records:
+ try:
+ stale = record.stale
+ except:
+ stale = True
+ self.logger.warning("stale not found with %s"%record)
+ if stale:
+ self.logger.info("Importer: deleting stale record: %s" % record)
+ dbsession.delete(record)
+ dbsession.commit()
+
+ ############################################################################
+ # Testbed specific functions
+
+ # OBJECTS
+
+ def get_authorities(self):
+ raise Exception, "Not implemented"
+
+ def get_resources(self):
+ raise Exception, "Not implemented"
+
+ def get_users(self):
+ raise Exception, "Not implemented"
+
+ def get_slices(self):
+ raise Exception, "Not implemented"
+
+ # NAMING
+
+ def get_auth_naming(self, site, interface_hrn):
+ raise Exception, "Not implemented"
+
+ def get_resource_naming(self, site, node):
+ raise Exception, "Not implemented"
+
+ def get_user_naming(self, site, user):
+ raise Exception, "Not implemented"
+
+ def get_slice_naming(self, site, slice):
+ raise Exception, "Not implemented"
+
+if __name__ == "__main__":
+ from sfa.util.sfalogging import logger
+ importer = Importer("mytestbed", logger)
+ importer.run(None)