-Copyright (c) 2008 Board of Trustees, Princeton University
+Copyright (c) 2008-2013 Board of Trustees, Princeton University
+Copyright (c) 2010-2013 INRIA, Institut National d'Informatique et Automatique
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and/or hardware specification (the “Work”) to
# description: Wraps PLCAPI into the SFA compliant API
#
+echo "sfa-cm is no longer supported"
+echo "you should consider rpm -e sfa-cm"
+exit 1
+
# Source config
-. /etc/sfa/sfa_config
+[ -f /etc/sfa/sfa_config.sh ] && . /etc/sfa/sfa_config.sh
# source function library
. /etc/init.d/functions
%define name sfa
%define version 2.1
-%define taglevel 20
+%define taglevel 22
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
%global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
[ "$1" -ge "1" ] && service sfa-cm restart || :
%changelog
+* Sun Dec 16 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-22
+- suited (and required) to run with plcapi-5.1-5 b/c of changes to AddPerson
+- tweaks in nitos importer
+- improvements to sfaadmin check-gid
+
+* Tue Dec 11 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-21
+- PL importer: minor fixes for corner cases
+- PL importer: also handles last_updated more accurately
+- sfi update can be used to select a key among several in PL
+- sfi add/update usage message fixes (no more record)
+- new feature sfaadmin registry check_gid [-a]
+
* Mon Dec 03 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-20
- fix 2 major bugs in PL importer
- esp. wrt GID management against PLC key
from sfa.client.sfi import save_records_to_file
from sfa.trust.hierarchy import Hierarchy
from sfa.trust.gid import GID
+from sfa.trust.certificate import convert_public_key
from sfa.client.candidates import Candidates
record_dict['pi'] = pis
return record_dict
+
+ @args('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn', default=None)
+ @args('-t', '--type', dest='type', metavar='<type>', help='object type (mandatory)',)
+ @args('-a', '--all', dest='all', metavar='<all>', action='store_true', default=False, help='check all users GID')
+ @args('-v', '--verbose', dest='verbose', metavar='<verbose>', action='store_true', default=False, help='verbose mode: display user\'s hrn ')
+ def check_gid(self, xrn=None, type=None, all=None, verbose=None):
+ """Check the correspondance between the GID and the PubKey"""
+
+ # db records
+ from sfa.storage.alchemy import dbsession
+ from sfa.storage.model import RegRecord
+ db_query = dbsession.query(RegRecord).filter_by(type=type)
+ if xrn and not all:
+ hrn = Xrn(xrn).get_hrn()
+ db_query = db_query.filter_by(hrn=hrn)
+ elif all and xrn:
+ print "Use either -a or -x <xrn>, not both !!!"
+ sys.exit(1)
+ elif not all and not xrn:
+ print "Use either -a or -x <xrn>, one of them is mandatory !!!"
+ sys.exit(1)
+
+ records = db_query.all()
+ if not records:
+ print "No Record found"
+ sys.exit(1)
+
+ OK = []
+ NOK = []
+ ERROR = []
+ NOKEY = []
+ for record in records:
+ # get the pubkey stored in SFA DB
+ if record.reg_keys:
+ db_pubkey_str = record.reg_keys[0].key
+ try:
+ db_pubkey_obj = convert_public_key(db_pubkey_str)
+ except:
+ ERROR.append(record.hrn)
+ continue
+ else:
+ NOKEY.append(record.hrn)
+ continue
+
+ # get the pubkey from the gid
+ gid_str = record.gid
+ gid_obj = GID(string = gid_str)
+ gid_pubkey_obj = gid_obj.get_pubkey()
+
+ # Check if gid_pubkey_obj and db_pubkey_obj are the same
+ check = gid_pubkey_obj.is_same(db_pubkey_obj)
+ if check :
+ OK.append(record.hrn)
+ else:
+ NOK.append(record.hrn)
+
+ if not verbose:
+ print "Users NOT having a PubKey: %s\n\
+Users having a non RSA PubKey: %s\n\
+Users having a GID/PubKey correpondence OK: %s\n\
+Users having a GID/PubKey correpondence Not OK: %s\n"%(len(NOKEY), len(ERROR), len(OK), len(NOK))
+ else:
+ print "Users NOT having a PubKey: %s and are: \n%s\n\n\
+Users having a non RSA PubKey: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n"%(len(NOKEY),NOKEY, len(ERROR), ERROR, len(OK), OK, len(NOK), NOK)
+
+
+
@args('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)')
@args('-t', '--type', dest='type', metavar='<type>', help='object type', default=None)
@args('-e', '--email', dest='email', default="",
# if user's primary key has changed then we need to update the
# users gid by forcing an update here
sfa_keys = user_record.reg_keys
- def key_in_list (key,sfa_keys):
- for reg_key in sfa_keys:
- if reg_key.key==key: return True
+
+ def sfa_key_in_list (sfa_key,nitos_user_keys):
+ for nitos_key in nitos_user_keys:
+ if nitos_key==sfa_key: return True
return False
- # is there a new key in NITOS ?
+ # are all the SFA keys known to nitos ?
new_keys=False
- for key in user['keys']:
- if not key_in_list (key,sfa_keys):
- new_keys = True
+ if not sfa_keys and user['keys']:
+ new_keys = True
+ else:
+ for sfa_key in sfa_keys:
+ if not sfa_key_in_list (sfa_key.key,user['keys']):
+ new_keys = True
+
if new_keys:
(pubkey,pkey) = init_user_key (user)
user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
user_record.reg_keys=[]
else:
user_record.reg_keys=[ RegKey (pubkey)]
+ user_record.gid = user_gid
+ user_record.just_updated()
self.logger.info("NitosImporter: updated user: %s" % user_record)
user_record.email = user['email']
dbsession.commit()
dbsession.commit()
-
-if __name__ == "__main__":
- from sfa.util.sfalogging import logger
- nitosimporter = NitosImporter("pla.nitos", logger)
- nitosimporter.run(None)
else:
user_record.reg_keys=[ RegKey (pubkey['key'], pubkey['key_id'])]
user_record.gid = person_gid
+ user_record.just_updated()
self.logger.info("PlImporter: updated person: %s" % user_record)
user_record.email = person['email']
dbsession.commit()
rspec_node['interfaces'].append(interface)
if_count+=1
- tags = [PLTag(node_tags[tag_id]) for tag_id in node['node_tag_ids']]
+ tags = [PLTag(node_tags[tag_id]) for tag_id in node['node_tag_ids']\
+ if tag_id in node_tags]
rspec_node['tags'] = tags
if node['node_id'] in slivers:
# add sliver info
if not persons:
for key in ['first_name','last_name']:
if key not in sfa_record: sfa_record[key]='*from*sfa*'
- pointer = self.shell.AddPerson(dict(sfa_record))
+ # AddPerson does not allow everything to be set
+ can_add = ['first_name', 'last_name', 'title','email', 'password', 'phone', 'url', 'bio']
+ add_person_dict=dict ( [ (k,sfa_record[k]) for k in sfa_record if k in can_add ] )
+ pointer = self.shell.AddPerson(add_person_dict)
else:
pointer = persons[0]['person_id']