Merge branch 'master' of git://git.onelab.eu/sfa into upmc

diff --git a/LICENSE.txt b/LICENSE.txt
index 08f6d5d..8c72287 100644 (file)
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,4 +1,5 @@
-Copyright (c) 2008 Board of Trustees, Princeton University
+Copyright (c) 2008-2013 Board of Trustees, Princeton University
+Copyright (c) 2010-2013 INRIA, Institut National d'Informatique et Automatique
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and/or hardware specification (the “Work”) to

diff --git a/init.d/sfa-cm b/init.d/sfa-cm
index cdddf8b..aaa5b3b 100755 (executable)
--- a/init.d/sfa-cm
+++ b/init.d/sfa-cm
@@ -7,8 +7,12 @@
 # description:   Wraps PLCAPI into the SFA compliant API
 #
 
+echo "sfa-cm is no longer supported"
+echo "you should consider rpm -e sfa-cm"
+exit 1
+
 # Source config
-. /etc/sfa/sfa_config
+[ -f /etc/sfa/sfa_config.sh ] && . /etc/sfa/sfa_config.sh
 
 # source function library
 . /etc/init.d/functions

diff --git a/sfa.spec b/sfa.spec
index 18251d3..6c4f2ff 100644 (file)
--- a/sfa.spec
+++ b/sfa.spec
@@ -1,6 +1,6 @@
 %define name sfa
 %define version 2.1
-%define taglevel 20
+%define taglevel 22
 
 %define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
 %global python_sitearch        %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
@@ -270,6 +270,18 @@ fi
 [ "$1" -ge "1" ] && service sfa-cm restart || :
 
 %changelog
+* Sun Dec 16 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-22
+- suited (and required) to run with plcapi-5.1-5 b/c of changes to AddPerson
+- tweaks in nitos importer
+- improvements to sfaadmin check-gid
+
+* Tue Dec 11 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-21
+- PL importer: minor fixes for corner cases
+- PL importer: also handles last_updated more accurately
+- sfi update can be used to select a key among several in PL
+- sfi add/update usage message fixes (no more record)
+- new feature sfaadmin registry check_gid [-a]
+
 * Mon Dec 03 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-20
 - fix 2 major bugs in PL importer
 - esp. wrt GID management against PLC key

diff --git a/sfa/client/sfaadmin.py b/sfa/client/sfaadmin.py
index ffe7a4b..48fe4c3 100755 (executable)
--- a/sfa/client/sfaadmin.py
+++ b/sfa/client/sfaadmin.py
@@ -11,6 +11,7 @@ from sfa.storage.record import Record
 from sfa.client.sfi import save_records_to_file
 from sfa.trust.hierarchy import Hierarchy
 from sfa.trust.gid import GID
+from sfa.trust.certificate import convert_public_key
 
 from sfa.client.candidates import Candidates
 
@@ -110,6 +111,75 @@ class RegistryCommands(Commands):
             record_dict['pi'] = pis
         return record_dict
 
+
+    @args('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn', default=None)
+    @args('-t', '--type', dest='type', metavar='<type>', help='object type (mandatory)',)
+    @args('-a', '--all', dest='all', metavar='<all>', action='store_true', default=False, help='check all users GID')
+    @args('-v', '--verbose', dest='verbose', metavar='<verbose>', action='store_true', default=False, help='verbose mode: display user\'s hrn ')
+    def check_gid(self, xrn=None, type=None, all=None, verbose=None):
+        """Check the correspondance between the GID and the PubKey"""
+
+        # db records
+        from sfa.storage.alchemy import dbsession
+        from sfa.storage.model import RegRecord
+        db_query = dbsession.query(RegRecord).filter_by(type=type)
+        if xrn and not all:
+            hrn = Xrn(xrn).get_hrn()
+            db_query = db_query.filter_by(hrn=hrn)
+        elif all and xrn:
+            print "Use either -a or -x <xrn>, not both !!!"
+            sys.exit(1)
+        elif not all and not xrn:
+            print "Use either -a or -x <xrn>, one of them is mandatory !!!"
+            sys.exit(1)
+
+        records = db_query.all()
+        if not records:
+            print "No Record found"
+            sys.exit(1)
+
+        OK = []
+        NOK = []
+        ERROR = []
+        NOKEY = []
+        for record in records:
+             # get the pubkey stored in SFA DB
+             if record.reg_keys:
+                 db_pubkey_str = record.reg_keys[0].key
+                 try:
+                   db_pubkey_obj = convert_public_key(db_pubkey_str)
+                 except:
+                   ERROR.append(record.hrn)
+                   continue
+             else:
+                 NOKEY.append(record.hrn)
+                 continue
+
+             # get the pubkey from the gid
+             gid_str = record.gid
+             gid_obj = GID(string = gid_str)
+             gid_pubkey_obj = gid_obj.get_pubkey()
+
+             # Check if gid_pubkey_obj and db_pubkey_obj are the same
+             check = gid_pubkey_obj.is_same(db_pubkey_obj)
+             if check :
+                 OK.append(record.hrn)
+             else:
+                 NOK.append(record.hrn)
+
+        if not verbose:
+            print "Users NOT having a PubKey: %s\n\
+Users having a non RSA PubKey: %s\n\
+Users having a GID/PubKey correpondence OK: %s\n\
+Users having a GID/PubKey correpondence Not OK: %s\n"%(len(NOKEY), len(ERROR), len(OK), len(NOK))
+        else:
+            print "Users NOT having a PubKey: %s and are: \n%s\n\n\
+Users having a non RSA PubKey: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n"%(len(NOKEY),NOKEY, len(ERROR), ERROR, len(OK), OK, len(NOK), NOK)
+
+
+
     @args('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn (mandatory)') 
     @args('-t', '--type', dest='type', metavar='<type>', help='object type', default=None) 
     @args('-e', '--email', dest='email', default="",

diff --git a/sfa/importer/nitosimporter.py b/sfa/importer/nitosimporter.py
index 080417d..78bccc4 100644 (file)
--- a/sfa/importer/nitosimporter.py
+++ b/sfa/importer/nitosimporter.py
@@ -245,15 +245,20 @@ class NitosImporter:
                         # if user's primary key has changed then we need to update the 
                         # users gid by forcing an update here
                         sfa_keys = user_record.reg_keys
-                        def key_in_list (key,sfa_keys):
-                            for reg_key in sfa_keys:
-                                if reg_key.key==key: return True
+
+                        def sfa_key_in_list (sfa_key,nitos_user_keys):
+                            for nitos_key in nitos_user_keys:
+                                if nitos_key==sfa_key: return True
                             return False
-                        # is there a new key in NITOS ?
+                        # are all the SFA keys known to nitos ?
                         new_keys=False
-                        for key in user['keys']:
-                            if not key_in_list (key,sfa_keys):
-                                new_keys = True
+                        if not sfa_keys and user['keys']:
+                            new_keys = True
+                        else:
+                            for sfa_key in sfa_keys:
+                                 if not sfa_key_in_list (sfa_key.key,user['keys']):
+                                     new_keys = True
+
                         if new_keys:
                             (pubkey,pkey) = init_user_key (user)
                             user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
@@ -261,6 +266,8 @@ class NitosImporter:
                                 user_record.reg_keys=[]
                             else:
                                 user_record.reg_keys=[ RegKey (pubkey)]
+                            user_record.gid = user_gid
+                            user_record.just_updated()
                             self.logger.info("NitosImporter: updated user: %s" % user_record)
                     user_record.email = user['email']
                     dbsession.commit()
@@ -319,8 +326,3 @@ class NitosImporter:
                 dbsession.commit()
 
 
-
-if __name__ == "__main__":
-       from sfa.util.sfalogging import logger
-       nitosimporter = NitosImporter("pla.nitos", logger)
-       nitosimporter.run(None)

diff --git a/sfa/importer/plimporter.py b/sfa/importer/plimporter.py
index eeab8b6..94854ae 100644 (file)
--- a/sfa/importer/plimporter.py
+++ b/sfa/importer/plimporter.py
@@ -354,6 +354,7 @@ class PlImporter:
                             else:
                                 user_record.reg_keys=[ RegKey (pubkey['key'], pubkey['key_id'])]
                             user_record.gid = person_gid
+                            user_record.just_updated()
                             self.logger.info("PlImporter: updated person: %s" % user_record)
                     user_record.email = person['email']
                     dbsession.commit()

diff --git a/sfa/planetlab/plaggregate.py b/sfa/planetlab/plaggregate.py
index a16bf67..47c637b 100644 (file)
--- a/sfa/planetlab/plaggregate.py
+++ b/sfa/planetlab/plaggregate.py
@@ -238,7 +238,8 @@ class PlAggregate:
                 rspec_node['interfaces'].append(interface)
                 if_count+=1
 
-            tags = [PLTag(node_tags[tag_id]) for tag_id in node['node_tag_ids']]
+            tags = [PLTag(node_tags[tag_id]) for tag_id in node['node_tag_ids']\
+                    if tag_id in node_tags]
             rspec_node['tags'] = tags
             if node['node_id'] in slivers:
                 # add sliver info

diff --git a/sfa/planetlab/pldriver.py b/sfa/planetlab/pldriver.py
index 9274f39..c3d14ea 100644 (file)
--- a/sfa/planetlab/pldriver.py
+++ b/sfa/planetlab/pldriver.py
@@ -94,7 +94,10 @@ class PlDriver (Driver):
             if not persons:
                 for key in ['first_name','last_name']:
                     if key not in sfa_record: sfa_record[key]='*from*sfa*'
-                pointer = self.shell.AddPerson(dict(sfa_record))
+                # AddPerson does not allow everything to be set
+                can_add = ['first_name', 'last_name', 'title','email', 'password', 'phone', 'url', 'bio']
+                add_person_dict=dict ( [ (k,sfa_record[k]) for k in sfa_record if k in can_add ] )
+                pointer = self.shell.AddPerson(add_person_dict)
             else:
                 pointer = persons[0]['person_id']