--- /dev/null
+#!/usr/bin/python
+#
+##
+# Import PLC records into the SFA database. It is indended that this tool be
+# run once to create SFA records that reflect the current state of the
+# planetlab database.
+#
+# The import tool assumes that the existing PLC hierarchy should all be part
+# of "planetlab.us" (see the root_auth and level1_auth variables below).
+#
+# Public keys are extracted from the users' SSH keys automatically and used to
+# create GIDs. This is relatively experimental as a custom tool had to be
+# written to perform conversion from SSH to OpenSSL format. It only supports
+# RSA keys at this time, not DSA keys.
+##
+
+import os
+import getopt
+import sys
+
+from sfa.util.config import Config
+from sfa.util.xrn import Xrn, get_leaf, get_authority, hrn_to_urn
+from sfa.util.plxrn import hostname_to_hrn, slicename_to_hrn, email_to_hrn, hrn_to_pl_slicename
+from sfa.storage.table import SfaTable
+from sfa.storage.record import SfaRecord
+from sfa.trust.certificate import convert_public_key, Keypair
+from sfa.trust.gid import create_uuid
+from sfa.importer.sfaImport import sfaImport, _cleanup_string
+from sfa.util.sfalogging import logger
+try:
+ from nova.auth.manager import AuthManager, db, context
+except ImportError:
+ AuthManager = None
+
+
+def process_options():
+
+ (options, args) = getopt.getopt(sys.argv[1:], '', [])
+ for opt in options:
+ name = opt[0]
+ val = opt[1]
+
+
+def load_keys(filename):
+ keys = {}
+ tmp_dict = {}
+ try:
+ execfile(filename, tmp_dict)
+ if 'keys' in tmp_dict:
+ keys = tmp_dict['keys']
+ return keys
+ except:
+ return keys
+
+def save_keys(filename, keys):
+ f = open(filename, 'w')
+ f.write("keys = %s" % str(keys))
+ f.close()
+
+def main():
+
+ process_options()
+ config = Config()
+ sfaImporter = sfaImport()
+ logger=sfaImporter.logger
+ logger.setLevelFromOptVerbose(config.SFA_API_LOGLEVEL)
+ if not config.SFA_REGISTRY_ENABLED:
+ sys.exit(0)
+ root_auth = config.SFA_REGISTRY_ROOT_AUTH
+ interface_hrn = config.SFA_INTERFACE_HRN
+ if AuthManager:
+ auth_manager = AuthManager()
+ else:
+ logger.info("Unable to import nova.auth.manager. Doesn't look like openstack-copute is installed. Exiting...")
+ sys.exit(0)
+ sfaImporter.create_top_level_records()
+
+ # create dict of all existing sfa records
+ existing_records = {}
+ existing_hrns = []
+ key_ids = []
+ table = SfaTable()
+ results = table.find()
+ for result in results:
+ existing_records[(result['hrn'], result['type'])] = result
+ existing_hrns.append(result['hrn'])
+
+
+ # Get all users
+ persons = auth_manager.get_users()
+ persons_dict = {}
+ keys_filename = config.config_path + os.sep + 'person_keys.py'
+ old_person_keys = load_keys(keys_filename)
+ person_keys = {}
+ for person in persons:
+ hrn = config.SFA_INTERFACE_HRN + "." + person.id
+ old_keys = old_person_keys.get(person.id, [])
+ keys = db.key_pair_get_all_by_user(context.get_admin_context(), person.id)
+ person_keys[person.id] = [key.public_key for key in keys]
+ update_record = False
+ if old_keys != keys:
+ update_record = True
+ if hrn not in existing_hrns or \
+ (hrn, 'user') not in existing_records or update_record:
+ urn = hrn_to_urn(hrn, 'user')
+ if keys:
+ try:
+ pkey = convert_public_key(key)
+ except:
+ logger.warn('unable to convert public key for %s' % hrn)
+ pkey = Keypair(create=True)
+ else:
+ logger.warn("Import: person %s does not have a PL public key"%hrn)
+ pkey = Keypair(create=True)
+ person_gid = sfaImporter.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
+ person_record = SfaRecord(hrn=hrn, gid=person_gid, type="user", \
+ authority=get_authority(hrn))
+ persons_dict[person_record['hrn']] = person_record
+ person_record.sync()
+
+ # Get all projects
+ projects = db.project_get_all(context.get_admin_context())
+ projects_dict = {}
+ for project in projects:
+ hrn = config.SFA_INTERFACE_HRN + '.' + project.id
+ if hrn not in existing_hrns or \
+ (hrn, 'slice') not in existing_records:
+ pkey = Keypair(create=True)
+ urn = hrn_to_urn(hrn, 'slice')
+ project_gid = sfaImporter.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
+ project_record = SfaRecord(hrn=hrn, gid=project_gid, type="slice",
+ authority=get_authority(hrn))
+ projects_dict[project_record['hrn']] = project_record
+ project_record.sync(verbose=True)
+
+ # remove stale records
+ system_records = [interface_hrn, root_auth, interface_hrn + '.slicemanager']
+ for (record_hrn, type) in existing_records.keys():
+ if record_hrn in system_records:
+ continue
+
+ record = existing_records[(record_hrn, type)]
+ if record['peer_authority']:
+ continue
+
+ if type == 'user':
+ if record_hrn in persons_dict:
+ continue
+ elif type == 'slice':
+ if record_hrn in projects_dict:
+ continue
+ else:
+ continue
+
+ record_object = existing_records[(record_hrn, type)]
+ record = SfaRecord(dict=record_object)
+ record.delete()
+
+ # save pub keys
+ logger.info('Import: saving current pub keys')
+ save_keys(keys_filename, person_keys)
+
+if __name__ == "__main__":
+ main()
git://git.onelab.eu / sfa.git / commitdiff