From: Sandrine Avakian Date: Wed, 29 Feb 2012 12:33:11 +0000 (+0100) Subject: Merge branch 'master' into senslab2 X-Git-Tag: sfa-2.1-24~3^2~215 X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=3d51e29695f79b143974f5cf7b2e104d89626ba4;hp=-c Merge branch 'master' into senslab2 Conflicts: sfa/server/sfa-start.py --- 3d51e29695f79b143974f5cf7b2e104d89626ba4 diff --combined setup.py index 41331def,4c20ceeb..97e0758f --- a/setup.py +++ b/setup.py @@@ -13,11 -13,10 +13,10 @@@ scripts = glob("sfa/clientbin/*.py") + [ 'config/sfa-config-tty', 'config/gen-sfa-cm-config.py', - 'sfa/importer/sfa-import-plc.py', - 'sfa/importer/sfa-nuke-plc.py', + 'sfa/importer/sfa-import.py', + 'sfa/importer/sfa-nuke.py', 'sfa/server/sfa-ca.py', 'sfa/server/sfa-start.py', - 'sfa/server/sfa-clean-peer-records.py', 'sfa/server/sfa_component_setup.py', 'sfatables/sfatables', 'keyconvert/keyconvert.py', @@@ -37,7 -36,6 +36,7 @@@ packages = 'sfa/managers', 'sfa/importer', 'sfa/plc', + 'sfa/senslab', 'sfa/rspecs', 'sfa/rspecs/elements', 'sfa/rspecs/elements/versions', @@@ -65,7 -63,8 +64,8 @@@ data_files = [ ('/etc/sfa/', [ 'config/ ('/etc/sfatables/matches/', glob('sfatables/matches/*.xml')), ('/etc/sfatables/targets/', glob('sfatables/targets/*.xml')), ('/etc/init.d/', [ "init.d/%s"%x for x in initscripts ]), - ('/usr/share/sfa/', [ 'sfa/storage/sfa.sql' ] ), + ('/usr/share/sfa/migrations', glob('sfa/storage/migrations/*.*') ), + ('/usr/share/sfa/migrations/versions', glob('sfa/storage/migrations/versions/*') ), ('/usr/share/sfa/examples/', glob('sfa/examples/*' ) + [ 'cron.d/sfa.cron' ] ), ] diff --combined sfa/client/sfi.py index ca54c932,e9614e90..c2dc9bab --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@@ -1,8 -1,8 +1,8 @@@ - # + # # sfi.py - basic SFA command-line client # the actual binary in sfa/clientbin essentially runs main() # this module is used in sfascan - # + # import sys sys.path.append('.') @@@ -12,6 -12,7 +12,7 @@@ import socke import datetime import codecs import pickle + import json from lxml import etree from StringIO import StringIO from optparse import OptionParser @@@ -28,7 -29,8 +29,8 @@@ from sfa.util.config import Confi from sfa.util.version import version_core from sfa.util.cache import Cache - from sfa.storage.record import SfaRecord, UserRecord, SliceRecord, NodeRecord, AuthorityRecord + from sfa.storage.model import RegRecord, RegAuthority, RegUser, RegSlice, RegNode + from sfa.storage.model import make_record from sfa.rspecs.rspec import RSpec from sfa.rspecs.rspec_converter import RSpecConverter @@@ -87,16 -89,28 +89,28 @@@ def filter_records(type, records) # save methods - def save_variable_to_file(var, filename, format="text"): - f = open(filename, "w") + def save_raw_to_file(var, filename, format="text", banner=None): + if filename == "-": + # if filename is "-", send it to stdout + f = sys.stdout + else: + f = open(filename, "w") + if banner: + f.write(banner+"\n") if format == "text": f.write(str(var)) elif format == "pickled": f.write(pickle.dumps(var)) + elif format == "json": + if hasattr(json, "dumps"): + f.write(json.dumps(var)) # python 2.6 + else: + f.write(json.write(var)) # python 2.5 else: # this should never happen print "unknown output format", format - + if banner: + f.write('\n'+banner+"\n") def save_rspec_to_file(rspec, filename): if not filename.endswith(".rspec"): @@@ -106,44 -120,35 +120,35 @@@ f.close() return - def save_records_to_file(filename, recordList, format="xml"): + def save_records_to_file(filename, record_dicts, format="xml"): if format == "xml": index = 0 - for record in recordList: + for record_dict in record_dicts: if index > 0: - save_record_to_file(filename + "." + str(index), record) + save_record_to_file(filename + "." + str(index), record_dict) else: - save_record_to_file(filename, record) + save_record_to_file(filename, record_dict) index = index + 1 elif format == "xmllist": f = open(filename, "w") f.write("\n") - for record in recordList: - record = SfaRecord(dict=record) - f.write('\n') + for record_dict in record_dicts: + record_obj=make_record (dict=record_dict) + f.write('\n') f.write("\n") f.close() elif format == "hrnlist": f = open(filename, "w") - for record in recordList: - record = SfaRecord(dict=record) - f.write(record.get_name() + "\n") + for record_dict in record_dicts: + record_obj=make_record (dict=record_dict) + f.write(record_obj.hrn + "\n") f.close() else: # this should never happen print "unknown output format", format - def save_record_to_file(filename, record): - if record['type'] in ['user']: - record = UserRecord(dict=record) - elif record['type'] in ['slice']: - record = SliceRecord(dict=record) - elif record['type'] in ['node']: - record = NodeRecord(dict=record) - elif record['type'] in ['authority', 'ma', 'sa']: - record = AuthorityRecord(dict=record) - else: - record = SfaRecord(dict=record) + def save_record_to_file(filename, record_dict): + rec_record = make_record (dict=record_dict) str = record.save_to_string() f=codecs.open(filename, encoding='utf-8',mode="w") f.write(str) @@@ -154,10 -159,9 +159,9 @@@ # load methods def load_record_from_file(filename): f=codecs.open(filename, encoding="utf-8", mode="r") - str = f.read() + xml_string = f.read() f.close() - record = SfaRecord(string=str) - return record + return make_record (xml=xml_string) import uuid @@@ -298,13 -302,6 +302,6 @@@ class Sfi help="output file format ([xml]|xmllist|hrnlist)", default="xml", choices=("xml", "xmllist", "hrnlist")) - if command in ("status", "version"): - parser.add_option("-o", "--output", dest="file", - help="output dictionary to file", metavar="FILE", default=None) - parser.add_option("-F", "--fileformat", dest="fileformat", type="choice", - help="output file format ([text]|pickled)", default="text", - choices=("text","pickled")) - if command in ("delegate"): parser.add_option("-u", "--user", action="store_true", dest="delegate_user", default=False, @@@ -332,6 -329,13 +329,13 @@@ help="root registry", metavar="URL", default=None) parser.add_option("-s", "--sliceapi", dest="sm", default=None, metavar="URL", help="slice API - in general a SM URL, but can be used to talk to an aggregate") + parser.add_option("-R", "--raw", dest="raw", default=None, + help="Save raw, unparsed server response to a file") + parser.add_option("", "--rawformat", dest="rawformat", type="choice", + help="raw file format ([text]|pickled|json)", default="text", + choices=("text","pickled","json")) + parser.add_option("", "--rawbanner", dest="rawbanner", default=None, + help="text string to write before and after raw output") parser.add_option("-d", "--dir", dest="sfi_dir", help="config & working directory - default is %default", metavar="PATH", default=Sfi.default_sfi_dir()) @@@ -651,17 -655,17 +655,17 @@@ else: self.logger.critical("No such registry record file %s"%record) sys.exit(1) - + #========================================================================== # Following functions implement the commands # # Registry-related commands #========================================================================== - + def version(self, options, args): """ - display an SFA server version (GetVersion) + display an SFA server version (GetVersion) or version information about sfi itself """ if options.version_local: @@@ -673,10 -677,11 +677,11 @@@ server = self.sliceapi() result = server.GetVersion() version = ReturnValue.get_value(result) - pprinter = PrettyPrinter(indent=4) - pprinter.pprint(version) - if options.file: - save_variable_to_file(version, options.file, options.fileformat) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + pprinter = PrettyPrinter(indent=4) + pprinter.pprint(version) def list(self, options, args): """ @@@ -708,27 -713,16 +713,16 @@@ self.print_help() sys.exit(1) hrn = args[0] - records = self.registry().Resolve(hrn, self.my_credential_string) - records = filter_records(options.type, records) - if not records: + record_dicts = self.registry().Resolve(hrn, self.my_credential_string) + record_dicts = filter_records(options.type, record_dicts) + if not record_dicts: self.logger.error("No record of type %s"% options.type) + records = [ make_record (dict=record_dict) for record_dict in record_dicts ] for record in records: - if record['type'] in ['user']: - record = UserRecord(dict=record) - elif record['type'] in ['slice']: - record = SliceRecord(dict=record) - elif record['type'] in ['node']: - record = NodeRecord(dict=record) - elif record['type'].startswith('authority'): - record = AuthorityRecord(dict=record) - else: - record = SfaRecord(dict=record) - if (options.format == "text"): - record.dump() - else: - print record.save_to_string() + if (options.format == "text"): record.dump() + else: print record.save_as_xml() if options.file: - save_records_to_file(options.file, records, options.fileformat) + save_records_to_file(options.file, record_dicts, options.fileformat) return def add(self, options, args): @@@ -739,7 -733,7 +733,7 @@@ sys.exit(1) record_filepath = args[0] rec_file = self.get_record_file(record_filepath) - record = load_record_from_file(rec_file).as_dict() + record = load_record_from_file(rec_file).todict() return self.registry().Register(record, auth_cred) def update(self, options, args): @@@ -749,14 -743,14 +743,14 @@@ sys.exit(1) rec_file = self.get_record_file(args[0]) record = load_record_from_file(rec_file) - if record['type'] == "user": - if record.get_name() == self.user: + if record.type == "user": + if record.hrn == self.user: cred = self.my_credential_string else: cred = self.my_authority_credential_string() - elif record['type'] in ["slice"]: + elif record.type in ["slice"]: try: - cred = self.slice_credential_string(record.get_name()) + cred = self.slice_credential_string(record.hrn) except ServerException, e: # XXX smbaker -- once we have better error return codes, update this # to do something better than a string compare @@@ -764,14 -758,14 +758,14 @@@ cred = self.my_authority_credential_string() else: raise - elif record.get_type() in ["authority"]: + elif record.type in ["authority"]: cred = self.my_authority_credential_string() - elif record.get_type() == 'node': + elif record.type == 'node': cred = self.my_authority_credential_string() else: - raise "unknown record type" + record.get_type() - record = record.as_dict() - return self.registry().Update(record, cred) + raise "unknown record type" + record.type + record_dict = record.todict() + return self.registry().Update(record_dict, cred) def remove(self, options, args): "remove registry record by name (Remove)" @@@ -802,9 -796,12 +796,12 @@@ api_options['call_id']=unique_call_id() result = server.ListSlices(creds, *self.ois(server,api_options)) value = ReturnValue.get_value(result) - display_list(value) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + display_list(value) return - + # show rspec for named slice def resources(self, options, args): """ @@@ -821,9 -818,9 +818,9 @@@ or with an slice hrn, shows currently p creds.append(self.my_credential_string) if options.delegate: creds.append(self.delegate_cred(cred, get_authority(self.authority))) - + # no need to check if server accepts the options argument since the options has - # been a required argument since v1 API + # been a required argument since v1 API api_options = {} # always send call_id to v2 servers api_options ['call_id'] = unique_call_id() @@@ -846,15 -843,18 +843,18 @@@ # just request the version the client wants api_options['geni_rspec_version'] = version_manager.get_version(options.rspec_version).to_dict() else: - api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'} + api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'} else: - api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'} + api_options['geni_rspec_version'] = {'type': 'geni', 'version': '3.0'} result = server.ListResources (creds, api_options) value = ReturnValue.get_value(result) - if options.file is None: - display_rspec(value, options.format) - else: + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + if options.file is not None: save_rspec_to_file(value, options.file) + if (self.options.raw is None) and (options.file is None): + display_rspec(value, options.format) + return def create(self, options, args): @@@ -880,8 -880,8 +880,8 @@@ # delegated_cred = self.delegate_cred(slice_cred, server_version['hrn']) #elif server_version.get('urn'): # delegated_cred = self.delegate_cred(slice_cred, urn_to_hrn(server_version['urn'])) - - # rspec + + # rspec rspec_file = self.get_rspec_file(args[1]) rspec = open(rspec_file).read() @@@ -905,10 -905,9 +905,10 @@@ rspec.filter({'component_manager_id': server_version['urn']}) rspec = RSpecConverter.to_pg_rspec(rspec.toxml(), content_type='request') else: + print >>sys.stderr, "\r\n \r\n \r\n WOOOOOO" users = sfa_users_arg(user_records, slice_record) - - # do not append users, keys, or slice tags. Anything + + # do not append users, keys, or slice tags. Anything # not contained in this request will be removed from the slice # CreateSliver has supported the options argument for a while now so it should @@@ -919,10 -918,13 +919,13 @@@ result = server.CreateSliver(slice_urn, creds, rspec, users, *self.ois(server, api_options)) value = ReturnValue.get_value(result) - if options.file is None: - print value - else: + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + if options.file is not None: save_rspec_to_file (value, options.file) + if (self.options.raw is None) and (options.file is None): + print value + return value def delete(self, options, args): @@@ -946,8 -948,12 +949,12 @@@ api_options = {} api_options ['call_id'] = unique_call_id() result = server.DeleteSliver(slice_urn, creds, *self.ois(server, api_options ) ) - # xxx no ReturnValue ?? - return result + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + print value + return value def status(self, options, args): """ @@@ -968,12 -974,13 +975,13 @@@ # options and call_id when supported api_options = {} - api_options['call_id']=unique_call_id() + api_options['call_id']=unique_call_id() result = server.SliverStatus(slice_urn, creds, *self.ois(server,api_options)) value = ReturnValue.get_value(result) - print value - if options.file: - save_variable_to_file(value, options.file, options.fileformat) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + print value def start(self, options, args): """ @@@ -992,7 -999,13 +1000,13 @@@ delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) # xxx Thierry - does this not need an api_options as well ? - return server.Start(slice_urn, creds) + result = server.Start(slice_urn, creds) + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + print value + return value def stop(self, options, args): """ @@@ -1008,7 -1021,13 +1022,13 @@@ if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) - return server.Stop(slice_urn, creds) + result = server.Stop(slice_urn, creds) + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + print value + return value # reset named slice def reset(self, options, args): @@@ -1025,7 -1044,13 +1045,13 @@@ if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) - return server.reset_slice(creds, slice_urn) + result = server.reset_slice(creds, slice_urn) + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + print value + return value def renew(self, options, args): """ @@@ -1048,6 -1073,10 +1074,10 @@@ api_options['call_id']=unique_call_id() result = server.RenewSliver(slice_urn, creds, time, *self.ois(server,api_options)) value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + print value return value @@@ -1065,7 -1094,13 +1095,13 @@@ if options.delegate: delegated_cred = self.delegate_cred(slice_cred, get_authority(self.authority)) creds.append(delegated_cred) - return server.Shutdown(slice_urn, creds) + result = server.Shutdown(slice_urn, creds) + value = ReturnValue.get_value(result) + if self.options.raw: + save_raw_to_file(result, self.options.raw, self.options.rawformat, self.options.rawbanner) + else: + print value + return value def get_ticket(self, options, args): diff --combined sfa/methods/CreateSliver.py index b28d1a53,27974891..b898c9d7 --- a/sfa/methods/CreateSliver.py +++ b/sfa/methods/CreateSliver.py @@@ -2,7 -2,6 +2,7 @@@ from sfa.util.faults import SfaInvalidA from sfa.util.xrn import urn_to_hrn from sfa.util.method import Method from sfa.util.sfatablesRuntime import run_sfatables +import sys from sfa.trust.credential import Credential from sfa.storage.parameter import Parameter, Mixed from sfa.rspecs.rspec import RSpec @@@ -34,14 -33,14 +34,14 @@@ class CreateSliver(Method) hrn, type = urn_to_hrn(slice_xrn) self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name)) - + print >>sys.stderr, " \r\n \r\n Createsliver.py call %s\ttarget-hrn: %s\tmethod-name: %s "%(self.api.interface, hrn, self.name) # Find the valid credentials valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', hrn) origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() # make sure users info is specified if not users: - msg = "'users' musst be specified and cannot be null. You may need to update your client." + msg = "'users' must be specified and cannot be null. You may need to update your client." raise SfaInvalidArgument(name='users', extra=msg) # flter rspec through sfatables diff --combined sfa/server/sfa-start.py index 73c467d6,1596cc3f..f1fc0476 --- a/sfa/server/sfa-start.py +++ b/sfa/server/sfa-start.py @@@ -14,7 -14,7 +14,7 @@@ # is up to date and accurate. # # 1) Import the existing planetlab database, creating the - # appropriate SFA records. This is done by running the "sfa-import-plc.py" tool. + # appropriate SFA records. This is done by running the "sfa-import.py" tool. # # 2) Create a "trusted_roots" directory and place the certificate of the root # authority in that directory. Given the defaults in sfa-import-plc.py, this @@@ -40,7 -40,6 +40,6 @@@ from sfa.trust.trustedroots import Trus from sfa.trust.certificate import Keypair, Certificate from sfa.trust.hierarchy import Hierarchy from sfa.trust.gid import GID - from sfa.server.sfaapi import SfaApi from sfa.server.registry import Registries from sfa.server.aggregate import Aggregates @@@ -73,7 -72,6 +72,7 @@@ def install_peer_certs(server_key_file # There should be a gid file in /etc/sfa/trusted_roots for every # peer registry found in in the registries.xml config file. If there # are any missing gids, request a new one from the peer registry. + print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs server_key_file %s server_cert_file %s"%(server_key_file,server_cert_file) api = SfaApi(key_file = server_key_file, cert_file = server_cert_file) registries = Registries() aggregates = Aggregates() @@@ -86,9 -84,9 +85,9 @@@ peer_gids = [] if not new_hrns: return - + print>>sys.stderr," \r\n \r\n \t=============================================== install_peer_certs interfaces %s api.config.SFA_INTERFACE_HRN %s new_hrns %s" %( interfaces,api.config.SFA_INTERFACE_HRN,new_hrns) trusted_certs_dir = api.config.get_trustedroots_dir() - for new_hrn in new_hrns: + for new_hrn in new_hrns: if not new_hrn: continue # the gid for this interface should already be installed if new_hrn == api.config.SFA_INTERFACE_HRN: continue @@@ -97,31 -95,21 +96,22 @@@ url = interfaces[new_hrn].get_url() interface = interfaces[new_hrn].server_proxy(server_key_file, server_cert_file, timeout=30) # skip non sfa aggregates + print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs IIIinterface %s url %s" %(interface,url) server_version = api.get_cached_server_version(interface) + print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs server_version %s \r\n \r\rn \t\t =============================================== server_version['sfa'] %s, " %(server_version, server_version['sfa']) if 'sfa' not in server_version: logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn) continue - trusted_gids = ReturnValue.get_value(interface.get_trusted_certs()) - #trusted_gids = interface.get_trusted_certs() - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs TRUSTED_GIDS %s " %(trusted_gids) if trusted_gids: - #and not isinstance(trusted_gids,list): # the gid we want should be the first one in the list, # but lets make sure - #trusted_gids = [trusted_gids] - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs TRUSTED_GIDS %s " %(trusted_gids) - for trusted_gid in trusted_gids: - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs trusted_gids%s " %(trusted_gid) - for trusted_gid in trusted_gids: # default message message = "interface: %s\t" % (api.interface) message += "unable to install trusted gid for %s" % \ - (new_hrn) - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs message %s " %(message) - #gid = GID(string=trusted_gids[0]) + (new_hrn) gid = GID(string=trusted_gid) + print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs gid %s " %(gid) peer_gids.append(gid) if gid.get_hrn() == new_hrn: gid_filename = os.path.join(trusted_certs_dir, '%s.gid' % new_hrn) @@@ -141,37 -129,35 +131,35 @@@ def update_cert_records(gids) Make sure there is a record in the registry for the specified gids. Removes old records from the db. """ - # import SfaTable here so this module can be loaded by PlcComponentApi - from sfa.storage.table import SfaTable - from sfa.storage.record import SfaRecord + # import db stuff here here so this module can be loaded by PlcComponentApi + from sfa.storage.alchemy import dbsession + from sfa.storage.model import RegRecord if not gids: return - table = SfaTable() # get records that actually exist in the db gid_urns = [gid.get_urn() for gid in gids] hrns_expected = [gid.get_hrn() for gid in gids] - records_found = table.find({'hrn': hrns_expected, 'pointer': -1}) + records_found = dbsession.query(RegRecord).\ + filter_by(pointer=-1).filter(RegRecord.hrn.in_(hrns_expected)).all() # remove old records for record in records_found: - if record['hrn'] not in hrns_expected and \ - record['hrn'] != self.api.config.SFA_INTERFACE_HRN: - table.remove(record) + if record.hrn not in hrns_expected and \ + record.hrn != self.api.config.SFA_INTERFACE_HRN: + dbsession.delete(record) # TODO: store urn in the db so we do this in 1 query for gid in gids: hrn, type = gid.get_hrn(), gid.get_type() - print>>sys.stderr, " \r\n \r\n update_cert_records hrn,%s type %s"%(hrn, type) - record = table.find({'hrn': hrn, 'type': type, 'pointer': -1}) + record = dbsession.query(RegRecord).filter_by(hrn=hrn, type=type,pointer=-1).first() if not record: - record = { - 'hrn': hrn, 'type': type, 'pointer': -1, - 'authority': get_authority(hrn), - 'gid': gid.save_to_string(save_parents=True), - } - record = SfaRecord(dict=record) - print>>sys.stderr, " \r\n \r\rn record %s "%(record) - table.insert(record) + record = RegRecord (dict= {'type':type, + 'hrn': hrn, + 'authority': get_authority(hrn), + 'gid': gid.save_to_string(save_parents=True), + }) + dbsession.add(record) + dbsession.commit() def main(): # Generate command line parser @@@ -198,8 -184,8 +186,8 @@@ hierarchy = Hierarchy() auth_info = hierarchy.get_interface_auth_info() server_key_file = auth_info.get_privkey_filename() - server_cert_file = auth_info.get_gid_filename() - + server_cert_file = auth_info.get_gid_filename() + print>>sys.stderr, " \r\n \t\t\t\t\t SFA-START MAIN auth_info %s server_key_file %s server_cert_file %s "%(auth_info, server_key_file,server_cert_file) # ensure interface cert is present in trusted roots dir trusted_roots = TrustedRoots(config.get_trustedroots_dir()) trusted_roots.add_gid(GID(filename=server_cert_file)) diff --combined sfa/trust/credential.py index 733884e9,c4e6982d..ad2d201a --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@@ -26,7 -26,7 +26,7 @@@ # Credentials are signed XML files that assign a subject gid privileges to an object gid ## -import os +import os,sys from types import StringTypes import datetime from StringIO import StringIO @@@ -160,10 -160,8 +160,10 @@@ class Signature(object) def get_refid(self): + #print>>sys.stderr," \r\n \r\n credential.py Signature get_refid\ self.refid %s " %(self.refid) if not self.refid: self.decode() + #print>>sys.stderr," \r\n \r\n credential.py Signature get_refid self.refid %s " %(self.refid) return self.refid def get_xml(self): @@@ -280,6 -278,7 +280,7 @@@ class Credential(object) self.decode() return self.gidObject.get_printable_subject() + # sounds like this should be __repr__ instead ?? def get_summary_tostring(self): if not self.gidObject: self.decode() @@@ -590,23 -589,18 +591,23 @@@ def updateRefID(self): if not self.parent: - self.set_refid('ref0') + self.set_refid('ref0') + #print>>sys.stderr, " \r\n \r\n updateRefID next_cred ref0 " return [] refs = [] next_cred = self.parent + while next_cred: + refs.append(next_cred.get_refid()) if next_cred.parent: next_cred = next_cred.parent + #print>>sys.stderr, " \r\n \r\n updateRefID next_cred " else: next_cred = None + #print>>sys.stderr, " \r\n \r\n updateRefID next_cred NONE" # Find a unique refid for this credential @@@ -811,12 -805,10 +812,12 @@@ # Failures here include unreadable files # or non PEM files trusted_cert_objects.append(GID(filename=f)) + #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs %s" %(GID(filename=f).get_hrn()) ok_trusted_certs.append(f) except Exception, exc: logger.error("Failed to load trusted cert from %s: %r", f, exc) trusted_certs = ok_trusted_certs + #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs elemnebts %s" %(len(trusted_certs)) # Use legacy verification if this is a legacy credential if self.legacy: @@@ -842,8 -834,7 +843,8 @@@ # Verify the gids of this cred and of its parents for cur_cred in self.get_credential_list(): cur_cred.get_gid_object().verify_chain(trusted_cert_objects) - cur_cred.get_gid_caller().verify_chain(trusted_cert_objects) + cur_cred.get_gid_caller().verify_chain(trusted_cert_objects) + #print>>sys.stderr, " \r\n \t\t\t credential.py verify cur_cred get_gid_object hrn %s get_gid_caller %s" %(cur_cred.get_gid_object().get_hrn(),cur_cred.get_gid_caller().get_hrn()) refs = [] refs.append("Sig_%s" % self.get_refid()) @@@ -851,7 -842,7 +852,7 @@@ parentRefs = self.updateRefID() for ref in parentRefs: refs.append("Sig_%s" % ref) - + #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs refs", ref for ref in refs: # If caller explicitly passed in None that means skip xmlsec1 validation. # Strange and not typical @@@ -862,7 -853,6 +863,7 @@@ # (self.xmlsec_path, ref, cert_args, filename) verified = os.popen('%s --verify --node-id "%s" %s %s 2>&1' \ % (self.xmlsec_path, ref, cert_args, filename)).read() + #print>>sys.stderr, " \r\n \t\t\t credential.py verify filename %s verified %s " %(filename,verified) if not verified.strip().startswith("OK"): # xmlsec errors have a msg= which is the interesting bit. mstart = verified.find("msg=") @@@ -873,12 -863,11 +874,12 @@@ msg = verified[mstart:mend] raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s %s" % (self.get_summary_tostring(), ref, msg, verified.strip())) os.remove(filename) - + + #print>>sys.stderr, " \r\n \t\t\t credential.py HUMMM parents %s", self.parent # Verify the parents (delegation) if self.parent: self.verify_parent(self.parent) - + #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs parents" # Make sure the issuer is the target's authority, and is # itself a valid GID self.verify_issuer(trusted_cert_objects) @@@ -981,7 -970,6 +982,7 @@@ # . The expiry time on the child must be no later than the parent # . The signer of the child must be the owner of the parent def verify_parent(self, parent_cred): + #print>>sys.stderr, " \r\n\r\n \t verify_parent parent_cred.get_gid_caller().save_to_string(False) %s self.get_signature().get_issuer_gid().save_to_string(False) %s" %(parent_cred.get_gid_caller().get_hrn(),self.get_signature().get_issuer_gid().get_hrn()) # make sure the rights given to the child are a subset of the # parents rights (and check delegate bits) if not parent_cred.get_privileges().is_superset(self.get_privileges()): diff --combined sfa/util/sfatablesRuntime.py index 6f3668fb,0bc88f6c..d1a4e6cc --- a/sfa/util/sfatablesRuntime.py +++ b/sfa/util/sfatablesRuntime.py @@@ -1,6 -1,6 +1,6 @@@ # sfa should not depend on sfatables # if the sfatables.runtime import fails, just define run_sfatables as identity - +import sys try: from sfatables.runtime import SFATablesRules @@@ -27,10 -27,9 +27,10 @@@ """ if not context_callback: context_callback = fetch_context - + chain = chain.upper() rules = SFATablesRules(chain) + print>>sys.stderr, " \r\n \r\n \t\t \t sfaTablesRuntime.py run_sfatables context_callback %s chain %s rules %s " %(context_callback,chain, rules ) if rules.sorted_rule_list: contexts = rules.contexts request_context = context_callback(hrn, origin_hrn, contexts) @@@ -42,7 -41,7 +42,7 @@@ except: - from sfa.util.logging import logger + from sfa.util.sfalogging import logger def run_sfatables (_,__,___, rspec, ____=None): logger.warning("Cannot import sfatables.runtime, please install package sfa-sfatables") return rspec diff --combined sfa/util/xrn.py index 26795129,f48a3773..a21b10c0 --- a/sfa/util/xrn.py +++ b/sfa/util/xrn.py @@@ -22,7 -22,7 +22,7 @@@ #---------------------------------------------------------------------- import re - +import sys from sfa.util.faults import SfaAPIError # for convenience and smoother translation - we should get rid of these functions eventually @@@ -33,7 -33,7 +33,7 @@@ def hrn_to_urn(hrn,type): return Xrn(hr def hrn_authfor_hrn(parenthrn, hrn): return Xrn.hrn_is_auth_for_hrn(parenthrn, hrn) def urn_to_sliver_id(urn, slice_id, node_id, index=0): - return ":".join(map(str, [urn, slice_id, node_id, index])) + return Xrn(urn).get_sliver_id(slice_id, node_id, index) class Xrn: @@@ -116,51 -116,56 +116,62 @@@ # provide either urn, or (hrn + type) def __init__ (self, xrn, type=None): if not xrn: xrn = "" + # user has specified xrn : guess if urn or hrn if xrn.startswith(Xrn.URN_PREFIX): self.hrn=None self.urn=xrn self.urn_to_hrn() + #print>>sys.stderr, " \r\n \r\n \t XRN.PY init xrn.startswith(Xrn.URN_PREFIX) hrn %s urn %s type %s" %( self.hrn, self.urn, self.type) else: self.urn=None self.hrn=xrn self.type=type self.hrn_to_urn() + #print>>sys.stderr, " \r\n \r\n \t XRN.PY init ELSE hrn %s urn %s type %s" %( self.hrn, self.urn, self.type) # happens all the time .. # if not type: # debug_logger.debug("type-less Xrn's are not safe") + def __repr__ (self): + result=">sys.stderr, " \r\n \r\n \t XRN.PY _normalize self.hrn %s ",self.hrn if self.hrn is None: raise SfaAPIError, "Xrn._normalize" if not hasattr(self,'leaf'): self.leaf=Xrn.hrn_split(self.hrn)[-1] # self.authority keeps a list if not hasattr(self,'authority'): self.authority=Xrn.hrn_auth_list(self.hrn) - + #print>>sys.stderr, " \r\n \r\n \t XRN.PY _normalize self.hrn %s leaf %s authority %s"%(self.hrn, self.leaf, self.authority) + + def get_leaf(self): self._normalize() return self.leaf - def get_authority_hrn(self): + def get_authority_hrn(self): self._normalize() return '.'.join( self.authority ) def get_authority_urn(self): self._normalize() return ':'.join( [Xrn.unescape(x) for x in self.authority] ) - + + def get_sliver_id(self, slice_id, node_id, index=0): + self._normalize() + return ":".join(map(str, [self.get_urn(), slice_id, node_id, index])) + def urn_to_hrn(self): """ compute tuple (hrn, type) from urn