From: Loic Baron Date: Wed, 30 Jul 2014 12:05:03 +0000 (+0200) Subject: iotlab driver: Merge allowing to validate delegated credentials, Fix of Allocate... X-Git-Tag: sfa-3.1-10~4^2~4 X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=edb0af924c3cff2d769bb4e238b039333619381f iotlab driver: Merge allowing to validate delegated credentials, Fix of Allocate and Provision --- diff --git a/sfa/iotlab/LDAPapi.py b/sfa/iotlab/LDAPapi.py index 15067ac5..d01c82b5 100644 --- a/sfa/iotlab/LDAPapi.py +++ b/sfa/iotlab/LDAPapi.py @@ -944,7 +944,10 @@ class LDAPapi: parent_hrn = None peer_authority = None - if 'hrn' in record: + # If the user is coming from External authority (e.g. OneLab) + # Then hrn is None, it should be filled in by the creation of Ldap User + # XXX LOIC !!! What if a user email is in 2 authorities? + if 'hrn' in record and record['hrn'] is not None: hrn = record['hrn'] parent_hrn = get_authority(hrn) if parent_hrn != self.authname: @@ -955,25 +958,39 @@ class LDAPapi: #then the login is different from the one found in its hrn if tmpname != hrn.split('.')[1]: hrn = None + results = { + 'type': 'user', + 'pkey': ldapentry['sshPublicKey'], + #'uid': ldapentry[1]['uid'][0], + 'uid': tmpname, + 'email': tmpemail, + #'email': ldapentry[1]['mail'][0], + 'first_name': ldapentry['givenName'][0], + 'last_name': ldapentry['sn'][0], + #'phone': 'none', + 'serial': 'none', + 'authority': parent_hrn, + 'peer_authority': peer_authority, + 'pointer': -1, + 'hrn': hrn, + } else: - hrn = None - - results = { - 'type': 'user', - 'pkey': ldapentry['sshPublicKey'], - #'uid': ldapentry[1]['uid'][0], - 'uid': tmpname, - 'email': tmpemail, - #'email': ldapentry[1]['mail'][0], - 'first_name': ldapentry['givenName'][0], - 'last_name': ldapentry['sn'][0], - #'phone': 'none', - 'serial': 'none', - 'authority': parent_hrn, - 'peer_authority': peer_authority, - 'pointer': -1, - 'hrn': hrn, - } + #hrn = None + results = { + 'type': 'user', + 'pkey': ldapentry['sshPublicKey'], + #'uid': ldapentry[1]['uid'][0], + 'uid': tmpname, + 'email': tmpemail, + #'email': ldapentry[1]['mail'][0], + 'first_name': ldapentry['givenName'][0], + 'last_name': ldapentry['sn'][0], + #'phone': 'none', + 'serial': 'none', + 'authority': parent_hrn, + 'peer_authority': peer_authority, + 'pointer': -1, + } return results def LdapFindUser(self, record=None, is_user_enabled=None, @@ -1016,9 +1033,10 @@ class LDAPapi: return None #Asked for a specific user if record is not None: + logger.debug("LOIC - record = %s" % record) results = self._process_ldap_info_for_one_user(record, result_data) else: #Asked for all users in ldap results = self._process_ldap_info_for_all_users(result_data) - return results \ No newline at end of file + return results diff --git a/sfa/iotlab/iotlabdriver.py b/sfa/iotlab/iotlabdriver.py index 797f156a..adcf8a12 100644 --- a/sfa/iotlab/iotlabdriver.py +++ b/sfa/iotlab/iotlabdriver.py @@ -704,7 +704,7 @@ class IotlabDriver(Driver): sfa_record = RegSlice(hrn=slice_record['hrn'], gid=slice_record['gid'], - pointer=slice_record['slice_id'], + #pointer=slice_record['slice_id'], authority=slice_record['authority']) logger.debug("IOTLAB_API.PY AddSlice sfa_record %s user_record %s" % (sfa_record, user_record)) @@ -1405,8 +1405,7 @@ class IotlabDriver(Driver): rspec = aggregate.list_resources(version=version, options=options) return rspec - def describe(self, urns, version, options=None): - if options is None: options={} + def describe(self, urns, version, options={}): aggregate = IotlabAggregate(self) return aggregate.describe(urns, version=version, options=options) @@ -1470,20 +1469,39 @@ class IotlabDriver(Driver): # ensure site record exists - # ensure slice record exists - - current_slice = slices.verify_slice(xrn.hrn, slice_record, sfa_peer) - logger.debug("IOTLABDRIVER.PY \t ===============allocate \t\ - \r\n \r\n current_slice %s" % (current_slice)) # ensure person records exists + for user in users: + # XXX LOIC using hrn is a workaround because the function + # Xrn.get_urn returns 'urn:publicid:IDN+onelab:upmc+timur_friedman' + # Instead of this 'urn:publicid:IDN+onelab:upmc+user+timur_friedman' + user['hrn'] = urn_to_hrn(user['urn'])[0] + # XXX LOIC adding the users of the slice to reg-researchers + # reg-researchers is used in iotlabslices.py verify_slice in order to add the slice + if 'reg-researchers' not in slice_record: + slice_record['reg-researchers'] = list() + slice_record['reg-researchers'].append(user['hrn']) + if caller_hrn == user['hrn']: + #hierarchical_user = user['hrn'].split(".") + #user['login'] = hierarchical_user[-1] + #slice_record['login'] = user['login'] + slice_record['user']=user # oui c'est degueulasse, le slice_record se retrouve modifie # dans la methode avec les infos du user, els infos sont propagees # dans verify_slice_leases logger.debug("IOTLABDRIVER.PY BEFORE slices.verify_persons") + logger.debug("LOIC - slice_record[user] = %s" % slice_record['user']) persons = slices.verify_persons(xrn.hrn, slice_record, users, options=options) logger.debug("IOTLABDRIVER.PY AFTER slices.verify_persons") + logger.debug("LOIC - slice_record[user] = %s" % slice_record['user']) + + # ensure slice record exists + current_slice = slices.verify_slice(xrn.hrn, slice_record, sfa_peer) + logger.debug("LOIC - AFTER verify_slice - slice_record[user] = %s" % slice_record['user']) + logger.debug("IOTLABDRIVER.PY \t ===============allocate \t\ + \r\n \r\n current_slice %s" % (current_slice)) + # ensure slice attributes exists # slices.verify_slice_attributes(slice, requested_attributes, # options=options) @@ -1494,6 +1512,9 @@ class IotlabDriver(Driver): logger.debug("IOTLABDRIVER.PY \tallocate requested_xp_dict %s " % (requested_xp_dict)) request_nodes = rspec.version.get_nodes_with_slivers() + + + # JORDAN: nodes_list will contain a list of newly allocated nodes nodes_list = [] for start_time in requested_xp_dict: lease = requested_xp_dict[start_time] @@ -1520,18 +1541,25 @@ class IotlabDriver(Driver): slice_urn = current_slice['reg-urn'] else: slice_urn = current_slice['urn'] + + # JORDAN: We loop over leases previously in the slice for lease in leases: if hostname in lease['reserved_nodes']: index = lease['reserved_nodes'].index(hostname) sliver_hrn = '%s.%s-%s' % (self.hrn, lease['lease_id'], lease['resource_ids'][index] ) - sliver_id = Xrn(sliver_hrn, type='sliver').urn - record = SliverAllocation(sliver_id=sliver_id, client_id=client_id, + sliver_id = Xrn(sliver_hrn, type='sliver').urn + record = SliverAllocation(sliver_id=sliver_id, client_id=client_id, component_id=component_id, slice_urn = slice_urn, allocation_state='geni_allocated') - record.sync(self.api.dbsession()) + record.sync(self.api.dbsession()) + # JORDAN : added describe_options which was not specified at all + describe_options = { + 'geni_slice_urn': urn, + 'list_leases': 'all', + } return aggregate.describe([xrn.get_urn()], version=rspec.version) def provision(self, urns, options=None): @@ -1555,4 +1583,10 @@ class IotlabDriver(Driver): version_manager = VersionManager() rspec_version = version_manager.get_version(options[ 'geni_rspec_version']) + # JORDAN : added describe_options instead of options + # urns at the begining ??? + describe_options = { + 'geni_slice_urn': current_slice['urn'], + 'list_leases': 'all', + } return self.describe(urns, rspec_version, options=options) diff --git a/sfa/iotlab/iotlabslices.py b/sfa/iotlab/iotlabslices.py index 966a26b6..05a8e03b 100644 --- a/sfa/iotlab/iotlabslices.py +++ b/sfa/iotlab/iotlabslices.py @@ -335,8 +335,9 @@ class IotlabSlices: 'node_list': [], 'authority': slice_record['authority'], 'gid': slice_record['gid'], - 'slice_id': slice_record['record_id'], - #'reg-researchers': slice_record['reg-researchers'], + #'slice_id': slice_record['record_id'], + 'reg-researchers': slice_record['reg-researchers'], + 'urn': hrn_to_urn(slicename,'slice'), #'peer_authority': str(sfa_peer) } @@ -382,6 +383,8 @@ class IotlabSlices: """ + slice_user = slice_record['user'] + if options is None: options={} logger.debug("IOTLABSLICES \tverify_persons \tslice_hrn %s \ \t slice_record %s\r\n users %s \t " @@ -422,6 +425,7 @@ class IotlabSlices: #Check user i in LDAP with GetPersons #Needed because what if the user has been deleted in LDAP but #is still in SFA? + # GetPersons -> LdapFindUser -> _process_ldap_info_for_one_user existing_users = self.driver.testbed_shell.GetPersons(filter_user) logger.debug(" \r\n IOTLABSLICES.PY \tverify_person filter_user %s\ existing_users %s " @@ -433,7 +437,7 @@ class IotlabSlices: users_dict[user['email']].update(user) existing_user_emails.append( users_dict[user['email']]['email']) - + logger.debug("User is in iotlab LDAP slice_record[user] = %s" % slice_user) # User from another known trusted federated site. Check # if a iotlab account matching the email has already been created. @@ -444,13 +448,13 @@ class IotlabSlices: else: req += users['email'] ldap_reslt = self.driver.testbed_shell.ldap.LdapSearch(req) - + logger.debug("LdapSearch slice_record[user] = %s" % slice_user) if ldap_reslt: logger.debug(" IOTLABSLICES.PY \tverify_person users \ USER already in Iotlab \t ldap_reslt %s \ " % (ldap_reslt)) existing_users.append(ldap_reslt[1]) - + logger.debug("ldap_reslt slice_record[user] = %s" % slice_user) else: #User not existing in LDAP logger.debug("IOTLABSLICES.PY \tverify_person users \