From ade641476e60bdeccf61f4b2dd110833db466051 Mon Sep 17 00:00:00 2001 From: Sandrine Avakian Date: Wed, 16 May 2012 12:51:47 +0200 Subject: [PATCH] Cleaning. LDAP modifications to add entries in LDAP. REmoved fill_record_sfa_info (unused). --- sfa/plc/plslices.py | 2 - sfa/senslab/LDAPapi.py | 158 +++++++++++++++++++++++++++++------ sfa/senslab/OARrestapi.py | 7 -- sfa/senslab/parsing.py | 14 ---- sfa/senslab/slabaggregate.py | 1 - sfa/senslab/slabdriver.py | 135 ++---------------------------- sfa/senslab/slabpostgres.py | 1 - sfa/senslab/slabslices.py | 110 +----------------------- sfa/server/sfa-start.py | 6 -- sfa/trust/auth.py | 6 -- sfa/trust/credential.py | 13 --- sfa/util/xrn.py | 4 - 12 files changed, 139 insertions(+), 318 deletions(-) diff --git a/sfa/plc/plslices.py b/sfa/plc/plslices.py index 2937d72a..652b48d7 100644 --- a/sfa/plc/plslices.py +++ b/sfa/plc/plslices.py @@ -131,13 +131,11 @@ class PlSlices: # slice belongs to out local plc or a myplc peer. We will assume it # is a local site, unless we find out otherwise peer = None - print>>sys.stderr, " \r\n \r\n \tplslices.py get_peer slice_authority " # get this slice's authority (site) slice_authority = get_authority(hrn) # get this site's authority (sfa root authority or sub authority) site_authority = get_authority(slice_authority).lower() - print>>sys.stderr, " \r\n \r\n \tplslices.py get_peer slice_authority %s site_authority %s" %(slice_authority,site_authority) # check if we are already peered with this site_authority, if so peers = self.driver.shell.GetPeers({}, ['peer_id', 'peername', 'shortname', 'hrn_root']) for peer_record in peers: diff --git a/sfa/senslab/LDAPapi.py b/sfa/senslab/LDAPapi.py index 430d6b9c..72153cf2 100644 --- a/sfa/senslab/LDAPapi.py +++ b/sfa/senslab/LDAPapi.py @@ -1,5 +1,5 @@ - +import string from sfa.util.xrn import Xrn,get_authority import ldap from sfa.util.config import * @@ -7,7 +7,75 @@ from sfa.trust.gid import * from sfa.trust.hierarchy import * from sfa.trust.auth import * from sfa.trust.certificate import * +import ldap.modlist as modlist + +class ldap_co: + def __init__(self): + #def __init__(self, param, level): + """ + Constructeur permettant l'initialisation des attributs de la classe + :param param: Parametres de connexion au serveur LDAP + :type param: dictionnary. + :param level: Niveau de criticite de l'execution de l'objet ('critical, warning') + :type level: string. + """ + self.__level = 'warning' + #self.__param = param + #self.__level = level + self.login = 'cn=admin,dc=senslab,dc=info' + + self.passwd='sfa' + print "\r\n INIT OK !" + + def connect(self, bind = True): + """ + Methode permettant la connexion a un serveur LDAP + @param bool bind : Force ou non l'authentification au serveur + @return array : Retour d'un tableau + """ + try: + self.ldapserv = ldap.open("192.168.0.251") + except ldap.LDAPError, e: + return {'bool' : False, 'message' : e } + + # Bind non anonyme avec authentification + if(bind): + return self.bind() + + else: + return {'bool': True} + + + def bind(self): + """ + Methode permettant l'authentification a un serveur LDAP + @return array : Retour d'un tableau + """ + try: + print "\r\n BIND ??!" + # Open a connection + self.ldapserv = ldap.initialize("ldap://192.168.0.251") + ## Bind/authenticate with a user with apropriate rights to add objects + self.ldapserv.simple_bind_s(self.login, self.passwd) + print "\r\n BIND ???" + except ldap.LDAPError, e: + return {'bool' : False, 'message' : e } + + print "\r\n BIND OK !" + return {'bool': True} + + def close(self): + """ + Methode permettant la deconnexion a un serveur LDAP + """ + # Fermeture de la connexion + try: + self.ldapserv.unbind_s() + except ldap.LDAPError, e: + pass + + class LDAPapi : def __init__(self, record_filter = None): self.senslabauth=Hierarchy() @@ -27,20 +95,56 @@ class LDAPapi : 'pointer' , 'hrn'] self.baseDN = "ou=people,dc=senslab,dc=info" - - def connect (self): - self.ldapserv=ldap.open("192.168.0.251") + self.conn = ldap_co() + + #def connect (self): + #self.ldapserv=ldap.open("192.168.0.251") - def authenticate(self): - self.l = ldap.initialize("ldaps://192.168.0.251:636/") - - # Bind/authenticate with a user with apropriate rights to add objects - self.l = simple_bind_s(" ","") + #def authenticate(self): + #self.l = ldap.initialize("ldaps://192.168.0.251:636/") + #login = 'cn=admin,dc=senslab,dc=info' + + #passwd='sfa-ldap' + ## Bind/authenticate with a user with apropriate rights to add objects + #self.l = simple_bind_s(login,passwd) - def ldapAdd(self, record) : - self.authenticate() + def ldapAdd(self, recordix = None) : + attrs = {'cn': ['Bruce Wayne'], 'objectClass': ['top', 'inetOrgPerson', 'posixAccount', 'systemQuotas', 'ldapPublicKey'], 'loginShell': '/senslab/users/.ssh/welcome.sh', 'sshPublicKey': '', 'quota': '/dev/sda3:2000000:2500000:0:0', 'gidNumber': '2000', 'sn': 'Wayne', 'homeDirectory': '/senslab/users/batman', 'mail': 'bw@gotham.com', 'givenName': 'Bruce', 'uid': 'batman','description' :'SFA USER FROM OUTSIDE SENSLAB'} + result = self.conn.connect() + if(result['bool']): + # The dn of our new entry/object + dn = self.baseDN + print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapAdd attrs %s " %(attrs) + # A dict to help build the "body" of the object + #attrs = {} + #attrs['objectclass'] = ['top','inetOrgPerson','posixAccount', 'systemQuotas','ldapPuclicKey'] + #attrs['cn'] = str(record['first_name'])+' ' + str(record['last_name']) + #attrs['sn'] = str(record['last_name']) + #attrs['givenName'] = str(record['first_name']) + #attrs['gidNumber'] = '2000' + #loginslab =str(record['first_name'])+ str(record['last_name']) + #loginslab= loginslab.lower() + ##loginslab = loginslab[0:12] + #attrs['uid']= loginslab + #attrs['mail'] = record['mail'] + #attrs['quota'] = '/dev/sda3:2000000:2500000:0:0' + #attrs['homeDirectory'] = '/senslab/users/' + loginslab + #attrs['loginShell'] = '/senslab/users/.ssh/welcome.sh' + #attrs['sshPublicKey'] = '' + #attrs['description'] = 'SFA USER FROM OUTSIDE SENSLAB' + category ="ou=people, dc=senslab, dc=info" + try: + ldif = modlist.addModlist(attrs) + print " \r\n \r\n LDAPTEST.PY add attrs %s \r\n ldif %s " %(attrs,ldif) + self.conn.ldapserv.add_s('%s,%s' %(dn, category),ldif) + except ldap.LDAPError, e: + return {'bool' : False, 'message' : e } - return + self.close() + return {'bool': True} + else: + return result + return def parse_record(self, record): req_ldapdict = {} @@ -48,6 +152,12 @@ class LDAPapi : req_ldapdict['cn'] = str(record['first_name'])+" "+str(record['last_name']) if 'email' in record : req_ldapdict['mail'] = record['email'] + if 'hrn' in record : + splited_hrn = record['hrn'].split(".") + if splited_hrn[0] != self.authname : + print >>sys.stderr,"i know nothing about",record['hrn'], " my authname is ", self.authname, " not ", splited_hrn[0] + login=splited_hrn[1] + req_ldapdict['uid'] = login req_ldap='' print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t parse_record record %s req_ldapdict %s" %(record,req_ldapdict) @@ -67,19 +177,18 @@ class LDAPapi : def ldapSearch (self, record ): - - self.connect() + self.conn.connect(bind = False) + #self.connect() req_ldap = self.parse_record(record) print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapSearch req_ldap %s" %(req_ldap) try: - msg_id=self.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,req_ldap, ['mail','givenName', 'sn', 'uid','sshPublicKey']) + msg_id=self.conn.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,req_ldap, ['mail','givenName', 'sn', 'uid','sshPublicKey']) #Get all the results matching the search from ldap in one shot (1 value) - result_type, result_data=self.ldapserv.result(msg_id,1) + result_type, result_data=self.conn.ldapserv.result(msg_id,1) results = [] print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapSearch result_data %s" %(result_data) - #Dafuq is this result_data shit ?? + ldapentry = result_data[0][1] - #print>>sys.stderr, " \r\n \t LDAP : ! mail ldapentry[1]['mail'][0] %s " %(ldapentry[1]['mail'][0]) print >>sys.stderr, "\r\n \r\n \t LDAP.PY \t\t ldapSearch ldapentry %s" %(ldapentry) tmpname = ldapentry['uid'][0] @@ -124,8 +233,9 @@ class LDAPapi : def ldapFindHrn(self, record_filter = None): #def ldapFindHrn(self, record_filter = None, columns=None): - results = [] - self.connect() + results = [] + self.conn.connect(bind = False) + #self.connect() if 'authority' in record_filter: # ask for authority if record_filter['authority']==self.authname: @@ -159,12 +269,10 @@ class LDAPapi : ldapfilter+=")" ldapfilter+=")" - - rindex=self.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,ldapfilter, ['mail','givenName', 'sn', 'uid','sshPublicKey']) - ldapresponse=self.ldapserv.result(rindex,1) - #print>>sys.stderr, " \r\n \t LDAP : ldapresponse %s " %(ldapresponse) + rindex=self.conn.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,ldapfilter, ['mail','givenName', 'sn', 'uid','sshPublicKey']) + #rindex=self.ldapserv.search(self.baseDN,ldap.SCOPE_SUBTREE,ldapfilter, ['mail','givenName', 'sn', 'uid','sshPublicKey']) + ldapresponse=self.conn.ldapserv.result(rindex,1) for ldapentry in ldapresponse[1]: - #print>>sys.stderr, " \r\n \t LDAP : ! mail ldapentry[1]['mail'][0] %s " %(ldapentry[1]['mail'][0]) tmpname = ldapentry[1]['uid'][0] diff --git a/sfa/senslab/OARrestapi.py b/sfa/senslab/OARrestapi.py index 99df7f21..20726dc6 100644 --- a/sfa/senslab/OARrestapi.py +++ b/sfa/senslab/OARrestapi.py @@ -105,18 +105,14 @@ class OARrestapi: print>>sys.stderr, " \r\n \r\n POSTRequestToOARRestAPI username",username try: self.oarserver['uri'] = OARrequest_post_uri_dict[request]['uri'] - #print>>sys.stderr, " \r\n \r\n POSTRequestToOARRestAPI rq %s datadict %s " % ( self.oarserver['uri'] ,datadict) except: print>>sys.stderr, " \r\n \r\n POSTRequestToOARRestAPI request not in OARrequest_post_uri_dict" return try: - #print>>sys.stderr, " \r\n \r\n POSTRequestToOARRestAPI %s " %( 'strval' in datadict) if datadict and 'strval' in datadict: self.oarserver['uri'] = self.oarserver['uri'].replace("id",str(datadict['strval'])) - #print>>sys.stderr, " \r\n \r\n POSTRequestToOARRestAPI REPLACE OK %s"%(self.oarserver['uri']) del datadict['strval'] - #print>>sys.stderr, " \r\n \r\n \t POSTRequestToOARRestAPI datadict %s rq %s" %(datadict, self.oarserver['uri'] ) except: print>>sys.stderr, " \r\n \r\n POSTRequestToOARRestAPI ERRRRRORRRRRR " return @@ -129,7 +125,6 @@ class OARrestapi: try : #self.oarserver['postformat'] = POSTformat[format] - #print>>sys.stderr, "\r\n POSTRequestToOARRestAPI headers %s uri %s" %(headers,self.oarserver['uri']) conn = httplib.HTTPConnection(self.oarserver['ip'],self.oarserver['port']) conn.request("POST",self.oarserver['uri'],data,headers ) resp = ( conn.getresponse()).read() @@ -354,7 +349,6 @@ class OARGETParser: #node['hrn'] = self.hostname_to_hrn(self.interface_hrn, node['site_login_base'],node['hostname']) self.node_dictlist.update({node_id:node}) #if node_id is 1: - #print>>sys.stderr, " \r\n \r\n \t \t\t\t OARESTAPI Parse Sites self.node_dictlist %s " %(self.node_dictlist) if node['site'] not in self.site_dict: self.site_dict[node['site']] = {'site':node['site'], 'node_ids':nodes_per_site[node['site']], @@ -413,7 +407,6 @@ class OARGETParser: def SendRequest(self,request, strval = None , username = None): if request in OARrequests_get_uri_dict: self.raw_json = self.server.GETRequestToOARRestAPI(request,strval,username) - #print>>sys.stderr, "\r\n OARGetParse __init__ : request %s result %s "%(request,self.raw_json) return self.OARrequests_uri_dict[request]['parse_func'](self) else: print>>sys.stderr, "\r\n OARGetParse __init__ : ERROR_REQUEST " ,request diff --git a/sfa/senslab/parsing.py b/sfa/senslab/parsing.py index 3298b299..a1604dd5 100644 --- a/sfa/senslab/parsing.py +++ b/sfa/senslab/parsing.py @@ -18,12 +18,9 @@ def strip_dictionnary (dict_to_strip): def filter_return_fields( dict_to_filter, return_fields): filtered_dict = {} - #print>>sys.stderr, " \r\n \t \tfilter_return_fields return fields %s " %(return_fields) for field in return_fields: - #print>>sys.stderr, " \r\n \t \tfield %s " %(field) if field in dict_to_filter: filtered_dict[field] = dict_to_filter[field] - #print>>sys.stderr, " \r\n \t\t filter_return_fields filtered_dict %s " %(filtered_dict) return filtered_dict @@ -36,12 +33,10 @@ def parse_filter(list_to_filter, param_filter, type_of_list, return_fields=None) 'slice':{'str':'slice_hrn','int':'record_id_slice'},\ 'peers':{'str':'hrn'}} - #print>>sys.stderr, " \r\n ___ parse_filter param_filter %s type %s return fields %s " %(param_filter,type_of_list, return_fields) if param_filter is None and return_fields is None: return list_to_filter if type_of_list not in list_type: - #print>>sys.stderr, " \r\n type_of_list Error parse_filter %s " %(type_of_list) return [] return_filtered_list= [] @@ -50,10 +45,8 @@ def parse_filter(list_to_filter, param_filter, type_of_list, return_fields=None) tmp_item = {} if type(param_filter) is list : - #print>>sys.stderr, " \r\n p_filter LIST %s " %(param_filter) for p_filter in param_filter: - #print>>sys.stderr, " \r\n p_filter %s \t item %s " %(p_filter,item) if type(p_filter) is int: if item[list_type[type_of_list]['int']] == p_filter : if return_fields: @@ -61,27 +54,22 @@ def parse_filter(list_to_filter, param_filter, type_of_list, return_fields=None) else: tmp_item = item return_filtered_list.append(tmp_item) - #print>>sys.stderr, " \r\n 1tmp_item",tmp_item if type(p_filter) is str: if item[list_type[type_of_list]['str']] == str(p_filter) : - #print>>sys.stderr, " \r\n p_filter %s \t item %s "%(p_filter,item[list_type[type_of_list]['str']]) if return_fields: tmp_item = filter_return_fields(item,return_fields) else: tmp_item = item return_filtered_list.append(tmp_item) - #print>>sys.stderr, " \r\n 2tmp_item",tmp_item elif type(param_filter) is dict: #stripped_filterdict = strip_dictionnary(param_filter) #tmp_copy = {} #tmp_copy = item.copy() - #print>>sys.stderr, " \r\n \t\t ________tmp_copy %s " %(tmp_copy) #key_list = tmp_copy.keys() #for key in key_list: - #print>>sys.stderr, " \r\n \t\t key %s " %(key) #if key not in stripped_filterdict: #del tmp_copy[key] @@ -99,13 +87,11 @@ def parse_filter(list_to_filter, param_filter, type_of_list, return_fields=None) if founditem: if return_fields: - #print>>sys.stderr, " \r\n \r\n parsing.py param_filter dflt %s founditem %s " %(dflt, founditem) tmp_item = filter_return_fields(founditem[0],return_fields) else: tmp_item = founditem[0] return_filtered_list.append(tmp_item) - #print>>sys.stderr, " \r\n tmp_copy %s param_filter %s cmp = %s " %(tmp_copy, param_filter,cmp(tmp_copy, stripped_filterdict)) #if cmp(tmp_copy, stripped_filterdict) == 0: #if return_fields: diff --git a/sfa/senslab/slabaggregate.py b/sfa/senslab/slabaggregate.py index e35bc9c7..e5949828 100644 --- a/sfa/senslab/slabaggregate.py +++ b/sfa/senslab/slabaggregate.py @@ -121,7 +121,6 @@ class SlabAggregate: #filter.update({'peer_id': None}) #nodes = self.driver.GetNodes(filter['hostname']) - #print>>sys.stderr, "\r\n \r\n \t get_nodes nodes %s" %(nodes) #site_ids = [] #interface_ids = [] diff --git a/sfa/senslab/slabdriver.py b/sfa/senslab/slabdriver.py index a909f7ff..dcd3d9b6 100644 --- a/sfa/senslab/slabdriver.py +++ b/sfa/senslab/slabdriver.py @@ -233,9 +233,7 @@ class SlabDriver(Driver): aggregate = SlabAggregate(self) origin_hrn = Credential(string=creds[0]).get_gid_caller().get_hrn() - #print>>sys.stderr, " \r\n \r\n \t SLABDRIVER list_resources origin_hrn %s" %(origin_hrn) options.update({'origin_hrn':origin_hrn}) - #print>>sys.stderr, " \r\n \r\n \t SLABDRIVER list_resources options %s" %(options) rspec = aggregate.get_rspec(slice_xrn=slice_urn, version=rspec_version, options=options) print>>sys.stderr, " \r\n \r\n \t SLABDRIVER list_resources rspec " @@ -431,6 +429,10 @@ class SlabDriver(Driver): def GetPersons(self, person_filter=None, return_fields=None): + #if isinstance(person_filter,list): + #for f in person_filter: + #person = self.ldap.ldapSearch(f) + #if isinstance(person_filter,dict): person_list = self.ldap.ldapFindHrn({'authority': self.root_auth }) #check = False @@ -494,11 +496,9 @@ class SlabDriver(Driver): node_dict = dict(zip(node_hostname_list,node_list)) try : liste =job_info[node_list_k] - #print>>sys.stderr, "\r\n \r\n \t\t GetJobs resources job_info liste%s" %(liste) for k in range(len(liste)): job_info[node_list_k][k] = node_dict[job_info[node_list_k][k]]['hostname'] - #print>>sys.stderr, "\r\n \r\n \t\t YYYYYYYYYYYYGetJobs resources job_info %s" %(job_info) #Replaces the previous entry "assigned_network_address" / "reserved_resources" #with "node_ids" job_info.update({'node_ids':job_info[node_list_k]}) @@ -839,132 +839,7 @@ class SlabDriver(Driver): - def fill_record_sfa_info(self, records): - - def startswith(prefix, values): - return [value for value in values if value.startswith(prefix)] - - # get person ids - person_ids = [] - site_ids = [] - for record in records: - person_ids.extend(record.get("person_ids", [])) - site_ids.extend(record.get("site_ids", [])) - if 'site_id' in record: - site_ids.append(record['site_id']) - - #print>>sys.stderr, "\r\n \r\n _fill_record_sfa_info ___person_ids %s \r\n \t\t site_ids %s " %(person_ids, site_ids) - - # get all pis from the sites we've encountered - # and store them in a dictionary keyed on site_id - site_pis = {} - if site_ids: - pi_filter = {'|roles': ['pi'], '|site_ids': site_ids} - pi_list = self.GetPersons( pi_filter, ['person_id', 'site_ids']) - #print>>sys.stderr, "\r\n \r\n _fill_record_sfa_info ___ GetPersons ['person_id', 'site_ids'] pi_ilist %s" %(pi_list) - - for pi in pi_list: - # we will need the pi's hrns also - person_ids.append(pi['person_id']) - - # we also need to keep track of the sites these pis - # belong to - for site_id in pi['site_ids']: - if site_id in site_pis: - site_pis[site_id].append(pi) - else: - site_pis[site_id] = [pi] - - # get sfa records for all records associated with these records. - # we'll replace pl ids (person_ids) with hrns from the sfa records - # we obtain - - # get the sfa records - #table = SfaTable() - existing_records = {} - all_records = dbsession.query(RegRecord).all() - for record in all_records: - existing_records[(record.type,record.pointer)] = record - - print >>sys.stderr, " \r\r\n SLABDRIVER fill_record_sfa_info existing_records %s " %(existing_records) - person_list, persons = [], {} - #person_list = table.find({'type': 'user', 'pointer': person_ids}) - try: - for p_id in person_ids: - person_list.append( existing_records.get(('user',p_id))) - except KeyError: - print >>sys.stderr, " \r\r\n SLABDRIVER fill_record_sfa_info ERRRRRRRRRROR" - - # create a hrns keyed on the sfa record's pointer. - # Its possible for multiple records to have the same pointer so - # the dict's value will be a list of hrns. - persons = defaultdict(list) - for person in person_list: - persons[person['pointer']].append(person) - - # get the pl records - slab_person_list, slab_persons = [], {} - slab_person_list = self.GetPersons(person_ids, ['person_id', 'roles']) - slab_persons = list_to_dict(slab_person_list, 'person_id') - #print>>sys.stderr, "\r\n \r\n _fill_record_sfa_info ___ _list %s \r\n \t\t SenslabUsers.GetPersons ['person_id', 'roles'] slab_persons %s \r\n records %s" %(slab_person_list, slab_persons,records) - # fill sfa info - - for record in records: - # skip records with no pl info (top level authorities) - #Sandrine 24 oct 11 2 lines - #if record['pointer'] == -1: - #continue - sfa_info = {} - type = record['type'] - if (type == "slice"): - # all slice users are researchers - #record['geni_urn'] = hrn_to_urn(record['hrn'], 'slice') ? besoin ou pas ? - record['PI'] = [] - record['researcher'] = [] - for person_id in record.get('person_ids', []): - #Sandrine 24 oct 11 line - #for person_id in record['person_ids']: - hrns = [person['hrn'] for person in persons[person_id]] - record['researcher'].extend(hrns) - - # pis at the slice's site - slab_pis = site_pis[record['site_id']] - pi_ids = [pi['person_id'] for pi in slab_pis] - for person_id in pi_ids: - hrns = [person['hrn'] for person in persons[person_id]] - record['PI'].extend(hrns) - record['geni_urn'] = hrn_to_urn(record['hrn'], 'slice') - record['geni_creator'] = record['PI'] - - elif (type == "authority"): - record['PI'] = [] - record['operator'] = [] - record['owner'] = [] - for pointer in record['person_ids']: - if pointer not in persons or pointer not in slab_persons: - # this means there is not sfa or pl record for this user - continue - hrns = [person['hrn'] for person in persons[pointer]] - roles = slab_persons[pointer]['roles'] - if 'pi' in roles: - record['PI'].extend(hrns) - if 'tech' in roles: - record['operator'].extend(hrns) - if 'admin' in roles: - record['owner'].extend(hrns) - # xxx TODO: OrganizationName - elif (type == "node"): - sfa_info['dns'] = record.get("hostname", "") - # xxx TODO: URI, LatLong, IP, DNS - - elif (type == "user"): - sfa_info['email'] = record.get("email", "") - sfa_info['geni_urn'] = hrn_to_urn(record['hrn'], 'user') - sfa_info['geni_certificate'] = record['gid'] - # xxx TODO: PostalAddress, Phone - - #print>>sys.stderr, "\r\n \r\rn \t\t \t <<<<<<<<<<<<<<<<<<<<<<<< fill_record_sfa_info sfa_info %s \r\n record %s : "%(sfa_info,record) - record.update(sfa_info) + def augment_records_with_testbed_info (self, sfa_records): return self.fill_record_info (sfa_records) diff --git a/sfa/senslab/slabpostgres.py b/sfa/senslab/slabpostgres.py index eed0e8bc..a1338332 100644 --- a/sfa/senslab/slabpostgres.py +++ b/sfa/senslab/slabpostgres.py @@ -228,7 +228,6 @@ class SlabDB: #reclist = [] ##for rec in Q.all(): #reclist.append(dict(zip(['record_id_user','oar_job_id', 'record_id_slice','slice_hrn'],[rec.record_id_user,rec.oar_job_id,rec.record_id_slice, rec.slice_hrn]))) - #print>>sys.stderr, " \r\n \r\n \t SLABPOSTGRES find reclist %s" %(reclist) #return reclist diff --git a/sfa/senslab/slabslices.py b/sfa/senslab/slabslices.py index 7ec7ba48..715e3b68 100644 --- a/sfa/senslab/slabslices.py +++ b/sfa/senslab/slabslices.py @@ -103,108 +103,7 @@ class SlabSlices: - #def get_slivers(self, xrn, node=None): - #hrn, type = urn_to_hrn(xrn) - - #slice_name = hrn_to_pl_slicename(hrn) - ## XX Should we just call PLCAPI.GetSliceTicket(slice_name) instead - ## of doing all of this? - ##return self.api.driver.GetSliceTicket(self.auth, slice_name) - - ## from PLCAPI.GetSlivers.get_slivers() - #slice_fields = ['slice_id', 'name', 'instantiation', 'expires', 'person_ids', 'slice_tag_ids'] - #slices = self.api.driver.GetSlices(slice_name, slice_fields) - ## Build up list of users and slice attributes - #person_ids = set() - #all_slice_tag_ids = set() - #for slice in slices: - #person_ids.update(slice['person_ids']) - #all_slice_tag_ids.update(slice['slice_tag_ids']) - #person_ids = list(person_ids) - #all_slice_tag_ids = list(all_slice_tag_ids) - ## Get user information - #all_persons_list = self.api.driver.GetPersons({'person_id':person_ids,'enabled':True}, ['person_id', 'enabled', 'key_ids']) - #all_persons = {} - #for person in all_persons_list: - #all_persons[person['person_id']] = person - - ## Build up list of keys - #key_ids = set() - #for person in all_persons.values(): - #key_ids.update(person['key_ids']) - #key_ids = list(key_ids) - ## Get user account keys - #all_keys_list = self.api.driver.GetKeys(key_ids, ['key_id', 'key', 'key_type']) - #all_keys = {} - #for key in all_keys_list: - #all_keys[key['key_id']] = key - ## Get slice attributes - #all_slice_tags_list = self.api.driver.GetSliceTags(all_slice_tag_ids) - #all_slice_tags = {} - #for slice_tag in all_slice_tags_list: - #all_slice_tags[slice_tag['slice_tag_id']] = slice_tag - - #slivers = [] - #for slice in slices: - #keys = [] - #for person_id in slice['person_ids']: - #if person_id in all_persons: - #person = all_persons[person_id] - #if not person['enabled']: - #continue - #for key_id in person['key_ids']: - #if key_id in all_keys: - #key = all_keys[key_id] - #keys += [{'key_type': key['key_type'], - #'key': key['key']}] - #attributes = [] - ## All (per-node and global) attributes for this slice - #slice_tags = [] - #for slice_tag_id in slice['slice_tag_ids']: - #if slice_tag_id in all_slice_tags: - #slice_tags.append(all_slice_tags[slice_tag_id]) - ## Per-node sliver attributes take precedence over global - ## slice attributes, so set them first. - ## Then comes nodegroup slice attributes - ## Followed by global slice attributes - #sliver_attributes = [] - - #if node is not None: - #for sliver_attribute in filter(lambda a: a['node_id'] == node['node_id'], slice_tags): - #sliver_attributes.append(sliver_attribute['tagname']) - #attributes.append({'tagname': sliver_attribute['tagname'], - #'value': sliver_attribute['value']}) - - ## set nodegroup slice attributes - #for slice_tag in filter(lambda a: a['nodegroup_id'] in node['nodegroup_ids'], slice_tags): - ## Do not set any nodegroup slice attributes for - ## which there is at least one sliver attribute - ## already set. - #if slice_tag not in slice_tags: - #attributes.append({'tagname': slice_tag['tagname'], - #'value': slice_tag['value']}) - - #for slice_tag in filter(lambda a: a['node_id'] is None, slice_tags): - ## Do not set any global slice attributes for - ## which there is at least one sliver attribute - ## already set. - #if slice_tag['tagname'] not in sliver_attributes: - #attributes.append({'tagname': slice_tag['tagname'], - #'value': slice_tag['value']}) - - ## XXX Sanity check; though technically this should be a system invariant - ## checked with an assertion - #if slice['expires'] > MAXINT: slice['expires']= MAXINT - - #slivers.append({ - #'hrn': hrn, - #'name': slice['name'], - #'slice_id': slice['slice_id'], - #'instantiation': slice['instantiation'], - #'expires': slice['expires'], - #'keys': keys, - #'attributes': attributes - #}) + #return slivers def get_peer(self, xrn): @@ -254,7 +153,6 @@ class SlabSlices: # add nodes from rspec added_nodes = list(set(requested_slivers).difference(current_slivers)) - #print>>sys.stderr , "\r\n \r\n \t slices.py verify_slice_nodes added_nodes %s slice %s" %( added_nodes,slice) try: #if peer: #self.driver.UnBindObjectFromPeer('slice', slice['slice_id'], peer['shortname']) @@ -457,7 +355,6 @@ class SlabSlices: #for k in users_dict[user['hrn']] : existing_user_hrns.append (users_dict[user['hrn']]['hrn']) existing_user_ids.append (users_dict[user['hrn']]['person_id']) - #print>>sys.stderr, " \r\n \r\n \t slabslices.py verify_person existing_user_ids.append (users_dict[user['hrn']][k]) %s \r\n existing_users %s " %( existing_user_ids,existing_users) #User from another federated site , does not have a senslab account yet? #or have multiple SFA accounts @@ -493,7 +390,6 @@ class SlabSlices: existing_slice_user_hrns = [user['hrn'] for user in existing_slice_users] - #print>>sys.stderr, " \r\n \r\n slices.py verify_person requested_user_ids %s existing_slice_user_hrns %s " %(requested_user_ids,existing_slice_user_hrns) # users to be added, removed or updated added_user_hrns = set(requested_user_hrns).difference(set(existing_user_hrns)) @@ -504,8 +400,6 @@ class SlabSlices: updated_user_hrns = set(existing_slice_user_hrns).intersection(requested_user_hrns) - #print>>sys.stderr, " \r\n \r\n slices.py verify_persons added_user_ids %s added_slice_user_ids %s " %(added_user_ids,added_slice_user_ids) - #print>>sys.stderr, " \r\n \r\n slices.py verify_persons removed_user_hrns %s updated_user_hrns %s " %(removed_user_hrns,updated_user_hrns) # Remove stale users (only if we are not appending) append = options.get('append', True) if append == False: @@ -514,7 +408,6 @@ class SlabSlices: # update_existing users updated_users_list = [user for user in existing_slice_users if user['hrn'] in \ updated_user_hrns] - #print>>sys.stderr, " \r\n \r\n slices.py verify_persons removed_user_hrns %s updated_users_list %s " %(removed_user_hrns,updated_users_list) #self.verify_keys(existing_slice_users, updated_users_list, peer, append) added_persons = [] @@ -531,7 +424,6 @@ class SlabSlices: #'key_ids': added_user.get('key_ids', []), } - #print>>sys.stderr, " \r\n \r\n slices.py verify_persons added_user_ids %s " %(added_user_ids) person['person_id'] = self.driver.AddPerson(person) if peer: person['peer_person_id'] = added_user['person_id'] diff --git a/sfa/server/sfa-start.py b/sfa/server/sfa-start.py index d72a392e..0b999d9d 100755 --- a/sfa/server/sfa-start.py +++ b/sfa/server/sfa-start.py @@ -72,7 +72,6 @@ def install_peer_certs(server_key_file, server_cert_file): # There should be a gid file in /etc/sfa/trusted_roots for every # peer registry found in in the registries.xml config file. If there # are any missing gids, request a new one from the peer registry. - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs server_key_file %s server_cert_file %s"%(server_key_file,server_cert_file) api = SfaApi(key_file = server_key_file, cert_file = server_cert_file) registries = Registries() aggregates = Aggregates() @@ -85,7 +84,6 @@ def install_peer_certs(server_key_file, server_cert_file): peer_gids = [] if not new_hrns: return - print>>sys.stderr," \r\n \r\n \t=============================================== install_peer_certs interfaces %s api.config.SFA_INTERFACE_HRN %s new_hrns %s" %( interfaces,api.config.SFA_INTERFACE_HRN,new_hrns) trusted_certs_dir = api.config.get_trustedroots_dir() for new_hrn in new_hrns: if not new_hrn: continue @@ -96,9 +94,7 @@ def install_peer_certs(server_key_file, server_cert_file): url = interfaces[new_hrn].get_url() interface = interfaces[new_hrn].server_proxy(server_key_file, server_cert_file, timeout=30) # skip non sfa aggregates - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs IIIinterface %s url %s" %(interface,url) server_version = api.get_cached_server_version(interface) - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs server_version %s \r\n \r\rn \t\t =============================================== server_version['sfa'] %s, " %(server_version, server_version['sfa']) if 'sfa' not in server_version: logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn) continue @@ -112,7 +108,6 @@ def install_peer_certs(server_key_file, server_cert_file): message += "unable to install trusted gid for %s" % \ (new_hrn) gid = GID(string=trusted_gid) - print>>sys.stderr, " \r\n \r\n \t=============================================== install_peer_certs gid %s " %(gid) peer_gids.append(gid) if gid.get_hrn() == new_hrn: gid_filename = os.path.join(trusted_certs_dir, '%s.gid' % new_hrn) @@ -188,7 +183,6 @@ def main(): auth_info = hierarchy.get_interface_auth_info() server_key_file = auth_info.get_privkey_filename() server_cert_file = auth_info.get_gid_filename() - print>>sys.stderr, " \r\n \t\t\t\t\t SFA-START MAIN auth_info %s server_key_file %s server_cert_file %s "%(auth_info, server_key_file,server_cert_file) # ensure interface cert is present in trusted roots dir trusted_roots = TrustedRoots(config.get_trustedroots_dir()) trusted_roots.add_gid(GID(filename=server_cert_file)) diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index 11b8dd76..bc4920d5 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -40,7 +40,6 @@ class Auth: valid = [] if not isinstance(creds, list): creds = [creds] - #print>>sys.stderr, "\r\n \r\n \t AUTH.PY checkCredentials hrn %s" %(hrn) logger.debug("Auth.checkCredentials with %d creds"%len(creds)) for cred in creds: try: @@ -69,7 +68,6 @@ class Auth: self.client_cred = Credential(string = cred) self.client_gid = self.client_cred.get_gid_caller() self.object_gid = self.client_cred.get_gid_object() - #print>>sys.stderr, " \r\n \r\n \t AUTH.PY check client_gid %s hrn %s object_gid %s" %(self.client_gid.get_hrn(),hrn, self.object_gid.get_hrn()) # make sure the client_gid is not blank if not self.client_gid: raise MissingCallerGID(self.client_cred.get_subject()) @@ -80,14 +78,11 @@ class Auth: # make sure the client is allowed to perform the operation if operation: - #print>>sys.stderr, " \r\n \r\n \t AUTH.PY check operation %s trusted_cert_list %s " %(operation,self.trusted_cert_list) if not self.client_cred.can_perform(operation): - #print>>sys.stderr, " \r\n \r\n \t AUTH.PY InsufficientRights(operation)" raise InsufficientRights(operation) if self.trusted_cert_list: self.client_cred.verify(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA) - #print>>sys.stderr, " \r\n \r\n \t AUTH.PY check trusted_cert_file_list %s self.config.SFA_CREDENTIAL_SCHEMA %s" %(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA) else: raise MissingTrustedRoots(self.config.get_trustedroots_dir()) @@ -95,7 +90,6 @@ class Auth: # Make sure the credential's target matches the specified hrn. # This check does not apply to trusted peers trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list] - #print>>sys.stderr, " \r\n \r\n \t AUTH.PY check trusted_peers ", trusted_peers if hrn and self.client_gid.get_hrn() not in trusted_peers: target_hrn = self.object_gid.get_hrn() diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py index ad2d201a..09835d94 100644 --- a/sfa/trust/credential.py +++ b/sfa/trust/credential.py @@ -160,10 +160,8 @@ class Signature(object): def get_refid(self): - #print>>sys.stderr," \r\n \r\n credential.py Signature get_refid\ self.refid %s " %(self.refid) if not self.refid: self.decode() - #print>>sys.stderr," \r\n \r\n credential.py Signature get_refid self.refid %s " %(self.refid) return self.refid def get_xml(self): @@ -592,7 +590,6 @@ class Credential(object): def updateRefID(self): if not self.parent: self.set_refid('ref0') - #print>>sys.stderr, " \r\n \r\n updateRefID next_cred ref0 " return [] refs = [] @@ -604,10 +601,8 @@ class Credential(object): refs.append(next_cred.get_refid()) if next_cred.parent: next_cred = next_cred.parent - #print>>sys.stderr, " \r\n \r\n updateRefID next_cred " else: next_cred = None - #print>>sys.stderr, " \r\n \r\n updateRefID next_cred NONE" # Find a unique refid for this credential @@ -812,12 +807,10 @@ class Credential(object): # Failures here include unreadable files # or non PEM files trusted_cert_objects.append(GID(filename=f)) - #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs %s" %(GID(filename=f).get_hrn()) ok_trusted_certs.append(f) except Exception, exc: logger.error("Failed to load trusted cert from %s: %r", f, exc) trusted_certs = ok_trusted_certs - #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs elemnebts %s" %(len(trusted_certs)) # Use legacy verification if this is a legacy credential if self.legacy: @@ -844,7 +837,6 @@ class Credential(object): for cur_cred in self.get_credential_list(): cur_cred.get_gid_object().verify_chain(trusted_cert_objects) cur_cred.get_gid_caller().verify_chain(trusted_cert_objects) - #print>>sys.stderr, " \r\n \t\t\t credential.py verify cur_cred get_gid_object hrn %s get_gid_caller %s" %(cur_cred.get_gid_object().get_hrn(),cur_cred.get_gid_caller().get_hrn()) refs = [] refs.append("Sig_%s" % self.get_refid()) @@ -852,7 +844,6 @@ class Credential(object): parentRefs = self.updateRefID() for ref in parentRefs: refs.append("Sig_%s" % ref) - #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs refs", ref for ref in refs: # If caller explicitly passed in None that means skip xmlsec1 validation. # Strange and not typical @@ -863,7 +854,6 @@ class Credential(object): # (self.xmlsec_path, ref, cert_args, filename) verified = os.popen('%s --verify --node-id "%s" %s %s 2>&1' \ % (self.xmlsec_path, ref, cert_args, filename)).read() - #print>>sys.stderr, " \r\n \t\t\t credential.py verify filename %s verified %s " %(filename,verified) if not verified.strip().startswith("OK"): # xmlsec errors have a msg= which is the interesting bit. mstart = verified.find("msg=") @@ -875,11 +865,9 @@ class Credential(object): raise CredentialNotVerifiable("xmlsec1 error verifying cred %s using Signature ID %s: %s %s" % (self.get_summary_tostring(), ref, msg, verified.strip())) os.remove(filename) - #print>>sys.stderr, " \r\n \t\t\t credential.py HUMMM parents %s", self.parent # Verify the parents (delegation) if self.parent: self.verify_parent(self.parent) - #print>>sys.stderr, " \r\n \t\t\t credential.py verify trusted_certs parents" # Make sure the issuer is the target's authority, and is # itself a valid GID self.verify_issuer(trusted_cert_objects) @@ -982,7 +970,6 @@ class Credential(object): # . The expiry time on the child must be no later than the parent # . The signer of the child must be the owner of the parent def verify_parent(self, parent_cred): - #print>>sys.stderr, " \r\n\r\n \t verify_parent parent_cred.get_gid_caller().save_to_string(False) %s self.get_signature().get_issuer_gid().save_to_string(False) %s" %(parent_cred.get_gid_caller().get_hrn(),self.get_signature().get_issuer_gid().get_hrn()) # make sure the rights given to the child are a subset of the # parents rights (and check delegate bits) if not parent_cred.get_privileges().is_superset(self.get_privileges()): diff --git a/sfa/util/xrn.py b/sfa/util/xrn.py index ac394f70..60b57b98 100644 --- a/sfa/util/xrn.py +++ b/sfa/util/xrn.py @@ -122,13 +122,11 @@ class Xrn: self.hrn=None self.urn=xrn self.urn_to_hrn() - #print>>sys.stderr, " \r\n \r\n \t XRN.PY init xrn.startswith(Xrn.URN_PREFIX) hrn %s urn %s type %s" %( self.hrn, self.urn, self.type) else: self.urn=None self.hrn=xrn self.type=type self.hrn_to_urn() - #print>>sys.stderr, " \r\n \r\n \t XRN.PY init ELSE hrn %s urn %s type %s" %( self.hrn, self.urn, self.type) # happens all the time .. # if not type: # debug_logger.debug("type-less Xrn's are not safe") @@ -146,14 +144,12 @@ class Xrn: def get_hrn_type(self): return (self.hrn, self.type) def _normalize(self): - #print>>sys.stderr, " \r\n \r\n \t XRN.PY _normalize self.hrn %s ",self.hrn if self.hrn is None: raise SfaAPIError, "Xrn._normalize" if not hasattr(self,'leaf'): self.leaf=Xrn.hrn_split(self.hrn)[-1] # self.authority keeps a list if not hasattr(self,'authority'): self.authority=Xrn.hrn_auth_list(self.hrn) - #print>>sys.stderr, " \r\n \r\n \t XRN.PY _normalize self.hrn %s leaf %s authority %s"%(self.hrn, self.leaf, self.authority) def get_leaf(self): -- 2.43.0