From 29dec22ec4030a8c6a74d5d4c269fe941ba53189 Mon Sep 17 00:00:00 2001 From: Larry Peterson Date: Mon, 29 Dec 2008 20:13:15 +0000 Subject: [PATCH] bootstraps credentials --- cmdline/sfi.py | 334 ++++++++++++++++++++++++++++++------------------- 1 file changed, 203 insertions(+), 131 deletions(-) diff --git a/cmdline/sfi.py b/cmdline/sfi.py index dfd0c57c..11f4d54b 100755 --- a/cmdline/sfi.py +++ b/cmdline/sfi.py @@ -5,13 +5,16 @@ from __future__ import with_statement import sys import os, os.path -#from cert import Keypair, Certificate +from cert import Keypair, Certificate, Credential from optparse import OptionParser -#from util.geniclient import GeniClient +from util.geniclient import GeniClient sfi_dir = os.path.expanduser("~/.sfi/") sm_chan = None reg_chan = None +user = None +authority = None +verbose = False # # Establish Connection to SliceMgr and Registry Servers @@ -19,72 +22,163 @@ reg_chan = None def set_servers(options): global sm_chan global reg_chan + global user + global authority - # Set SliceMgr and Registry URLs + # Set SliceMgr URL if (options.sm is not None): - sm = options.sm - elif ("SM" in os.environ): - sm = os.environ["SM"] + sm_url = options.sm + elif ("SFI_SM" in os.environ): + sm_url = os.environ["SFI_SM"] else: print "No Known Slice Manager" sys.exit(1) + + # Set Registry URL if (options.registry is not None): - registry = options.registry - elif ("REGISTRY" in os.environ): - registry = os.environ["REGISTRY"] + reg_url = options.registry + elif ("SFI_REGISTRY" in os.environ): + reg_url = os.environ["SFI_REGISTRY"] + else: + print "No Known Registry Server" + sys.exit(1) + + if options.verbose : + print "Contacting Slice Manager at:", sm_url + print "Contacting Registry at:", registry_url + + # Set user HRN + if (options.user is not None): + user = options.user + elif ("SFI_USER" in os.environ): + user = os.environ["SFI_USER"] else: - print "No Known Registry" + print "No Known User Name" sys.exit(1) - if options.verbose: - print "Contacting Slice Manager at:", sm - print "Contacting Registry at:", registry + # Set authority HRN + if (options.auth is not None): + authority = options.auth + elif ("SFI_AUTH" in os.environ): + authority = os.environ["SFI_AUTH"] + else: + authority = None + + # Get key and certificate + key_file = get_key_file() + cert_file = get_cert_file(key_file) + + # Establish connection to server(s) # SliceMgr and Registry may be available on the same server -# if (sm == registry): -# sm_chan = GeniClient(sm, key_file, cert_file) -# reg_chan = sm_chan -# else: -# sm_chan = GeniClient(sm, key_file, cert_file) -# reg_chan = GeniClient(registry, key_file, cert_file) + if (sm_url == registry_url): + sm_chan = GeniClient(sm_url, key_file, cert_file) + reg_chan = sm_chan + else: + sm_chan = GeniClient(sm_url, key_file, cert_file) + reg_chan = GeniClient(registry_url, key_file, cert_file) return # -# Get file names for various credentials and specs +# Get various credential and spec files # # Establishes limiting conventions # - conflates MAs and SAs -# - assumes a single user per working directory # - assumes last token in slice name is unique # -# Bootstraps credentials (not done yet) +# Bootstraps credentials +# - bootstrap user credential from self-signed certificate +# - bootstrap authority credential from user credential +# - bootstrap slice credential from user credential # def get_leaf(name): parts = name.split(".") return parts[-1] -def get_user_cred_fn(): - file = os.path.join(sfi_dir, os.environ["USER"] + ".cred") +def get_key_file(): + file = os.path.join(sfi_dir, get_leaf(user) + ".pkey") if (os.path.isfile(file)): return file else: - print "bootstrap user credential here" + print "Key file", file, "does not exist" + sys.exit(-1) + return -def get_auth_cred_fn(): - file = os.path.join(sfi_dir, "auth.cred") +def get_cert_file(key_file): + global verbose + + file = os.path.join(sfi_dir, get_leaf(user) + ".cert") if (os.path.isfile(file)): return file else: - print "bootstrap authority credential here" + k = Keypair(filename = key_file) + cert = Certificate(subject=user) + cert.set_pubkey(k) + cert.set_issuer(k, user) + cert.sign() + if verbose : + print "Writing self-signed certificate to", file + cert.save_to_file(file) + return file + +def get_user_cred(): + global user -def get_slice_cred_fn(name): + file = os.path.join(sfi_dir, get_leaf(user) + ".cred") + if (os.path.isfile(file)): + user_cred = Credential(filename=file) + return user_cred + else: + # bootstrap user credential + user_cred = get_credential(None, "user", user) + if user_cred: + user_cred.save_to_file(file, save_parents=True) + if verbose: + print "Writing user credential to", file + return user_cred + else: + print "Failed to get user credential" + sys.exit(-1) + +def get_auth_cred(): + global authority + + file = os.path.join(sfi_dir, "authority.cred") + if (os.path.isfile(file)): + auth_cred = Credential(filename=file) + return auth_cred + else: + # bootstrap authority credential from user credential + user_cred = get_user_cred() + auth_cred = get_credential(user_cred, "sa", authority) + if auth_cred: + auth_cred.save_to_file(file, save_parents=True) + if verbose: + print "Writing authority credential to", file + return auth_cred + else: + print "Failed to get authority credential" + sys.exit(-1) + +def get_slice_cred(name): file = os.path.join(sfi_dir, "slice_" + get_leaf(name) + ".cred") if (os.path.isfile(file)): - return file + slice_cred = Credential(filename=file) + return slice_cred else: - print "bootstrap slice credential here" - -def get_rspec_fn(rspec): + # bootstrap slice credential from user credential + user_cred = get_user_cred() + slice_cred = get_credential(user_cred, "slice", name) + if slice_cred: + slice_cred.save_to_file(file, save_parents=True) + if verbose: + print "Writing slice credential to", file + return slice_cred + else: + print "Failed to get slice credential" + sys.exit(-1) + +def get_rspec_file(rspec): if (os.path.isabs(rspec)): file = rspec else: @@ -95,7 +189,7 @@ def get_rspec_fn(rspec): print "No such rspec file" sys.exit(1) -def get_record_fn(record): +def get_record_file(record): if (os.path.isabs(record)): file = record else: @@ -148,6 +242,7 @@ def create_cmd_parser(command): def main(): global sm_chan global reg_chan + global verbose # Generate command line parser parser = OptionParser(usage="sfi [options] command [command_options] [command_args]", @@ -158,6 +253,10 @@ def main(): help="slice manager", metavar="URL", default=None) parser.add_option("-d", "--dir", dest="dir", help="working directory", metavar="PATH", default = sfi_dir) + parser.add_option("-u", "--user", dest="user", + help="user name", metavar="USER_HRN", default=None) + parser.add_option("-a", "--auth", dest="auth", + help="authority name", metavar="AUTH_HRN", default=None) parser.add_option("-v", "--verbose", action="store_true", dest="verbose", default=False, help="verbose mode") @@ -165,8 +264,10 @@ def main(): (options, args) = parser.parse_args() command = args[0] (cmd_opts, cmd_args) = create_cmd_parser(command).parse_args(args[1:]) - if options.verbose : - print options.registry,options.sm,options.dir,options.verbose + verbose = options.verbose + if verbose : + print options.registry, options.sm, options.dir, options.verbose,\ + options.user, options.auth print command if command in ("nodes", "resources"): print cmd_opts.format @@ -186,165 +287,136 @@ def main(): # # Following functions implement the commands -# todo: make sure args exist # -# First, the Registry-related commands +# Registry-related commands # # list entires in named authority registry def list(opts, args): global reg_chan - cred_file = get_user_cred_fn() - with open(cred_file) as f: - credential = f.read() - print "list:", opts.type, args[0], reg_chan, credential -# result = reg_chan.list(credential, args[0]) -# ...filter output based on opts.type... + user_cred = get_user_cred() + result = reg_chan.list(user_cred, args[0]) + display_record(opts.type, results) return # show named registry record def show(opts, args): -# pretty print or return record xml? global reg_chan - cred_file = get_user_cred_fn() - with open(cred_file) as f: - credential = f.read() - print "show:", opts.type, args[0], reg_chan, credential -# result = reg_chan.resolve(credential, args[0]) -# ...filter output based on opts.type... + user_cred = get_user_cred() + result = reg_chan.resolve(user_cred, args[0]) + display_record(opts.type, results) return # removed named registry record +# - have to first retrieve the record to be removed def remove(opts, args): global reg_chan - cred_file = get_auth_cred_fn() - with open(cred_file) as f: - credential = f.read() - print "remove:", opts.type, args[0], reg_chan, credential -# ...first retrieve named record... -# results = reg_chan.resolve(credential, args[0]) -# ...filter desired record from result using opts.type -# ...use that record to call remove... -# result = reg_chan.remove(credential, record) - return + auth_cred = get_auth_cred() + results = reg_chan.resolve(auth_cred, args[0]) + record = filter_record(opts.type, results) + return reg_chan.remove(auth_cred, record) # add named registry record def add(opts, args): global reg_chan - cred_file = get_auth_cred_fn() - with open(cred_file) as f: - credential = f.read() - rec_file = get_record_fn(args[1]) - with open(rec_file) as g: - record = g.read() - print "add:", record, reg_chan, credential -# result = reg_chan.register(credential, record) - return + auth_cred = get_auth_cred() + rec_file = get_record_file(args[1]) + with open(rec_file) as f: + record = f.read() + return reg_chan.register(auth_cred, record) # update named registry entry def update(opts, args): global reg_chan - cred_file = get_auth_cred_fn() - with open(cred_file) as f: - credential = f.read() - rec_file = get_record_fn(args[1]) - with open(rec_file) as g: - record = g.read() - print "update:", record, reg_chan, credential -# result = reg_chan.update(credential, record) - return + user_cred = get_user_cred() + rec_file = get_record_file(args[1]) + with open(rec_file) as f: + record = f.read() + return reg_chan.update(user_cred, record) # -# Second, the Slice-related commands +# Slice-related commands # # list available nodes def nodes(opts, args): global sm_chan - cred_file = get_user_cred_fn() - with open(cred_file) as f: - credential = f.read() - if (args[0] is None): - context = "root" + user_cred = get_user_cred() + if (len(args) == 0): + context = None else: context = args[0] - print "nodes:", opts.format, context, sm_chan, credential -# result = sm_chan.list_nodes(credential, context) -# ...format output based on opts.format... + result = sm_chan.list_nodes(user_cred, context) + display_rspec(opts.format, result) return # list instantiated slices def slices(opts, args): global sm_chan - cred_file = get_user_cred_fn() - with open(cred_file) as f: - credential = f.read() - print "slices:", sm_chan, credential -# result = sm_chan.list_slices(credential) + user_cred = get_user_cred() + result = sm_chan.list_slices(user_cred) + display_rspec(opts.format, results) return # show rspec for named slice def resources(opts, args): global sm_chan - cred_file = get_slice_cred_fn(args[0]) - with open(cred_file) as f: - credential = f.read() - print "resources:", opts.format, args[0], sm_chan, credential -# result = sm_chan.get_resources(credential, args[0]) -# ...format output based on opts.format... + slice_cred = get_slice_cred(args[0]) + print "resources:", opts.format, args[0], sm_chan + result = sm_chan.get_resources(slice_cred, args[0]) + display_rspec(opts.format, result) return # created named slice with given rspec def create(opts, args): global sm_chan - cred_file = get_slice_cred_fn(args[0]) - with open(cred_file) as f: - credential = f.read() - rspec_file = get_rspec_fn(args[1]) - with open(rspec_file) as g: - rspec = g.read() - print "create:", args[0], rspec, sm_chan, credential -# result = sm_chan.instantiate(credential, rspec) - return + slice_cred = get_slice_cred(args[0]) + rspec_file = get_rspec_file(args[1]) + with open(rspec_file) as f: + rspec = f.read() + return sm_chan.instantiate(slice_cred, rspec) # delete named slice def delete(opts, args): global sm_chan - cred_file = get_slice_cred_fn(args[0]) - with open(cred_file) as f: - credential = f.read() - print "delete:", args[0], sm_chan, credential -# result = sm_chan.delete_slice(credential) - return + slice_cred = get_slice_cred(args[0]) + return sm_chan.delete_slice(slice_cred) # start named slice def start(opts, args): global sm_chan - cred_file = get_slice_cred_fn(args[0]) - with open(cred_file) as f: - credential = f.read() - print "start:", args[0], sm_chan, credential -# result = sm_chan.start_slice(credential) - return + slice_cred = get_slice_cred(args[0]) + return sm_chan.start_slice(slice_cred) # stop named slice def stop(opts, args): global sm_chan - cred_file = get_slice_cred_fn(args[0]) - with open(cred_file) as f: - credential = f.read() - print "stop:", args[0], sm_chan, credential -# result = sm_chan.stop_slice(credential) - return + slice_cred = get_slice_cred(args[0]) + return sm_chan.stop_slice(slice_cred) # reset named slice def reset(opts, args): global sm_chan - cred_file = get_slice_cred_fn(args[0]) - with open(cred_file) as f: - credential = f.read() - print "reset:", args[0], sm_chan, credential -# result = sm_chan.reset_slice(credential) + slice_cred = get_slice_cred(args[0]) + return sm_chan.reset_slice(slice_cred) + +# +# +# Display and Filter RSpecs and Records +# +# + +def display_rspec(format, rspec): + print "display rspec" + return + +def display_record(type, record): + rec = filter_record(type, record) + print "display record" + return + +def filter_record(type, record): + print "filter record" return -- 2.43.0