From 4eb1bb57c22a78d8cf652a68085e6f00cc2e2460 Mon Sep 17 00:00:00 2001
From: Scott Baker <bakers@cs.arizona.edu>
Date: Thu, 26 Feb 2009 05:18:36 +0000
Subject: [PATCH] remove creategid from sfi; store gid creating info in record
 and silently create when using sfi add

---
 cmdline/editRecord.py | 55 ++++++++++++++++++++++++++++++++++++-------
 cmdline/sfi.py        | 30 ++++++++++++-----------
 geni/util/record.py   |  8 +++++--
 3 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/cmdline/editRecord.py b/cmdline/editRecord.py
index 74d5d587..f138f136 100644
--- a/cmdline/editRecord.py
+++ b/cmdline/editRecord.py
@@ -6,12 +6,16 @@ from __future__ import with_statement
 import sys
 import os, os.path
 import getopt
-from util.cert import Keypair, Certificate
-from util.credential import Credential
-from util.geniclient import GeniClient
-from util.record import GeniRecord
-from util.gid import GID
-
+import tempfile
+from geni.util.cert import Keypair, Certificate
+from geni.util.credential import Credential
+from geni.util.geniclient import GeniClient
+from geni.util.record import GeniRecord
+from geni.util.gid import GID
+from geni.util.gid import create_uuid
+
+gidhrn = None
+gidkeyfile = None
 infile = None
 outfile = None
 gidfile = None
@@ -23,7 +27,7 @@ type = None
 dump = False
 researcher = []
 
-long_opts = ["infile=", "outfile=", "email=", "ip=", "dns=", "gidfile=", "hrn=", "type=", "addresearcher=", "delresearcher=", "dump"]
+long_opts = ["infile=", "outfile=", "email=", "ip=", "dns=", "gidfile=", "gidhrn=", "gidkeyfile=", "hrn=", "type=", "addresearcher=", "delresearcher=", "dump"]
 
 def showhelp():
    print "syntax: editRecord.py <options>"
@@ -32,6 +36,8 @@ def showhelp():
    print "    --outfile <name>      ... write record to file"
    print "    --dump                ... dump record to stdout"
    print "    --gidfile <fn>        ... load gid from file"
+   print "    --gidhrn <name>       ... name to use when creating gid"
+   print "    --gidkeyfile <name>   ... key to use when creating gid"
    print "    --hrn <name>          ... set hrn"
    print "    --type <type>         ... set type (user|slice|sa|ma|...)"
    print "    --email <addr>        ... user: set email address"
@@ -40,11 +46,27 @@ def showhelp():
    print "    --addresearcher <hrn> ... slice: add researcher"
    print "    --delresearcher <hrn> ... slice: delete researcher"
 
+def load_publickey_string(fn):
+   f = file(fn,"r")
+   key_string = f.read()
+
+   # if the filename is a private key file, then extract the public key
+   if "PRIVATE KEY" in key_string:
+       outfn = tempfile.mktemp()
+       cmd = "openssl rsa -in " + fn + " -pubout -outform PEM -out " + outfn
+       os.system(cmd)
+       f = file(outfn, "r")
+       key_string = f.read()
+       os.remove(outfn)
+
+   return key_string
+
 def process_options():
    global infile, outfile
    global email, ip, dns, gidfile, hrn, type
    global researcher
    global dump
+   global gidkeyfile, gidhrn
 
    (options, args) = getopt.getopt(sys.argv[1:], '', long_opts)
    for opt in options:
@@ -66,6 +88,10 @@ def process_options():
            dns = val
        elif name == "--gidfile":
            gidfile = val
+       elif name == "--gidhrn":
+           gidhrn = val
+       elif name == "--gidkeyfile":
+           gidkeyfile = val
        elif name == "--hrn":
            hrn = val
        elif name == "--type":
@@ -86,7 +112,7 @@ def errorcheck(record):
        print "Warning: unknown record type"
    if not record.name:
        print "Warning: unknown record name"
-   if not record.gid:
+   if (not record.gid) and (not ("create_gid" in geni_info)):
        print "Warning: unknown record gid"
 
    if record.type == "user":
@@ -152,6 +178,19 @@ def main():
        gid = GID(string=gid_str)
        record.set_gid(gid)
 
+   if gidhrn or gidkeyfile:
+       if not gidhrn:
+           print "must use --gidkeyfile with --gidhrn"
+           sys.exit(-1)
+       if not gidkeyfile:
+           print "must use --gidhrn with --gidkeyfile"
+           sys.exit(-1)
+
+       geni_info = record.get_geni_info()
+       geni_info["create_gid"] = True
+       geni_info["create_gid_hrn"] = gidhrn
+       geni_info["create_gid_key"] = load_publickey_string(gidkeyfile)
+
    if researcher:
        update_list(geni_info, "researcher", researcher)
 
diff --git a/cmdline/sfi.py b/cmdline/sfi.py
index b6cee172..9a81ce40 100755
--- a/cmdline/sfi.py
+++ b/cmdline/sfi.py
@@ -218,7 +218,6 @@ def load_publickey_string(fn):
 
    return key_string
 
-
 #
 # Generate sub-command parser
 #
@@ -226,7 +225,6 @@ def create_cmd_parser(command, additional_cmdargs = None):
    cmdargs = {"list": "name",
               "show": "name",
               "remove": "name",
-              "creategid": "hrn publickey_fn",
               "add": "name record",
               "update": "name record",
               "nodes": "[name]",
@@ -261,7 +259,7 @@ def create_cmd_parser(command, additional_cmdargs = None):
            help="type filter (user|slice|sa|ma|node|aggregate)",
            choices=("user","slice","sa","ma","node","aggregate", "all"),
            default="all")
-   if command in ("show", "list", "nodes", "resources", "creategid"):
+   if command in ("show", "list", "nodes", "resources"):
       parser.add_option("-o", "--output", dest="file",
            help="output XML to file", metavar="FILE", default=None)
    return parser
@@ -363,23 +361,27 @@ def remove(opts, args):
    auth_cred = get_auth_cred()
    return registry.remove(auth_cred, opts.type, args[0])
 
-def creategid(opts, args):
-   global registry
-   auth_cred = get_auth_cred()
-   hrn = args[0]
-   pkey_string = load_publickey_string(args[1])
-   gid = registry.create_gid(auth_cred, hrn, create_uuid(), pkey_string)
-   if (opts.file is not None):
-      gid.save_to_file(opts.file, save_parents=True)
-   else:
-      print "I created your gid, but you did not ask me to save it"
-
 # add named registry record
 def add(opts, args):
    global registry
    auth_cred = get_auth_cred()
    rec_file = get_record_file(args[0])
    record = load_record_from_file(rec_file)
+
+   # check and see if we need to create a gid for this record. The creator
+   # of the record signals this by filling in the create_gid, create_gid_hrn,
+   # and create_gid_key members.
+   # (note: we'd use an unsigned GID in the record instead, but pyOpenSSL is
+   #   broken and has no way for us to get the key back out of the gid)
+   geni_info = record.get_geni_info()
+   if "create_gid" in geni_info:
+       gid = registry.create_gid(auth_cred, geni_info["create_gid_hrn"], create_uuid(), geni_info["create_gid_key"])
+       record.set_gid(gid)
+
+       del geni_info["create_gid"]
+       del geni_info["create_gid_hrn"]
+       del geni_info["create_gid_key"]
+
    return registry.register(auth_cred, record)
 
 # update named registry entry
diff --git a/geni/util/record.py b/geni/util/record.py
index cb3c2937..6552961b 100644
--- a/geni/util/record.py
+++ b/geni/util/record.py
@@ -28,7 +28,7 @@ from gid import *
 # of different types. For example, planetlab.us.arizona may have both an SA
 # and a MA record, but cannot have two SA records.
 
-class GeniRecord():
+class GeniRecord:
 
     ##
     # Create a Geni Record
@@ -229,7 +229,11 @@ class GeniRecord():
 
     def load_from_dict(self, dict):
         self.set_name(dict['name'])
-        self.set_gid(dict['gid'])
+
+        gidstr = dict.get("gid", None)
+        if gidstr:
+            self.set_gid(dict['gid'])
+
         self.set_type(dict['type'])
         self.set_pointer(dict['pointer'])
         if "pl_info" in dict:
-- 
2.43.0