From f2282434e40e06365e0fdd3f9bc273a793f41235 Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Sat, 26 Jan 2013 15:12:39 +0100 Subject: [PATCH] first step to merge senslab upstream: rub off unimportant differences to iron out differences --- config/aggregates.xml | 2 +- config/registries.xml | 2 +- setup.py | 10 +--------- sfa/client/sfi.py | 1 - sfa/managers/driver.py | 3 +-- sfa/managers/registry_manager.py | 3 ++- sfa/methods/CreateSliver.py | 2 +- sfa/methods/ListResources.py | 9 +++------ sfa/planetlab/plslices.py | 3 ++- sfa/rspecs/elements/versions/sfav1Lease.py | 1 + sfa/server/sfa-start.py | 7 +++++-- sfa/trust/auth.py | 7 +++---- sfa/util/sfalogging.py | 3 --- sfa/util/sfatablesRuntime.py | 4 ++-- tests/testXrn.py | 1 - 15 files changed, 23 insertions(+), 35 deletions(-) diff --git a/config/aggregates.xml b/config/aggregates.xml index b3d4d5d2..4630736c 100644 --- a/config/aggregates.xml +++ b/config/aggregates.xml @@ -1,3 +1,3 @@ - + diff --git a/config/registries.xml b/config/registries.xml index 32c01cbc..79967814 100644 --- a/config/registries.xml +++ b/config/registries.xml @@ -1,3 +1,3 @@ - + diff --git a/setup.py b/setup.py index 65d4fed9..75a1e71f 100755 --- a/setup.py +++ b/setup.py @@ -33,15 +33,6 @@ packages = [ 'sfa/generic', 'sfa/managers', 'sfa/importer', - - - - 'sfa/senslab', - - - - - 'sfa/rspecs', 'sfa/rspecs/elements', 'sfa/rspecs/elements/versions', @@ -52,6 +43,7 @@ packages = [ 'sfa/dummy', 'sfa/openstack', 'sfa/federica', + 'sfa/senslab', 'sfatables', 'sfatables/commands', 'sfatables/processors', diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py index 6d426833..8f9682f7 100644 --- a/sfa/client/sfi.py +++ b/sfa/client/sfi.py @@ -1147,7 +1147,6 @@ or with an slice hrn, shows currently provisioned resources rspec.filter({'component_manager_id': server_version['urn']}) rspec = RSpecConverter.to_pg_rspec(rspec.toxml(), content_type='request') else: - print >>sys.stderr, "\r\n \r\n \r\n WOOOOOO" users = sfa_users_arg(user_records, slice_record) # do not append users, keys, or slice tags. Anything diff --git a/sfa/managers/driver.py b/sfa/managers/driver.py index ab3b2165..f049f549 100644 --- a/sfa/managers/driver.py +++ b/sfa/managers/driver.py @@ -2,7 +2,7 @@ # an attempt to document what a driver class should provide, # and implement reasonable defaults # -import sys + class Driver: def __init__ (self, config): @@ -24,7 +24,6 @@ class Driver: # to perform such a core operation (i.e. getting rights right) # this is no longer in use when performing other SFA operations def augment_records_with_testbed_info (self, sfa_records): - print >>sys.stderr, " \r\n \r\n DRIVER.PY augment_records_with_testbed_info sfa_records ",sfa_records return sfa_records # incoming record, as provided by the client to the Register API call diff --git a/sfa/managers/registry_manager.py b/sfa/managers/registry_manager.py index 46a45bd8..c29130ae 100644 --- a/sfa/managers/registry_manager.py +++ b/sfa/managers/registry_manager.py @@ -155,7 +155,7 @@ class RegistryManager: local_records = dbsession.query(RegRecord).filter(RegRecord.hrn.in_(local_hrns)) if type: local_records = local_records.filter_by(type=type) - local_records=local_records.all() + local_records=local_records.all() for local_record in local_records: augment_with_sfa_builtins (local_record) @@ -177,6 +177,7 @@ class RegistryManager: record.url=neighbour_dict[hrn].get_url() return for record in local_records: solve_neighbour_url (record) + # convert local record objects to dicts for xmlrpc # xxx somehow here calling dict(record) issues a weird error # however record.todict() seems to work fine diff --git a/sfa/methods/CreateSliver.py b/sfa/methods/CreateSliver.py index 334f3b75..27974891 100644 --- a/sfa/methods/CreateSliver.py +++ b/sfa/methods/CreateSliver.py @@ -2,7 +2,6 @@ from sfa.util.faults import SfaInvalidArgument, InvalidRSpec from sfa.util.xrn import urn_to_hrn from sfa.util.method import Method from sfa.util.sfatablesRuntime import run_sfatables -import sys from sfa.trust.credential import Credential from sfa.storage.parameter import Parameter, Mixed from sfa.rspecs.rspec import RSpec @@ -34,6 +33,7 @@ class CreateSliver(Method): hrn, type = urn_to_hrn(slice_xrn) self.api.logger.info("interface: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, hrn, self.name)) + # Find the valid credentials valid_creds = self.api.auth.checkCredentials(creds, 'createsliver', hrn) origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() diff --git a/sfa/methods/ListResources.py b/sfa/methods/ListResources.py index 996adab2..04359a04 100644 --- a/sfa/methods/ListResources.py +++ b/sfa/methods/ListResources.py @@ -1,5 +1,5 @@ import zlib -import sys + from sfa.util.xrn import urn_to_hrn from sfa.util.method import Method from sfa.util.sfatablesRuntime import run_sfatables @@ -36,16 +36,14 @@ class ListResources(Method): # get slice's hrn from options xrn = options.get('geni_slice_urn', '') (hrn, _) = urn_to_hrn(xrn) - print >>sys.stderr, " \r\n \r\n \t Lsitresources.pyeuuuuuu call : hrn %s options %s" %( hrn,options ) + # Find the valid credentials valid_creds = self.api.auth.checkCredentials(creds, 'listnodes', hrn) # get hrn of the original caller origin_hrn = options.get('origin_hrn', None) - print >>sys.stderr, " \r\n \r\n \t Lsitresources :origin_hrn %s sansvqalid credss %s " %(origin_hrn, Credential(string=creds[0]).get_gid_caller().get_hrn()) if not origin_hrn: origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() - print >>sys.stderr, " \r\n \r\n \t Lsitresources.py000 call : hrn %s self.api.interface %s origin_hrn %s \r\n \r\n \r\n " %(hrn ,self.api.interface,origin_hrn) rspec = self.api.manager.ListResources(self.api, creds, options) # filter rspec through sfatables @@ -53,8 +51,7 @@ class ListResources(Method): chain_name = 'OUTGOING' elif self.api.interface in ['slicemgr']: chain_name = 'FORWARD-OUTGOING' - self.api.logger.debug("ListResources: sfatables on chain %s"%chain_name) - print >>sys.stderr, " \r\n \r\n \t Listresources.py001 call : chain_name %s hrn %s origine_hrn %s " %(chain_name, hrn, origin_hrn) + self.api.logger.debug("ListResources: sfatables on chain %s"%chain_name) filtered_rspec = run_sfatables(chain_name, hrn, origin_hrn, rspec) if options.has_key('geni_compressed') and options['geni_compressed'] == True: diff --git a/sfa/planetlab/plslices.py b/sfa/planetlab/plslices.py index 2de659eb..0d76b593 100644 --- a/sfa/planetlab/plslices.py +++ b/sfa/planetlab/plslices.py @@ -1,6 +1,5 @@ from types import StringTypes from collections import defaultdict -import sys from sfa.util.sfatime import utcparse, datetime_to_epoch from sfa.util.sfalogging import logger @@ -133,11 +132,13 @@ class PlSlices: # slice belongs to out local plc or a myplc peer. We will assume it # is a local site, unless we find out otherwise peer = None + # get this slice's authority (site) slice_authority = get_authority(hrn) # get this site's authority (sfa root authority or sub authority) site_authority = get_authority(slice_authority).lower() + # check if we are already peered with this site_authority, if so peers = self.driver.shell.GetPeers({}, ['peer_id', 'peername', 'shortname', 'hrn_root']) for peer_record in peers: diff --git a/sfa/rspecs/elements/versions/sfav1Lease.py b/sfa/rspecs/elements/versions/sfav1Lease.py index 69676ed5..03a43422 100644 --- a/sfa/rspecs/elements/versions/sfav1Lease.py +++ b/sfa/rspecs/elements/versions/sfav1Lease.py @@ -22,6 +22,7 @@ class SFAv1Lease: @staticmethod def add_leases(xml, leases): + network_elems = xml.xpath('//network') if len(network_elems) > 0: network_elem = network_elems[0] diff --git a/sfa/server/sfa-start.py b/sfa/server/sfa-start.py index 0b999d9d..1596cc3f 100755 --- a/sfa/server/sfa-start.py +++ b/sfa/server/sfa-start.py @@ -84,8 +84,9 @@ def install_peer_certs(server_key_file, server_cert_file): peer_gids = [] if not new_hrns: return + trusted_certs_dir = api.config.get_trustedroots_dir() - for new_hrn in new_hrns: + for new_hrn in new_hrns: if not new_hrn: continue # the gid for this interface should already be installed if new_hrn == api.config.SFA_INTERFACE_HRN: continue @@ -98,6 +99,7 @@ def install_peer_certs(server_key_file, server_cert_file): if 'sfa' not in server_version: logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn) continue + trusted_gids = ReturnValue.get_value(interface.get_trusted_certs()) if trusted_gids: # the gid we want should be the first one in the list, @@ -182,7 +184,8 @@ def main(): hierarchy = Hierarchy() auth_info = hierarchy.get_interface_auth_info() server_key_file = auth_info.get_privkey_filename() - server_cert_file = auth_info.get_gid_filename() + server_cert_file = auth_info.get_gid_filename() + # ensure interface cert is present in trusted roots dir trusted_roots = TrustedRoots(config.get_trustedroots_dir()) trusted_roots.add_gid(GID(filename=server_cert_file)) diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index 41f42803..54fd9d23 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -68,6 +68,7 @@ class Auth: self.client_cred = Credential(string = cred) self.client_gid = self.client_cred.get_gid_caller() self.object_gid = self.client_cred.get_gid_object() + # make sure the client_gid is not blank if not self.client_gid: raise MissingCallerGID(self.client_cred.get_subject()) @@ -77,13 +78,12 @@ class Auth: self.verifyPeerCert(self.peer_cert, self.client_gid) # make sure the client is allowed to perform the operation - if operation: + if operation: if not self.client_cred.can_perform(operation): raise InsufficientRights(operation) if self.trusted_cert_list: self.client_cred.verify(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA) - else: raise MissingTrustedRoots(self.config.get_trustedroots_dir()) @@ -91,7 +91,6 @@ class Auth: # This check does not apply to trusted peers trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list] if hrn and self.client_gid.get_hrn() not in trusted_peers: - target_hrn = self.object_gid.get_hrn() if not hrn == target_hrn: raise PermissionError("Target hrn: %s doesn't match specified hrn: %s " % \ @@ -235,7 +234,7 @@ class Auth: return #if name.startswith(get_authority(name)): #return - + raise PermissionError(name) def determine_user_rights(self, caller_hrn, reg_record): diff --git a/sfa/util/sfalogging.py b/sfa/util/sfalogging.py index ac84037d..495a2747 100644 --- a/sfa/util/sfalogging.py +++ b/sfa/util/sfalogging.py @@ -144,9 +144,6 @@ debug_logger = _SfaLogger(loggername='debug', level=logging.DEBUG) warn_logger = _SfaLogger(loggername='warning', level=logging.WARNING) error_logger = _SfaLogger(loggername='error', level=logging.ERROR) critical_logger = _SfaLogger(loggername='critical', level=logging.CRITICAL) - -#sql_logger = _SfaLogger(loggername = 'sqlalchemy.engine', level=logging.DEBUG) - logger = info_logger sfi_logger = _SfaLogger(logfile=os.path.expanduser("~/.sfi/")+'sfi.log',loggername='sfilog', level=logging.DEBUG) ######################################## diff --git a/sfa/util/sfatablesRuntime.py b/sfa/util/sfatablesRuntime.py index a684d3e9..0bc88f6c 100644 --- a/sfa/util/sfatablesRuntime.py +++ b/sfa/util/sfatablesRuntime.py @@ -1,6 +1,6 @@ # sfa should not depend on sfatables # if the sfatables.runtime import fails, just define run_sfatables as identity -import sys + try: from sfatables.runtime import SFATablesRules @@ -27,7 +27,7 @@ try: """ if not context_callback: context_callback = fetch_context - + chain = chain.upper() rules = SFATablesRules(chain) if rules.sorted_rule_list: diff --git a/tests/testXrn.py b/tests/testXrn.py index 7f97a7fe..f6812055 100755 --- a/tests/testXrn.py +++ b/tests/testXrn.py @@ -1,5 +1,4 @@ #!/usr/bin/python -# just checking write access on repo import sys import unittest -- 2.43.0