Ejemplo n.º 1
0
def update_gateway( g_name_or_id, **kw ):
   """
   Update a Gateway. **kw contains both the caller_user and the serialized gateway certificate.
   * verify that the user and volume exist 
   * verify that the user signed the cert 
   
   If updating a gateway's capabilities to beyond what the current cert bundle allows,
   a new cert bundle will be required.
   
   Return True on success, and store the updated gateway and cert volume version vector
   Raise an exception on error
   """
   
   from common.api import verify_data 
   
   gateway_cert_b64 = kw.get('gateway_cert_b64', None)
   if gateway_cert_b64 is None:
      raise Exception("No gateway certificate given")
   
   gateway_cert_bin = base64.b64decode( gateway_cert_b64 )
   
   try:
      gateway_cert = ms_pb2.ms_gateway_cert()
      gateway_cert.ParseFromString( gateway_cert_bin )
   except Exception, e:
      log.error("Failed to deserialize gateway certificate")
      raise e
Ejemplo n.º 2
0
def create_gateway( **kw ):
   """
   Create a gateway.
   * make sure the calling user exists
   * make sure the owning user exists
   * make sure the volume exists
   * make sure the calling user has access rights to the volume
   * make sure we have the certificate and everything we need from it.
   * (DEPRECATED) if this gateway is going into an archive volume, make sure that it's the only writer.

   Expects 'gateway_cert_b64', 'cert_bundle_b64', 'driver_text', and 'caller_user' from kw.
   * gateway_cert_bin must be a protobuf'ed gateway certificate, signed by the user to own the gateway
   * cert_bundle_bin must be a protobuf'ed cert bundle version vector, signed by the volume owner

   Return the gateway on success, and put the new cert bundle for all publicly-routable gateways
   Raise an exception on error.

   TODO: allow multiple archive writers; deny coordinator changes in archives
   """

   gateway_cert_b64 = kw.get('gateway_cert_b64', None)
   if gateway_cert_b64 is None:
      raise Exception("No gateway certificate given")

   # check well-formed
   try:
      gateway_cert_bin = base64.b64decode( gateway_cert_b64 )
      gateway_cert = ms_pb2.ms_gateway_cert()
      gateway_cert.ParseFromString( gateway_cert_bin )
   except Exception, e:
      log.error("Failed to deserialize gateway certificate")
      raise e
Ejemplo n.º 3
0
def update_gateway(g_name_or_id, **kw):
    """
   Update a Gateway. **kw contains both the caller_user and the serialized gateway certificate.
   * verify that the user and volume exist
   * verify that the user signed the cert

   If updating a gateway's capabilities to beyond what the current cert bundle allows,
   a new cert bundle will be required.

   Return True on success, and store the updated gateway and cert volume version vector
   Raise an exception on error
   """

    from common.api import verify_data

    gateway_cert_b64 = kw.get('gateway_cert_b64', None)
    if gateway_cert_b64 is None:
        raise Exception("No gateway certificate given")

    gateway_cert_bin = base64.b64decode(gateway_cert_b64)

    try:
        gateway_cert = ms_pb2.ms_gateway_cert()
        gateway_cert.ParseFromString(gateway_cert_bin)
    except Exception, e:
        log.error("Failed to deserialize gateway certificate")
        raise e
Ejemplo n.º 4
0
def create_gateway(**kw):
    """
   Create a gateway.
   * make sure the calling user exists
   * make sure the owning user exists
   * make sure the volume exists
   * make sure the calling user has access rights to the volume
   * make sure we have the certificate and everything we need from it.
   * (DEPRECATED) if this gateway is going into an archive volume, make sure that it's the only writer.

   Expects 'gateway_cert_b64', 'cert_bundle_b64', 'driver_text', and 'caller_user' from kw.
   * gateway_cert_bin must be a protobuf'ed gateway certificate, signed by the user to own the gateway
   * cert_bundle_bin must be a protobuf'ed cert bundle version vector, signed by the volume owner

   Return the gateway on success, and put the new cert bundle for all publicly-routable gateways
   Raise an exception on error.

   TODO: allow multiple archive writers; deny coordinator changes in archives
   """

    gateway_cert_b64 = kw.get('gateway_cert_b64', None)
    if gateway_cert_b64 is None:
        raise Exception("No gateway certificate given")

    # check well-formed
    try:
        gateway_cert_bin = base64.b64decode(gateway_cert_b64)
        gateway_cert = ms_pb2.ms_gateway_cert()
        gateway_cert.ParseFromString(gateway_cert_bin)
    except Exception, e:
        log.error("Failed to deserialize gateway certificate")
        raise e
Ejemplo n.º 5
0
    def get(self, volume_id_str, volume_cert_version_str, gateway_type_str,
            gateway_name_or_id, gateway_cert_version_str):
        volume_cert_version = 0
        gateway_cert_version = 0

        try:
            gateway_cert_version = int(gateway_cert_version_str)
            volume_cert_version = int(volume_cert_version_str)
        except:
            response_end(self, 400, "Invalid Request", "text/plain")
            return

        # get the Volume
        volume, status, _ = response_load_volume(self, volume_id_str)

        if status != 200 or volume == None:
            return

        # get the gateway
        if gateway_type_str not in ["UG", "RG", "AG"]:
            logging.error("Invalid gateway type '%s'" % gateway_type_str)
            response_user_error(self, 401)
            return

        gateway = storage.read_gateway(gateway_name_or_id)
        if gateway == None:
            logging.error("No such Gateway named %s" % (gateway_name_or_id))
            response_user_error(self, 404)
            return

        for type_str, type_id in zip(
            ["UG", "RG", "AG"],
            [GATEWAY_TYPE_UG, GATEWAY_TYPE_RG, GATEWAY_TYPE_AG]):
            if gateway_type_str == type_str and gateway.gateway_type != type_id:
                logging.error("No such %s named %s" %
                              (gateway_type_str, gateway_name_or_id))
                response_user_error(self, 404)
                return

        # request only the right version
        if volume_cert_version != volume.cert_version or gateway_cert_version != gateway.cert_version:
            hdr = "%s/CERT/%s/%s/%s/%s/%s" % (
                MS_URL, volume_id_str, volume.cert_version, gateway_type_str,
                gateway_name_or_id, gateway.cert_version)
            self.response.headers['Location'] = hdr
            response_end(self, 302, "Location: %s" % hdr, "text/plain")
            return

        # generate the certificate
        gateway_cert = ms_pb2.ms_gateway_cert()

        volume.protobuf_gateway_cert(gateway_cert, gateway, need_closure=True)

        data = gateway_cert.SerializeToString()

        response_end(self, 200, data, "application/octet-stream")
        return
Ejemplo n.º 6
0
   def get( self, volume_id_str, volume_cert_version_str, gateway_type_str, gateway_name_or_id, gateway_cert_version_str ):
      volume_cert_version = 0
      gateway_cert_version = 0
      
      try:
         gateway_cert_version = int( gateway_cert_version_str )
         volume_cert_version = int( volume_cert_version_str )
      except:
         response_end( self, 400, "Invalid Request", "text/plain" )
         return
      
      
      # get the Volume
      volume, status, _ = response_load_volume( self, volume_id_str )

      if status != 200 or volume == None:
         return
      
      # get the gateway
      if gateway_type_str not in ["UG", "RG", "AG"]:
         logging.error("Invalid gateway type '%s'" % gateway_type_str )
         response_user_error( self, 401 )
         return
         
      gateway = storage.read_gateway( gateway_name_or_id )
      if gateway == None:
         logging.error("No such Gateway named %s" % (gateway_name_or_id))
         response_user_error( self, 404 )
         return
      
      for type_str, type_id in zip( ["UG", "RG", "AG"], [GATEWAY_TYPE_UG, GATEWAY_TYPE_RG, GATEWAY_TYPE_AG] ):
         if gateway_type_str == type_str and gateway.gateway_type != type_id:
            logging.error("No such %s named %s" % (gateway_type_str, gateway_name_or_id))
            response_user_error( self, 404 )
            return
      
      # request only the right version
      if volume_cert_version != volume.cert_version or gateway_cert_version != gateway.cert_version:
         hdr = "%s/CERT/%s/%s/%s/%s/%s" % (MS_URL, volume_id_str, volume.cert_version, gateway_type_str, gateway_name_or_id, gateway.cert_version)
         self.response.headers['Location'] = hdr
         response_end( self, 302, "Location: %s" % hdr, "text/plain" )
         return
      
      # generate the certificate
      gateway_cert = ms_pb2.ms_gateway_cert()
      
      volume.protobuf_gateway_cert( gateway_cert, gateway, need_closure=True )
      
      data = gateway_cert.SerializeToString()
      
      response_end( self, 200, data, "application/octet-stream" )
      return