def update_gateway( g_name_or_id, **kw ):
"""
Update a Gateway. **kw contains both the caller_user and the serialized gateway certificate.
* verify that the user and volume exist
* verify that the user signed the cert
If updating a gateway's capabilities to beyond what the current cert bundle allows,
a new cert bundle will be required.
Return True on success, and store the updated gateway and cert volume version vector
Raise an exception on error
"""
from common.api import verify_data
gateway_cert_b64 = kw.get('gateway_cert_b64', None)
if gateway_cert_b64 is None:
raise Exception("No gateway certificate given")
gateway_cert_bin = base64.b64decode( gateway_cert_b64 )
try:
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString( gateway_cert_bin )
except Exception, e:
log.error("Failed to deserialize gateway certificate")
raise e
def create_gateway( **kw ):
"""
Create a gateway.
* make sure the calling user exists
* make sure the owning user exists
* make sure the volume exists
* make sure the calling user has access rights to the volume
* make sure we have the certificate and everything we need from it.
* (DEPRECATED) if this gateway is going into an archive volume, make sure that it's the only writer.
Expects 'gateway_cert_b64', 'cert_bundle_b64', 'driver_text', and 'caller_user' from kw.
* gateway_cert_bin must be a protobuf'ed gateway certificate, signed by the user to own the gateway
* cert_bundle_bin must be a protobuf'ed cert bundle version vector, signed by the volume owner
Return the gateway on success, and put the new cert bundle for all publicly-routable gateways
Raise an exception on error.
TODO: allow multiple archive writers; deny coordinator changes in archives
"""
gateway_cert_b64 = kw.get('gateway_cert_b64', None)
if gateway_cert_b64 is None:
raise Exception("No gateway certificate given")
# check well-formed
try:
gateway_cert_bin = base64.b64decode( gateway_cert_b64 )
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString( gateway_cert_bin )
except Exception, e:
log.error("Failed to deserialize gateway certificate")
raise e
def update_gateway(g_name_or_id, **kw):
"""
Update a Gateway. **kw contains both the caller_user and the serialized gateway certificate.
* verify that the user and volume exist
* verify that the user signed the cert
If updating a gateway's capabilities to beyond what the current cert bundle allows,
a new cert bundle will be required.
Return True on success, and store the updated gateway and cert volume version vector
Raise an exception on error
"""
from common.api import verify_data
gateway_cert_b64 = kw.get('gateway_cert_b64', None)
if gateway_cert_b64 is None:
raise Exception("No gateway certificate given")
gateway_cert_bin = base64.b64decode(gateway_cert_b64)
try:
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(gateway_cert_bin)
except Exception, e:
log.error("Failed to deserialize gateway certificate")
raise e
def create_gateway(**kw):
"""
Create a gateway.
* make sure the calling user exists
* make sure the owning user exists
* make sure the volume exists
* make sure the calling user has access rights to the volume
* make sure we have the certificate and everything we need from it.
* (DEPRECATED) if this gateway is going into an archive volume, make sure that it's the only writer.
Expects 'gateway_cert_b64', 'cert_bundle_b64', 'driver_text', and 'caller_user' from kw.
* gateway_cert_bin must be a protobuf'ed gateway certificate, signed by the user to own the gateway
* cert_bundle_bin must be a protobuf'ed cert bundle version vector, signed by the volume owner
Return the gateway on success, and put the new cert bundle for all publicly-routable gateways
Raise an exception on error.
TODO: allow multiple archive writers; deny coordinator changes in archives
"""
gateway_cert_b64 = kw.get('gateway_cert_b64', None)
if gateway_cert_b64 is None:
raise Exception("No gateway certificate given")
# check well-formed
try:
gateway_cert_bin = base64.b64decode(gateway_cert_b64)
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(gateway_cert_bin)
except Exception, e:
log.error("Failed to deserialize gateway certificate")
raise e
def get(self, volume_id_str, volume_cert_version_str, gateway_type_str,
gateway_name_or_id, gateway_cert_version_str):
volume_cert_version = 0
gateway_cert_version = 0
try:
gateway_cert_version = int(gateway_cert_version_str)
volume_cert_version = int(volume_cert_version_str)
except:
response_end(self, 400, "Invalid Request", "text/plain")
return
# get the Volume
volume, status, _ = response_load_volume(self, volume_id_str)
if status != 200 or volume == None:
return
# get the gateway
if gateway_type_str not in ["UG", "RG", "AG"]:
logging.error("Invalid gateway type '%s'" % gateway_type_str)
response_user_error(self, 401)
return
gateway = storage.read_gateway(gateway_name_or_id)
if gateway == None:
logging.error("No such Gateway named %s" % (gateway_name_or_id))
response_user_error(self, 404)
return
for type_str, type_id in zip(
["UG", "RG", "AG"],
[GATEWAY_TYPE_UG, GATEWAY_TYPE_RG, GATEWAY_TYPE_AG]):
if gateway_type_str == type_str and gateway.gateway_type != type_id:
logging.error("No such %s named %s" %
(gateway_type_str, gateway_name_or_id))
response_user_error(self, 404)
return
# request only the right version
if volume_cert_version != volume.cert_version or gateway_cert_version != gateway.cert_version:
hdr = "%s/CERT/%s/%s/%s/%s/%s" % (
MS_URL, volume_id_str, volume.cert_version, gateway_type_str,
gateway_name_or_id, gateway.cert_version)
self.response.headers['Location'] = hdr
response_end(self, 302, "Location: %s" % hdr, "text/plain")
return
# generate the certificate
gateway_cert = ms_pb2.ms_gateway_cert()
volume.protobuf_gateway_cert(gateway_cert, gateway, need_closure=True)
data = gateway_cert.SerializeToString()
response_end(self, 200, data, "application/octet-stream")
return
def get( self, volume_id_str, volume_cert_version_str, gateway_type_str, gateway_name_or_id, gateway_cert_version_str ):
volume_cert_version = 0
gateway_cert_version = 0
try:
gateway_cert_version = int( gateway_cert_version_str )
volume_cert_version = int( volume_cert_version_str )
except:
response_end( self, 400, "Invalid Request", "text/plain" )
return
# get the Volume
volume, status, _ = response_load_volume( self, volume_id_str )
if status != 200 or volume == None:
return
# get the gateway
if gateway_type_str not in ["UG", "RG", "AG"]:
logging.error("Invalid gateway type '%s'" % gateway_type_str )
response_user_error( self, 401 )
return
gateway = storage.read_gateway( gateway_name_or_id )
if gateway == None:
logging.error("No such Gateway named %s" % (gateway_name_or_id))
response_user_error( self, 404 )
return
for type_str, type_id in zip( ["UG", "RG", "AG"], [GATEWAY_TYPE_UG, GATEWAY_TYPE_RG, GATEWAY_TYPE_AG] ):
if gateway_type_str == type_str and gateway.gateway_type != type_id:
logging.error("No such %s named %s" % (gateway_type_str, gateway_name_or_id))
response_user_error( self, 404 )
return
# request only the right version
if volume_cert_version != volume.cert_version or gateway_cert_version != gateway.cert_version:
hdr = "%s/CERT/%s/%s/%s/%s/%s" % (MS_URL, volume_id_str, volume.cert_version, gateway_type_str, gateway_name_or_id, gateway.cert_version)
self.response.headers['Location'] = hdr
response_end( self, 302, "Location: %s" % hdr, "text/plain" )
return
# generate the certificate
gateway_cert = ms_pb2.ms_gateway_cert()
volume.protobuf_gateway_cert( gateway_cert, gateway, need_closure=True )
data = gateway_cert.SerializeToString()
response_end( self, 200, data, "application/octet-stream" )
return
