def __init__(self, token, authURL='https://accounts.okeanos.grnet.gr/identity/v2.0'):
        """
        :type authURL: str
        :type token: str
        """
        from kamaki.clients.utils import https
        https.patch_ignore_ssl()

        self.authURL = authURL
        self.token = token
        self.cycladesServiceType = CycladesClient.service_type
        self.blockStorageServiceType = CycladesBlockStorageClient.service_type
        self.astakosClient = AstakosClient(self.authURL, self.token)
        endpointF = self.astakosClient.get_service_endpoints
        self.cycladesEndpoint = endpointF(self.cycladesServiceType)[u'publicURL']
        self.cycladesClient = CycladesClient(self.cycladesEndpoint, self.token)
        self.blockStorageEndpoint = endpointF(self.blockStorageServiceType)[u'publicURL']
        self.blockStorageClient = CycladesBlockStorageClient(self.blockStorageEndpoint, token)

        flavorsById = {}
        flavorsByName = {}
        for flavor in self.cycladesClient.list_flavors():
            _id = flavor[u'id']
            name = flavor[u'name']
            flavorsById[_id] = name
            flavorsByName[name] = _id
        self.flavorsById = flavorsById
        self.flavorsByName = flavorsByName
Example #2
0
    def __init__(self,
                 token,
                 authURL='https://accounts.okeanos.grnet.gr/identity/v2.0'):
        """
        :type authURL: str
        :type token: str
        """
        from kamaki.clients.utils import https
        https.patch_ignore_ssl()

        self.authURL = authURL
        self.token = token
        self.cycladesServiceType = CycladesClient.service_type
        self.blockStorageServiceType = CycladesBlockStorageClient.service_type
        self.astakosClient = AstakosClient(self.authURL, self.token)
        endpointF = self.astakosClient.get_service_endpoints
        self.cycladesEndpoint = endpointF(
            self.cycladesServiceType)[u'publicURL']
        self.cycladesClient = CycladesClient(self.cycladesEndpoint, self.token)
        self.blockStorageEndpoint = endpointF(
            self.blockStorageServiceType)[u'publicURL']
        self.blockStorageClient = CycladesBlockStorageClient(
            self.blockStorageEndpoint, token)

        flavorsById = {}
        flavorsByName = {}
        for flavor in self.cycladesClient.list_flavors():
            _id = flavor[u'id']
            name = flavor[u'name']
            flavorsById[_id] = name
            flavorsByName[name] = _id
        self.flavorsById = flavorsById
        self.flavorsByName = flavorsByName
Example #3
0
def main():
    """CLI entry point"""

    # Check syntax
    parser = argparse.ArgumentParser(description='Access your cloud keys')
    parser.add_argument('--key-id', help='Get only a specific key')
    parser.add_argument('--url',
        help='Cloud authentication URL, can be set as OKPUB_URL env variable')
    parser.add_argument('--token',
        help='Cloud user token, can be set as OKPUB_TOKEN env variable')
    parser.add_argument('--ca-certs',
        help='Path to CA certificates for SSL, can be set as OKPUB_CA_CERTS '
             'env variable')
    parser.add_argument('--ignore-ssl',
        action='store_true',
        help='Ignore SSL (not recomended), ignores CA certificates path')
    args = parser.parse_args()

    url = args.url or OKPUB_URL
    token = args.token or OKPUB_TOKEN
    assert all([url, token]), 'Both URL and TOKEN required (-h for more)'

    ca_certs = args.ca_certs or OKPUB_CA_CERTS
    assert any([ca_certs, args.ignore_ssl]), (
        'You should either set ca_certs or --ignore-ssl (-h for more)')

    # Resolve SSL issue
    from kamaki.clients.utils import https
    if args.ignore_ssl:
        https.patch_ignore_ssl()
    else:
        https.patch_with_certs(ca_certs)

    # Initialize client
    from okpub.client import KeyAPI
    endpoint = KeyAPI.get_endpoint_url(url)
    client = KeyAPI(endpoint, token)

    # Get results and print
    import json
    from sys import stdout
    if args.key_id:
        r = client.get_public_key(args.key_id)
    else:
        r = client.list_public_keys()
    stdout.write(json.dumps(r, indent=2))
    stdout.write('\n')
    stdout.flush()
Example #4
0
def _kamaki_ssl(ignore_ssl=None):
    """Patch kamaki to use the correct CA certificates

    Read kamaki's config file and decide if we are going to use
    CA certificates and patch kamaki clients accordingly.

    """
    config = kamaki_config.Config()
    if ignore_ssl is None:
        ignore_ssl = config.get("global", "ignore_ssl").lower() == "on"
    ca_file = config.get("global", "ca_certs")

    if ignore_ssl:
        # Skip SSL verification
        https.patch_ignore_ssl()
    else:
        # Use ca_certs path found in kamakirc
        https.patch_with_certs(ca_file)
Example #5
0
def _kamaki_ssl(ignore_ssl=None):
    """Patch kamaki to use the correct CA certificates

    Read kamaki's config file and decide if we are going to use
    CA certificates and patch kamaki clients accordingly.

    """
    config = kamaki_config.Config()
    if ignore_ssl is None:
        ignore_ssl = config.get("global", "ignore_ssl").lower() == "on"
    ca_file = config.get("global", "ca_certs")

    if ignore_ssl:
        # Skip SSL verification
        https.patch_ignore_ssl()
    else:
        # Use ca_certs path found in kamakirc
        https.patch_with_certs(ca_file)
Example #6
0
    def __init__(self, config, cloud=None, debug=False):
        _setup_logging(debug, debug)

        self.config = kamaki_config.Config(config)
        self.cloud = cloud

        if not self.cloud:
            self.cloud = self.config.get("global", "default_cloud")

        self.ignore_ssl = \
            self.config.get("global", "ignore_ssl").lower() == "on"
        self.ca_certs = \
            self.config.get("global", "ca_certs")
        https.patch_ignore_ssl(self.ignore_ssl)
        if self.ca_certs is not None:
            https.patch_with_certs(self.ca_certs)
        self.auth_url = self.config.get_cloud(self.cloud, "url")
        self.token = self.config.get_cloud(self.cloud, "token")
        self.auth_client = AstakosClient(self.auth_url, self.token)
        self.endpoints = None  # lazyness
Example #7
0
def run(settings):
    """Run the service"""
    ldap_args = dict(ldap_url=settings.get('ldap_url'),
                     admin=settings.get('ldap_admin'),
                     password=settings.get('ldap_password'),
                     base_dn=settings.get('ldap_base_dn'))
    pool_args = dict(
        dbname=settings.get('pool_name'),
        host=settings.get('pool_host'),
        user=settings.get('pool_user'),
        password=settings.get('pool_password'),
    )
    voms_args = dict([(k, v) for k, v in settings.items()
                      if k in ('voms_policy', 'voms_dir', 'ca_path',
                               'voms_api_lib')])

    snf_certs = settings.get('snf_ca_certs', None)
    vo_projects = settings.get('vo_projects', None)
    if snf_certs:
        https.patch_with_certs(snf_certs)
    elif settings.get('snf_ignore_ssl', None):
        https.patch_ignore_ssl()
    snf_admin = identity.IdentityClient(settings['snf_auth_url'],
                                        settings['snf_admin_token'])
    snf_admin.authenticate()

    server.ASTAVOMS_SERVER_SETTINGS.update(
        dict(
            ldap_args=ldap_args,
            pool_args=pool_args,
            vomsauth=authvoms.VomsAuth(**voms_args),
            snf_admin=snf_admin,
            vo_projects=vo_projects,
            disable_voms_verification=settings.get(
                'disable_voms_verification'),
        ))
    server.app.config.from_object(server)
    utils.setup_logger(server.logger,
                       debug=settings['debug'],
                       logfile=settings['logfile'])
    server.app.run(host=settings.get('host'), port=settings.get('port'))
Example #8
0
def patch_certs(cert_path=None):
    """
    Patch http certificates or ignore_ssl() if no certificates ca be found
    :param cert_path: Path to the certificate file
    """

    if not defaults.CACERTS_DEFAULT_PATH:
        if cert_path:
            https.patch_with_certs(cert_path)
        else:
            try:
                from ssl import get_default_verify_paths
                cert_path = get_default_verify_paths().cafile or \
                    get_default_verify_paths().openssl_cafile
            except:
                pass

            if cert_path:
                https.patch_with_certs(cert_path)
            else:
                logger.warn("COULD NOT FIND ANY CERTIFICATES, PLEASE SET THEM IN YOUR "
                            ".kamakirc global section, option ca_certs")
                https.patch_ignore_ssl()
Example #9
0
from kamaki.clients.utils import https
https.patch_ignore_ssl()
Example #10
0
from kamaki.cli.config import Config
import tabulate

try:
    from kamaki.clients.utils import https
    if Config().getboolean('global', 'ignore_ssl'):
        https.patch_ignore_ssl()
    else:
        ca_file = Config().get('global', 'ca_certs')
        if ca_file is None:
            raise ValueError("ca_certs cannot be None")
        https.patch_with_certs(ca_file)
except ImportError:
    pass


def get_cloud_names():
    return [cloud[0] for cloud in Config().items("cloud")]


def get_cloud_credentials(cloud_name):
    """Get cloud credentials from kamaki configuration file."""
    cloud = dict(Config().items("cloud")).get(cloud_name)
    if cloud is None:
        raise ValueError("Kamaki config file does not contain '%s' cloud." %
                         cloud_name)
    return cloud["url"], cloud["token"]


def get_server_cloud(server_name):
    """Get the server cloud from the server name."""
Example #11
0
def _init_session(arguments, is_non_api=False):
    """
    :returns: cloud name
    """
    _help = arguments['help'].value
    global _debug
    _debug = arguments['debug'].value
    _verbose_with_data = arguments['verbose_with_data'].value
    _verbose = arguments['verbose'].value or _verbose_with_data
    _cnf = arguments['config']

    _setup_logging(_debug, _verbose, _verbose_with_data)

    if _help or is_non_api:
        return None

    #  Patch https for SSL Authentication
    ca_file = arguments['ca_file'].value or _cnf.get('global', 'ca_certs')
    ignore_ssl = arguments['ignore_ssl'].value or (_cnf.get(
        'global', 'ignore_ssl').lower() == 'on')

    if ca_file:
        try:
            https.patch_with_certs(ca_file)
        except https.SSLUnicodeError as sslu:
            raise CLIError(
                'Failed to set CA certificates file %s' % ca_file,
                importance=2,
                details=[
                    'SSL module cannot handle non-ascii file names',
                    'Check the file path and consider moving and renaming',
                    'To set the new CA certificates path',
                    '    kamaki config set ca_certs CA_FILE',
                    sslu,
                ])
    else:
        warn = red('CA certifications path not set (insecure) ')
        kloger.warning(warn)
    https.patch_ignore_ssl(ignore_ssl)

    _check_config_version(_cnf.value)

    _colors = _cnf.value.get('global', 'colors')
    if not (stdout.isatty() and _colors == 'on'):
        remove_colors()

    cloud = arguments['cloud'].value or _cnf.value.get(
        'global', 'default_cloud') or os.environ.get(DEF_CLOUD_ENV)
    if not cloud:
        num_of_clouds = len(_cnf.value.keys('cloud'))
        if num_of_clouds == 1:
            cloud = _cnf.value.keys('cloud')[0]
        elif num_of_clouds > 1:
            raise CLIError(
                'Found %s clouds but none of them is set as default' %
                (num_of_clouds),
                importance=2,
                details=[
                    'Please, choose one of the following cloud names:',
                    ', '.join(_cnf.value.keys('cloud')),
                    'To see all cloud settings:',
                    '  kamaki config get cloud.<cloud name>',
                    'To set a default cloud:',
                    '  kamaki config set default_cloud <cloud name>',
                    '  or set the %s enviroment variable' % DEF_CLOUD_ENV,
                    'To pick a cloud for the current session, use --cloud:',
                    '  kamaki --cloud=<cloud name> ...'
                ])
    if cloud not in _cnf.value.keys('cloud'):
        raise CLIError('No cloud%s is configured' %
                       ((' "%s"' % cloud) if cloud else ''),
                       importance=3,
                       details=[
                           'To configure a new cloud "%s", find and set the' %
                           (cloud or '<cloud name>'),
                           'single authentication URL and token:',
                           '  kamaki config set cloud.%s.url <URL>' %
                           (cloud or '<cloud name>'),
                           '  kamaki config set cloud.%s.token <t0k3n>' %
                           (cloud or '<cloud name>')
                       ])
    auth_args = dict()
    for term in ('url', 'token'):
        try:
            auth_args[term] = _cnf.get_cloud(cloud, term)
        except KeyError or IndexError:
            auth_args[term] = ''
        if not auth_args[term]:
            raise CLIError('No authentication %s provided for cloud "%s"' %
                           (term.upper(), cloud),
                           importance=3,
                           details=[
                               'Set a %s for cloud %s:' %
                               (term.upper(), cloud),
                               '  kamaki config set cloud.%s.%s <%s>' %
                               (cloud, term, term.upper())
                           ])
    return cloud
Example #12
0
def _init_session(arguments, is_non_api=False):
    """
    :returns: cloud name
    """
    _help = arguments['help'].value
    global _debug
    _debug = arguments['debug'].value
    _verbose = arguments['verbose'].value
    _cnf = arguments['config']

    _setup_logging(_debug, _verbose)

    if _help or is_non_api:
        return None

    #  Patch https for SSL Authentication
    ca_file = arguments['ca_file'].value or _cnf.get('global', 'ca_certs')
    ignore_ssl = arguments['ignore_ssl'].value or (
        _cnf.get('global', 'ignore_ssl').lower() == 'on')

    if ca_file:
        try:
            https.patch_with_certs(ca_file)
        except https.SSLUnicodeError as sslu:
            raise CLIError(
                'Failed to set CA certificates file %s' % ca_file,
                importance=2, details=[
                    'SSL module cannot handle non-ascii file names',
                    'Check the file path and consider moving and renaming',
                    'To set the new CA certificates path',
                    '    kamaki config set ca_certs CA_FILE',
                    sslu, ])
    else:
        warn = red('CA certifications path not set (insecure) ')
        kloger.warning(warn)
    https.patch_ignore_ssl(ignore_ssl)

    _check_config_version(_cnf.value)

    _colors = _cnf.value.get('global', 'colors')
    if not (stdout.isatty() and _colors == 'on'):
        remove_colors()

    cloud = arguments['cloud'].value or _cnf.value.get(
        'global', 'default_cloud')
    if not cloud:
        num_of_clouds = len(_cnf.value.keys('cloud'))
        if num_of_clouds == 1:
            cloud = _cnf.value.keys('cloud')[0]
        elif num_of_clouds > 1:
            raise CLIError(
                'Found %s clouds but none of them is set as default' % (
                    num_of_clouds),
                importance=2, details=[
                    'Please, choose one of the following cloud names:',
                    ', '.join(_cnf.value.keys('cloud')),
                    'To see all cloud settings:',
                    '  kamaki config get cloud.<cloud name>',
                    'To set a default cloud:',
                    '  kamaki config set default_cloud <cloud name>',
                    'To pick a cloud for the current session, use --cloud:',
                    '  kamaki --cloud=<cloud name> ...'])
    if cloud not in _cnf.value.keys('cloud'):
        raise CLIError(
            'No cloud%s is configured' % ((' "%s"' % cloud) if cloud else ''),
            importance=3, details=[
                'To configure a new cloud "%s", find and set the' % (
                    cloud or '<cloud name>'),
                'single authentication URL and token:',
                '  kamaki config set cloud.%s.url <URL>' % (
                    cloud or '<cloud name>'),
                '  kamaki config set cloud.%s.token <t0k3n>' % (
                    cloud or '<cloud name>')])
    auth_args = dict()
    for term in ('url', 'token'):
        try:
            auth_args[term] = _cnf.get_cloud(cloud, term)
        except KeyError or IndexError:
            auth_args[term] = ''
        if not auth_args[term]:
            raise CLIError(
                'No authentication %s provided for cloud "%s"' % (
                    term.upper(), cloud),
                importance=3, details=[
                    'Set a %s for cloud %s:' % (term.upper(), cloud),
                    '  kamaki config set cloud.%s.%s <%s>' % (
                        cloud, term, term.upper())])
    return cloud
Example #13
0
    def __init__(self, auth_url, auth_token, container, local_root_path,
                 *args, **kwargs):
        check_encoding()
        auth_url = utils.to_unicode(auth_url)
        auth_token = utils.to_unicode(auth_token)
        container = utils.to_unicode(container)
        local_root_path = utils.to_unicode(local_root_path)
        self.auth_url = utils.normalize_standard_suffix(auth_url)
        self.auth_token = auth_token
        self.container = utils.normalize_standard_suffix(container)

        self.ignore_ssl = kwargs.get("ignore_ssl", False)
        if self.ignore_ssl:
            https.patch_ignore_ssl()
        elif kwargs.get('ca_certs', None):
            https.patch_with_certs(kwargs['ca_certs'])

        self.endpoint = self._get_pithos_client(
            auth_url, auth_token, container)

        container_exists = self.check_container_exists(container)

        home_dir = utils.to_unicode(os.path.expanduser('~'))
        default_settings_path = join_path(home_dir, GLOBAL_SETTINGS_NAME)
        self.settings_path = utils.to_unicode(
            kwargs.get("agkyra_path", default_settings_path))
        self.create_dir(self.settings_path, mode=stat.S_IRWXU)

        self.instances_path = join_path(self.settings_path, INSTANCES_NAME)
        self.create_dir(self.instances_path)

        self.local_root_path = utils.normalize_local_suffix(local_root_path)
        local_root_path_exists = os.path.isdir(self.local_root_path)

        self.cache_name = utils.to_unicode(
            kwargs.get("cache_name", DEFAULT_CACHE_NAME))
        self.cache_path = join_path(self.local_root_path, self.cache_name)

        self.cache_hide_name = utils.to_unicode(
            kwargs.get("cache_hide_name", DEFAULT_CACHE_HIDE_NAME))
        self.cache_hide_path = join_path(self.cache_path, self.cache_hide_name)

        self.cache_stage_name = utils.to_unicode(
            kwargs.get("cache_stage_name", DEFAULT_CACHE_STAGE_NAME))
        self.cache_stage_path = join_path(self.cache_path,
                                          self.cache_stage_name)

        self.cache_fetch_name = utils.to_unicode(
            kwargs.get("cache_fetch_name", DEFAULT_CACHE_FETCH_NAME))
        self.cache_fetch_path = join_path(self.cache_path,
                                          self.cache_fetch_name)

        self.user_id = self.endpoint.account
        self.instance = get_instance(
            [self.auth_url, self.user_id,
             self.container, self.local_root_path])
        self.instance_path = join_path(self.instances_path, self.instance)
        self.create_dir(self.instance_path)

        self.dbname = utils.to_unicode(kwargs.get("dbname", DEFAULT_DBNAME))
        self.full_dbname = join_path(self.instance_path, self.dbname)
        self.syncer_dbtuple = common.DBTuple(
            dbtype=database.SyncerDB,
            dbname=self.full_dbname)

        db_existed = os.path.isfile(self.full_dbname)
        if not db_existed:
            database.initialize(self.syncer_dbtuple)

        self.mtime_lag = 0
        self.case_insensitive = False

        if not db_existed:
            self.set_localfs_enabled(True)
            self.create_local_dirs()
            self.set_pithos_enabled(True)
            if not container_exists:
                self.mk_container(container)
        else:
            if not local_root_path_exists:
                self.set_localfs_enabled(False)
            else:
                self.create_local_dirs()
            if not container_exists:
                self.set_pithos_enabled(False)

        self.heartbeat = ThreadSafeDict()
        self.action_max_wait = kwargs.get("action_max_wait",
                                          DEFAULT_ACTION_MAX_WAIT)
        self.pithos_list_interval = kwargs.get("pithos_list_interval",
                                               DEFAULT_PITHOS_LIST_INTERVAL)

        self.connection_retry_limit = kwargs.get(
            "connection_retry_limit", DEFAULT_CONNECTION_RETRY_LIMIT)
        self.endpoint.CONNECTION_RETRY_LIMIT = self.connection_retry_limit
        self.max_alive_sync_threads = kwargs.get(
            "max_alive_sync_threads", DEFAULT_MAX_ALIVE_SYNC_THREADS)
        self.messager = Messager()
Example #14
0
    def __init__(self, auth_url, auth_token, container, local_root_path, *args,
                 **kwargs):
        check_encoding()
        auth_url = utils.to_unicode(auth_url)
        auth_token = utils.to_unicode(auth_token)
        container = utils.to_unicode(container)
        local_root_path = utils.to_unicode(local_root_path)
        self.auth_url = utils.normalize_standard_suffix(auth_url)
        self.auth_token = auth_token
        self.container = utils.normalize_standard_suffix(container)

        self.ignore_ssl = kwargs.get("ignore_ssl", False)
        if self.ignore_ssl:
            https.patch_ignore_ssl()
        elif kwargs.get('ca_certs', None):
            https.patch_with_certs(kwargs['ca_certs'])

        self.endpoint = self._get_pithos_client(auth_url, auth_token,
                                                container)

        container_exists = self.check_container_exists(container)

        home_dir = utils.to_unicode(os.path.expanduser('~'))
        default_settings_path = join_path(home_dir, GLOBAL_SETTINGS_NAME)
        self.settings_path = utils.to_unicode(
            kwargs.get("agkyra_path", default_settings_path))
        self.create_dir(self.settings_path, mode=stat.S_IRWXU)

        self.instances_path = join_path(self.settings_path, INSTANCES_NAME)
        self.create_dir(self.instances_path)

        self.local_root_path = utils.normalize_local_suffix(local_root_path)
        local_root_path_exists = os.path.isdir(self.local_root_path)

        self.cache_name = utils.to_unicode(
            kwargs.get("cache_name", DEFAULT_CACHE_NAME))
        self.cache_path = join_path(self.local_root_path, self.cache_name)

        self.cache_hide_name = utils.to_unicode(
            kwargs.get("cache_hide_name", DEFAULT_CACHE_HIDE_NAME))
        self.cache_hide_path = join_path(self.cache_path, self.cache_hide_name)

        self.cache_stage_name = utils.to_unicode(
            kwargs.get("cache_stage_name", DEFAULT_CACHE_STAGE_NAME))
        self.cache_stage_path = join_path(self.cache_path,
                                          self.cache_stage_name)

        self.cache_fetch_name = utils.to_unicode(
            kwargs.get("cache_fetch_name", DEFAULT_CACHE_FETCH_NAME))
        self.cache_fetch_path = join_path(self.cache_path,
                                          self.cache_fetch_name)

        self.user_id = self.endpoint.account
        self.instance = get_instance([
            self.auth_url, self.user_id, self.container, self.local_root_path
        ])
        self.instance_path = join_path(self.instances_path, self.instance)
        self.create_dir(self.instance_path)

        self.dbname = utils.to_unicode(kwargs.get("dbname", DEFAULT_DBNAME))
        self.full_dbname = join_path(self.instance_path, self.dbname)
        self.syncer_dbtuple = common.DBTuple(dbtype=database.SyncerDB,
                                             dbname=self.full_dbname)

        db_existed = os.path.isfile(self.full_dbname)
        if not db_existed:
            database.initialize(self.syncer_dbtuple)

        self.mtime_lag = 0
        self.case_insensitive = False

        if not db_existed:
            self.set_localfs_enabled(True)
            self.create_local_dirs()
            self.set_pithos_enabled(True)
            if not container_exists:
                self.mk_container(container)
        else:
            if not local_root_path_exists:
                self.set_localfs_enabled(False)
            else:
                self.create_local_dirs()
            if not container_exists:
                self.set_pithos_enabled(False)

        self.heartbeat = ThreadSafeDict()
        self.action_max_wait = kwargs.get("action_max_wait",
                                          DEFAULT_ACTION_MAX_WAIT)
        self.pithos_list_interval = kwargs.get("pithos_list_interval",
                                               DEFAULT_PITHOS_LIST_INTERVAL)

        self.connection_retry_limit = kwargs.get(
            "connection_retry_limit", DEFAULT_CONNECTION_RETRY_LIMIT)
        self.endpoint.CONNECTION_RETRY_LIMIT = self.connection_retry_limit
        self.max_alive_sync_threads = kwargs.get(
            "max_alive_sync_threads", DEFAULT_MAX_ALIVE_SYNC_THREADS)
        self.messager = Messager()