class SaltKeep(Keep): ''' RAET protocol estate on road data persistence for a given estate road specific data road/ keep/ stackname/ local/ estate.ext remote/ estate.name.ext estate.name.ext ''' LocalFields = [ 'name', 'uid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'puid', 'aha', 'role', 'sighex', 'prihex' ] LocalDumpFields = [ 'name', 'uid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'puid', 'aha', 'role' ] RemoteFields = [ 'name', 'uid', 'fuid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'main', 'kind', 'joined', 'role', 'acceptance', 'verhex', 'pubhex' ] RemoteDumpFields = [ 'name', 'uid', 'fuid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'main', 'kind', 'joined', 'role' ] Auto = raeting.AutoMode.never.value #auto accept def __init__(self, opts, prefix='estate', basedirpath='', auto=None, **kwa): ''' Setup RoadKeep instance ''' basedirpath = basedirpath or os.path.join(opts['cache_dir'], 'raet') super(SaltKeep, self).__init__(prefix=prefix, basedirpath=basedirpath, **kwa) self.auto = (auto if auto is not None else (raeting.AutoMode.always.value if opts['open_mode'] else (raeting.AutoMode.once.value if opts['auto_accept'] else raeting.AutoMode.never.value))) self.saltRaetKey = RaetKey(opts) def clearAllDir(self): ''' Clear all keep directories ''' super(SaltKeep, self).clearAllDir() self.clearRoleDir() def clearRoleDir(self): ''' Clear the Role directory ''' self.saltRaetKey.delete_pki_dir() def loadLocalRoleData(self): ''' Load and return the role data ''' keydata = self.saltRaetKey.read_local() if not keydata: keydata = odict([('sign', None), ('priv', None)]) data = odict([('sighex', keydata['sign']), ('prihex', keydata['priv'])]) return data def clearLocalRoleData(self): ''' Clear the local file ''' self.saltRaetKey.delete_local() def clearLocalRoleDir(self): ''' Clear the Local Role directory ''' self.saltRaetKey.delete_pki_dir() def loadLocalData(self): ''' Load and Return the data from the local estate ''' data = super(SaltKeep, self).loadLocalData() if not data: return None roleData = self.loadLocalRoleData( ) # if not present defaults None values data.update([('sighex', roleData.get('sighex')), ('prihex', roleData.get('prihex'))]) return data def loadRemoteData(self, name): ''' Load and Return the data from the remote file ''' data = super(SaltKeep, self).loadRemoteData(name) if not data: return None mid = data['role'] for status in [acceptance.name for acceptance in Acceptance]: keydata = self.saltRaetKey.read_remote(mid, status) if keydata: break if not keydata: data.update([('acceptance', None), ('verhex', None), ('pubhex', None)]) else: data.update(acceptance=raeting.Acceptance[status].value, verhex=keydata['verify'], pubhex=keydata['pub']) return data def loadAllRemoteData(self): ''' Load and Return the data from the all the remote estate files ''' keeps = super(SaltKeep, self).loadAllRemoteData() for name, data in keeps.items(): keeps[name].update([('acceptance', None), ('verhex', None), ('pubhex', None)]) for status, mids in self.saltRaetKey.list_keys().items(): for mid in mids: keydata = self.saltRaetKey.read_remote(mid, status) if keydata: for name, data in keeps.items(): if data['role'] == mid: keeps[name].update([ ('acceptance', raeting.Acceptance[status].value), ('verhex', keydata['verify']), ('pubhex', keydata['pub']) ]) return keeps def clearRemoteRoleData(self, role): ''' Clear data from the role data file ''' self.saltRaetKey.delete_key(role) #now delete role key file def clearAllRemoteRoleData(self): ''' Remove all the role data files ''' self.saltRaetKey.delete_all() def clearRemoteRoleDir(self): ''' Clear the Remote Role directory ''' self.saltRaetKey.delete_pki_dir() def dumpLocal(self, local): ''' Dump local estate ''' data = odict([ ('name', local.name), ('uid', local.uid), ('ha', local.ha), ('iha', local.iha), ('natted', local.natted), ('fqdn', local.fqdn), ('dyned', local.dyned), ('sid', local.sid), ('puid', local.stack.puid), ('aha', local.stack.aha), ('role', local.role), ]) if self.verifyLocalData(data, localFields=self.LocalDumpFields): self.dumpLocalData(data) self.saltRaetKey.write_local(local.priver.keyhex, local.signer.keyhex) def dumpRemote(self, remote): ''' Dump remote estate ''' data = odict([ ('name', remote.name), ('uid', remote.uid), ('fuid', remote.fuid), ('ha', remote.ha), ('iha', remote.iha), ('natted', remote.natted), ('fqdn', remote.fqdn), ('dyned', remote.dyned), ('sid', remote.sid), ('main', remote.main), ('kind', remote.kind), ('joined', remote.joined), ('role', remote.role), ]) if self.verifyRemoteData(data, remoteFields=self.RemoteDumpFields): self.dumpRemoteData(data, remote.name) if remote.pubber.keyhex and remote.verfer.keyhex: # kludge to persist the keys since no way to write self.saltRaetKey.status(remote.role, remote.pubber.keyhex, remote.verfer.keyhex) def statusRemote(self, remote, dump=True): ''' Calls .statusRole on remote role and keys and updates remote.acceptance dump indicates if statusRole should update persisted values when appropriate. Returns status Where status is acceptance status of role and keys and has value from raeting.acceptances ''' status = self.statusRole(role=remote.role, verhex=remote.verfer.keyhex, pubhex=remote.pubber.keyhex, dump=dump) remote.acceptance = status return status def statusRole(self, role, verhex, pubhex, dump=True): ''' Returns status Where status is acceptance status of role and keys and has value from raeting.acceptances ''' status = raeting.Acceptance[self.saltRaetKey.status( role, pubhex, verhex)].value return status def rejectRemote(self, remote): ''' Set acceptance status to rejected ''' mid = remote.role self.saltRaetKey.reject(match=mid, include_accepted=True) remote.acceptance = raeting.Acceptance.rejected.value def pendRemote(self, remote): ''' Set acceptance status to pending ''' pass def acceptRemote(self, remote): ''' Set acceptance status to accepted ''' mid = remote.role self.saltRaetKey.accept(match=mid, include_rejected=True) remote.acceptance = raeting.Acceptance.accepted.value
class SaltKeep(Keep): ''' RAET protocol estate on road data persistence for a given estate road specific data road/ keep/ stackname/ local/ estate.ext remote/ estate.name.ext estate.name.ext ''' LocalFields = ['name', 'uid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'puid', 'aha', 'role', 'sighex','prihex'] LocalDumpFields = ['name', 'uid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'puid', 'aha', 'role'] RemoteFields = ['name', 'uid', 'fuid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'main', 'kind', 'joined', 'role', 'acceptance', 'verhex', 'pubhex'] RemoteDumpFields = ['name', 'uid', 'fuid', 'ha', 'iha', 'natted', 'fqdn', 'dyned', 'sid', 'main', 'kind', 'joined', 'role'] Auto = raeting.AutoMode.never.value #auto accept def __init__(self, opts, prefix='estate', basedirpath='', auto=None, **kwa): ''' Setup RoadKeep instance ''' basedirpath = basedirpath or os.path.join(opts['cache_dir'], 'raet') super(SaltKeep, self).__init__(prefix=prefix, basedirpath=basedirpath, **kwa) self.auto = (auto if auto is not None else (raeting.AutoMode.always.value if opts['open_mode'] else (raeting.AutoMode.once.value if opts['auto_accept'] else raeting.AutoMode.never.value))) self.saltRaetKey = RaetKey(opts) def clearAllDir(self): ''' Clear all keep directories ''' super(SaltKeep, self).clearAllDir() self.clearRoleDir() def clearRoleDir(self): ''' Clear the Role directory ''' self.saltRaetKey.delete_pki_dir() def loadLocalRoleData(self): ''' Load and return the role data ''' keydata = self.saltRaetKey.read_local() if not keydata: keydata = odict([('sign', None), ('priv', None)]) data = odict([('sighex', keydata['sign']), ('prihex', keydata['priv'])]) return data def clearLocalRoleData(self): ''' Clear the local file ''' self.saltRaetKey.delete_local() def clearLocalRoleDir(self): ''' Clear the Local Role directory ''' self.saltRaetKey.delete_pki_dir() def loadLocalData(self): ''' Load and Return the data from the local estate ''' data = super(SaltKeep, self).loadLocalData() if not data: return None roleData = self.loadLocalRoleData() # if not present defaults None values data.update([('sighex', roleData.get('sighex')), ('prihex', roleData.get('prihex'))]) return data def loadRemoteData(self, name): ''' Load and Return the data from the remote file ''' data = super(SaltKeep, self).loadRemoteData(name) if not data: return None mid = data['role'] for status in [acceptance.name for acceptance in Acceptance]: keydata = self.saltRaetKey.read_remote(mid, status) if keydata: break if not keydata: data.update([('acceptance', None), ('verhex', None), ('pubhex', None)]) else: data.update(acceptance=raeting.Acceptance[status].value, verhex=keydata['verify'], pubhex=keydata['pub']) return data def loadAllRemoteData(self): ''' Load and Return the data from the all the remote estate files ''' keeps = super(SaltKeep, self).loadAllRemoteData() for name, data in keeps.items(): keeps[name].update([('acceptance', None), ('verhex', None), ('pubhex', None)]) for status, mids in self.saltRaetKey.list_keys().items(): for mid in mids: keydata = self.saltRaetKey.read_remote(mid, status) if keydata: for name, data in keeps.items(): if data['role'] == mid: keeps[name].update( [('acceptance', raeting.Acceptance[status].value), ('verhex', keydata['verify']), ('pubhex', keydata['pub'])]) return keeps def clearRemoteRoleData(self, role): ''' Clear data from the role data file ''' self.saltRaetKey.delete_key(role) #now delete role key file def clearAllRemoteRoleData(self): ''' Remove all the role data files ''' self.saltRaetKey.delete_all() def clearRemoteRoleDir(self): ''' Clear the Remote Role directory ''' self.saltRaetKey.delete_pki_dir() def dumpLocal(self, local): ''' Dump local estate ''' data = odict([ ('name', local.name), ('uid', local.uid), ('ha', local.ha), ('iha', local.iha), ('natted', local.natted), ('fqdn', local.fqdn), ('dyned', local.dyned), ('sid', local.sid), ('puid', local.stack.puid), ('aha', local.stack.aha), ('role', local.role), ]) if self.verifyLocalData(data, localFields =self.LocalDumpFields): self.dumpLocalData(data) self.saltRaetKey.write_local(local.priver.keyhex, local.signer.keyhex) def dumpRemote(self, remote): ''' Dump remote estate ''' data = odict([ ('name', remote.name), ('uid', remote.uid), ('fuid', remote.fuid), ('ha', remote.ha), ('iha', remote.iha), ('natted', remote.natted), ('fqdn', remote.fqdn), ('dyned', remote.dyned), ('sid', remote.sid), ('main', remote.main), ('kind', remote.kind), ('joined', remote.joined), ('role', remote.role), ]) if self.verifyRemoteData(data, remoteFields=self.RemoteDumpFields): self.dumpRemoteData(data, remote.name) if remote.pubber.keyhex and remote.verfer.keyhex: # kludge to persist the keys since no way to write self.saltRaetKey.status(remote.role, remote.pubber.keyhex, remote.verfer.keyhex) def statusRemote(self, remote, dump=True): ''' Calls .statusRole on remote role and keys and updates remote.acceptance dump indicates if statusRole should update persisted values when appropriate. Returns status Where status is acceptance status of role and keys and has value from raeting.acceptances ''' status = self.statusRole(role=remote.role, verhex=remote.verfer.keyhex, pubhex=remote.pubber.keyhex, dump=dump) remote.acceptance = status return status def statusRole(self, role, verhex, pubhex, dump=True): ''' Returns status Where status is acceptance status of role and keys and has value from raeting.acceptances ''' status = raeting.Acceptance[self.saltRaetKey.status(role, pubhex, verhex)].value return status def rejectRemote(self, remote): ''' Set acceptance status to rejected ''' mid = remote.role self.saltRaetKey.reject(match=mid, include_accepted=True) remote.acceptance = raeting.Acceptance.rejected.value def pendRemote(self, remote): ''' Set acceptance status to pending ''' pass def acceptRemote(self, remote): ''' Set acceptance status to accepted ''' mid = remote.role self.saltRaetKey.accept(match=mid, include_rejected=True) remote.acceptance = raeting.Acceptance.accepted.value