def generate_slice_credentials( observer_pkey_pem, syndicate_url, user_email, volume_name, slice_name, observer_secret, slice_secret, instantiate_UG=False, run_UG=False, UG_port=0, UG_closure=None, instantiate_RG=False, run_RG=False, RG_port=0, RG_closure=None, RG_global_hostname=None, instantiate_AG=False, run_AG=False, AG_port=0, AG_closure=None, AG_global_hostname=None, gateway_name_prefix="", existing_user=None, user_pkey_pem=None ): """ Generate and return the set of credentials to be sent off to the slice VMs. exisitng_user is a Syndicate user, as a dictionary. Return None on failure """ # get the user's private key logger.info("Obtaining private key for %s" % user_email) # it might be in the existing_user... if existing_user is not None: user_pkey_pem = existing_user.get('private_key', None) # no luck? if user_pkey_pem is None: try: # get it from storage user_pkey_pem = get_principal_pkey( user_email, observer_secret ) assert user_pkey_pem is not None, "No private key for %s" % user_email except: traceback.print_exc() logger.error("Failed to get private key; cannot generate credentials for %s in %s" % (user_email, volume_name) ) return None # generate a credetials blob logger.info("Generating credentials for %s's slice" % (user_email)) try: creds = observer_cred.create_slice_credential_blob( observer_pkey_pem, slice_name, slice_secret, syndicate_url, volume_name, user_email, user_pkey_pem, instantiate_UG=instantiate_UG, run_UG=run_UG, UG_port=UG_port, UG_closure=UG_closure, instantiate_RG=instantiate_RG, run_RG=run_RG, RG_port=RG_port, RG_closure=RG_closure, RG_global_hostname=RG_global_hostname, instantiate_AG=instantiate_AG, run_AG=run_AG, AG_port=AG_port, AG_closure=AG_closure, AG_global_hostname=AG_global_hostname, gateway_name_prefix=gateway_name_prefix ) assert creds is not None, "Failed to create credentials for %s" % user_email except: traceback.print_exc() logger.error("Failed to generate credentials for %s in %s" % (user_email, volume_name)) return None return creds
def ft_do_push( syndicate_url, volume_name, volume_owner, slice_name, slice_secret, principal_pkey_path, hostname, automount_daemon_port, instantiate_UG=None, run_UG=None, UG_port=0, UG_closure=None, instantiate_RG=None, run_RG=None, RG_port=0, RG_closure=None, RG_global_hostname=None, instantiate_AG=None, run_AG=None, AG_port=0, AG_closure=None, AG_global_hostname=None, gateway_name_prefix="" ): """ Push credentials to a single host. """ c_syndicate.crypto_init() observer_key = syndicate_storage_api.read_private_key( CONFIG.SYNDICATE_OBSERVER_PRIVATE_KEY ) user_key = syndicate_storage_api.read_private_key( principal_pkey_path ) observer_key_pem = observer_key.exportKey() user_pkey_pem = user_key.exportKey() if observer_key_pem is None: raise Exception("Failed to read observer private key from %s" % observer_key_pem ) if user_pkey_pem is None: raise Exception("Failed to read user private key from %s" % principal_pkey_path ) # convert to binary slice_secret = binascii.unhexlify( slice_secret ) cred = observer_cred.create_slice_credential_blob( observer_key_pem, slice_name, slice_secret, syndicate_url, volume_name, volume_owner, user_pkey_pem, instantiate_UG=instantiate_UG, run_UG=run_UG, UG_port=UG_port, UG_closure=UG_closure, instantiate_RG=instantiate_RG, run_RG=run_RG, RG_port=RG_port, RG_closure=RG_closure, RG_global_hostname=RG_global_hostname, instantiate_AG=instantiate_AG, run_AG=run_AG, AG_port=AG_port, AG_closure=AG_closure, AG_global_hostname=AG_global_hostname, gateway_name_prefix=gateway_name_prefix ) if cred is None: raise Exception("Failed to generate slice credential") rc = do_push( [hostname], automount_daemon_port, cred ) c_syndicate.crypto_shutdown()
def generate_slice_credentials(observer_pkey_pem, syndicate_url, user_email, volume_name, slice_name, observer_secret, slice_secret, instantiate_UG=False, run_UG=False, UG_port=0, UG_closure=None, instantiate_RG=False, run_RG=False, RG_port=0, RG_closure=None, RG_global_hostname=None, instantiate_AG=False, run_AG=False, AG_port=0, AG_closure=None, AG_global_hostname=None, gateway_name_prefix="", existing_user=None, user_pkey_pem=None): """ Generate and return the set of credentials to be sent off to the slice VMs. exisitng_user is a Syndicate user, as a dictionary. Return None on failure """ # get the user's private key logger.info("Obtaining private key for %s" % user_email) # it might be in the existing_user... if existing_user is not None: user_pkey_pem = existing_user.get('signing_private_key', None) # no luck? if user_pkey_pem is None: try: # get it from storage user_pkey_pem = get_principal_pkey(user_email, observer_secret) assert user_pkey_pem is not None, "No private key for %s" % user_email except: traceback.print_exc() logger.error( "Failed to get private key; cannot generate credentials for %s in %s" % (user_email, volume_name)) return None # generate a credetials blob logger.info("Generating credentials for %s's slice" % (user_email)) try: creds = observer_cred.create_slice_credential_blob( observer_pkey_pem, slice_name, slice_secret, syndicate_url, volume_name, user_email, user_pkey_pem, instantiate_UG=instantiate_UG, run_UG=run_UG, UG_port=UG_port, UG_closure=UG_closure, instantiate_RG=instantiate_RG, run_RG=run_RG, RG_port=RG_port, RG_closure=RG_closure, RG_global_hostname=RG_global_hostname, instantiate_AG=instantiate_AG, run_AG=run_AG, AG_port=AG_port, AG_closure=AG_closure, AG_global_hostname=AG_global_hostname, gateway_name_prefix=gateway_name_prefix) assert creds is not None, "Failed to create credentials for %s" % user_email except: traceback.print_exc() logger.error("Failed to generate credentials for %s in %s" % (user_email, volume_name)) return None return creds