def create_top_level_auth_records(self, hrn):
"""
Create top level records (includes root and sub authorities (local/remote)
"""
urn = hrn_to_urn(hrn, 'authority')
# make sure parent exists
parent_hrn = get_authority(hrn)
if not parent_hrn:
parent_hrn = hrn
if not parent_hrn == hrn:
self.create_top_level_auth_records(parent_hrn)
# create the authority if it doesnt already exist
if not self.AuthHierarchy.auth_exists(urn):
self.logger.info("Import: creating top level authorities")
self.AuthHierarchy.create_auth(urn)
# create the db record if it doesnt already exist
auth_info = self.AuthHierarchy.get_auth_info(hrn)
table = SfaTable()
auth_record = table.find({'type': 'authority', 'hrn': hrn})
if not auth_record:
auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=-1)
auth_record['authority'] = get_authority(auth_record['hrn'])
self.logger.info("Import: inserting authority record for %s"%hrn)
table.insert(auth_record)
def import_slice(self, parent_hrn, slice):
slicename = slice['name'].split("_",1)[-1]
slicename = _cleanup_string(slicename)
if not slicename:
self.logger.error("Import: failed to parse slice name %s" %slice['name'])
return
hrn = parent_hrn + "." + slicename
self.logger.info("Import: slice %s"%hrn)
pkey = Keypair(create=True)
urn = hrn_to_urn(hrn, 'slice')
slice_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
slice_record = SfaRecord(hrn=hrn, gid=slice_gid, type="slice", pointer=slice['slice_id'])
slice_record['authority'] = get_authority(slice_record['hrn'])
table = SfaTable()
existing_records = table.find({'hrn': hrn, 'type': 'slice', 'pointer': slice['slice_id']})
if not existing_records:
table.insert(slice_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
slice_record['record_id'] = existing_record['record_id']
table.update(slice_record)
def import_site(self, hrn, site):
shell = self.shell
plc_auth = self.plc_auth
urn = hrn_to_urn(hrn, 'authority')
self.logger.info("Import: site %s"%hrn)
# create the authority
if not self.AuthHierarchy.auth_exists(urn):
self.AuthHierarchy.create_auth(urn)
auth_info = self.AuthHierarchy.get_auth_info(urn)
table = SfaTable()
auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=site['site_id'])
auth_record['authority'] = get_authority(auth_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'authority', 'pointer': site['site_id']})
if not existing_records:
table.insert(auth_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
auth_record['record_id'] = existing_record['record_id']
table.update(auth_record)
return hrn
def call(self, cred, record_dict, origin_hrn=None):
user_cred = Credential(string=cred)
#log the call
if not origin_hrn:
origin_hrn = user_cred.get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name))
# validate the cred
self.api.auth.check(cred, "register")
# make sure this is a peer record
if 'peer_authority' not in record_dict or \
not record_dict['peer_authority']:
raise SfaInvalidArgument, "peer_authority must be specified"
record = SfaRecord(dict = record_dict)
type, hrn, peer_authority = record['type'], record['hrn'], record['peer_authority']
record['authority'] = get_authority(record['hrn'])
# verify permissions
self.api.auth.verify_cred_is_me(cred)
# check if record already exists
table = SfaTable()
existing_records = table.find({'type': type, 'hrn': hrn, 'peer_authority': peer_authority})
if existing_records:
for existing_record in existing_records:
if existing_record['pointer'] != record['pointer']:
record['record_id'] = existing_record['record_id']
table.update(record)
else:
record_id = table.insert(record)
return 1
def create_sm_client_record(self):
"""
Create a user record for the Slicemanager service.
"""
hrn = self.config.SFA_INTERFACE_HRN + '.slicemanager'
urn = hrn_to_urn(hrn, 'user')
if not self.AuthHierarchy.auth_exists(urn):
self.logger.info("Import: creating Slice Manager user")
self.AuthHierarchy.create_auth(urn)
auth_info = self.AuthHierarchy.get_auth_info(hrn)
table = SfaTable()
sm_user_record = table.find({'type': 'user', 'hrn': hrn})
if not sm_user_record:
record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="user", pointer=-1)
record['authority'] = get_authority(record['hrn'])
table.insert(record)
def import_person(self, parent_hrn, person):
"""
Register a user record
"""
hrn = email_to_hrn(parent_hrn, person['email'])
# ASN.1 will have problems with hrn's longer than 64 characters
if len(hrn) > 64:
hrn = hrn[:64]
self.logger.info("Import: person %s"%hrn)
key_ids = []
if 'key_ids' in person and person['key_ids']:
key_ids = person["key_ids"]
# get the user's private key from the SSH keys they have uploaded
# to planetlab
keys = self.shell.GetKeys(self.plc_auth, key_ids)
key = keys[0]['key']
pkey = None
try:
pkey = convert_public_key(key)
except:
self.logger.warn('unable to convert public key for %s' % hrn)
if not pkey:
pkey = Keypair(create=True)
else:
# the user has no keys
self.logger.warn("Import: person %s does not have a PL public key"%hrn)
# if a key is unavailable, then we still need to put something in the
# user's GID. So make one up.
pkey = Keypair(create=True)
# create the gid
urn = hrn_to_urn(hrn, 'user')
person_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
table = SfaTable()
person_record = SfaRecord(hrn=hrn, gid=person_gid, type="user", pointer=person['person_id'])
person_record['authority'] = get_authority(person_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'user', 'pointer': person['person_id']})
if not existing_records:
table.insert(person_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
person_record['record_id'] = existing_record['record_id']
table.update(person_record)
def create_interface_records(self):
"""
Create a record for each SFA interface
"""
# just create certs for all sfa interfaces even if they
# arent enabled
interface_hrn = self.config.SFA_INTERFACE_HRN
interfaces = ['authority+sa', 'authority+am', 'authority+sm']
table = SfaTable()
auth_info = self.AuthHierarchy.get_auth_info(interface_hrn)
pkey = auth_info.get_pkey_object()
for interface in interfaces:
interface_record = table.find({'type': interface, 'hrn': interface_hrn})
if not interface_record:
self.logger.info("Import: interface %s %s " % (interface_hrn, interface))
urn = hrn_to_urn(interface_hrn, interface)
gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
record = SfaRecord(hrn=interface_hrn, gid=gid, type=interface, pointer=-1)
record['authority'] = get_authority(interface_hrn)
table.insert(record)
def import_node(self, hrn, node):
self.logger.info("Import: node %s" % hrn)
# ASN.1 will have problems with hrn's longer than 64 characters
if len(hrn) > 64:
hrn = hrn[:64]
table = SfaTable()
node_record = table.find({'type': 'node', 'hrn': hrn})
pkey = Keypair(create=True)
urn = hrn_to_urn(hrn, 'node')
node_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
node_record = SfaRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
node_record['authority'] = get_authority(node_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
if not existing_records:
table.insert(node_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
node_record['record_id'] = existing_record['record_id']
table.update(node_record)
def update_cert_records(gids):
"""
Make sure there is a record in the registry for the specified gids.
Removes old records from the db.
"""
# import SfaTable here so this module can be loaded by ComponentAPI
from sfa.util.table import SfaTable
from sfa.util.record import SfaRecord
if not gids:
return
table = SfaTable()
# get records that actually exist in the db
gid_urns = [gid.get_urn() for gid in gids]
hrns_expected = [gid.get_hrn() for gid in gids]
records_found = table.find({"hrn": hrns_expected, "pointer": -1})
# remove old records
for record in records_found:
if record["hrn"] not in hrns_expected and record["hrn"] != self.api.config.SFA_INTERFACE_HRN:
table.remove(record)
# TODO: store urn in the db so we do this in 1 query
for gid in gids:
hrn, type = gid.get_hrn(), gid.get_type()
record = table.find({"hrn": hrn, "type": type, "pointer": -1})
if not record:
record = {
"hrn": hrn,
"type": type,
"pointer": -1,
"authority": get_authority(hrn),
"gid": gid.save_to_string(save_parents=True),
}
record = SfaRecord(dict=record)
table.insert(record)
def register(api, record):
hrn, type = record['hrn'], record['type']
urn = hrn_to_urn(hrn,type)
# validate the type
if type not in ['authority', 'slice', 'node', 'user']:
raise UnknownSfaType(type)
# check if record already exists
table = SfaTable()
existing_records = table.find({'type': type, 'hrn': hrn})
if existing_records:
raise ExistingRecord(hrn)
record = SfaRecord(dict = record)
record['authority'] = get_authority(record['hrn'])
type = record['type']
hrn = record['hrn']
auth_info = api.auth.get_auth_info(record['authority'])
pub_key = None
# make sure record has a gid
if 'gid' not in record:
uuid = create_uuid()
pkey = Keypair(create=True)
if 'key' in record and record['key']:
if isinstance(record['key'], types.ListType):
pub_key = record['key'][0]
else:
pub_key = record['key']
pkey = convert_public_key(pub_key)
gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
if type in ["authority"]:
# update the tree
if not api.auth.hierarchy.auth_exists(hrn):
api.auth.hierarchy.create_auth(hrn_to_urn(hrn,'authority'))
# get the GID from the newly created authority
gid = auth_info.get_gid_object()
record.set_gid(gid.save_to_string(save_parents=True))
pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
sites = api.plshell.GetSites(api.plauth, [pl_record['login_base']])
if not sites:
pointer = api.plshell.AddSite(api.plauth, pl_record)
else:
pointer = sites[0]['site_id']
record.set_pointer(pointer)
record['pointer'] = pointer
elif (type == "slice"):
acceptable_fields=['url', 'instantiation', 'name', 'description']
pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
for key in pl_record.keys():
if key not in acceptable_fields:
pl_record.pop(key)
slices = api.plshell.GetSlices(api.plauth, [pl_record['name']])
if not slices:
pointer = api.plshell.AddSlice(api.plauth, pl_record)
else:
pointer = slices[0]['slice_id']
record.set_pointer(pointer)
record['pointer'] = pointer
elif (type == "user"):
persons = api.plshell.GetPersons(api.plauth, [record['email']])
if not persons:
pointer = api.plshell.AddPerson(api.plauth, dict(record))
else:
pointer = persons[0]['person_id']
if 'enabled' in record and record['enabled']:
api.plshell.UpdatePerson(api.plauth, pointer, {'enabled': record['enabled']})
# add this persons to the site only if he is being added for the first
# time by sfa and doesont already exist in plc
if not persons or not persons[0]['site_ids']:
login_base = get_leaf(record['authority'])
api.plshell.AddPersonToSite(api.plauth, pointer, login_base)
# What roles should this user have?
api.plshell.AddRoleToPerson(api.plauth, 'user', pointer)
# Add the user's key
if pub_key:
api.plshell.AddPersonKey(api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key})
elif (type == "node"):
pl_record = api.sfa_fields_to_pl_fields(type, hrn, record)
login_base = hrn_to_pl_login_base(record['authority'])
nodes = api.plshell.GetNodes(api.plauth, [pl_record['hostname']])
if not nodes:
pointer = api.plshell.AddNode(api.plauth, login_base, pl_record)
else:
pointer = nodes[0]['node_id']
record['pointer'] = pointer
record.set_pointer(pointer)
record_id = table.insert(record)
record['record_id'] = record_id
# update membership for researchers, pis, owners, operators
api.update_membership(None, record)
return record.get_gid_object().save_to_string(save_parents=True)
