def call(self, cred, record_dict, origin_hrn=None):
user_cred = Credential(string=cred)
#log the call
if not origin_hrn:
origin_hrn = user_cred.get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name))
# validate the cred
self.api.auth.check(cred, "register")
# make sure this is a peer record
if 'peer_authority' not in record_dict or \
not record_dict['peer_authority']:
raise SfaInvalidArgument, "peer_authority must be specified"
record = SfaRecord(dict = record_dict)
type, hrn, peer_authority = record['type'], record['hrn'], record['peer_authority']
record['authority'] = get_authority(record['hrn'])
# verify permissions
self.api.auth.verify_cred_is_me(cred)
# check if record already exists
table = SfaTable()
existing_records = table.find({'type': type, 'hrn': hrn, 'peer_authority': peer_authority})
if existing_records:
for existing_record in existing_records:
if existing_record['pointer'] != record['pointer']:
record['record_id'] = existing_record['record_id']
table.update(record)
else:
record_id = table.insert(record)
return 1
def import_site(self, hrn, site):
shell = self.shell
plc_auth = self.plc_auth
urn = hrn_to_urn(hrn, 'authority')
self.logger.info("Import: site %s"%hrn)
# create the authority
if not self.AuthHierarchy.auth_exists(urn):
self.AuthHierarchy.create_auth(urn)
auth_info = self.AuthHierarchy.get_auth_info(urn)
table = SfaTable()
auth_record = SfaRecord(hrn=hrn, gid=auth_info.get_gid_object(), type="authority", pointer=site['site_id'])
auth_record['authority'] = get_authority(auth_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'authority', 'pointer': site['site_id']})
if not existing_records:
table.insert(auth_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
auth_record['record_id'] = existing_record['record_id']
table.update(auth_record)
return hrn
def import_slice(self, parent_hrn, slice):
slicename = slice['name'].split("_",1)[-1]
slicename = _cleanup_string(slicename)
if not slicename:
self.logger.error("Import: failed to parse slice name %s" %slice['name'])
return
hrn = parent_hrn + "." + slicename
self.logger.info("Import: slice %s"%hrn)
pkey = Keypair(create=True)
urn = hrn_to_urn(hrn, 'slice')
slice_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
slice_record = SfaRecord(hrn=hrn, gid=slice_gid, type="slice", pointer=slice['slice_id'])
slice_record['authority'] = get_authority(slice_record['hrn'])
table = SfaTable()
existing_records = table.find({'hrn': hrn, 'type': 'slice', 'pointer': slice['slice_id']})
if not existing_records:
table.insert(slice_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
slice_record['record_id'] = existing_record['record_id']
table.update(slice_record)
def import_person(self, parent_hrn, person):
"""
Register a user record
"""
hrn = email_to_hrn(parent_hrn, person['email'])
# ASN.1 will have problems with hrn's longer than 64 characters
if len(hrn) > 64:
hrn = hrn[:64]
self.logger.info("Import: person %s"%hrn)
key_ids = []
if 'key_ids' in person and person['key_ids']:
key_ids = person["key_ids"]
# get the user's private key from the SSH keys they have uploaded
# to planetlab
keys = self.shell.GetKeys(self.plc_auth, key_ids)
key = keys[0]['key']
pkey = None
try:
pkey = convert_public_key(key)
except:
self.logger.warn('unable to convert public key for %s' % hrn)
if not pkey:
pkey = Keypair(create=True)
else:
# the user has no keys
self.logger.warn("Import: person %s does not have a PL public key"%hrn)
# if a key is unavailable, then we still need to put something in the
# user's GID. So make one up.
pkey = Keypair(create=True)
# create the gid
urn = hrn_to_urn(hrn, 'user')
person_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
table = SfaTable()
person_record = SfaRecord(hrn=hrn, gid=person_gid, type="user", pointer=person['person_id'])
person_record['authority'] = get_authority(person_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'user', 'pointer': person['person_id']})
if not existing_records:
table.insert(person_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
person_record['record_id'] = existing_record['record_id']
table.update(person_record)
def import_gid(options):
"""
Import the specified gid into the registry (db and authorities
hierarchy) overwriting any previous gid.
"""
from sfa.util.table import SfaTable
from sfa.util.record import SfaRecord
# load the gid
gidfile = os.path.abspath(options.importgid)
if not gidfile or not os.path.isfile(gidfile):
print "No such gid: %s" % gidfile
sys.exit(1)
gid = GID(filename=gidfile)
# check if it exists within the hierarchy
hierarchy = Hierarchy()
if not hierarchy.auth_exists(gid.get_hrn()):
print "%s not found in hierarchy" % gid.get_hrn()
sys.exit(1)
# check if record exists in db
table = SfaTable()
records = table.find({'hrn': gid.get_hrn(), 'type': 'authority'})
if not records:
print "%s not found in record database" % get.get_hrn()
sys.exit(1)
# update the database record
record = records[0]
record['gid'] = gid.save_to_string(save_parents=True)
table.update(record)
if options.verbose:
print "Imported %s gid into db" % record['hrn']
# update the hierarchy
auth_info = hierarchy.get_auth_info(gid.get_hrn())
filename = auth_info.gid_filename
gid.save_to_file(filename, save_parents=True)
if options.verbose:
print "Writing %s gid to %s" % (gid.get_hrn(), filename)
# ending here
return
def import_node(self, hrn, node):
self.logger.info("Import: node %s" % hrn)
# ASN.1 will have problems with hrn's longer than 64 characters
if len(hrn) > 64:
hrn = hrn[:64]
table = SfaTable()
node_record = table.find({'type': 'node', 'hrn': hrn})
pkey = Keypair(create=True)
urn = hrn_to_urn(hrn, 'node')
node_gid = self.AuthHierarchy.create_gid(urn, create_uuid(), pkey)
node_record = SfaRecord(hrn=hrn, gid=node_gid, type="node", pointer=node['node_id'])
node_record['authority'] = get_authority(node_record['hrn'])
existing_records = table.find({'hrn': hrn, 'type': 'node', 'pointer': node['node_id']})
if not existing_records:
table.insert(node_record)
else:
self.logger.info("Import: %s exists, updating " % hrn)
existing_record = existing_records[0]
node_record['record_id'] = existing_record['record_id']
table.update(node_record)
def call(self):
# verify that the callers's ip address exist in the db and is an inteface
# for a node in the db
(ip, port) = self.api.remote_addr
interfaces = self.api.plshell.GetInterfaces(self.api.plauth, {'ip': ip}, ['node_id'])
if not interfaces:
raise NonExistingRecord("no such ip %(ip)s" % locals())
nodes = self.api.plshell.GetNodes(self.api.plauth, [interfaces[0]['node_id']], ['node_id', 'hostname'])
if not nodes:
raise NonExistingRecord("no such node using ip %(ip)s" % locals())
node = nodes[0]
# look up the sfa record
table = SfaTable()
records = table.findObjects({'type': 'node', 'pointer': node['node_id']})
if not records:
raise RecordNotFound("pointer:" + str(node['node_id']))
record = records[0]
# generate a new keypair and gid
uuid = create_uuid()
pkey = Keypair(create=True)
urn = hrn_to_urn(record['hrn'], record['type'])
gid_object = self.api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record.set_gid(gid)
# update the record
table.update(record)
# attempt the scp the key
# and gid onto the node
# this will only work for planetlab based components
(kfd, key_filename) = tempfile.mkstemp()
(gfd, gid_filename) = tempfile.mkstemp()
pkey.save_to_file(key_filename)
gid_object.save_to_file(gid_filename, save_parents=True)
host = node['hostname']
key_dest="/etc/sfa/node.key"
gid_dest="/etc/sfa/node.gid"
scp = "/usr/bin/scp"
#identity = "/etc/planetlab/root_ssh_key.rsa"
identity = "/etc/sfa/root_ssh_key"
scp_options=" -i %(identity)s " % locals()
scp_options+="-o StrictHostKeyChecking=no " % locals()
scp_key_command="%(scp)s %(scp_options)s %(key_filename)s root@%(host)s:%(key_dest)s" %\
locals()
scp_gid_command="%(scp)s %(scp_options)s %(gid_filename)s root@%(host)s:%(gid_dest)s" %\
locals()
all_commands = [scp_key_command, scp_gid_command]
for command in all_commands:
(status, output) = commands.getstatusoutput(command)
if status:
raise Exception, output
for filename in [key_filename, gid_filename]:
os.unlink(filename)
return 1
def update(api, record_dict):
new_record = SfaRecord(dict = record_dict)
type = new_record['type']
hrn = new_record['hrn']
urn = hrn_to_urn(hrn,type)
table = SfaTable()
# make sure the record exists
records = table.findObjects({'type': type, 'hrn': hrn})
if not records:
raise RecordNotFound(hrn)
record = records[0]
record['last_updated'] = time.gmtime()
# Update_membership needs the membership lists in the existing record
# filled in, so it can see if members were added or removed
api.fill_record_info(record)
# Use the pointer from the existing record, not the one that the user
# gave us. This prevents the user from inserting a forged pointer
pointer = record['pointer']
# update the PLC information that was specified with the record
if (type == "authority"):
api.plshell.UpdateSite(api.plauth, pointer, new_record)
elif type == "slice":
pl_record=api.sfa_fields_to_pl_fields(type, hrn, new_record)
if 'name' in pl_record:
pl_record.pop('name')
api.plshell.UpdateSlice(api.plauth, pointer, pl_record)
elif type == "user":
# SMBAKER: UpdatePerson only allows a limited set of fields to be
# updated. Ideally we should have a more generic way of doing
# this. I copied the field names from UpdatePerson.py...
update_fields = {}
all_fields = new_record
for key in all_fields.keys():
if key in ['first_name', 'last_name', 'title', 'email',
'password', 'phone', 'url', 'bio', 'accepted_aup',
'enabled']:
update_fields[key] = all_fields[key]
api.plshell.UpdatePerson(api.plauth, pointer, update_fields)
if 'key' in new_record and new_record['key']:
# must check this key against the previous one if it exists
persons = api.plshell.GetPersons(api.plauth, [pointer], ['key_ids'])
person = persons[0]
keys = person['key_ids']
keys = api.plshell.GetKeys(api.plauth, person['key_ids'])
key_exists = False
if isinstance(new_record['key'], types.ListType):
new_key = new_record['key'][0]
else:
new_key = new_record['key']
# Delete all stale keys
for key in keys:
if new_record['key'] != key['key']:
api.plshell.DeleteKey(api.plauth, key['key_id'])
else:
key_exists = True
if not key_exists:
api.plshell.AddPersonKey(api.plauth, pointer, {'key_type': 'ssh', 'key': new_key})
# update the openssl key and gid
pkey = convert_public_key(new_key)
uuid = create_uuid()
gid_object = api.auth.hierarchy.create_gid(urn, uuid, pkey)
gid = gid_object.save_to_string(save_parents=True)
record['gid'] = gid
record = SfaRecord(dict=record)
table.update(record)
elif type == "node":
api.plshell.UpdateNode(api.plauth, pointer, new_record)
else:
raise UnknownSfaType(type)
# update membership for researchers, pis, owners, operators
api.update_membership(record, new_record)
return 1
