def test_service_object(tmpdir_factory):
bucket = tmpdir_factory.mktemp("test_service")
push_testing_objstore(bucket)
push_is_running_service()
try:
service = Service.create(service_type="identity",
service_url="identity")
assert(service.uid() is not None)
assert(service.uid().startswith("STAGE1"))
service.create_stage2(service_uid="Z9-Z8", response=service.uid())
assert(service.is_identity_service())
assert(not service.should_refresh_keys())
assert(service.is_unlocked())
assert(not service.is_locked())
passphrase = PrivateKey.random_passphrase()
data = service.to_data(passphrase)
service2 = IdentityService.from_data(data, passphrase)
assert(service2.uid() == service.uid())
assert(service2.is_unlocked())
assert(not service2.is_locked())
assert(service2.is_identity_service())
assert(service.canonical_url() == service2.canonical_url())
assert(not service2.should_refresh_keys())
keys = service.dump_keys()
keys = service.load_keys(keys)
assert(keys[service.private_key().fingerprint()] ==
service.private_key())
assert(keys[service.private_certificate().fingerprint()] ==
service.private_certificate())
service.refresh_keys()
assert(service.last_key_update() > service2.last_key_update())
assert(service.last_certificate().public_key() ==
service2.public_certificate())
assert(service.last_key() == service2.private_key())
except:
pop_is_running_service()
pop_testing_objstore()
raise
pop_is_running_service()
pop_testing_objstore()
def setup_this_service(service_type, canonical_url, registry_uid, username,
password):
"""Call this function to setup a new
service that will serve at 'canonical_url', will be of
the specified service_type. This will be registered at the
registry at UID registry_uid
(1) Delete the object store value "_service" if you want to reset
the actual Service. This will assign a new UID for the service
which would reset the certificates and keys. This new service
will need to be re-introduced to other services that need
to trust it
"""
assert_running_service()
from Acquire.Service import get_service_account_bucket as \
_get_service_account_bucket
from Acquire.ObjectStore import Mutex as _Mutex
from Acquire.ObjectStore import ObjectStore as _ObjectStore
from Acquire.Service import Service as _Service
bucket = _get_service_account_bucket()
# ensure that this is the only time the service is set up
mutex = _Mutex(key=_service_key, bucket=bucket, lease_time=120)
try:
service_info = _ObjectStore.get_object_from_json(bucket, _service_key)
except:
service_info = None
service = None
service_password = _get_service_password()
user_uid = None
otp = None
if service_info:
try:
service = _Service.from_data(service_info, service_password)
except Exception as e:
from Acquire.Service import ServiceAccountError
raise ServiceAccountError(
"Something went wrong reading the Service data. You should "
"either debug the error or delete the data at key '%s' "
"to allow the service to be reset and constructed again. "
"The error was %s" % (_service_key, str(e)))
if service.uid().startswith("STAGE1"):
from Acquire.Service import ServiceAccountError
raise ServiceAccountError(
"The service is currently under construction. Please "
"try again later...")
if service is None:
# we need to create the new service
if (service_type is None) or (canonical_url is None):
from Acquire.Service import ServiceAccountError
raise ServiceAccountError(
"You need to supply both the service_type and canonical_url "
"in order to initialise a new Service")
# we need to build the service account - first stage 1
service = _Service.create(service_url=canonical_url,
service_type=service_type)
# write the stage1 service data, encrypted using the service password.
# This will be needed to answer the challenge from the registry
service_data = service.to_data(service_password)
_ObjectStore.set_object_from_json(bucket, _service_key, service_data)
# now we can register the service with a registry - this
# will return the stage2-constructed service
from Acquire.Registry import register_service as _register_service
service = _register_service(service=service, registry_uid=registry_uid)
canonical_url = _Service.get_canonical_url(canonical_url)
if service.service_type() != service_type or \
service.canonical_url() != canonical_url:
from Acquire.Service import ServiceAccountError
raise ServiceAccountError(
"The existing service has a different type or URL to that "
"requested at setup. The request type and URL are %s and %s, "
"while the actual service type and URL are %s and %s." %
(service_type, canonical_url, service.service_type(),
service.canonical_url()))
# we can add the first admin user
service_uid = service.uid()
skelkey = service.skeleton_key().public_key()
# now register the new admin user account - remembering to
# encode the password
from Acquire.Client import Credentials as _Credentials
password = _Credentials.encode_password(password=password,
identity_uid=service_uid)
from Acquire.Identity import UserAccount as _UserAccount
(user_uid, otp) = _UserAccount.create(username=username,
password=password,
_service_uid=service_uid,
_service_public_key=skelkey)
add_admin_user(service, user_uid)
# write the service data, encrypted using the service password
service_data = service.to_data(service_password)
# reload the data to check it is ok, and also to set the right class
service = _Service.from_data(service_data, service_password)
# now it is ok, save this data to the object store
_ObjectStore.set_object_from_json(bucket, _service_key, service_data)
mutex.unlock()
from Acquire.Service import clear_service_cache as _clear_service_cache
_clear_service_cache()
return (service, user_uid, otp)