def getDelegatedCredential(self, creds): """ Attempt to find a credential delegated to us in the specified list of creds. """ from sfa.trust.hierarchy import Hierarchy if creds and not isinstance(creds, list): creds = [creds] hierarchy = Hierarchy() delegated_cred = None for cred in creds: if hierarchy.auth_exists(Credential(cred=cred).get_gid_caller().get_hrn()): delegated_cred = cred break return delegated_cred
def getDelegatedCredential(self, creds): """ Attempt to find a credential delegated to us in the specified list of creds. """ from sfa.trust.hierarchy import Hierarchy if creds and not isinstance(creds, list): creds = [creds] hierarchy = Hierarchy() delegated_cred = None for cred in creds: if hierarchy.auth_exists( Credential(cred=cred).get_gid_caller().get_hrn()): delegated_cred = cred break return delegated_cred
def import_gid(options): """ Import the specified gid into the registry (db and authorities hierarchy) overwriting any previous gid. """ from sfa.util.table import SfaTable from sfa.util.record import SfaRecord # load the gid gidfile = os.path.abspath(options.importgid) if not gidfile or not os.path.isfile(gidfile): print "No such gid: %s" % gidfile sys.exit(1) gid = GID(filename=gidfile) # check if it exists within the hierarchy hierarchy = Hierarchy() if not hierarchy.auth_exists(gid.get_hrn()): print "%s not found in hierarchy" % gid.get_hrn() sys.exit(1) # check if record exists in db table = SfaTable() records = table.find({'hrn': gid.get_hrn(), 'type': 'authority'}) if not records: print "%s not found in record database" % get.get_hrn() sys.exit(1) # update the database record record = records[0] record['gid'] = gid.save_to_string(save_parents=True) table.update(record) if options.verbose: print "Imported %s gid into db" % record['hrn'] # update the hierarchy auth_info = hierarchy.get_auth_info(gid.get_hrn()) filename = auth_info.gid_filename gid.save_to_file(filename, save_parents=True) if options.verbose: print "Writing %s gid to %s" % (gid.get_hrn(), filename) # ending here return
class Importer: def __init__(self,auth_hierarchy=None,logger=None): self.config = Config() if auth_hierarchy is not None: self.auth_hierarchy=auth_hierarchy else: self.auth_hierarchy = Hierarchy () if logger is not None: self.logger=logger else: self.logger = _SfaLogger(logfile='/var/log/sfa_import.log', loggername='importlog') self.logger.setLevelFromOptVerbose(self.config.SFA_API_LOGLEVEL) # ugly side effect so that other modules get it right import sfa.util.sfalogging sfa.util.sfalogging.logger=logger # self.TrustedRoots = TrustedRoots(self.config.get_trustedroots_dir()) # check before creating a RegRecord entry as we run this over and over def record_exists (self, type, hrn): return dbsession.query(RegRecord).filter_by(hrn=hrn,type=type).count()!=0 def create_top_level_auth_records(self, hrn): """ Create top level db records (includes root and sub authorities (local/remote) """ # make sure parent exists parent_hrn = get_authority(hrn) if not parent_hrn: parent_hrn = hrn if not parent_hrn == hrn: self.create_top_level_auth_records(parent_hrn) # ensure key and cert exists: self.auth_hierarchy.create_top_level_auth(hrn) # create the db record if it doesnt already exist if not self.record_exists ('authority',hrn): auth_info = self.auth_hierarchy.get_auth_info(hrn) auth_record = RegAuthority(hrn=hrn, gid=auth_info.get_gid_object(), authority=get_authority(hrn)) auth_record.just_created() dbsession.add (auth_record) dbsession.commit() self.logger.info("SfaImporter: imported authority (parent) %s " % auth_record) def create_sm_client_record(self): """ Create a user record for the Slicemanager service. """ hrn = self.interface_hrn + '.slicemanager' urn = hrn_to_urn(hrn, 'user') if not self.auth_hierarchy.auth_exists(urn): self.logger.info("SfaImporter: creating Slice Manager user") self.auth_hierarchy.create_auth(urn) if self.record_exists ('user',hrn): return auth_info = self.auth_hierarchy.get_auth_info(hrn) user_record = RegUser(hrn=hrn, gid=auth_info.get_gid_object(), authority=get_authority(hrn)) user_record.just_created() dbsession.add (user_record) dbsession.commit() self.logger.info("SfaImporter: importing user (slicemanager) %s " % user_record) def create_interface_records(self): """ Create a record for each SFA interface """ # just create certs for all sfa interfaces even if they # aren't enabled auth_info = self.auth_hierarchy.get_auth_info(self.config.SFA_INTERFACE_HRN) pkey = auth_info.get_pkey_object() hrn=self.config.SFA_INTERFACE_HRN for type in [ 'authority+sa', 'authority+am', 'authority+sm', ]: urn = hrn_to_urn(hrn, type) gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey) # for now we have to preserve the authority+<> stuff if self.record_exists (type,hrn): continue interface_record = RegAuthority(type=type, hrn=hrn, gid=gid, authority=get_authority(hrn)) interface_record.just_created() dbsession.add (interface_record) dbsession.commit() self.logger.info("SfaImporter: imported authority (%s) %s " % (type,interface_record)) def run(self, options=None): if not self.config.SFA_REGISTRY_ENABLED: self.logger.critical("Importer: need SFA_REGISTRY_ENABLED to run import") # testbed-neutral : create local certificates and the like auth_hierarchy = Hierarchy () self.create_top_level_auth_records(self.config.SFA_INTERFACE_HRN) self.create_interface_records() # testbed-specific testbed_importer = None generic=Generic.the_flavour() importer_class = generic.importer_class() if importer_class: begin_time=datetime.now() self.logger.info ("Starting import on %s, using class %s from flavour %s"%\ (begin_time,importer_class.__name__,generic.flavour)) testbed_importer = importer_class (auth_hierarchy, self.logger) if testbed_importer: testbed_importer.add_options(options) testbed_importer.run (options) end_time=datetime.now() duration=end_time-begin_time self.logger.info("Import took %s"%duration)
class Importer: def __init__(self, auth_hierarchy=None, logger=None): self.config = Config() if auth_hierarchy is not None: self.auth_hierarchy = auth_hierarchy else: self.auth_hierarchy = Hierarchy() if logger is not None: self.logger = logger else: self.logger = _SfaLogger(logfile='/var/log/sfa_import.log', loggername='importlog') self.logger.setLevelFromOptVerbose(self.config.SFA_API_LOGLEVEL) # ugly side effect so that other modules get it right import sfa.util.sfalogging sfa.util.sfalogging.logger = logger # self.TrustedRoots = TrustedRoots(self.config.get_trustedroots_dir()) # check before creating a RegRecord entry as we run this over and over def record_exists(self, type, hrn): return global_dbsession.query(RegRecord).filter_by( hrn=hrn, type=type).count() != 0 def create_top_level_auth_records(self, hrn): """ Create top level db records (includes root and sub authorities (local/remote) """ # make sure parent exists parent_hrn = get_authority(hrn) if not parent_hrn: parent_hrn = hrn if not parent_hrn == hrn: self.create_top_level_auth_records(parent_hrn) # ensure key and cert exists: self.auth_hierarchy.create_top_level_auth(hrn) # create the db record if it doesnt already exist if not self.record_exists('authority', hrn): auth_info = self.auth_hierarchy.get_auth_info(hrn) auth_record = RegAuthority(hrn=hrn, gid=auth_info.get_gid_object(), authority=get_authority(hrn)) auth_record.just_created() global_dbsession.add(auth_record) global_dbsession.commit() self.logger.info("SfaImporter: imported authority (parent) %s " % auth_record) def create_sm_client_record(self): """ Create a user record for the Slicemanager service. """ hrn = self.interface_hrn + '.slicemanager' urn = hrn_to_urn(hrn, 'user') if not self.auth_hierarchy.auth_exists(urn): self.logger.info("SfaImporter: creating Slice Manager user") self.auth_hierarchy.create_auth(urn) if self.record_exists('user', hrn): return auth_info = self.auth_hierarchy.get_auth_info(hrn) user_record = RegUser(hrn=hrn, gid=auth_info.get_gid_object(), authority=get_authority(hrn)) user_record.just_created() global_dbsession.add(user_record) global_dbsession.commit() self.logger.info("SfaImporter: importing user (slicemanager) %s " % user_record) def create_interface_records(self): """ Create a record for each SFA interface """ # just create certs for all sfa interfaces even if they # aren't enabled auth_info = self.auth_hierarchy.get_auth_info( self.config.SFA_INTERFACE_HRN) pkey = auth_info.get_pkey_object() hrn = self.config.SFA_INTERFACE_HRN for type in [ 'authority+sa', 'authority+am', 'authority+sm', ]: urn = hrn_to_urn(hrn, type) gid = self.auth_hierarchy.create_gid(urn, create_uuid(), pkey) # for now we have to preserve the authority+<> stuff if self.record_exists(type, hrn): continue interface_record = RegAuthority(type=type, hrn=hrn, gid=gid, authority=get_authority(hrn)) interface_record.just_created() global_dbsession.add(interface_record) global_dbsession.commit() self.logger.info("SfaImporter: imported authority (%s) %s " % (type, interface_record)) def run(self, options=None): if not self.config.SFA_REGISTRY_ENABLED: self.logger.critical( "Importer: need SFA_REGISTRY_ENABLED to run import") # testbed-neutral : create local certificates and the like auth_hierarchy = Hierarchy() self.create_top_level_auth_records(self.config.SFA_INTERFACE_HRN) self.create_interface_records() # testbed-specific testbed_importer = None generic = Generic.the_flavour() importer_class = generic.importer_class() if importer_class: begin_time = datetime.now() self.logger.info ("Starting import on %s, using class %s from flavour %s"%\ (begin_time,importer_class.__name__,generic.flavour)) testbed_importer = importer_class(auth_hierarchy, self.logger) if testbed_importer: testbed_importer.add_options(options) testbed_importer.run(options) end_time = datetime.now() duration = end_time - begin_time self.logger.info("Import took %s" % duration)