def list_volume_coordinators( config, volume_id ):
"""
Find all the gateways for a given volume that can coordinate writes
"""
gateway_cert_paths = certs.list_gateway_cert_paths( config )
ret = []
for path in gateway_cert_paths:
gateway_cert = None
try:
with open(path, "r") as f:
cert_bin = f.read()
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString( cert_bin )
except Exception, e:
log.exception(e)
log.error("Failed to load '%s'" % path)
return None
if gateway_cert.volume_id != volume_id:
continue
if (gateway_cert.caps & (ms_pb2.ms_gateway_cert.CAP_COORDINATE)) == 0:
continue
log.debug("%s can coordinate" % gateway_cert.name)
ret.append( gateway_cert )
def gateway_cert_fetch(ms_url, gateway_name_or_id, downloader_path):
"""
Use a helper program to go and fetch a gateway certificate.
Return the cert on success.
Return None on error.
"""
if not os.path.exists(downloader_path):
log.error("'%s' does not exist" % downloader_path)
return None
downloader = subprocess.Popen(
[downloader_path, ms_url,
str(gateway_name_or_id)],
shell=False,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
cert_out, cert_err = downloader.communicate()
downloader.wait()
if len(cert_err.strip()) != 0:
log.error("Gateway cert downloader errors:\n%s" % cert_err)
try:
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(cert_out)
except Exception:
log.error("Invalid gateway certificate for %s (from %s)" %
(str(gateway_name_or_id), ms_url))
return None
return gateway_cert
def list_volume_gateways_by_host(config, volume_id, hostname):
"""
Find all gateway certs in a volume with the given hostname.
Only applies to gateways generated by this amd server.
"""
gateway_cert_paths = certs.list_gateway_cert_paths(config)
ret = []
for path in gateway_cert_paths:
gateway_cert = None
try:
with open(path, "r") as f:
cert_bin = f.read()
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(cert_bin)
except Exception, e:
log.exception(e)
log.error("Failed to load '%s'" % path)
return None
if gateway_cert.volume_id != volume_id:
continue
if gateway_cert.host != hostname:
continue
log.debug("%s on %s" % (gateway_cert.name, hostname))
ret.append(gateway_cert)
def list_volume_coordinators(config, volume_id):
"""
Find all the gateways for a given volume that can coordinate writes
"""
gateway_cert_paths = certs.list_gateway_cert_paths(config)
ret = []
for path in gateway_cert_paths:
gateway_cert = None
try:
with open(path, "r") as f:
cert_bin = f.read()
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(cert_bin)
except Exception, e:
log.exception(e)
log.error("Failed to load '%s'" % path)
return None
if gateway_cert.volume_id != volume_id:
continue
if (gateway_cert.caps & (ms_pb2.ms_gateway_cert.CAP_COORDINATE)) == 0:
continue
log.debug("%s can coordinate" % gateway_cert.name)
ret.append(gateway_cert)
def list_volume_gateways_by_host(config, volume_id, hostname):
"""
Find all gateway certs in a volume with the given hostname.
Only applies to gateways generated by this amd server.
"""
gateway_cert_paths = certs.list_gateway_cert_paths(config)
ret = []
for path in gateway_cert_paths:
gateway_cert = None
try:
with open(path, "r") as f:
cert_bin = f.read()
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(cert_bin)
except Exception, e:
log.exception(e)
log.error("Failed to load '%s'" % path)
return None
if gateway_cert.volume_id != volume_id:
continue
if gateway_cert.host != hostname:
continue
log.debug("%s on %s" % (gateway_cert.name, hostname))
ret.append(gateway_cert)
def gateway_cert_fetch(ms_url, gateway_name_or_id, downloader_path):
"""
Use a helper program to go and fetch a gateway certificate.
Return the cert on success.
Return None on error.
"""
if not os.path.exists(downloader_path):
log.error("'%s' does not exist" % downloader_path)
return None
downloader = subprocess.Popen(
[downloader_path, ms_url, str(gateway_name_or_id)], shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
cert_out, cert_err = downloader.communicate()
downloader.wait()
if len(cert_err.strip()) != 0:
log.error("Gateway cert downloader errors:\n%s" % cert_err)
try:
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(cert_out)
except Exception, e:
log.error("Invalid gateway certificate for %s (from %s)" % (str(gateway_name_or_id), ms_url))
return None
def list_gateways_by_type( config, volume_id, gateway_type_str ):
"""
Find all the gateways for a given volume with a particular type.
The type should be a type alias, like "UG" or "RG" or "AG"
Return the list of gateway certs on success.
Raise on error
"""
gateway_cert_paths = certs.list_gateway_cert_paths( config )
ret = []
type_aliases = object_stub.load_gateway_type_aliases( config )
if type_aliases is None:
raise Exception("Missing gateway type aliases")
gateway_type = type_aliases.get(gateway_type_str, None)
if gateway_type is None:
raise ValueError("Unknown gateway type alias '%s'" % gateway_type_str )
for path in gateway_cert_paths:
gateway_cert = None
try:
with open(path, "r") as f:
cert_bin = f.read()
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString( cert_bin )
except Exception, e:
log.exception(e)
log.error("Failed to load '%s'" % path)
return None
if gateway_cert.volume_id != volume_id:
continue
if gateway_cert.gateway_type != gateway_type:
continue
log.debug("%s is type %s" % (gateway_cert.name, gateway_type))
ret.append( gateway_cert )
def list_gateways_by_type(config, volume_id, gateway_type_str):
"""
Find all the gateways for a given volume with a particular type.
The type should be a type alias, like "UG" or "RG" or "AG"
Return the list of gateway certs on success.
Raise on error
"""
gateway_cert_paths = certs.list_gateway_cert_paths(config)
ret = []
type_aliases = object_stub.load_gateway_type_aliases(config)
if type_aliases is None:
raise Exception("Missing gateway type aliases")
gateway_type = type_aliases.get(gateway_type_str, None)
if gateway_type is None:
raise ValueError("Unknown gateway type alias '%s'" % gateway_type_str)
for path in gateway_cert_paths:
gateway_cert = None
try:
with open(path, "r") as f:
cert_bin = f.read()
gateway_cert = ms_pb2.ms_gateway_cert()
gateway_cert.ParseFromString(cert_bin)
except Exception, e:
log.exception(e)
log.error("Failed to load '%s'" % path)
return None
if gateway_cert.volume_id != volume_id:
continue
if gateway_cert.gateway_type != gateway_type:
continue
log.debug("%s is type %s" % (gateway_cert.name, gateway_type))
ret.append(gateway_cert)
def get_demo_payload(username, password):
"""
Get the demo payload for this user.
Return the payload on success
Return None on error
"""
try:
req = requests.get(SIGNUP_URL + '/provision/{}'.format(username), headers={'authorization': 'bearer {}'.format(SIGNUP_AUTH_SECRET)})
payload = req.json()
except Exception as e:
log.exception(e)
return None
payload_schema = {
'type': 'object',
'properties': {
'user_pkey': {
'type': 'string',
},
'gateway_pkey': {
'type': 'string',
},
'user_cert': {
'type': 'string',
},
'ug_cert': {
'type': 'string',
},
'rg_cert': {
'type': 'string',
},
},
'required': [
'user_pkey',
'gateway_pkey',
'user_cert',
'ug_cert',
'rg_cert'
]
}
try:
jsonschema.validate(payload, payload_schema)
except jsonschema.ValidationError:
log.error("Invalid key data: {}".format(keys))
return None
# decrypt encrypted fields
password = base64.urlsafe_b64encode( base64.b64decode(password) )
for encrypted_field in ['user_pkey', 'gateway_pkey']:
f = Fernet(password)
payload[encrypted_field] = f.decrypt(str(payload[encrypted_field]))
# parse certificates
user_cert = ms_pb2.ms_user_cert()
ug_cert = ms_pb2.ms_gateway_cert()
rg_cert = ms_pb2.ms_gateway_cert()
try:
user_cert.ParseFromString(base64.b64decode(payload['user_cert']))
ug_cert.ParseFromString(base64.b64decode(payload['ug_cert']))
rg_cert.ParseFromString(base64.b64decode(payload['rg_cert']))
payload['user_cert'] = user_cert
payload['ug_cert'] = ug_cert
payload['rg_cert'] = rg_cert
except Exception as e:
log.exception(e)
return None
return payload
def get_demo_payload(username, password):
"""
Get the demo payload for this user.
Return the payload on success
Return None on error
"""
try:
req = requests.get(
SIGNUP_URL + '/provision/{}'.format(username),
headers={'authorization': 'bearer {}'.format(SIGNUP_AUTH_SECRET)})
payload = req.json()
except Exception as e:
log.exception(e)
return None
payload_schema = {
'type':
'object',
'properties': {
'user_pkey': {
'type': 'string',
},
'gateway_pkey': {
'type': 'string',
},
'user_cert': {
'type': 'string',
},
'ug_cert': {
'type': 'string',
},
'rg_cert': {
'type': 'string',
},
},
'required':
['user_pkey', 'gateway_pkey', 'user_cert', 'ug_cert', 'rg_cert']
}
try:
jsonschema.validate(payload, payload_schema)
except jsonschema.ValidationError:
log.error("Invalid key data: {}".format(keys))
return None
# decrypt encrypted fields
password = base64.urlsafe_b64encode(base64.b64decode(password))
for encrypted_field in ['user_pkey', 'gateway_pkey']:
f = Fernet(password)
payload[encrypted_field] = f.decrypt(str(payload[encrypted_field]))
# parse certificates
user_cert = ms_pb2.ms_user_cert()
ug_cert = ms_pb2.ms_gateway_cert()
rg_cert = ms_pb2.ms_gateway_cert()
try:
user_cert.ParseFromString(base64.b64decode(payload['user_cert']))
ug_cert.ParseFromString(base64.b64decode(payload['ug_cert']))
rg_cert.ParseFromString(base64.b64decode(payload['rg_cert']))
payload['user_cert'] = user_cert
payload['ug_cert'] = ug_cert
payload['rg_cert'] = rg_cert
except Exception as e:
log.exception(e)
return None
return payload
