def run(args):
"""This function return the status and service info
Args:
args (dict): Dictionary containing challenge information
Returns:
dict: containing information about the service
"""
try:
challenge = args["challenge"]
fingerprint = args["fingerprint"]
except:
challenge = None
response = None
if challenge:
service = get_this_service(need_private_access=True)
service.assert_unlocked()
key = service.get_key(fingerprint)
response = key.decrypt(string_to_bytes(challenge))
else:
service = get_this_service(need_private_access=False)
return_value = {"service_info": service.to_data()}
if response is not None:
return_value["response"] = response
return return_value
def run(args):
service = get_this_service(need_private_access=True)
return_value = {}
return_value["service"] = service.to_data()
return return_value
def run(args):
"""This function allows a user to register an account with a
username and password
Args:
args (dict): containing the requested username and password
Returns:
dict: containing the provisioning URI
"""
username = args["username"]
password = args["password"]
service = get_this_service(need_private_access=False)
issuer = "%s@%s" % (service.service_type(), service.hostname())
(user_uid, otp) = UserAccount.create(username=username,
password=password)
provisioning_uri = otp.provisioning_uri(username=username, issuer=issuer)
return_value = {}
return_value["user_uid"] = user_uid
return_value["provisioning_uri"] = provisioning_uri
return return_value
def run(args):
"""Call this function to register a new service with this registry"""
service = Service.from_data(args["service"])
challenge = string_to_bytes(args["challenge"])
fingerprint = args["fingerprint"]
try:
force_new_uid = args["force_new_uid"]
except:
force_new_uid = False
if force_new_uid:
force_new_uid = True
# respond to the challenge from the service to be registered
this_service = get_this_service(need_private_access=True)
key = this_service.get_key(fingerprint)
response = key.decrypt(challenge)
# ok - we can respond to its challenge, so now challenge
# it, and if it passes, register the service
registry = Registry()
service_uid = registry.register_service(service=service,
force_new_uid=force_new_uid)
return {"service_uid": service_uid,
"response": response}
def process(args):
""" Take a PAR from an uploaded file and process the data
Args:
args (dict): Dictionary of JSON serialised objects to be
used by processing functions
Returns:
dict: Dictionary of results of processing
"""
data_type = args["data_type"]
data_par = PAR.from_data(args["par"]["data"])
data_secret = args["par_secret"]["data"]
auth = args["authorisation"]
authorisation = Authorisation.from_data(auth)
# Verify that this process had authorisation to be called
authorisation.verify("process")
hugs = get_this_service(need_private_access=True)
data_secret = hugs.decrypt_data(data_secret)
data_filename = data_par.resolve(secret=data_secret)
# Here we're downloading the data to the tmp directory
# Be good if we could load it directly from the object store
data_file = data_filename.download(dir="/tmp")
if data_type == "GC":
precision_par = PAR.from_data(args["par"]["precision"])
precision_secret = args["par_secret"]["precision"]
precision_secret = hugs.decrypt_data(precision_secret)
precision_filename = precision_par.resolve(precision_secret)
precision_file = precision_filename.download(dir="/tmp")
site = args["site"]
instrument = args["instrument"]
data_file = data_file, precision_file
else:
site = None
instrument = None
if "overwrite" in args:
overwrite = args["overwrite"]
else:
overwrite = False
source_name = args["source_name"]
results = process_data(
data_file=data_file,
source_name=source_name,
data_type=data_type,
site=site,
instrument_name=instrument,
overwrite=overwrite,
)
return {"results": results}
def run(args):
"""This function completely resets a service and deletes
all data. This resets back to the original state.
Obviously you should be really sure you want to do this!
"""
try:
authorisation = Authorisation.from_data(args["authorisation"])
except:
raise PermissionError("Only an authorised admin can reset the service")
service = get_this_service(need_private_access=True)
service.assert_admin_authorised(authorisation, "reset %s" % service.uid())
bucket = get_service_account_bucket()
ObjectStore.delete_all_objects(bucket)
def job_runner(args):
""" Service function that gets called by the Client job_runner
Args:
dict: Dictionary of variables used in setting up and running job
Returns:
dict: Dictionary of data detailing job run status such as stdout, stderr output
"""
auth = args["authorisation"]
authorisation = Authorisation.from_data(auth)
# Verify that this process had authorisation to be called
authorisation.verify("job_runner")
hugs = get_this_service(need_private_access=True)
job_data = args["requirements"]
# # Pass the PAR through to allow use in the control script
job_data["par"] = args["par"]
# Pass the decrypted PAR secret here as we're on the server already
job_data["par_secret"] = hugs.decrypt_data(args["par_secret"])
hostname = job_data["hostname"]
username = job_data["username"]
# Have we used this server before?
try:
known_host = job_data["known_host"]
except KeyError:
known_host = False
# Decrypt the password we use to access the private key
password = hugs.decrypt_data(args["key_password"])
results = run_job(
username=username,
hostname=hostname,
password=password,
job_data=job_data,
known_host=known_host,
)
return results
def test_service(service_url, aaai_services):
# get the public service from the default API frontend
privkey = get_private_key("testing")
response = call_function(service_url, response_key=privkey)
service = Service.from_data(response["service_info"])
# also read the service from the object store directly
push_testing_objstore(aaai_services["_services"][service_url])
push_is_running_service()
private_service = get_this_service(need_private_access=True)
pop_is_running_service()
pop_testing_objstore()
# create some test data that contain unicode characters for
# testing encryption, signing and both encryption and signing
data = {"hello": "'å∫ç∂ƒ©˙˚'", "key": privkey.public_key().to_data()}
encrypted = service.encrypt_data(data)
decrypted = private_service.decrypt_data(encrypted)
assert(data == decrypted)
signed = private_service.sign_data(data)
verified = service.verify_data(signed)
assert(data == verified)
enc_sign = service.encrypt_data(private_service.sign_data(data))
dec_ver = service.verify_data(private_service.decrypt_data(enc_sign))
assert(data == dec_ver)
service.call_function("admin/test")
admin_user = aaai_services[service_url]["user"]
auth = Authorisation(user=admin_user,
resource="dump_keys %s" % service.uid())
service.call_function(
function="dump_keys", args={"authorisation": auth.to_data()})
def run(args):
"""Call this function to force the service to regenerate its keys
Args:
args (dict): contains authorisaton details for key refresh
"""
try:
authorisation = Authorisation.from_data(args["authorisation"])
except:
raise PermissionError("Only an authorised admin can dump the keys")
service = get_this_service(need_private_access=True)
service.assert_admin_authorised(authorisation,
"refresh_keys %s" % service.uid())
service = refresh_service_keys_and_certs(service=service,
force_refresh=True)
return_value = {}
return_value["service_info"] = service.to_data()
return return_value
def run(args):
"""Call this function to trust the passed accounting service,
specifically to trust that we can move money using that service.
Args:
args(dict): containing data on the service we want
to trust
Returns:
dict: containing status, status message and passed in args
"""
service_url = args["service_url"]
authorisation = Authorisation.from_data(args["authorisation"])
accounting_service = get_trusted_service(service_url=service_url)
if not accounting_service.is_accounting_service():
raise ServiceAccountError(
"%s is not an accounting service, so should not be "
"trusted as one" % str(accounting_service))
service = get_this_service(need_private_access=True)
service.assert_admin_authorised(
authorisation,
"trust_accounting_service %s" % accounting_service.uid())
url = accounting_service.canonical_url()
create_service_user_account(service=service, accounting_service_url=url)
return_value = {}
return_value["args"] = args
return return_value
def run(args):
"""This function is called by the user to log in and validate
that a session is authorised to connect
Args:
args (dict): contains identifying information about the user,
short_UID, username, password and OTP code
Returns:
dict: contains a URI and a UID for this login
"""
short_uid = args["short_uid"]
packed_credentials = args["credentials"]
try:
user_uid = args["user_uid"]
except:
user_uid = None
try:
remember_device = args["remember_device"]
if remember_device:
remember_device = True
else:
remember_device = False
except:
remember_device = False
# get the session referred to by the short_uid
sessions = LoginSession.load(short_uid=short_uid, status="pending")
if isinstance(sessions, LoginSession):
# we have many sessions to test...
sessions = [sessions]
result = None
login_session = None
last_error = None
credentials = None
for session in sessions:
try:
if credentials is None:
credentials = Credentials.from_data(
data=packed_credentials,
username=session.username(),
short_uid=short_uid)
else:
credentials.assert_matching_username(session.username())
result = UserAccount.login(credentials=credentials,
user_uid=user_uid,
remember_device=remember_device)
login_session = session
# success!
break
except Exception as e:
last_error = e
if result is None or login_session is None:
# no valid logins
raise last_error
# we've successfully logged in
login_session.set_approved(user_uid=result["user"].uid(),
device_uid=result["device_uid"])
return_value = {}
return_value["user_uid"] = login_session.user_uid()
if remember_device:
try:
service = get_this_service(need_private_access=False)
hostname = service.hostname()
if hostname is None:
hostname = "acquire"
issuer = "%s@%s" % (service.service_type(), hostname)
username = result["user"].name()
device_uid = result["device_uid"]
otp = result["otp"]
provisioning_uri = otp.provisioning_uri(username=username,
issuer=issuer)
return_value["provisioning_uri"] = provisioning_uri
return_value["otpsecret"] = otp.secret()
return_value["device_uid"] = device_uid
except:
pass
return return_value
