def run(args): """This function return the status and service info Args: args (dict): Dictionary containing challenge information Returns: dict: containing information about the service """ try: challenge = args["challenge"] fingerprint = args["fingerprint"] except: challenge = None response = None if challenge: service = get_this_service(need_private_access=True) service.assert_unlocked() key = service.get_key(fingerprint) response = key.decrypt(string_to_bytes(challenge)) else: service = get_this_service(need_private_access=False) return_value = {"service_info": service.to_data()} if response is not None: return_value["response"] = response return return_value
def run(args): service = get_this_service(need_private_access=True) return_value = {} return_value["service"] = service.to_data() return return_value
def run(args): """This function allows a user to register an account with a username and password Args: args (dict): containing the requested username and password Returns: dict: containing the provisioning URI """ username = args["username"] password = args["password"] service = get_this_service(need_private_access=False) issuer = "%s@%s" % (service.service_type(), service.hostname()) (user_uid, otp) = UserAccount.create(username=username, password=password) provisioning_uri = otp.provisioning_uri(username=username, issuer=issuer) return_value = {} return_value["user_uid"] = user_uid return_value["provisioning_uri"] = provisioning_uri return return_value
def run(args): """Call this function to register a new service with this registry""" service = Service.from_data(args["service"]) challenge = string_to_bytes(args["challenge"]) fingerprint = args["fingerprint"] try: force_new_uid = args["force_new_uid"] except: force_new_uid = False if force_new_uid: force_new_uid = True # respond to the challenge from the service to be registered this_service = get_this_service(need_private_access=True) key = this_service.get_key(fingerprint) response = key.decrypt(challenge) # ok - we can respond to its challenge, so now challenge # it, and if it passes, register the service registry = Registry() service_uid = registry.register_service(service=service, force_new_uid=force_new_uid) return {"service_uid": service_uid, "response": response}
def process(args): """ Take a PAR from an uploaded file and process the data Args: args (dict): Dictionary of JSON serialised objects to be used by processing functions Returns: dict: Dictionary of results of processing """ data_type = args["data_type"] data_par = PAR.from_data(args["par"]["data"]) data_secret = args["par_secret"]["data"] auth = args["authorisation"] authorisation = Authorisation.from_data(auth) # Verify that this process had authorisation to be called authorisation.verify("process") hugs = get_this_service(need_private_access=True) data_secret = hugs.decrypt_data(data_secret) data_filename = data_par.resolve(secret=data_secret) # Here we're downloading the data to the tmp directory # Be good if we could load it directly from the object store data_file = data_filename.download(dir="/tmp") if data_type == "GC": precision_par = PAR.from_data(args["par"]["precision"]) precision_secret = args["par_secret"]["precision"] precision_secret = hugs.decrypt_data(precision_secret) precision_filename = precision_par.resolve(precision_secret) precision_file = precision_filename.download(dir="/tmp") site = args["site"] instrument = args["instrument"] data_file = data_file, precision_file else: site = None instrument = None if "overwrite" in args: overwrite = args["overwrite"] else: overwrite = False source_name = args["source_name"] results = process_data( data_file=data_file, source_name=source_name, data_type=data_type, site=site, instrument_name=instrument, overwrite=overwrite, ) return {"results": results}
def run(args): """This function completely resets a service and deletes all data. This resets back to the original state. Obviously you should be really sure you want to do this! """ try: authorisation = Authorisation.from_data(args["authorisation"]) except: raise PermissionError("Only an authorised admin can reset the service") service = get_this_service(need_private_access=True) service.assert_admin_authorised(authorisation, "reset %s" % service.uid()) bucket = get_service_account_bucket() ObjectStore.delete_all_objects(bucket)
def job_runner(args): """ Service function that gets called by the Client job_runner Args: dict: Dictionary of variables used in setting up and running job Returns: dict: Dictionary of data detailing job run status such as stdout, stderr output """ auth = args["authorisation"] authorisation = Authorisation.from_data(auth) # Verify that this process had authorisation to be called authorisation.verify("job_runner") hugs = get_this_service(need_private_access=True) job_data = args["requirements"] # # Pass the PAR through to allow use in the control script job_data["par"] = args["par"] # Pass the decrypted PAR secret here as we're on the server already job_data["par_secret"] = hugs.decrypt_data(args["par_secret"]) hostname = job_data["hostname"] username = job_data["username"] # Have we used this server before? try: known_host = job_data["known_host"] except KeyError: known_host = False # Decrypt the password we use to access the private key password = hugs.decrypt_data(args["key_password"]) results = run_job( username=username, hostname=hostname, password=password, job_data=job_data, known_host=known_host, ) return results
def test_service(service_url, aaai_services): # get the public service from the default API frontend privkey = get_private_key("testing") response = call_function(service_url, response_key=privkey) service = Service.from_data(response["service_info"]) # also read the service from the object store directly push_testing_objstore(aaai_services["_services"][service_url]) push_is_running_service() private_service = get_this_service(need_private_access=True) pop_is_running_service() pop_testing_objstore() # create some test data that contain unicode characters for # testing encryption, signing and both encryption and signing data = {"hello": "'å∫ç∂ƒ©˙˚'", "key": privkey.public_key().to_data()} encrypted = service.encrypt_data(data) decrypted = private_service.decrypt_data(encrypted) assert(data == decrypted) signed = private_service.sign_data(data) verified = service.verify_data(signed) assert(data == verified) enc_sign = service.encrypt_data(private_service.sign_data(data)) dec_ver = service.verify_data(private_service.decrypt_data(enc_sign)) assert(data == dec_ver) service.call_function("admin/test") admin_user = aaai_services[service_url]["user"] auth = Authorisation(user=admin_user, resource="dump_keys %s" % service.uid()) service.call_function( function="dump_keys", args={"authorisation": auth.to_data()})
def run(args): """Call this function to force the service to regenerate its keys Args: args (dict): contains authorisaton details for key refresh """ try: authorisation = Authorisation.from_data(args["authorisation"]) except: raise PermissionError("Only an authorised admin can dump the keys") service = get_this_service(need_private_access=True) service.assert_admin_authorised(authorisation, "refresh_keys %s" % service.uid()) service = refresh_service_keys_and_certs(service=service, force_refresh=True) return_value = {} return_value["service_info"] = service.to_data() return return_value
def run(args): """Call this function to trust the passed accounting service, specifically to trust that we can move money using that service. Args: args(dict): containing data on the service we want to trust Returns: dict: containing status, status message and passed in args """ service_url = args["service_url"] authorisation = Authorisation.from_data(args["authorisation"]) accounting_service = get_trusted_service(service_url=service_url) if not accounting_service.is_accounting_service(): raise ServiceAccountError( "%s is not an accounting service, so should not be " "trusted as one" % str(accounting_service)) service = get_this_service(need_private_access=True) service.assert_admin_authorised( authorisation, "trust_accounting_service %s" % accounting_service.uid()) url = accounting_service.canonical_url() create_service_user_account(service=service, accounting_service_url=url) return_value = {} return_value["args"] = args return return_value
def run(args): """This function is called by the user to log in and validate that a session is authorised to connect Args: args (dict): contains identifying information about the user, short_UID, username, password and OTP code Returns: dict: contains a URI and a UID for this login """ short_uid = args["short_uid"] packed_credentials = args["credentials"] try: user_uid = args["user_uid"] except: user_uid = None try: remember_device = args["remember_device"] if remember_device: remember_device = True else: remember_device = False except: remember_device = False # get the session referred to by the short_uid sessions = LoginSession.load(short_uid=short_uid, status="pending") if isinstance(sessions, LoginSession): # we have many sessions to test... sessions = [sessions] result = None login_session = None last_error = None credentials = None for session in sessions: try: if credentials is None: credentials = Credentials.from_data( data=packed_credentials, username=session.username(), short_uid=short_uid) else: credentials.assert_matching_username(session.username()) result = UserAccount.login(credentials=credentials, user_uid=user_uid, remember_device=remember_device) login_session = session # success! break except Exception as e: last_error = e if result is None or login_session is None: # no valid logins raise last_error # we've successfully logged in login_session.set_approved(user_uid=result["user"].uid(), device_uid=result["device_uid"]) return_value = {} return_value["user_uid"] = login_session.user_uid() if remember_device: try: service = get_this_service(need_private_access=False) hostname = service.hostname() if hostname is None: hostname = "acquire" issuer = "%s@%s" % (service.service_type(), hostname) username = result["user"].name() device_uid = result["device_uid"] otp = result["otp"] provisioning_uri = otp.provisioning_uri(username=username, issuer=issuer) return_value["provisioning_uri"] = provisioning_uri return_value["otpsecret"] = otp.secret() return_value["device_uid"] = device_uid except: pass return return_value