def _execute_query(url, request, query, manifold_api_session_auth):
manifold_api = ManifoldAPI(url, auth=manifold_api_session_auth)
logger.debug("MANIFOLD -> QUERY : {}".format(" ".join(str(query).split())))
result = manifold_api.forward(query.to_dict())
if result['code'] == 2:
# this is gross; at the very least we need to logout()
# but most importantly there is a need to refine that test, since
# code==2 does not necessarily mean an expired session
# XXX only if we know it is the issue
#SessionCache().end_session(request)
# Flush django session
del request.session['manifold']
request.session.flush()
#raise Exception, 'Error running query: {}'.format(result)
if result['code'] == 1:
logger.warning("MANIFOLD : {}".format(result['description']))
# XXX Handle errors
#Error running query: {'origin': [0, 'XMLRPCAPI'], 'code': 2, 'description': 'No such session: No row was found for one()', 'traceback': 'Traceback (most recent call last):\n File "/usr/local/lib/python2.7/dist-packages/manifold/core/xmlrpc_api.py", line 68, in xmlrpc_forward\n user = Auth(auth).check()\n File "/usr/local/lib/python2.7/dist-packages/manifold/auth/__init__.py", line 245, in check\n return self.auth_method.check()\n File "/usr/local/lib/python2.7/dist-packages/manifold/auth/__init__.py", line 95, in check\n raise AuthenticationFailure, "No such session: %s" % e\nAuthenticationFailure: No such session: No row was found for one()\n', 'type': 2, 'ts': None, 'value': None}
return result['value']
def __init__(self,
query=None,
query_all=None,
sync_query=None,
checkboxes=False,
columns=None,
init_key=None,
datatables_options={},
**settings):
Plugin.__init__(self, **settings)
self.query = query
self.query_uuid = query.query_uuid if query else None
# Until we have a proper way to access queries in Python
self.query_all = query_all
self.query_all_uuid = query_all.query_uuid if query_all else None
self.sync_query_uuid = sync_query.query_uuid if sync_query else None
self.checkboxes = checkboxes
# XXX We need to have some hidden columns until we properly handle dynamic queries
if columns is not None:
self.columns = columns
self.hidden_columns = []
elif self.query:
self.columns = list(
['Testbed', 'Virtualization Server', 'VM name', 'Delete'])
#replace production
#self.columns = self.query.fields
if query_all:
#replace production
self.hidden_columns = []
# We need a list because sets are not JSON-serializable
#self.hidden_columns = #list(self.query_all.fields - self.query.fields)
else:
self.hidden_columns = []
else:
self.columns = []
self.hidden_columns = []
self.columns = list(
['Testbed', 'Virtualization Server', 'VM name', 'Delete'])
self.init_key = init_key
self.datatables_options = datatables_options
# if checkboxes were required, we tell datatables about this column's type
# so that sorting can take place on a selected-first basis (or -last of course)
# this relies on the template exposing the checkboxes 'th' with class 'checkbox'
if self.checkboxes:
# we use aoColumnDefs rather than aoColumns -- ignore user-provided aoColumns
if 'aoColumns' in self.datatables_options:
logger.warning(
'WARNING: querytable uses aoColumnDefs, your aoColumns spec. is discarded'
)
del self.datatables_options['aoColumns']
# set aoColumnDefs in datatables_options - might already have stuff in there
aoColumnDefs = self.datatables_options.setdefault(
'aoColumnDefs', [])
# here 'checkbox' is the class that we give to the <th> dom elem
# dom-checkbox is a sorting type that we define in querytable.js
aoColumnDefs.append({
'aTargets': ['checkbox'],
'sSortDataType': 'dom-checkbox'
})
def __init__ (self, query=None, query_all=None,
checkboxes=False, columns=None,
init_key=None,
datatables_options={}, **settings):
Plugin.__init__ (self, **settings)
self.query = query
# Until we have a proper way to access queries in Python
self.query_all = query_all
self.query_all_uuid = query_all.query_uuid if query_all else None
self.checkboxes = checkboxes
# XXX We need to have some hidden columns until we properly handle dynamic queries
if columns is not None:
_columns = columns
_hidden_columns = []
elif self.query:
logger.debug("self.query.fields = {}".format(self.query_all.fields))
# Columns displayed by default
if self.default_fields is not None:
_columns = [field for field in self.default_fields if not field == 'urn']
else:
_columns = [field for field in self.query.fields if not field == 'urn']
if query_all:
# We need a list because sets are not JSON-serializable
if self.default_fields is not None:
logger.debug(self.query_all.fields)
_hidden_columns = list(self.query_all.fields - set(self.default_fields))
else:
_hidden_columns = list(self.query_all.fields - self.query.fields)
_hidden_columns.append('urn')
else:
_hidden_columns = []
else:
_columns = []
_hidden_columns = []
logger.debug("_columns={}".format(_columns))
self.columns = { self.mapping.get(c, c) : c for c in _columns }
self.hidden_columns = { self.mapping.get(c, c) : c for c in _hidden_columns }
logger.debug("self.columns {}".format(self.columns))
logger.debug("self.hidden_columns {}".format(self.hidden_columns))
self.init_key=init_key
self.datatables_options=datatables_options
# if checkboxes were required, we tell datatables about this column's type
# so that sorting can take place on a selected-first basis (or -last of course)
# this relies on the template exposing the checkboxes 'th' with class 'checkbox'
if self.checkboxes:
# we use aoColumnDefs rather than aoColumns -- ignore user-provided aoColumns
if 'aoColumns' in self.datatables_options:
logger.warning('WARNING: querytable uses aoColumnDefs, your aoColumns spec. is discarded')
del self.datatables_options['aoColumns']
# set aoColumnDefs in datatables_options - might already have stuff in there
aoColumnDefs = self.datatables_options.setdefault ('aoColumnDefs',[])
def get_context_data(self, **kwargs):
pi = ""
# We might have slices on different registries with different user accounts
# We note that this portal could be specific to a given registry, to which we register users, but i'm not sure that simplifies things
# Different registries mean different identities, unless we identify via SFA HRN or have associated the user email to a single hrn
#messages.info(self.request, 'You have logged in')
page = Page(self.request)
ctx_my_authorities = {}
ctx_delegation_authorities = {}
ctx_sub_authorities = {}
dest = {}
# The user need to be logged in
if the_user(self.request):
# Who can a PI validate:
# His own authorities + those he has credentials for.
# In MySlice we need to look at credentials also.
# XXX This will have to be asynchroneous. Need to implement barriers,
# for now it will be sufficient to have it working statically
# get user_id to later on query accounts
# XXX Having real query plan on local tables would simplify all this
# XXX $user_email is still not available for local tables
#user_query = Query().get('local:user').filter_by('email', '==', '$user_email').select('user_id')
user_query = Query().get('local:user').filter_by(
'email', '==', the_user(self.request)).select('user_id')
user, = execute_query(self.request, user_query)
user_id = user['user_id']
# Query manifold to learn about available SFA platforms for more information
# In general we will at least have the portal
# For now we are considering all registries
all_authorities = []
platform_ids = []
sfa_platforms_query = Query().get('local:platform').filter_by(
'gateway_type', '==', 'sfa').select('platform_id', 'platform',
'auth_type')
sfa_platforms = execute_query(self.request, sfa_platforms_query)
for sfa_platform in sfa_platforms:
logger.info("SFA PLATFORM > {}".format(
sfa_platform['platform']))
if not 'auth_type' in sfa_platform:
continue
auth = sfa_platform['auth_type']
if not auth in all_authorities:
all_authorities.append(auth)
platform_ids.append(sfa_platform['platform_id'])
logger.warning("W: Hardcoding platform myslice")
# There has been a tweak on how new platforms are referencing a
# so-called 'myslice' platform for storing authentication tokens.
# XXX This has to be removed in final versions.
myslice_platforms_query = Query().get('local:platform').filter_by(
'platform', '==', 'myslice').select('platform_id')
myslice_platforms = execute_query(self.request,
myslice_platforms_query)
if myslice_platforms:
myslice_platform, = myslice_platforms
platform_ids.append(myslice_platform['platform_id'])
# We can check on which the user has authoritity credentials = PI rights
credential_authorities = set()
credential_authorities_expired = set()
# User account on these registries
user_accounts_query = Query.get('local:account').filter_by(
'user_id', '==',
user_id).filter_by('platform_id', 'included',
platform_ids).select('auth_type', 'config')
user_accounts = execute_query(self.request, user_accounts_query)
#print "=" * 80
#print user_accounts
#print "=" * 80
for user_account in user_accounts:
logger.debug("USER ACCOUNT {}".format(user_account))
if user_account['auth_type'] == 'reference':
continue # we hardcoded the myslice platform...
config = json.loads(user_account['config'])
creds = []
logger.debug("CONFIG KEYS {}".format(config.keys()))
if 'authority_credentials' in config:
logger.debug("*** AC {}".format(
config['authority_credentials'].keys()))
for authority_hrn, credential in config[
'authority_credentials'].items():
#if credential is not expired:
credential_authorities.add(authority_hrn)
#else
# credential_authorities_expired.add(authority_hrn)
if 'delegated_authority_credentials' in config:
logger.debug("*** DAC {}".format(
config['delegated_authority_credentials'].keys()))
for authority_hrn, credential in config[
'delegated_authority_credentials'].items():
#if credential is not expired:
credential_authorities.add(authority_hrn)
#else
# credential_authorities_expired.add(authority_hrn)
logger.debug(
'credential_authorities = {}'.format(credential_authorities))
logger.debug('credential_authorities_expired = {}'.format(
credential_authorities_expired))
# # Using cache manifold-tables to get the list of authorities faster
# all_authorities_query = Query.get('authority').select('name', 'authority_hrn')
# all_authorities = execute_query(self.request, all_authorities_query)
# ** Where am I a PI **
# For this we need to ask SFA (of all authorities) = PI function
pi_authorities_query = Query.get('myslice:user').filter_by(
'user_hrn', '==', '$user_hrn').select('pi_authorities')
pi_authorities_tmp = execute_query(self.request,
pi_authorities_query)
pi_authorities = set()
try:
for pa in pi_authorities_tmp:
pi_authorities |= set(pa['pi_authorities'])
except Exception as e:
logger.error('No pi_authorities')
# TODO: exception if no parent_authority
# try:
# for pa in pi_authorities_tmp:
# pi_authorities |= set(pa['pi_authorities'])
# except:
# # include all sub-authorities of the PI
# # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on...
# pi_subauthorities = set()
# for authority in all_authorities:
# authority_hrn = authority['authority_hrn']
# for my_authority in pi_authorities:
# if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities:
# pi_subauthorities.add(authority_hrn)
#print "pi_authorities =", pi_authorities
#print "pi_subauthorities =", pi_subauthorities
# My authorities + I have a credential
pi_credential_authorities = pi_authorities & credential_authorities
pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired
pi_expired_credential_authorities = pi_authorities & credential_authorities_expired
# Authorities I've been delegated PI rights
pi_delegation_credential_authorities = credential_authorities - pi_authorities
pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities
#print "pi_credential_authorities =", pi_credential_authorities
#print "pi_no_credential_authorities =", pi_no_credential_authorities
#print "pi_expired_credential_authorities =", pi_expired_credential_authorities
#print "pi_delegation_credential_authorities = ", pi_delegation_credential_authorities
#print "pi_delegation_expired_authorities = ", pi_delegation_expired_authorities
# Summary intermediary
pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities
pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities
#print "--"
#print "pi_my_authorities = ", pi_my_authorities
#print "pi_delegation_authorities = ", pi_delegation_authorities
#print "pi_subauthorities = ", pi_subauthorities
# Summary all
queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities
#print "----"
#print "queried_pending_authorities = ", queried_pending_authorities
# iterate on the requests and check if the authority matches a prefix startswith an authority on which the user is PI
requests = get_requests()
# requests = get_requests(queried_pending_authorities)
for request in requests:
auth_hrn = request['authority_hrn']
for my_auth in pi_my_authorities:
if auth_hrn.startswith(my_auth):
dest = ctx_my_authorities
request['allowed'] = 'allowed'
for my_auth in pi_delegation_authorities:
if auth_hrn.startswith(my_auth):
dest = ctx_delegation_authorities
request['allowed'] = 'allowed'
if auth_hrn in pi_expired_credential_authorities:
request['allowed'] = 'expired'
if 'allowed' not in request:
request['allowed'] = 'denied'
#print "authority for this request", auth_hrn
# if auth_hrn in pi_my_authorities:
# dest = ctx_my_authorities
#
# # define the css class
# if auth_hrn in pi_credential_authorities:
# request['allowed'] = 'allowed'
# elif auth_hrn in pi_expired_credential_authorities:
# request['allowed'] = 'expired'
# else: # pi_no_credential_authorities
# request['allowed'] = 'denied'
#
# elif auth_hrn in pi_delegation_authorities:
# dest = ctx_delegation_authorities
#
# if auth_hrn in pi_delegation_credential_authorities:
# request['allowed'] = 'allowed'
# else: # pi_delegation_expired_authorities
# request['allowed'] = 'expired'
#
# elif auth_hrn in pi_subauthorities:
# dest = ctx_sub_authorities
#
# if auth_hrn in pi_subauthorities:
# request['allowed'] = 'allowed'
# else: # pi_delegation_expired_authorities
# request['allowed'] = 'denied'
#
# else:
# continue
if not auth_hrn in dest:
dest[auth_hrn] = []
dest[auth_hrn].append(request)
context = super(ValidatePendingView, self).get_context_data(**kwargs)
logger.debug("testing")
logger.debug(ctx_my_authorities)
context['my_authorities'] = ctx_my_authorities
context['sub_authorities'] = ctx_sub_authorities
context['delegation_authorities'] = ctx_delegation_authorities
# XXX This is repeated in all pages
# more general variables expected in the template
context['title'] = 'Test view that combines various plugins'
# the menu items on the top
context['topmenu_items'] = topmenu_items_live('Validation', page)
# so we can sho who is logged
context['username'] = the_user(self.request)
context['pi'] = "is_pi"
context['theme'] = self.theme
context['section'] = "Requests"
# XXX We need to prepare the page for queries
#context.update(page.prelude_env())
return context
def topmenu_items(current, request):
logger.warning(
"WARNING -- please now use topmenu_items_live (label, page) toplevel_items is deprecated -- WARNING"
)
return topmenu_items_static(current, request)
def get_context_data(self, **kwargs):
ctx_my_authorities = {}
ctx_delegation_authorities = {}
ctx_sub_authorities = {}
dest = {}
# The user need to be logged in
if (self.request.user):
user_query = Query().get('local:user').filter_by(
'email', '==', self.request.user.email).select('user_id')
user, = execute_query(self.request, user_query)
user_id = user['user_id']
# Query manifold to learn about available SFA platforms for more information
# In general we will at least have the portal
# For now we are considering all registries
all_authorities = []
platform_ids = []
sfa_platforms_query = Query().get('local:platform').filter_by(
'gateway_type', '==', 'sfa').select('platform_id', 'platform',
'auth_type')
sfa_platforms = execute_query(self.request, sfa_platforms_query)
for sfa_platform in sfa_platforms:
logger.info("SFA PLATFORM > {}".format(
sfa_platform['platform']))
if not 'auth_type' in sfa_platform:
continue
auth = sfa_platform['auth_type']
if not auth in all_authorities:
all_authorities.append(auth)
platform_ids.append(sfa_platform['platform_id'])
logger.warning("W: Hardcoding platform myslice")
# There has been a tweak on how new platforms are referencing a
# so-called 'myslice' platform for storing authentication tokens.
# XXX This has to be removed in final versions.
myslice_platforms_query = Query().get('local:platform').filter_by(
'platform', '==', 'myslice').select('platform_id')
myslice_platforms = execute_query(self.request,
myslice_platforms_query)
if myslice_platforms:
myslice_platform, = myslice_platforms
platform_ids.append(myslice_platform['platform_id'])
# We can check on which the user has authoritity credentials = PI rights
credential_authorities = set()
credential_authorities_expired = set()
# User account on these registries
user_accounts_query = Query.get('local:account').filter_by(
'user_id', '==',
user_id).filter_by('platform_id', 'included',
platform_ids).select('auth_type', 'config')
user_accounts = execute_query(self.request, user_accounts_query)
for user_account in user_accounts:
if user_account['auth_type'] == 'reference':
continue # we hardcoded the myslice platform...
config = json.loads(user_account['config'])
creds = []
if 'authority_credentials' in config:
for authority_hrn, credential in config[
'authority_credentials'].items():
credential_authorities.add(authority_hrn)
if 'delegated_authority_credentials' in config:
for authority_hrn, credential in config[
'delegated_authority_credentials'].items():
credential_authorities.add(authority_hrn)
# CACHE PB with fields
page = Page(self.request)
metadata = page.get_metadata()
user_md = metadata.details_by_object('user')
user_fields = [column['name'] for column in user_md['column']]
# ** Where am I a PI **
# For this we need to ask SFA (of all authorities) = PI function
pi_authorities_query = Query.get('myslice:user').filter_by(
'user_hrn', '==', '$user_hrn').select(user_fields)
pi_authorities_tmp = execute_query(self.request,
pi_authorities_query)
pi_authorities = set()
try:
for pa in pi_authorities_tmp:
pi_authorities |= set(pa['pi_authorities'])
except Exception as e:
logger.error('No pi_authorities')
pi_credential_authorities = pi_authorities & credential_authorities
pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired
pi_expired_credential_authorities = pi_authorities & credential_authorities_expired
# Authorities I've been delegated PI rights
pi_delegation_credential_authorities = credential_authorities - pi_authorities
pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities
# Summary intermediary
pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities
pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities
# Summary all
queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities
# iterate on the requests and check if the authority matches a prefix
# startswith an authority on which the user is PI
if len(pi_my_authorities) > 0:
requests = get_requests(pi_my_authorities)
else:
requests = get_requests()
for r in requests:
auth_hrn = r['authority_hrn']
for my_auth in pi_my_authorities:
if auth_hrn.startswith(my_auth):
dest = ctx_my_authorities
r['allowed'] = 'allowed'
#for my_auth in pi_delegation_authorities:
# if auth_hrn.startswith(my_auth):
# dest = ctx_delegation_authorities
# r['allowed'] = 'allowed'
if auth_hrn in pi_expired_credential_authorities:
r['allowed'] = 'expired'
if 'allowed' not in r:
## TEMP FIX for allowing new authority registration
#r['allowed'] = 'denied'
r['allowed'] = 'allowed'
if not auth_hrn in dest:
dest[auth_hrn] = []
dest[auth_hrn].append(r)
# env = {}
# env['my_authorities'] = ctx_my_authorities
# env['sub_authorities'] = ctx_sub_authorities
# env['delegation_authorities'] = ctx_delegation_authorities
#
# # XXX This is repeated in all pages
# # more general variables expected in the template
# # the menu items on the top
# #env['topmenu_items'] = topmenu_items_live('Validation', page)
# # so we can sho who is logged
# env['username'] = request.user
# env['pi'] = "is_pi"
# env['theme'] = self.theme
# env['section'] = "Requests"
context = super(ManagementRequestsView,
self).get_context_data(**kwargs)
context['my_authorities'] = ctx_my_authorities
context['sub_authorities'] = ctx_sub_authorities
context['delegation_authorities'] = ctx_delegation_authorities
# XXX This is repeated in all pages
# more general variables expected in the template
context['title'] = 'Test view that combines various plugins'
# the menu items on the top
#context['topmenu_items'] = topmenu_items_live('Validation', page)
# so we can sho who is logged
context['username'] = self.request.user
context['pi'] = "is_pi"
context['theme'] = self.theme
context['section'] = "Requests"
# XXX We need to prepare the page for queries
#context.update(page.prelude_env())
return context