first rough version of a complete sfi myslice
Thierry Parmentelat [Wed, 22 May 2013 18:35:30 +0000 (20:35 +0200)]
not thoroughly tested yet, as none of my v2 APIs seem to respond for now

Conflicts:
sfa/client/manifolduploader.py

sfa/client/manifolduploader.py [new file with mode: 0755]
sfa/client/sfi.py
sfa/util/sfalogging.py

diff --git a/sfa/client/manifolduploader.py b/sfa/client/manifolduploader.py
new file mode 100755 (executable)
index 0000000..9df009a
--- /dev/null
@@ -0,0 +1,148 @@
+#!/usr/bin/env python
+#
+# inspired from tophat/bin/uploadcredential.py
+#
+# the purpose here is to let people upload their delegated credentials
+# to a manifold/myslice infrastructure, without the need for having to
+# install a separate tool; so duplicating this code is suboptimal in
+# terms of code sharing but acceptable for hopefully easier use
+#
+# As of April 2013, manifold is moving from old-fashioned API known as
+# v1, that offers an AddCredential API call, towards a new API v2 that
+# manages credentials with the same set of Get/Update calls as other
+# objects
+# 
+# Since this code targets the future we favour v2, however in case
+# this won't work the v1 way is attempted too
+#
+
+## this for now points at demo.myslice.info, but sounds like a
+## better default for the long run
+DEFAULT_URL = "http://myslice.onelab.eu:7080"
+DEFAULT_PLATFORM = 'ple'
+
+import xmlrpclib
+import getpass
+
+class ManifoldUploader:
+    """A utility class for uploading delegated credentials to a manifold/MySlice infrastructure"""
+
+    # platform is a name internal to the manifold deployment, 
+    # that maps to a testbed, like e.g. 'ple'
+    def __init__ (self, logger, url=None, platform=None, username=None, password=None, ):
+        self._url=url
+        self._platform=platform
+        self._username=username
+        self._password=password
+        self.logger=logger
+
+    def username (self):
+        if not self._username: 
+            self._username=raw_input("Enter your manifold username: ")
+        return self._username            
+
+    def password (self):
+        if not self._password: 
+            username=self.username()
+            self._password=getpass.getpass("Enter password for manifold user %s: "%username)
+        return self._password            
+
+    def platform (self):
+        if not self._platform: 
+            self._platform=raw_input("Enter your manifold platform [%s]: "%DEFAULT_PLATFORM)
+            if self._platform.strip()=="": self._platform = DEFAULT_PLATFORM
+        return self._platform            
+
+    def url (self):
+        if not self._url: 
+            self._url=raw_input("Enter the URL for your manifold API [%s]: "%DEFAULT_URL)
+            if self._url.strip()=="": self._url = DEFAULT_URL
+        return self._url            
+
+    # does the job for one credential
+    # expects the credential (string) and an optional message for reporting
+    # return True upon success and False otherwise
+    def upload (self, delegated_credential, message=None):
+        url=self.url()
+        platform=self.platform()
+        username=self.username()
+        password=self.password()
+        auth = {'AuthMethod': 'password', 'Username': username, 'AuthString': password}
+        if not message: message=""
+
+        try:
+            self.logger.debug("Connecting manifold url %s"%url)
+            manifold = xmlrpclib.Server(url, allow_none = 1)
+            # the code for a V2 interface
+            query= { 'action':       'update',
+                     'fact_table':   'local:account',
+                     'filters':      [ ['platform', '=', platform] ] ,
+                     'params':       {'credential': delegated_credential, },
+                     }
+            try:
+                self.logger.debug("Trying v2 method Update %s"%message)
+                retcod2=manifold.Update (auth, query)
+            except Exception,e:
+                # xxx we need a constant constant for UNKNOWN, how about using 1
+                MANIFOLD_UNKNOWN=1
+                retcod2={'code':MANIFOLD_UNKNOWN,'output':"%s"%e}
+            if retcod2['code']==0:
+                info=""
+                if message: info += message+" "
+                info += 'v2 upload OK'
+                self.logger.info(info)
+                return True
+            #print delegated_credential, "upload failed,",retcod['output'], \
+            #    "with code",retcod['code']
+            # the code for V1
+            try:
+                self.logger.debug("Trying v1 method AddCredential %s"%message)
+                retcod1=manifold.AddCredential(auth, delegated_credential, platform)
+            except Exception,e:
+                retcod1=e
+            if retcod1==1:
+                info=""
+                if message: info += message+" "
+                info += 'v1 upload OK'
+                self.logger.info(message)
+                return True
+            # everything has failed, let's report
+            if message: self.logger.error("Could not upload %s"%message)
+            else: self.logger.error("Could not upload credential")
+            self.logger.info("  V2 Update returned code %s and error %s"%(retcod2['code'],retcod2['output']))
+            self.logger.info("  V1 AddCredential returned code %s (expected 1)"%retcod1)
+            return False
+        except Exception, e:
+            if message: self.logger.error("Could not upload %s %s"%(message,e))
+            else:        self.logger.error("Could not upload credential %s"%e)
+            if self.logger.debugEnabled():
+                import traceback
+                traceback.print_exc()
+
+### this is mainly for unit testing this class but can come in handy as well
+def main ():
+    from argparse import ArgumentParser
+    parser = ArgumentParser (description="manifoldupoader simple tester.")
+    parser.add_argument ('credential_files',metavar='FILE',type=str,nargs='+',
+                         help="the filenames to upload")
+    parser.add_argument ('-u','--url',dest='url', action='store',default=None,
+                         help='the URL of the manifold API')
+    parser.add_argument ('-p','--platform',dest='platform',action='store',default=None,
+                         help='the manifold platform name')
+    parser.add_argument ('-U','--user',dest='username',action='store',default=None,
+                         help='the manifold username')
+    parser.add_argument ('-P','--password',dest='password',action='store',default=None,
+                         help='the manifold password')
+    args = parser.parse_args ()
+    
+    from sfa.util.sfalogging import sfi_logger
+    uploader = ManifoldUploader (url=args.url, platform=args.platform,
+                                 username=args.username, password=args.password,
+                                 logger=sfi_logger)
+    for filename in args.credential_files:
+        with file(filename) as f:
+            result=uploader.upload (f.read(),filename)
+            sfi_logger.info('... result=%s'%result)
+
+if __name__ == '__main__':
+    main()
index 0e8b8e1..1639871 100644 (file)
@@ -282,9 +282,11 @@ class Sfi:
         self.authority = None
         self.logger = sfi_logger
         self.logger.enable_console()
+        ### various auxiliary material that we keep at hand 
         self.command=None
         self.config=None
         self.config_file=None
+        self.client_bootstrap=None
 
     ### suitable if no reasonable command has been provided
     def print_commands_help (self, options):
@@ -421,7 +423,7 @@ class Sfi:
                              metavar="slice_hrn", help="delegate cred. for slice HRN")
            parser.add_option("-a", "--auths", dest='delegate_auths',action='append',default=[],
                              metavar='auth_hrn', help="delegate cred for auth HRN")
-           # this primarily is a shorthand for -a my_hrn^
+           # this primarily is a shorthand for -a my_hrn
            parser.add_option("-p", "--pi", dest='delegate_pi', default=None, action='store_true',
                              help="delegate your PI credentials, so s.t. like -a your_hrn^")
            parser.add_option("-A","--to-authority",dest='delegate_to_authority',action='store_true',default=False,
@@ -1390,7 +1392,7 @@ use this if you mean an authority instead""")
         self.logger.info("writing %s gid to %s" % (target_hrn, filename))
         GID(string=gid).save_to_file(filename)
          
-
+    ####################
     @register_command("to_hrn","""$ sfi delegate -u -p -s ple.inria.heartbeat -s ple.inria.omftest ple.upmc.slicebrowser
 
   will locally create a set of delegated credentials for the benefit of ple.upmc.slicebrowser
@@ -1455,21 +1457,26 @@ use this if you mean an authority instead""")
     ####################
     @register_command("","""$ less +/myslice sfi_config
 [myslice]
-backend  = 'http://manifold.pl.sophia.inria.fr:7080'
+backend  = http://manifold.pl.sophia.inria.fr:7080
 # the HRN that myslice uses, so that we are delegating to
-delegate = 'ple.upmc.slicebrowser'
+delegate = ple.upmc.slicebrowser
 # platform - this is a myslice concept
-platform = 'ple'
+platform = ple
 # username - as of this writing (May 2013) a simple login name
-user     = 'thierry'
+username = thierry
 
 $ sfi myslice
-
   will first collect the slices that you are part of, then make sure
   all your credentials are up-to-date (read: refresh expired ones)
   then compute delegated credentials for user 'ple.upmc.slicebrowser'
   and upload them all on myslice backend, using 'platform' and 'user'.
   A password will be prompted for the upload part.
+
+$ sfi -v myslice  -- or sfi -vv myslice
+  same but with more and more verbosity
+
+$ sfi m
+  is synonym to sfi myslice as no other command starts with an 'm'
 """
 ) # register_command
     def myslice (self, options, args):
@@ -1485,10 +1492,68 @@ $ sfi myslice
         if len(args)>0:
             self.print_help()
             sys.exit(1)
-        # ManifoldUploader
-        pass
 
-# Thierry: I'm turning this off, no idea what it's used for
+        ### the rough sketch goes like this
+        # (a) rain check for sufficient config in sfi_config
+        # we don't allow to override these settings for now
+        myslice_dict={}
+        myslice_keys=['backend', 'delegate', 'platform', 'username']
+        for key in myslice_keys:
+            full_key="MYSLICE_" + key.upper()
+            value=getattr(self.config,full_key,None)
+            if value:   myslice_dict[key]=value
+            else:       print "Unsufficient config, missing key %s in [myslice] section of sfi_config"%key
+        if len(myslice_dict) != len(myslice_keys):
+            sys.exit(1)
+
+        # (b) figure whether we are PI for the authority where we belong
+        sfi_logger.info("Resolving our own id")
+        my_records=self.registry().Resolve(self.user,self.my_credential_string)
+        if len(my_records)!=1: print "Cannot Resolve %s -- exiting"%self.user; sys.exit(1)
+        my_record=my_records[0]
+        sfi_logger.info("Checking for authorities that we are PI for")
+        my_auths = my_record['reg-pi-authorities']
+        sfi_logger.debug("Found %d authorities: %s"%(len(my_auths),my_auths))
+
+        # (c) get the set of slices that we are in
+        sfi_logger.info("Checking for slices that we are member of")
+        my_slices=my_record['reg-slices']
+        sfi_logger.debug("Found %d slices: %s"%(len(my_slices),my_slices))
+
+        # (d) make sure we have *valid* credentials for all these
+        hrn_credentials=[]
+        hrn_credentials.append ( (self.user, 'user', self.my_credential_string,) )
+        for auth_hrn in my_auths:
+            hrn_credentials.append ( (auth_hrn, 'auth', self.authority_credential_string(auth_hrn),) )
+        for slice_hrn in my_slices:
+            hrn_credentials.append ( (slice_hrn, 'slice', self.slice_credential_string (slice_hrn),) )
+
+        # (e) check for the delegated version of these
+        # xxx todo add an option -a/-A? like for 'sfi delegate' for when we ever 
+        # switch to myslice using an authority instead of a user
+        delegatee_type='user'
+        delegatee_hrn=myslice_dict['delegate']
+        hrn_delegated_credentials = [
+            (hrn, htype, self.client_bootstrap.delegate_credential_string (credential, delegatee_hrn, delegatee_type),)
+            for (hrn, htype, credential) in hrn_credentials ]
+
+        # (f) and finally upload them to manifold server
+        # xxx todo add an option so the password can be set on the command line
+        # (but *NOT* in the config file) so other apps can leverage this
+        uploader = ManifoldUploader (logger=sfi_logger,
+                                     url=myslice_dict['backend'],
+                                     platform=myslice_dict['platform'],
+                                     username=myslice_dict['username'])
+        for (hrn,htype,delegated_credential) in hrn_delegated_credentials:
+            sfi_logger.info("Uploading delegated credential for %s (%s)"%(hrn,htype))
+            uploader.upload(delegated_credential,message=hrn)
+        # at first I thought we would want to save these,
+        # like 'sfi delegate does' but on second thought
+        # it is probably not helpful as people would not
+        # need to run 'sfi delegate' at all anymore
+        return
+
+# Thierry: I'm turning this off as a command, no idea what it's used for
 #    @register_command("cred","")
     def trusted(self, options, args):
         """
index 495a274..61d76a6 100644 (file)
@@ -83,6 +83,9 @@ class _SfaLogger:
     def setLevelDebug(self):
         self.logger.setLevel(logging.DEBUG)
 
+    def debugEnabled (self):
+        return self.logger.getEffectiveLevel() == logging.DEBUG
+
     # define a verbose option with s/t like
     # parser.add_option("-v", "--verbose", action="count", dest="verbose", default=0)
     # and pass the coresponding options.verbose to this method to adjust level
@@ -96,6 +99,8 @@ class _SfaLogger:
     # in case some other code needs a boolean
     def getBoolVerboseFromOpt(self,verbose):
         return verbose>=1
+    def getBoolDebugFromOpt(self,verbose):
+        return verbose>=2
 
     ####################
     def info(self, msg):