本文整理汇总了Python中sfa.trust.gid.GID.get_hrn方法的典型用法代码示例。如果您正苦于以下问题:Python GID.get_hrn方法的具体用法?Python GID.get_hrn怎么用?Python GID.get_hrn使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类sfa.trust.gid.GID的用法示例。
在下文中一共展示了GID.get_hrn方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: export_gid
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def export_gid(options):
from sfa.util.table import SfaTable
# lookup the record for the specified hrn
hrn = options.export
type = options.type
# check sfa table first
filter = {'hrn': hrn}
if type:
filter['type'] = type
table = SfaTable()
records = table.find(filter)
if not records:
# check the authorities hierarchy
hierarchy = Hierarchy()
try:
auth_info = hierarchy.get_auth_info()
gid = auth_info.gid_object
except:
print "Record: %s not found" % hrn
sys.exit(1)
else:
record = records[0]
gid = GID(string=record['gid'])
# get the outfile
outfile = options.outfile
if not outfile:
outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
# save it
if options.verbose:
print "Writing %s gid to %s" % (gid.get_hrn(), outfile)
gid.save_to_file(outfile, save_parents=True)示例2: sign
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def sign(options):
"""
Sign the specified gid
"""
hierarchy = Hierarchy()
config = Config()
default_authority = config.SFA_INTERFACE_HRN
auth_info = hierarchy.get_auth_info(default_authority)
# load the gid
gidfile = os.path.abspath(options.sign)
if not os.path.isfile(gidfile):
print "no such gid: %s" % gidfile
sys.exit(1)
gid = GID(filename=gidfile)
# extract pub_key and create new gid
pkey = gid.get_pubkey()
urn = gid.get_urn()
gid = hierarchy.create_gid(urn, create_uuid(), pkey)
# get the outfile
outfile = options.outfile
if not outfile:
outfile = os.path.abspath('./signed-%s.gid' % gid.get_hrn())
# save the signed gid
if options.verbose:
print "Writing signed gid %s" % outfile
gid.save_to_file(outfile, save_parents=True)示例3: delegate
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def delegate(self, delegee_gidfile, caller_keyfile, caller_gidfile):
"""
Return a delegated copy of this credential, delegated to the
specified gid's user.
"""
# get the gid of the object we are delegating
object_gid = self.get_gid_object()
object_hrn = object_gid.get_hrn()
# the hrn of the user who will be delegated to
delegee_gid = GID(filename=delegee_gidfile)
delegee_hrn = delegee_gid.get_hrn()
#user_key = Keypair(filename=keyfile)
#user_hrn = self.get_gid_caller().get_hrn()
subject_string = "%s delegated to %s" % (object_hrn, delegee_hrn)
dcred = Credential(subject=subject_string)
dcred.set_gid_caller(delegee_gid)
dcred.set_gid_object(object_gid)
dcred.set_parent(self)
dcred.set_expiration(self.get_expiration())
dcred.set_privileges(self.get_privileges())
dcred.get_privileges().delegate_all_privileges(True)
#dcred.set_issuer_keys(keyfile, delegee_gidfile)
dcred.set_issuer_keys(caller_keyfile, caller_gidfile)
dcred.encode()
dcred.sign()
return dcred示例4: install_peer_certs
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def install_peer_certs(server_key_file, server_cert_file):
"""
Attempt to install missing trusted gids and db records for
our federated interfaces
"""
# Attempt to get any missing peer gids
# There should be a gid file in /etc/sfa/trusted_roots for every
# peer registry found in in the registries.xml config file. If there
# are any missing gids, request a new one from the peer registry.
api = SfaAPI(key_file=server_key_file, cert_file=server_cert_file)
registries = Registries()
aggregates = Aggregates()
interfaces = dict(registries.items() + aggregates.items())
gids_current = api.auth.trusted_cert_list
hrns_current = [gid.get_hrn() for gid in gids_current]
hrns_expected = set([hrn for hrn in interfaces])
new_hrns = set(hrns_expected).difference(hrns_current)
# gids = self.get_peer_gids(new_hrns) + gids_current
peer_gids = []
if not new_hrns:
return
trusted_certs_dir = api.config.get_trustedroots_dir()
for new_hrn in new_hrns:
if not new_hrn:
continue
# the gid for this interface should already be installed
if new_hrn == api.config.SFA_INTERFACE_HRN:
continue
try:
# get gid from the registry
url = interfaces[new_hrn].get_url()
interface = interfaces[new_hrn].get_server(server_key_file, server_cert_file, timeout=30)
# skip non sfa aggregates
server_version = api.get_cached_server_version(interface)
if "sfa" not in server_version:
logger.info("get_trusted_certs: skipping non sfa aggregate: %s" % new_hrn)
continue
trusted_gids = interface.get_trusted_certs()
if trusted_gids:
# the gid we want should be the first one in the list,
# but lets make sure
for trusted_gid in trusted_gids:
# default message
message = "interface: %s\t" % (api.interface)
message += "unable to install trusted gid for %s" % (new_hrn)
gid = GID(string=trusted_gids[0])
peer_gids.append(gid)
if gid.get_hrn() == new_hrn:
gid_filename = os.path.join(trusted_certs_dir, "%s.gid" % new_hrn)
gid.save_to_file(gid_filename, save_parents=True)
message = "installed trusted cert for %s" % new_hrn
# log the message
api.logger.info(message)
except:
message = "interface: %s\tunable to install trusted gid for %s" % (api.interface, new_hrn)
api.logger.log_exc(message)
# doesnt matter witch one
update_cert_records(peer_gids)示例5: getCredential
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def getCredential(self):
"""
Get our credential from a remote registry
"""
path = self.config.SFA_DATA_DIR
config_dir = self.config.config_path
cred_filename = path + os.sep + 'node.cred'
try:
credential = Credential(filename = cred_filename)
return credential.save_to_string(save_parents=True)
except IOError:
node_pkey_file = config_dir + os.sep + "node.key"
node_gid_file = config_dir + os.sep + "node.gid"
cert_filename = path + os.sep + 'server.cert'
if not os.path.exists(node_pkey_file) or \
not os.path.exists(node_gid_file):
self.get_node_key()
# get node's hrn
gid = GID(filename=node_gid_file)
hrn = gid.get_hrn()
# get credential from registry
cert_str = Certificate(filename=cert_filename).save_to_string(save_parents=True)
registry = self.get_registry()
cred = registry.GetSelfCredential(cert_str, hrn, 'node')
# xxx credfile is undefined
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred示例6: import_gid
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def import_gid(options):
"""
Import the specified gid into the registry (db and authorities
hierarchy) overwriting any previous gid.
"""
from sfa.util.table import SfaTable
from sfa.util.record import SfaRecord
# load the gid
gidfile = os.path.abspath(options.importgid)
if not gidfile or not os.path.isfile(gidfile):
print "No such gid: %s" % gidfile
sys.exit(1)
gid = GID(filename=gidfile)
# check if it exists within the hierarchy
hierarchy = Hierarchy()
if not hierarchy.auth_exists(gid.get_hrn()):
print "%s not found in hierarchy" % gid.get_hrn()
sys.exit(1)
# check if record exists in db
table = SfaTable()
records = table.find({'hrn': gid.get_hrn(), 'type': 'authority'})
if not records:
print "%s not found in record database" % get.get_hrn()
sys.exit(1)
# update the database record
record = records[0]
record['gid'] = gid.save_to_string(save_parents=True)
table.update(record)
if options.verbose:
print "Imported %s gid into db" % record['hrn']
# update the hierarchy
auth_info = hierarchy.get_auth_info(gid.get_hrn())
filename = auth_info.gid_filename
gid.save_to_file(filename, save_parents=True)
if options.verbose:
print "Writing %s gid to %s" % (gid.get_hrn(), filename)
# ending here
return示例7: get_trusted_certs
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def get_trusted_certs(registry=None, verbose=False):
"""
refresh our list of trusted certs.
"""
# define useful variables
config = Config()
data_dir = config.SFA_DATA_DIR
config_dir = config.SFA_CONFIG_DIR
trusted_certs_dir = config.get_trustedroots_dir()
keyfile = data_dir + os.sep + "server.key"
certfile = data_dir + os.sep + "server.cert"
node_gid_file = config_dir + os.sep + "node.gid"
node_gid = GID(filename=node_gid_file)
hrn = node_gid.get_hrn()
# get credential
cred = GetCredential(registry=registry, verbose=verbose)
# make sure server key cert pair exists
create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
# get the trusted certs and save them in the right place
if verbose:
print "Getting trusted certs from registry"
trusted_certs = registry.get_trusted_certs(cred)
trusted_gid_names = []
for gid_str in trusted_certs:
gid = GID(string=gid_str)
gid.decode()
relative_filename = gid.get_hrn() + ".gid"
trusted_gid_names.append(relative_filename)
gid_filename = trusted_certs_dir + os.sep + relative_filename
if verbose:
print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
gid.save_to_file(gid_filename, save_parents=True)
# remove old certs
all_gids_names = os.listdir(trusted_certs_dir)
for gid_name in all_gids_names:
if gid_name not in trusted_gid_names:
if verbose:
print "Removing old gid ", gid_name
os.unlink(trusted_certs_dir + os.sep + gid_name) 示例8: install_gids
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def install_gids(api, slivers):
# install node gid
node_gid_file = api.config.config_path + os.sep + "node.gid"
node_gid = GID(filename=node_gid_file)
node_gid_str = node_gid.save_to_string(save_parents=True)
node_hrn = node_gid.get_hrn()
# get currently installed slice and node gids
interface_hrn = api.config.SFA_INTERFACE_HRN
slice_gids = {}
node_gids = {}
for slicename in slivers:
slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
if os.path.isfile(slice_gid_filename):
gid_file = open(slice_gid_filename, 'r')
slice_gids[sliver] = gid_file.read()
gid_file.close()
if os.path.isfile(node_gid_filename):
gid_file = open(node_gid_filename, 'r')
node_gids[sliver] = gid_file.read()
gid_file.close()
# convert slicenames to hrns
hrns = [slicename_to_hrn(interface_hrn, slicename) \
for slicename in slivers]
# get current gids from registry
cred = api.getCredential()
registry = api.get_registry()
#records = registry.GetGids(cred, hrns)
records = registry.get_gids(cred, hrns)
for record in records:
# skip if this isnt a slice record
if not record['type'] == 'slice':
continue
vserver_path = "/vservers/%(slicename)s" % locals()
# skip if the slice isnt instantiated
if not os.path.exists(vserver_path):
continue
# install slice gid if it doesnt already exist or has changed
slice_gid_str = record['gid']
slicename = hrn_to_pl_slicename(record['hrn'])
if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)
# install slice gid if it doesnt already exist or has changed
if slicename not in node_gids or node_gids[slicename] != node_gid_str:
gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True) 示例9: install_trusted_certs
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def install_trusted_certs(api):
cred = api.getCredential()
registry = api.get_registry()
trusted_certs = registry.get_trusted_certs(cred)
trusted_gid_names = []
for gid_str in trusted_certs:
gid = GID(string=gid_str)
gid.decode()
relative_filename = gid.get_hrn() + ".gid"
trusted_gid_names.append(relative_filename)
gid_filename = trusted_certs_dir + os.sep + relative_filename
if verbose:
print("Writing GID for %s as %s" % (gid.get_hrn(), gid_filename))
gid.save_to_file(gid_filename, save_parents=True)
# remove old certs
all_gids_names = os.listdir(trusted_certs_dir)
for gid_name in all_gids_names:
if gid_name not in trusted_gid_names:
if verbose:
print("Removing old gid ", gid_name)
os.unlink(trusted_certs_dir + os.sep + gid_name)示例10: export
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def export(self, xrn, type=None, outfile=None):
"""Fetch an object's GID from the Registry"""
from sfa.storage.model import RegRecord
hrn = Xrn(xrn).get_hrn()
request=self.api.dbsession().query(RegRecord).filter_by(hrn=hrn)
if type: request = request.filter_by(type=type)
record=request.first()
if record:
gid = GID(string=record.gid)
else:
# check the authorities hierarchy
hierarchy = Hierarchy()
try:
auth_info = hierarchy.get_auth_info(hrn)
gid = auth_info.gid_object
except:
print "Record: %s not found" % hrn
sys.exit(1)
# save to file
if not outfile:
outfile = os.path.abspath('./%s.gid' % gid.get_hrn())
gid.save_to_file(outfile, save_parents=True)示例11: GetCredential
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def GetCredential(registry=None, force=False, verbose=False):
config = Config()
hierarchy = Hierarchy()
key_dir= hierarchy.basedir
data_dir = config.data_path
config_dir = config.config_path
credfile = data_dir + os.sep + 'node.cred'
# check for existing credential
if not force and os.path.exists(credfile):
if verbose:
print "Loading Credential from %(credfile)s " % locals()
cred = Credential(filename=credfile).save_to_string(save_parents=True)
else:
if verbose:
print "Getting credential from registry"
# make sure node private key exists
node_pkey_file = config_dir + os.sep + "node.key"
node_gid_file = config_dir + os.sep + "node.gid"
if not os.path.exists(node_pkey_file) or \
not os.path.exists(node_gid_file):
get_node_key(registry=registry, verbose=verbose)
gid = GID(filename=node_gid_file)
hrn = gid.get_hrn()
# create server key and certificate
keyfile =data_dir + os.sep + "server.key"
certfile = data_dir + os.sep + "server.cert"
key = Keypair(filename=node_pkey_file)
key.save_to_file(keyfile)
create_server_keypair(keyfile, certfile, hrn, verbose)
# get credential from registry
registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
cert = Certificate(filename=certfile)
cert_str = cert.save_to_string(save_parents=True)
cred = registry.GetSelfCredential(cert_str, 'node', hrn)
Credential(string=cred).save_to_file(credfile, save_parents=True)
return cred示例12: get_gids
# 需要导入模块: from sfa.trust.gid import GID [as 别名]
# 或者: from sfa.trust.gid.GID import get_hrn [as 别名]
def get_gids(registry=None, verbose=False):
"""
Get the gid for all instantiated slices on this node and store it
in /etc/sfa/slice.gid in the slice's filesystem
"""
# define useful variables
config = Config()
data_dir = config.data_path
config_dir = config.SFA_CONFIG_DIR
trusted_certs_dir = config.get_trustedroots_dir()
keyfile = data_dir + os.sep + "server.key"
certfile = data_dir + os.sep + "server.cert"
node_gid_file = config_dir + os.sep + "node.gid"
node_gid = GID(filename=node_gid_file)
hrn = node_gid.get_hrn()
interface_hrn = config.SFA_INTERFACE_HRN
# get credential
cred = GetCredential(registry=registry, verbose=verbose)
# make sure server key cert pair exists
create_server_keypair(keyfile=keyfile, certfile=certfile, hrn=hrn, verbose=verbose)
registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile)
if verbose:
print "Getting current slices on this node"
# get a list of slices on this node
from sfa.generic import Generic
generic=Generic.the_flavour()
api = generic.make_api(interface='component')
xids_tuple = api.driver.nodemanager.GetXIDs()
slices = eval(xids_tuple[1])
slicenames = slices.keys()
# generate a list of slices that dont have gids installed
slices_without_gids = []
for slicename in slicenames:
if not os.path.isfile("/vservers/%s/etc/slice.gid" % slicename) \
or not os.path.isfile("/vservers/%s/etc/node.gid" % slicename):
slices_without_gids.append(slicename)
# convert slicenames to hrns
hrns = [slicename_to_hrn(interface_hrn, slicename) \
for slicename in slices_without_gids]
# exit if there are no gids to install
if not hrns:
return
if verbose:
print "Getting gids for slices on this node from registry"
# get the gids
# and save them in the right palce
records = registry.GetGids(hrns, cred)
for record in records:
# if this isnt a slice record skip it
if not record['type'] == 'slice':
continue
slicename = hrn_to_pl_slicename(record['hrn'])
# if this slice isnt really instatiated skip it
if not os.path.exists("/vservers/%(slicename)s" % locals()):
continue
# save the slice gid in /etc/sfa/ in the vservers filesystem
vserver_path = "/vservers/%(slicename)s" % locals()
gid = record['gid']
slice_gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
if verbose:
print "Saving GID for %(slicename)s as %(slice_gid_filename)s" % locals()
GID(string=gid).save_to_file(slice_gid_filename, save_parents=True)
# save the node gid in /etc/sfa
node_gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
if verbose:
print "Saving node GID for %(slicename)s as %(node_gid_filename)s" % locals()
node_gid.save_to_file(node_gid_filename, save_parents=True)