Changeset ef36c1e

Timestamp:

Aug 1, 2008 11:41:39 AM (16 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02

Children:

808889e

Parents:

7da9da6

Message:

split out project creation

Location:

fedd

Files:

• fedd_allocate_project.py (modified) (5 diffs)
• fedd_messages.wsdl (modified) (1 diff)
• fedd_proj.py (modified) (6 diffs)
• fedd_types.xsd (modified) (2 diffs)
• fedd_util.py (modified) (1 diff)
• service_error.py (added)

fedd/fedd_allocate_project.py

@@ -21 +21 @@
 from fedd_util import *
 import parse_detail
+from service_error import *
 
 class fedd_allocate_project_local:
-    def __init__(self, dp=False, url=None):
+    def __init__(self, dp=False, url=None, certs=None):
         """
         Initializer.  Parses a configuration if one is given.
@@ -58 +59 @@
 
 
-    def dynamic_project(self, req):
+    def dynamic_project(self, req, fedid=None):
         """
         Create a dynamic project with ssh access
@@ -70 +71 @@
                 dir="/tmp")
 
-        print userfile
-        proj = req['project']
+        if req.has_key('AllocateProjectRequestBody') and \
+                req['AllocateProjectRequestBody'].has_key('project'):
+            proj = req['AllocateProjectRequestBody']['project']
+        else:
+            raise service_error(service_error.req, 
+                    "Badly formed allocation request")
         # Take the first user and ssh key
         name = proj.get('name', None) or self.random_string("proj",4)
@@ -91 +96 @@
             access = user.get('access', None)
             if access != None:
-                ssh = access.get('sshPubkey', None)
+                ssh = access[0].get('sshPubkey', None)
                 if ssh == None:
                     raise fedd_proj.service_error(fedd_proj.service_error.req, 
@@ -177 +182 @@
         }
         return rv
+
+
+class fedd_allocate_project_remote:
+    def __init__(self, dp=False, url=None, certs=None):
+        """
+        Initializer.  Parses a configuration if one is given.
+        """
+
+        self.dynamic_projects = dp
+        self.url = url
+
+        if certs != None and isinstance(certs, type(tuple())):
+            self.cert_file, self.trusted_certs, self.cert_pwd = certs
+            # self.cert_file = certs[0]
+            # self.trusted_certs = certs[1]
+            # self.cert_pwd = certs[2]
+        else:
+            self.cert_file = None
+            self.trusted_certs = None
+            self.cert_pwd = None
+
+    def dynamic_project(self, req, fedid=None):
+        """
+        Send req on to a remote project instantiator.
+
+        Req is just the projectAllocType object.  This function re-wraps it.
+        It also rethrows any faults.
+        """
+        # No retry loop here.  Proxy servers must correctly authenticate
+        # themselves without help
+        try:
+            ctx = fedd_ssl_context(self.cert_file, self.trusted_certs,
+                    password=self.cert_pwd)
+        except SSL.SSLError:
+            raise service_error(service_error.server_config, 
+                    "Server certificates misconfigured")
+
+        loc = feddServiceLocator();
+        port = loc.getfeddPortType(self.url,
+                transport=M2Crypto.httpslib.HTTPSConnection, 
+                transdict={ 'ssl_context' : ctx })
+
+        if req.has_key('AllocateProjectRequestBody'):
+            req = req['AllocateProjectRequestBody']
+        else:
+            raise service_error(service_error.req, "Bad formated request");
+
+        # Reconstruct the full request message
+        msg = AllocateProjectRequestMessage()
+        msg.set_element_AllocateProjectRequestBody(
+                pack_soap(msg, "AllocateProjectRequestBody", req))
+        try:
+            resp = port.AllocateProject(msg)
+        except ZSI.ParseException, e:
+            raise service_error(service_error.proxy,
+                    "Bad format message (XMLRPC??): %s" % str(e))
+        r = unpack_soap(resp)
+
+        if r.has_key('AllocateProjectResponseBody'):
+            return r['AllocateProjectResponseBody']
+        else:
+            raise service_error(service_error.proxy, "Bad proxy response")
+

fedd/fedd_messages.wsdl

@@ -24 +24 @@
 
   <message name="AllocateProjectResponseMessage">
-    <part name="AllocateProjectResponseBody" type="xsd1:projectType"/>
+    <part name="AllocateProjectResponseBody" 
+      type="xsd1:projectAllocResponseType"/>
   </message>
 

fedd/fedd_proj.py

@@ -33 +33 @@
     bool_attrs = ("dynamic_projects", "project_priority")
     emulab_attrs = ("boss", "ops", "domain", "fileserver", "eventserver")
-    id_attrs = ("testbed", "cert_file", "trusted_certs", "proxy",
-            "proxy_trusted_certs", "cert_pwd")
+    id_attrs = ("testbed", "cert_file", "cert_pwd", "trusted_certs", "proxy",
+            "proxy_cert_file", "proxy_cert_pwd", "proxy_trusted_certs",
+            "dynamic_projects_url", "dynamic_projects_cert_file", 
+            "dynamic_projects_cert_pwd", "dynamic_projects_trusted_certs")
 
     # Used by the SOAP caller
@@ -92 +94 @@
         if config != None: 
             self.read_config(config)
-        self.allocate_project = \
-            fedd_allocate_project_local(self.dynamic_projects)
+
+        # Certs are promoted from the generic to the specific, so without a
+        # specific proxy certificate, the main certificates are used for proxy
+        # interactions. If no dynamic project certificates, then proxy certs
+        # are used, and if none of those the main certs.
+
+        # init proxy certs
+        if self.proxy_cert_file == None:
+            self.proxy_cert_file = self.cert_file
+            self.proxy_cert_pwd = self.cert_pwd
+
+        if self.proxy_trusted_certs == None:
+            self.proxy_trusted_certs = self.trusted_certs
+
+        # init dynamic project certs
+        if self.dynamic_projects_cert_file == None:
+            self.dynamic_projects_cert_file = self.proxy_cert_file
+            self.dynamic_projects_cert_pwd = self.proxy_cert_pwd
+
+        if self.dynamic_projects_trusted_certs == None:
+            self.dynamic_projects_trusted_certs = self.proxy_trusted_certs
+
+        proj_certs = (self.dynamic_projects_cert_file, 
+                self.dynamic_projects_trusted_certs,
+                self.dynamic_projects_cert_pwd)
+
+        if self.dynamic_projects_url == None:
+            self.allocate_project = \
+                fedd_allocate_project_local(self.dynamic_projects, 
+                        self.dynamic_projects_url, proj_certs)
+            fedd_proj.soap_methods['AllocateProject'] = 'soap_AllocateProject'
+        else:
+            self.allocate_project = \
+                fedd_allocate_project_remote(self.dynamic_projects, 
+                        self.dynamic_projects_url, proj_certs)
 
     def dump_state(self):
@@ -138 +173 @@
     def proxy_xmlrpc_request(self, dt, req):
         """Send an XMLRPC proxy request.  Called if the SOAP RPC fails"""
-        tc = self.proxy_trusted_certs or self.trusted_certs
 
         # No retry loop here.  Proxy servers must correctly authenticate
         # themselves without help
         try:
-            ctx = fedd_ssl_context(self.cert_file, tc, password=self.cert_pwd)
+            ctx = fedd_ssl_context(self.proxy_cert_file, 
+                    self.proxy_trusted_certs, password=self.proxy_cert_pwd)
         except SSL.SSLError:
             raise service_error(service_error.server_config,
@@ -186 +221 @@
         also rethrows any faults.
         """
-        tc = self.proxy_trusted_certs or self.trusted_certs
-
         # No retry loop here.  Proxy servers must correctly authenticate
         # themselves without help
         try:
-            ctx = fedd_ssl_context(self.cert_file, tc, password=self.cert_pwd)
+            ctx = fedd_ssl_context(self.proxy_cert_file, 
+                    self.proxy_trusted_certs, password=self.proxy_cert_pwd)
         except SSL.SSLError:
             raise service_error(service_error.server_config, 
@@ -401 +435 @@
                     # Compose the dynamic project request 
                     # (only dynamic, dynamic currently allowed)
-                    preq = { 'project' : {\
+                    preq = { 'AllocateProjectRequestBody': \
+                                { 'project' : {\
                                     'user': [ \
-                                    { 'access': { 'sshPubkey': s } } \
+                                    { 'access': [ { 'sshPubkey': s } ] } \
                                         for s in ssh ] \
+                                    }\
                                 }\
                             }
                     if restricted != None and len(restricted) > 0:
-                        preq['resources'] =  [ {'node': { 'hardware' :  [ h ]\
-                            } } for h in restricted ]
+                        preq['AllocateProjectRequestBody']['resources'] = \
+                            [ {'node': { 'hardware' :  [ h ] } } \
+                                    for h in restricted ]
                                 
-
-                    #self.dynamic_project(found, ssh)
                     ap = self.allocate_project.dynamic_project(preq)
-                    # XXX: fill in response values into the real response
                 else: pass    # SSH key additions
             else:
@@ -449 +483 @@
                             service_error.proxy,
                             "Undefined fault from proxy??");
+
+
+    def soap_AllocateProject(self, ps, fid):
+        req = ps.Parse(AllocateProjectRequestMessage.typecode)
+
+        msg = self.allocate_project.dynamic_project(unpack_soap(req), fedid)
+
+        resp = AllocateProjectResponseMessage()
+        resp.set_element_AllocateProjectResponseBody(
+                pack_soap(resp, "AllocateProjectResponseBody", msg))
+
+        return resp
 
     def soap_RequestAccess(self, ps, fid):

fedd/fedd_types.xsd

@@ -118 +118 @@
     </xsd:annotation>
     <xsd:sequence>
-      <xsd:element name="name" type="tns:IDType"/>
+      <xsd:element name="name" type="tns:IDType" minOccurs="0" maxOccurs="1"/>
       <xsd:element name="user" type="tns:userType" minOccurs="0"
         maxOccurs="unbounded"/>
@@ -152 +152 @@
       <xsd:element name="resources" type="tns:resourcesType" 
         minOccurs="0" maxOccurs="1"/>
+    </xsd:sequence>
+  </xsd:complexType>
+
+  <xsd:complexType name="projectAllocResponseType">
+    <xsd:annotation>
+      <xsd:documentation>
+        The information needed to create a dynamic project
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:sequence>
+      <xsd:element name="project" type="tns:projectType"/>
     </xsd:sequence>
   </xsd:complexType>

fedd/fedd_util.py

@@ -181 +181 @@
     """
     if getattr(contents, "__iter__", None) != None:
-        obj = getattr(container, "new_%s" % name, None)()
+        try:
+            obj = getattr(container, "new_%s" % name, None)()
+        except:
+            print "%s has no method new_%s" % (container, name)
+            raise
         for e, v in contents.iteritems():
             assign = getattr(obj, "set_element_%s" % e, None) or \