#!/usr/bin/env python
import re
+import sys
+from optparse import OptionParser, OptionValueError
import string
import sqlite3
import voms
+def parse_arguments(args):
-conn = sqlite3.connect('/home/nemo/myWorkspace/snf-occi/snfOCCI/voms.db')
+ kw = {}
+ kw["usage"] = "%prog [options]"
+ kw["description"] = "OCCI interface to synnefo API"
+
+ parser = OptionParser(**kw)
+ parser.disable_interspersed_args()
+
+ parser.add_option("--enable_voms", action="store_true", dest="enable_voms", default=False, help="Enable voms authorization")
+ parser.add_option("--voms_db", action="store", type="string", dest="voms_db", help="Path to sqlite database file")
+
+ (opts, args) = parser.parse_args(args)
+
+ if opts.enable_voms and not opts.voms_db:
+ print "--voms_db option required"
+ parser.print_help()
+
+ return (opts, args)
class MyAPP(Application):
'''
#Authorization
- ssl_dict = dict()
+ if ENABLE_VOMS:
+
+ global VOMS_DB
+ conn = sqlite3.connect(VOMS_DB)
- #Regular expression in HTTP headers
- #raw environ[HTTP_SSL] contains PEM certificates in wrong format
+ ssl_dict = dict()
+
+ #Regular expression in HTTP headers
+ #raw environ[HTTP_SSL] contains PEM certificates in wrong format
- pem_re = r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)'
+ pem_re = r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)'
- client_cert = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT"])
- client_chain = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"])
+ client_cert = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT"])
+ client_chain = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"])
- client_cert_list=[]
- client_chain_list=[]
+ client_cert_list=[]
+ client_chain_list=[]
- for i in range(1,4):
- client_cert_list.append(string.strip(client_cert.group(i)))
+ for i in range(1,4):
+ client_cert_list.append(string.strip(client_cert.group(i)))
- for i in range(1,4):
- client_chain_list.append(string.strip(client_chain.group(i)))
+ for i in range(1,4):
+ client_chain_list.append(string.strip(client_chain.group(i)))
- cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2]
- chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2]
+ cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2]
+ chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2]
- ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"]
- ssl_dict["SSL_CLIENT_CERT"] = cert
- ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain
+ ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"]
+ ssl_dict["SSL_CLIENT_CERT"] = cert
+ ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain
- (user_dn, user_vo, user_fqans) = voms.authenticate(ssl_dict)
- print (user_dn, user_vo, user_fqans)
+ (user_dn, user_vo, user_fqans) = voms.authenticate(ssl_dict)
+ print (user_dn, user_vo, user_fqans)
+ cursor = conn.cursor()
+ query = "SELECT token FROM vo_map WHERE vo_name=?"
+ cursor.execute(query,[(user_vo)])
- cursor = conn.cursor()
- query = "SELECT token FROM vo_map WHERE vo_name=?"
- cursor.execute(query,[(user_vo)])
+ (token,) = cursor.fetchone()
- (token,) = cursor.fetchone()
+ if token:
+ compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], token)
+ cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], token)
- if token:
- compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], token)
- cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], token)
+ self.refresh_images(compClient,cyclClient)
+ self.refresh_flavors(compClient,cyclClient)
+ self.refresh_compute_instances(compClient)
- self.refresh_images(compClient,cyclClient)
- self.refresh_flavors(compClient,cyclClient)
- self.refresh_compute_instances(compClient)
+ return self._call_occi(environ, response, security = None, token = token, snf = compClient, client = cyclClient)
+ else:
+ raise HTTPError(404, "Unauthorized access")
- return self._call_occi(environ, response, security = None, token = token, snf = compClient, client = cyclClient)
else:
- raise HTTPError(404, "Unauthorized access")
-
+ #Authorize with user token
+ compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN'])
+ cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN'])
+
+ return self._call_occi(environ, response, security = None, token = environ['HTTP_AUTH_TOKEN'], snf = compClient, client = cyclClient)
def main():
+ global ENABLE_VOMS, VOMS_DB
+ (opts, args) = parse_arguments(sys.argv[1:])
+
+ ENABLE_VOMS = opts.enable_voms
+ VOMS_DB = opts.voms_db
+
APP = MyAPP(registry = snfRegistry())
- COMPUTE_BACKEND = ComputeBackend()
+ COMPUTE_BACKEND = ComputeBackend()
APP.register_backend(COMPUTE, COMPUTE_BACKEND)
APP.register_backend(START, COMPUTE_BACKEND)
APP.register_backend(STOP, COMPUTE_BACKEND)
projects / snf-occi / commitdiff