From: John Giannelos Date: Wed, 14 Nov 2012 12:09:01 +0000 (+0200) Subject: Add option to choose voms authentication or native okeanos tokens X-Git-Url: https://code.grnet.gr/git/snf-occi/commitdiff_plain/refs/heads/voms-support?hp=d2af0fef97c282416358348b6a2aaf33875aebc4 Add option to choose voms authentication or native okeanos tokens --- diff --git a/snfOCCI/APIserver.py b/snfOCCI/APIserver.py index bb7455d..81e8a53 100755 --- a/snfOCCI/APIserver.py +++ b/snfOCCI/APIserver.py @@ -1,6 +1,8 @@ #!/usr/bin/env python import re +import sys +from optparse import OptionParser, OptionValueError import string import sqlite3 @@ -23,8 +25,25 @@ from wsgiref.validate import validator import voms +def parse_arguments(args): -conn = sqlite3.connect('/home/nemo/myWorkspace/snf-occi/snfOCCI/voms.db') + kw = {} + kw["usage"] = "%prog [options]" + kw["description"] = "OCCI interface to synnefo API" + + parser = OptionParser(**kw) + parser.disable_interspersed_args() + + parser.add_option("--enable_voms", action="store_true", dest="enable_voms", default=False, help="Enable voms authorization") + parser.add_option("--voms_db", action="store", type="string", dest="voms_db", help="Path to sqlite database file") + + (opts, args) = parser.parse_args(args) + + if opts.enable_voms and not opts.voms_db: + print "--voms_db option required" + parser.print_help() + + return (opts, args) class MyAPP(Application): ''' @@ -99,63 +118,79 @@ class MyAPP(Application): #Authorization - ssl_dict = dict() + if ENABLE_VOMS: + + global VOMS_DB + conn = sqlite3.connect(VOMS_DB) - #Regular expression in HTTP headers - #raw environ[HTTP_SSL] contains PEM certificates in wrong format + ssl_dict = dict() + + #Regular expression in HTTP headers + #raw environ[HTTP_SSL] contains PEM certificates in wrong format - pem_re = r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)' + pem_re = r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)' - client_cert = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT"]) - client_chain = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"]) + client_cert = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT"]) + client_chain = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"]) - client_cert_list=[] - client_chain_list=[] + client_cert_list=[] + client_chain_list=[] - for i in range(1,4): - client_cert_list.append(string.strip(client_cert.group(i))) + for i in range(1,4): + client_cert_list.append(string.strip(client_cert.group(i))) - for i in range(1,4): - client_chain_list.append(string.strip(client_chain.group(i))) + for i in range(1,4): + client_chain_list.append(string.strip(client_chain.group(i))) - cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2] - chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2] + cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2] + chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2] - ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"] - ssl_dict["SSL_CLIENT_CERT"] = cert - ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain + ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"] + ssl_dict["SSL_CLIENT_CERT"] = cert + ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain - (user_dn, user_vo, user_fqans) = voms.authenticate(ssl_dict) - print (user_dn, user_vo, user_fqans) + (user_dn, user_vo, user_fqans) = voms.authenticate(ssl_dict) + print (user_dn, user_vo, user_fqans) + cursor = conn.cursor() + query = "SELECT token FROM vo_map WHERE vo_name=?" + cursor.execute(query,[(user_vo)]) - cursor = conn.cursor() - query = "SELECT token FROM vo_map WHERE vo_name=?" - cursor.execute(query,[(user_vo)]) + (token,) = cursor.fetchone() - (token,) = cursor.fetchone() + if token: + compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], token) + cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], token) - if token: - compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], token) - cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], token) + self.refresh_images(compClient,cyclClient) + self.refresh_flavors(compClient,cyclClient) + self.refresh_compute_instances(compClient) - self.refresh_images(compClient,cyclClient) - self.refresh_flavors(compClient,cyclClient) - self.refresh_compute_instances(compClient) + return self._call_occi(environ, response, security = None, token = token, snf = compClient, client = cyclClient) + else: + raise HTTPError(404, "Unauthorized access") - return self._call_occi(environ, response, security = None, token = token, snf = compClient, client = cyclClient) else: - raise HTTPError(404, "Unauthorized access") - + #Authorize with user token + compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN']) + cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN']) + + return self._call_occi(environ, response, security = None, token = environ['HTTP_AUTH_TOKEN'], snf = compClient, client = cyclClient) def main(): + global ENABLE_VOMS, VOMS_DB + (opts, args) = parse_arguments(sys.argv[1:]) + + ENABLE_VOMS = opts.enable_voms + VOMS_DB = opts.voms_db + APP = MyAPP(registry = snfRegistry()) - COMPUTE_BACKEND = ComputeBackend() + COMPUTE_BACKEND = ComputeBackend() APP.register_backend(COMPUTE, COMPUTE_BACKEND) APP.register_backend(START, COMPUTE_BACKEND) APP.register_backend(STOP, COMPUTE_BACKEND) diff --git a/snfOCCI/config.py b/snfOCCI/config.py index 2d6492e..2dc62ce 100644 --- a/snfOCCI/config.py +++ b/snfOCCI/config.py @@ -5,7 +5,7 @@ SERVER_CONFIG = { } KAMAKI_CONFIG = { - 'compute_url': 'https://cyclades.okeanos.grnet.gr/api/v1.1' + 'compute_url': 'https://cyclades.okeanos.io/api/v1.1' } VOMS_CONFIG = {