Revision c1106cd7 snfOCCI/APIserver.py
b/snfOCCI/APIserver.py | ||
---|---|---|
1 | 1 |
#!/usr/bin/env python |
2 | 2 |
|
3 | 3 |
import re |
4 |
import sys |
|
5 |
from optparse import OptionParser, OptionValueError |
|
4 | 6 |
import string |
5 | 7 |
import sqlite3 |
6 | 8 |
|
... | ... | |
23 | 25 |
|
24 | 26 |
import voms |
25 | 27 |
|
28 |
def parse_arguments(args): |
|
26 | 29 |
|
27 |
conn = sqlite3.connect('/home/nemo/myWorkspace/snf-occi/snfOCCI/voms.db') |
|
30 |
kw = {} |
|
31 |
kw["usage"] = "%prog [options]" |
|
32 |
kw["description"] = "OCCI interface to synnefo API" |
|
33 |
|
|
34 |
parser = OptionParser(**kw) |
|
35 |
parser.disable_interspersed_args() |
|
36 |
|
|
37 |
parser.add_option("--enable_voms", action="store_true", dest="enable_voms", default=False, help="Enable voms authorization") |
|
38 |
parser.add_option("--voms_db", action="store", type="string", dest="voms_db", help="Path to sqlite database file") |
|
39 |
|
|
40 |
(opts, args) = parser.parse_args(args) |
|
41 |
|
|
42 |
if opts.enable_voms and not opts.voms_db: |
|
43 |
print "--voms_db option required" |
|
44 |
parser.print_help() |
|
45 |
|
|
46 |
return (opts, args) |
|
28 | 47 |
|
29 | 48 |
class MyAPP(Application): |
30 | 49 |
''' |
... | ... | |
99 | 118 |
|
100 | 119 |
#Authorization |
101 | 120 |
|
102 |
ssl_dict = dict() |
|
121 |
if ENABLE_VOMS: |
|
122 |
|
|
123 |
global VOMS_DB |
|
124 |
conn = sqlite3.connect(VOMS_DB) |
|
103 | 125 |
|
104 |
#Regular expression in HTTP headers |
|
105 |
#raw environ[HTTP_SSL] contains PEM certificates in wrong format |
|
126 |
ssl_dict = dict() |
|
127 |
|
|
128 |
#Regular expression in HTTP headers |
|
129 |
#raw environ[HTTP_SSL] contains PEM certificates in wrong format |
|
106 | 130 |
|
107 |
pem_re = r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)' |
|
131 |
pem_re = r'^(-----BEGIN CERTIFICATE----- )(.*|\s]*)( -----END CERTIFICATE-----)'
|
|
108 | 132 |
|
109 |
client_cert = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT"]) |
|
110 |
client_chain = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"]) |
|
133 |
client_cert = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT"])
|
|
134 |
client_chain = re.search(pem_re, environ["HTTP_SSL_CLIENT_CERT_CHAIN_0"])
|
|
111 | 135 |
|
112 |
client_cert_list=[] |
|
113 |
client_chain_list=[] |
|
136 |
client_cert_list=[]
|
|
137 |
client_chain_list=[]
|
|
114 | 138 |
|
115 |
for i in range(1,4): |
|
116 |
client_cert_list.append(string.strip(client_cert.group(i))) |
|
139 |
for i in range(1,4):
|
|
140 |
client_cert_list.append(string.strip(client_cert.group(i)))
|
|
117 | 141 |
|
118 |
for i in range(1,4): |
|
119 |
client_chain_list.append(string.strip(client_chain.group(i))) |
|
142 |
for i in range(1,4):
|
|
143 |
client_chain_list.append(string.strip(client_chain.group(i)))
|
|
120 | 144 |
|
121 | 145 |
|
122 |
cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2] |
|
123 |
chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2] |
|
146 |
cert = client_cert_list[0]+"\n"+client_cert_list[1].replace(" "," \n")+"\n"+client_cert_list[2]
|
|
147 |
chain = client_chain_list[0]+"\n"+client_chain_list[1].replace(" "," \n")+"\n"+client_chain_list[2]
|
|
124 | 148 |
|
125 |
ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"] |
|
126 |
ssl_dict["SSL_CLIENT_CERT"] = cert |
|
127 |
ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain |
|
149 |
ssl_dict["SSL_CLIENT_S_DN"] = environ["HTTP_SSL_CLIENT_S_DN"]
|
|
150 |
ssl_dict["SSL_CLIENT_CERT"] = cert
|
|
151 |
ssl_dict["SSL_CLIENT_CERT_CHAIN_0"] = chain
|
|
128 | 152 |
|
129 |
(user_dn, user_vo, user_fqans) = voms.authenticate(ssl_dict) |
|
130 |
print (user_dn, user_vo, user_fqans) |
|
153 |
(user_dn, user_vo, user_fqans) = voms.authenticate(ssl_dict)
|
|
154 |
print (user_dn, user_vo, user_fqans)
|
|
131 | 155 |
|
156 |
cursor = conn.cursor() |
|
157 |
query = "SELECT token FROM vo_map WHERE vo_name=?" |
|
158 |
cursor.execute(query,[(user_vo)]) |
|
132 | 159 |
|
133 |
cursor = conn.cursor() |
|
134 |
query = "SELECT token FROM vo_map WHERE vo_name=?" |
|
135 |
cursor.execute(query,[(user_vo)]) |
|
160 |
(token,) = cursor.fetchone() |
|
136 | 161 |
|
137 |
(token,) = cursor.fetchone() |
|
162 |
if token: |
|
163 |
compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], token) |
|
164 |
cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], token) |
|
138 | 165 |
|
139 |
if token:
|
|
140 |
compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], token)
|
|
141 |
cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], token)
|
|
166 |
self.refresh_images(compClient,cyclClient)
|
|
167 |
self.refresh_flavors(compClient,cyclClient)
|
|
168 |
self.refresh_compute_instances(compClient)
|
|
142 | 169 |
|
143 |
self.refresh_images(compClient,cyclClient) |
|
144 |
self.refresh_flavors(compClient,cyclClient) |
|
145 |
self.refresh_compute_instances(compClient) |
|
146 | 170 |
|
171 |
return self._call_occi(environ, response, security = None, token = token, snf = compClient, client = cyclClient) |
|
172 |
else: |
|
173 |
raise HTTPError(404, "Unauthorized access") |
|
147 | 174 |
|
148 |
return self._call_occi(environ, response, security = None, token = token, snf = compClient, client = cyclClient) |
|
149 | 175 |
else: |
150 |
raise HTTPError(404, "Unauthorized access") |
|
151 |
|
|
176 |
#Authorize with user token |
|
177 |
compClient = ComputeClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN']) |
|
178 |
cyclClient = CycladesClient(KAMAKI_CONFIG['compute_url'], environ['HTTP_AUTH_TOKEN']) |
|
179 |
|
|
180 |
return self._call_occi(environ, response, security = None, token = environ['HTTP_AUTH_TOKEN'], snf = compClient, client = cyclClient) |
|
152 | 181 |
|
153 | 182 |
|
154 | 183 |
def main(): |
155 | 184 |
|
185 |
global ENABLE_VOMS, VOMS_DB |
|
186 |
(opts, args) = parse_arguments(sys.argv[1:]) |
|
187 |
|
|
188 |
ENABLE_VOMS = opts.enable_voms |
|
189 |
VOMS_DB = opts.voms_db |
|
190 |
|
|
156 | 191 |
APP = MyAPP(registry = snfRegistry()) |
157 |
COMPUTE_BACKEND = ComputeBackend() |
|
158 | 192 |
|
193 |
COMPUTE_BACKEND = ComputeBackend() |
|
159 | 194 |
APP.register_backend(COMPUTE, COMPUTE_BACKEND) |
160 | 195 |
APP.register_backend(START, COMPUTE_BACKEND) |
161 | 196 |
APP.register_backend(STOP, COMPUTE_BACKEND) |
Also available in: Unified diff