grid-manager stand-alone, via Click
This commit is contained in:
parent
c7f4a1a157
commit
2118a2446e
7
setup.py
7
setup.py
|
@ -410,6 +410,11 @@ setup(name="tahoe-lafs", # also set in __init__.py
|
|||
},
|
||||
include_package_data=True,
|
||||
setup_requires=setup_requires,
|
||||
entry_points = { 'console_scripts': [ 'tahoe = allmydata.scripts.runner:run' ] },
|
||||
entry_points={
|
||||
'console_scripts': [
|
||||
'tahoe = allmydata.scripts.runner:run',
|
||||
'grid-manager = allmydata.cli.grid_manager:grid_manager',
|
||||
]
|
||||
},
|
||||
**setup_args
|
||||
)
|
||||
|
|
|
@ -0,0 +1,207 @@
|
|||
from datetime import (
|
||||
datetime,
|
||||
)
|
||||
import json
|
||||
|
||||
import click
|
||||
|
||||
from twisted.python.filepath import (
|
||||
FilePath,
|
||||
)
|
||||
|
||||
from allmydata.crypto import (
|
||||
ed25519,
|
||||
)
|
||||
from allmydata.util.abbreviate import (
|
||||
abbreviate_time,
|
||||
)
|
||||
from allmydata.grid_manager import (
|
||||
create_grid_manager,
|
||||
save_grid_manager,
|
||||
load_grid_manager,
|
||||
)
|
||||
|
||||
|
||||
@click.group()
|
||||
@click.option(
|
||||
'--config', '-c',
|
||||
type=click.Path(),
|
||||
help="Configuration directory (or - for stdin)",
|
||||
required=True,
|
||||
)
|
||||
@click.pass_context
|
||||
def grid_manager(ctx, config):
|
||||
"""
|
||||
A Tahoe Grid Manager issues certificates to storage-servers
|
||||
|
||||
A Tahoe client with one or more Grid Manager public keys
|
||||
configured will only upload to a Storage Server that presents a
|
||||
valid certificate signed by one of the configured Grid
|
||||
Manager keys.
|
||||
|
||||
Grid Manager configuration can be in a local directory or given
|
||||
via stdin. It contains long-term secret information (a private
|
||||
signing key) and should be kept safe.
|
||||
"""
|
||||
|
||||
class Config(object):
|
||||
"""
|
||||
Availble to all sub-commands as Click's context.obj
|
||||
"""
|
||||
_grid_manager = None
|
||||
|
||||
@property
|
||||
def grid_manager(self):
|
||||
if self._grid_manager is None:
|
||||
config_path = _config_path_from_option(config)
|
||||
self._grid_manager = load_grid_manager(config_path, config)
|
||||
return self._grid_manager
|
||||
|
||||
ctx.obj = Config()
|
||||
|
||||
|
||||
@grid_manager.command()
|
||||
@click.pass_context
|
||||
def create(ctx):
|
||||
"""
|
||||
Make a new Grid Manager
|
||||
"""
|
||||
config_location = ctx.parent.params["config"]
|
||||
fp = None
|
||||
if config_location != '-':
|
||||
fp = FilePath(config_location)
|
||||
if fp.exists():
|
||||
raise click.ClickException(
|
||||
"The directory '{}' already exists.".format(config_location)
|
||||
)
|
||||
|
||||
gm = create_grid_manager()
|
||||
save_grid_manager(fp, gm)
|
||||
|
||||
|
||||
@grid_manager.command()
|
||||
@click.pass_obj
|
||||
def public_identity(config):
|
||||
"""
|
||||
Show the public identity key of a Grid Manager
|
||||
|
||||
This is what you give to clients to add to their configuration so
|
||||
they use announcements from this Grid Manager
|
||||
"""
|
||||
click.echo(config.grid_manager.public_identity())
|
||||
|
||||
|
||||
@grid_manager.command()
|
||||
@click.argument("name")
|
||||
@click.argument("public_key", type=click.UNPROCESSED)
|
||||
@click.pass_context
|
||||
def add(ctx, name, public_key):
|
||||
"""
|
||||
Add a new storage-server by name to a Grid Manager
|
||||
|
||||
PUBLIC_KEY is the contents of a node.pubkey file from a Tahoe
|
||||
node-directory. NAME is an arbitrary label.
|
||||
"""
|
||||
try:
|
||||
ctx.obj.grid_manager.add_storage_server(
|
||||
name,
|
||||
ed25519.verifying_key_from_string(public_key),
|
||||
)
|
||||
except KeyError:
|
||||
raise click.ClickException(
|
||||
"A storage-server called '{}' already exists".format(name)
|
||||
)
|
||||
save_grid_manager(
|
||||
_config_path_from_option(ctx.parent.params["config"]),
|
||||
ctx.obj.grid_manager,
|
||||
)
|
||||
return 0
|
||||
|
||||
|
||||
@grid_manager.command()
|
||||
@click.argument("name")
|
||||
@click.pass_context
|
||||
def remove(ctx, name):
|
||||
"""
|
||||
Remove an existing storage-server by name from a Grid Manager
|
||||
"""
|
||||
fp = _config_path_from_option(ctx.parent.params["config"])
|
||||
try:
|
||||
ctx.obj.grid_manager.remove_storage_server(name)
|
||||
except KeyError:
|
||||
raise click.ClickException(
|
||||
"No storage-server called '{}' exists".format(name)
|
||||
)
|
||||
cert_count = 0
|
||||
if fp is not None:
|
||||
while fp.child('{}.cert.{}'.format(name, cert_count)).exists():
|
||||
fp.child('{}.cert.{}'.format(name, cert_count)).remove()
|
||||
cert_count += 1
|
||||
|
||||
save_grid_manager(fp, ctx.obj.grid_manager)
|
||||
|
||||
|
||||
@grid_manager.command()
|
||||
@click.pass_context
|
||||
def list(ctx):
|
||||
"""
|
||||
List all storage-servers known to a Grid Manager
|
||||
"""
|
||||
fp = _config_path_from_option(ctx.parent.params["config"])
|
||||
for name in sorted(ctx.obj.grid_manager.storage_servers.keys()):
|
||||
blank_name = " " * len(name)
|
||||
click.echo("{}: {}".format(name, ctx.obj.grid_manager.storage_servers[name].public_key()))
|
||||
if fp:
|
||||
cert_count = 0
|
||||
while fp.child('{}.cert.{}'.format(name, cert_count)).exists():
|
||||
container = json.load(fp.child('{}.cert.{}'.format(name, cert_count)).open('r'))
|
||||
cert_data = json.loads(container['certificate'])
|
||||
expires = datetime.utcfromtimestamp(cert_data['expires'])
|
||||
delta = datetime.utcnow() - expires
|
||||
click.echo("{} cert {}: ".format(blank_name, cert_count), nl=False)
|
||||
if delta.total_seconds() < 0:
|
||||
click.echo("valid until {} ({})".format(expires, abbreviate_time(delta)))
|
||||
else:
|
||||
click.echo("expired {} ({})".format(expires, abbreviate_time(delta)))
|
||||
cert_count += 1
|
||||
|
||||
|
||||
@grid_manager.command()
|
||||
@click.argument("name")
|
||||
@click.argument(
|
||||
"expiry_days",
|
||||
type=click.IntRange(1, 5*365), # XXX is 5 years a good maximum?
|
||||
)
|
||||
@click.pass_context
|
||||
def sign(ctx, name, expiry_days):
|
||||
"""
|
||||
sign a new certificate
|
||||
"""
|
||||
fp = _config_path_from_option(ctx.parent.params["config"])
|
||||
expiry_seconds = int(expiry_days) * 86400
|
||||
|
||||
try:
|
||||
certificate = ctx.obj.grid_manager.sign(name, expiry_seconds)
|
||||
except KeyError:
|
||||
raise click.ClickException(
|
||||
"No storage-server called '{}' exists".format(name)
|
||||
)
|
||||
|
||||
certificate_data = json.dumps(certificate, indent=4)
|
||||
click.echo(certificate_data)
|
||||
if fp is not None:
|
||||
next_serial = 0
|
||||
while fp.child("{}.cert.{}".format(name, next_serial)).exists():
|
||||
next_serial += 1
|
||||
with fp.child('{}.cert.{}'.format(name, next_serial)).open('w') as f:
|
||||
f.write(certificate_data)
|
||||
|
||||
|
||||
def _config_path_from_option(config):
|
||||
"""
|
||||
:param string config: a path or -
|
||||
:returns: a FilePath instance or None
|
||||
"""
|
||||
if config == "-":
|
||||
return None
|
||||
return FilePath(config)
|
|
@ -0,0 +1,217 @@
|
|||
import sys
|
||||
import json
|
||||
from datetime import (
|
||||
datetime,
|
||||
timedelta,
|
||||
)
|
||||
|
||||
from allmydata.crypto import (
|
||||
ed25519,
|
||||
)
|
||||
from allmydata.util import (
|
||||
fileutil,
|
||||
base32,
|
||||
)
|
||||
|
||||
|
||||
class _GridManagerStorageServer(object):
|
||||
"""
|
||||
A Grid Manager's notion of a storage server
|
||||
"""
|
||||
|
||||
def __init__(self, name, public_key, certificates):
|
||||
self.name = name
|
||||
self._public_key = public_key
|
||||
self._certificates = [] if certificates is None else certificates
|
||||
|
||||
def add_certificate(self, certificate):
|
||||
self._certificates.append(certificate)
|
||||
|
||||
def public_key(self):
|
||||
return ed25519.string_from_verifying_key(self._public_key)
|
||||
|
||||
def marshal(self):
|
||||
return {
|
||||
u"public_key": self.public_key(),
|
||||
}
|
||||
|
||||
|
||||
def create_grid_manager():
|
||||
"""
|
||||
Create a new Grid Manager with a fresh keypair
|
||||
"""
|
||||
private_key, public_key = ed25519.create_signing_keypair()
|
||||
return _GridManager(
|
||||
ed25519.string_from_signing_key(private_key),
|
||||
{},
|
||||
)
|
||||
|
||||
|
||||
def load_grid_manager(config_path, config_location):
|
||||
"""
|
||||
Load a Grid Manager from existing configuration.
|
||||
|
||||
:param FilePath config_path: the configuratino location (or None for
|
||||
stdin)
|
||||
|
||||
:param str config_location: a string describing the config's location
|
||||
|
||||
:returns: a GridManager instance
|
||||
"""
|
||||
if config_path is None:
|
||||
config_file = sys.stdin
|
||||
else:
|
||||
try:
|
||||
config_file = config_path.child("config.json").open("r")
|
||||
except IOError:
|
||||
raise ValueError(
|
||||
"'{}' is not a Grid Manager config-directory".format(config)
|
||||
)
|
||||
with config_file:
|
||||
config = json.load(config_file)
|
||||
|
||||
if not config:
|
||||
raise ValueError(
|
||||
"Invalid Grid Manager config in '{}'".format(config_location)
|
||||
)
|
||||
if 'private_key' not in config:
|
||||
raise ValueError(
|
||||
"Grid Manager config from '{}' requires a 'private_key'".format(
|
||||
config_location,
|
||||
)
|
||||
)
|
||||
|
||||
private_key_bytes = config['private_key'].encode('ascii')
|
||||
try:
|
||||
private_key, public_key = ed25519.signing_keypair_from_string(private_key_bytes)
|
||||
except Exception as e:
|
||||
raise ValueError(
|
||||
"Invalid Grid Manager private_key: {}".format(e)
|
||||
)
|
||||
|
||||
storage_servers = dict()
|
||||
for name, srv_config in config.get(u'storage_servers', {}).items():
|
||||
if not 'public_key' in srv_config:
|
||||
raise ValueError(
|
||||
"No 'public_key' for storage server '{}'".format(name)
|
||||
)
|
||||
storage_servers[name] = _GridManagerStorageServer(
|
||||
name,
|
||||
ed25519.verifying_key_from_string(srv_config['public_key'].encode('ascii')),
|
||||
None,
|
||||
)
|
||||
|
||||
gm_version = config.get(u'grid_manager_config_version', None)
|
||||
if gm_version != 0:
|
||||
raise ValueError(
|
||||
"Missing or unknown version '{}' of Grid Manager config".format(
|
||||
gm_version
|
||||
)
|
||||
)
|
||||
return _GridManager(private_key_bytes, storage_servers)
|
||||
|
||||
|
||||
class _GridManager(object):
|
||||
"""
|
||||
A Grid Manager's configuration.
|
||||
"""
|
||||
|
||||
def __init__(self, private_key_bytes, storage_servers):
|
||||
self._storage_servers = dict() if storage_servers is None else storage_servers
|
||||
self._private_key_bytes = private_key_bytes
|
||||
self._private_key, self._public_key = ed25519.signing_keypair_from_string(self._private_key_bytes)
|
||||
self._version = 0
|
||||
|
||||
@property
|
||||
def storage_servers(self):
|
||||
return self._storage_servers
|
||||
|
||||
def public_identity(self):
|
||||
return ed25519.string_from_verifying_key(self._public_key)
|
||||
|
||||
def sign(self, name, expiry_seconds):
|
||||
try:
|
||||
srv = self._storage_servers[name]
|
||||
except KeyError:
|
||||
raise KeyError(
|
||||
u"No storage server named '{}'".format(name)
|
||||
)
|
||||
expiration = datetime.utcnow() + timedelta(seconds=expiry_seconds)
|
||||
epoch_offset = (expiration - datetime(1970, 1, 1)).total_seconds()
|
||||
cert_info = {
|
||||
"expires": epoch_offset,
|
||||
"public_key": srv.public_key(),
|
||||
"version": 1,
|
||||
}
|
||||
cert_data = json.dumps(cert_info, separators=(',',':'), sort_keys=True).encode('utf8')
|
||||
sig = ed25519.sign_data(self._private_key, cert_data)
|
||||
certificate = {
|
||||
u"certificate": cert_data,
|
||||
u"signature": base32.b2a(sig),
|
||||
}
|
||||
|
||||
vk = ed25519.verifying_key_from_signing_key(self._private_key)
|
||||
ed25519.verify_signature(vk, sig, cert_data)
|
||||
|
||||
return certificate
|
||||
|
||||
def add_storage_server(self, name, public_key):
|
||||
"""
|
||||
:param name: a user-meaningful name for the server
|
||||
:param public_key: ed25519.VerifyingKey the public-key of the
|
||||
storage provider (e.g. from the contents of node.pubkey
|
||||
for the client)
|
||||
"""
|
||||
if name in self._storage_servers:
|
||||
raise KeyError(
|
||||
"Already have a storage server called '{}'".format(name)
|
||||
)
|
||||
ss = _GridManagerStorageServer(name, public_key, None)
|
||||
self._storage_servers[name] = ss
|
||||
return ss
|
||||
|
||||
def remove_storage_server(self, name):
|
||||
"""
|
||||
:param name: a user-meaningful name for the server
|
||||
"""
|
||||
try:
|
||||
del self._storage_servers[name]
|
||||
except KeyError:
|
||||
raise KeyError(
|
||||
"No storage server called '{}'".format(name)
|
||||
)
|
||||
|
||||
def marshal(self):
|
||||
data = {
|
||||
u"grid_manager_config_version": self._version,
|
||||
u"private_key": self._private_key_bytes.decode('ascii'),
|
||||
}
|
||||
if self._storage_servers:
|
||||
data[u"storage_servers"] = {
|
||||
name: srv.marshal()
|
||||
for name, srv
|
||||
in self._storage_servers.items()
|
||||
}
|
||||
return data
|
||||
|
||||
|
||||
def save_grid_manager(file_path, grid_manager):
|
||||
"""
|
||||
Writes a Grid Manager configuration.
|
||||
|
||||
:param file_path: a FilePath specifying where to write the config
|
||||
(if None, stdout is used)
|
||||
|
||||
:param grid_manager: a _GridManager instance
|
||||
"""
|
||||
data = json.dumps(
|
||||
grid_manager.marshal(),
|
||||
indent=4,
|
||||
)
|
||||
|
||||
if file_path is None:
|
||||
print("{}\n".format(data))
|
||||
else:
|
||||
fileutil.make_dirs(file_path.path, mode=0o700)
|
||||
with file_path.child("config.json").open("w") as f:
|
||||
f.write("{}\n".format(data))
|
|
@ -1,497 +0,0 @@
|
|||
from __future__ import print_function
|
||||
|
||||
import sys
|
||||
import json
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
from allmydata.scripts.common import BaseOptions
|
||||
from allmydata.util.abbreviate import abbreviate_time
|
||||
from twisted.python import usage
|
||||
from twisted.python.filepath import FilePath
|
||||
from allmydata.util import fileutil
|
||||
from allmydata.util import base32
|
||||
from allmydata.crypto import ed25519
|
||||
from twisted.internet.defer import inlineCallbacks, returnValue
|
||||
|
||||
|
||||
class CreateOptions(BaseOptions):
|
||||
description = (
|
||||
"Create a new identity key and configuration of a Grid Manager"
|
||||
)
|
||||
|
||||
|
||||
class ShowIdentityOptions(BaseOptions):
|
||||
description = (
|
||||
"Show the public identity key of a Grid Manager\n"
|
||||
"\n"
|
||||
"This is what you give to clients to add to their configuration"
|
||||
" so they use announcements from this Grid Manager"
|
||||
)
|
||||
|
||||
|
||||
class AddOptions(BaseOptions):
|
||||
description = (
|
||||
"Add a new storage-server's key to a Grid Manager configuration\n"
|
||||
"using NAME and PUBIC_KEY (comes from a node.pubkey file)"
|
||||
)
|
||||
|
||||
def getSynopsis(self):
|
||||
return "{} add NAME PUBLIC_KEY".format(super(AddOptions, self).getSynopsis())
|
||||
|
||||
def parseArgs(self, *args, **kw):
|
||||
BaseOptions.parseArgs(self, **kw)
|
||||
if len(args) != 2:
|
||||
raise usage.UsageError(
|
||||
"Requires two arguments: name public_key"
|
||||
)
|
||||
self['name'] = unicode(args[0])
|
||||
try:
|
||||
# WTF?! why does it want 'str' and not six.text_type?
|
||||
self['storage_public_key'] = ed25519.verifying_key_from_string(args[1])
|
||||
except Exception as e:
|
||||
raise usage.UsageError(
|
||||
"Invalid public_key argument: {}".format(e)
|
||||
)
|
||||
|
||||
|
||||
class RemoveOptions(BaseOptions):
|
||||
description = (
|
||||
"Remove a storage-server from a Grid Manager configuration"
|
||||
)
|
||||
|
||||
def parseArgs(self, *args, **kw):
|
||||
BaseOptions.parseArgs(self, **kw)
|
||||
if len(args) != 1:
|
||||
raise usage.UsageError(
|
||||
"Requires one arguments: name"
|
||||
)
|
||||
self['name'] = unicode(args[0])
|
||||
|
||||
|
||||
class ListOptions(BaseOptions):
|
||||
description = (
|
||||
"List all storage servers in this Grid Manager"
|
||||
)
|
||||
|
||||
|
||||
class SignOptions(BaseOptions):
|
||||
description = (
|
||||
"Create and sign a new certificate for a storage-server"
|
||||
)
|
||||
|
||||
def getSynopsis(self):
|
||||
return "{} NAME EXPIRY_DAYS".format(super(SignOptions, self).getSynopsis())
|
||||
|
||||
def parseArgs(self, *args, **kw):
|
||||
BaseOptions.parseArgs(self, **kw)
|
||||
if len(args) != 2:
|
||||
raise usage.UsageError(
|
||||
"Requires two arguments: name expiry_days"
|
||||
)
|
||||
self['name'] = unicode(args[0])
|
||||
self['expiry_days'] = int(args[1])
|
||||
if self['expiry_days'] < 1 or self['expiry_days'] > 20*365:
|
||||
raise usage.UsageError(
|
||||
"Certificate expires in an unreasonable number of days: {}".format(
|
||||
self['expiry_days'],
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
class GridManagerOptions(BaseOptions):
|
||||
subCommands = [
|
||||
["create", None, CreateOptions, "Create a Grid Manager."],
|
||||
["public-identity", None, ShowIdentityOptions, "Get the public-key for this Grid Manager."],
|
||||
["add", None, AddOptions, "Add a storage server to this Grid Manager."],
|
||||
["remove", None, RemoveOptions, "Remove a storage server from this Grid Manager."],
|
||||
["list", None, ListOptions, "List all storage servers in this Grid Manager."],
|
||||
["sign", None, SignOptions, "Create and sign a new Storage Certificate."],
|
||||
]
|
||||
|
||||
optParameters = [
|
||||
("config", "c", None, "How to find the Grid Manager's configuration")
|
||||
]
|
||||
|
||||
def postOptions(self):
|
||||
if not hasattr(self, 'subOptions'):
|
||||
raise usage.UsageError("must specify a subcommand")
|
||||
if self['config'] is None:
|
||||
raise usage.UsageError("Must supply configuration with --config")
|
||||
|
||||
description = (
|
||||
'A "grid-manager" consists of some data defining a keypair (along with '
|
||||
'some other details) and Tahoe sub-commands to manipulate the data and '
|
||||
'produce certificates to give to storage-servers. Certificates assert '
|
||||
'the statement: "Grid Manager X suggests you use storage-server Y to '
|
||||
'upload shares to" (X and Y are public-keys).'
|
||||
'\n\n'
|
||||
'Clients can use Grid Managers to decide which storage servers to '
|
||||
'upload shares to. They do this by adding one or more Grid Manager '
|
||||
'public keys to their config.'
|
||||
)
|
||||
|
||||
|
||||
def _create_gridmanager():
|
||||
"""
|
||||
:return: an object providing the GridManager interface initialized
|
||||
with a new random keypair
|
||||
"""
|
||||
private_key, public_key = ed25519.create_signing_keypair()
|
||||
return _GridManager(
|
||||
ed25519.string_from_signing_key(private_key),
|
||||
{},
|
||||
)
|
||||
|
||||
def _create(gridoptions, options):
|
||||
"""
|
||||
Create a new Grid Manager
|
||||
"""
|
||||
gm_config = gridoptions['config']
|
||||
|
||||
# pre-conditions check
|
||||
fp = None
|
||||
if gm_config.strip() != '-':
|
||||
fp = FilePath(gm_config.strip())
|
||||
if fp.exists():
|
||||
raise usage.UsageError(
|
||||
"The directory '{}' already exists.".format(gm_config)
|
||||
)
|
||||
|
||||
gm = _create_gridmanager()
|
||||
_save_gridmanager_config(fp, gm)
|
||||
|
||||
|
||||
class _GridManagerStorageServer(object):
|
||||
"""
|
||||
A Grid Manager's notion of a storage server
|
||||
"""
|
||||
|
||||
def __init__(self, name, public_key, certificates):
|
||||
self.name = name
|
||||
self._public_key = public_key
|
||||
self._certificates = [] if certificates is None else certificates
|
||||
|
||||
def add_certificate(self, certificate):
|
||||
self._certificates.append(certificate)
|
||||
|
||||
def public_key(self):
|
||||
return ed25519.string_from_verifying_key(self._public_key)
|
||||
|
||||
def marshal(self):
|
||||
return {
|
||||
u"public_key": self.public_key(),
|
||||
}
|
||||
|
||||
class _GridManager(object):
|
||||
"""
|
||||
A Grid Manager's configuration.
|
||||
"""
|
||||
|
||||
@staticmethod
|
||||
def from_config(config, config_location):
|
||||
if not config:
|
||||
raise ValueError(
|
||||
"Invalid Grid Manager config in '{}'".format(config_location)
|
||||
)
|
||||
if 'private_key' not in config:
|
||||
raise ValueError(
|
||||
"Grid Manager config from '{}' requires a 'private_key'".format(
|
||||
config_location,
|
||||
)
|
||||
)
|
||||
|
||||
private_key_bytes = config['private_key'].encode('ascii')
|
||||
try:
|
||||
private_key, public_key = ed25519.signing_keypair_from_string(private_key_bytes)
|
||||
except Exception as e:
|
||||
raise ValueError(
|
||||
"Invalid Grid Manager private_key: {}".format(e)
|
||||
)
|
||||
|
||||
storage_servers = dict()
|
||||
for name, srv_config in config.get(u'storage_servers', {}).items():
|
||||
if not 'public_key' in srv_config:
|
||||
raise ValueError(
|
||||
"No 'public_key' for storage server '{}'".format(name)
|
||||
)
|
||||
storage_servers[name] = _GridManagerStorageServer(
|
||||
name,
|
||||
ed25519.verifying_key_from_string(srv_config['public_key'].encode('ascii')),
|
||||
None,
|
||||
)
|
||||
|
||||
gm_version = config.get(u'grid_manager_config_version', None)
|
||||
if gm_version != 0:
|
||||
raise ValueError(
|
||||
"Missing or unknown version '{}' of Grid Manager config".format(
|
||||
gm_version
|
||||
)
|
||||
)
|
||||
return _GridManager(private_key_bytes, storage_servers)
|
||||
|
||||
def __init__(self, private_key_bytes, storage_servers):
|
||||
self._storage_servers = dict() if storage_servers is None else storage_servers
|
||||
self._private_key_bytes = private_key_bytes
|
||||
self._private_key, self._public_key = ed25519.signing_keypair_from_string(self._private_key_bytes)
|
||||
self._version = 0
|
||||
|
||||
@property
|
||||
def storage_servers(self):
|
||||
return self._storage_servers
|
||||
|
||||
def public_identity(self):
|
||||
return ed25519.string_from_verifying_key(self._public_key)
|
||||
|
||||
def sign(self, name, expiry_seconds):
|
||||
try:
|
||||
srv = self._storage_servers[name]
|
||||
except KeyError:
|
||||
raise KeyError(
|
||||
u"No storage server named '{}'".format(name)
|
||||
)
|
||||
expiration = datetime.utcnow() + timedelta(seconds=expiry_seconds)
|
||||
epoch_offset = (expiration - datetime(1970, 1, 1)).total_seconds()
|
||||
cert_info = {
|
||||
"expires": epoch_offset,
|
||||
"public_key": srv.public_key(),
|
||||
"version": 1,
|
||||
}
|
||||
cert_data = json.dumps(cert_info, separators=(',',':'), sort_keys=True).encode('utf8')
|
||||
sig = ed25519.sign_data(self._private_key, cert_data)
|
||||
certificate = {
|
||||
u"certificate": cert_data,
|
||||
u"signature": base32.b2a(sig),
|
||||
}
|
||||
|
||||
vk = ed25519.verifying_key_from_signing_key(self._private_key)
|
||||
ed25519.verify_signature(vk, sig, cert_data)
|
||||
|
||||
return certificate
|
||||
|
||||
def add_storage_server(self, name, public_key):
|
||||
"""
|
||||
:param name: a user-meaningful name for the server
|
||||
:param public_key: ed25519.VerifyingKey the public-key of the
|
||||
storage provider (e.g. from the contents of node.pubkey
|
||||
for the client)
|
||||
"""
|
||||
if name in self._storage_servers:
|
||||
raise KeyError(
|
||||
"Already have a storage server called '{}'".format(name)
|
||||
)
|
||||
ss = _GridManagerStorageServer(name, public_key, None)
|
||||
self._storage_servers[name] = ss
|
||||
return ss
|
||||
|
||||
def remove_storage_server(self, name):
|
||||
"""
|
||||
:param name: a user-meaningful name for the server
|
||||
"""
|
||||
try:
|
||||
del self._storage_servers[name]
|
||||
except KeyError:
|
||||
raise KeyError(
|
||||
"No storage server called '{}'".format(name)
|
||||
)
|
||||
|
||||
def marshal(self):
|
||||
data = {
|
||||
u"grid_manager_config_version": self._version,
|
||||
u"private_key": self._private_key_bytes.decode('ascii'),
|
||||
}
|
||||
if self._storage_servers:
|
||||
data[u"storage_servers"] = {
|
||||
name: srv.marshal()
|
||||
for name, srv
|
||||
in self._storage_servers.items()
|
||||
}
|
||||
return data
|
||||
|
||||
|
||||
def _save_gridmanager_config(file_path, grid_manager):
|
||||
"""
|
||||
Writes a Grid Manager configuration.
|
||||
|
||||
:param file_path: a FilePath specifying where to write the config
|
||||
(if None, stdout is used)
|
||||
|
||||
:param grid_manager: a _GridManager instance
|
||||
"""
|
||||
data = json.dumps(
|
||||
grid_manager.marshal(),
|
||||
indent=4,
|
||||
)
|
||||
|
||||
if file_path is None:
|
||||
print("{}\n".format(data))
|
||||
else:
|
||||
fileutil.make_dirs(file_path.path, mode=0o700)
|
||||
with file_path.child("config.json").open("w") as f:
|
||||
f.write("{}\n".format(data))
|
||||
|
||||
|
||||
def _load_gridmanager_config(fp):
|
||||
"""
|
||||
Loads a Grid Manager configuration and returns it (a dict) after
|
||||
validating. Exceptions if the config can't be found, or has
|
||||
problems.
|
||||
|
||||
:param FilePath fp: None for stdin or a path to a Grid Manager
|
||||
configuration directory
|
||||
"""
|
||||
if fp is None:
|
||||
gm = json.load(sys.stdin)
|
||||
else:
|
||||
with fp.child("config.json").open("r") as f:
|
||||
gm = json.load(f)
|
||||
|
||||
try:
|
||||
return _GridManager.from_config(gm, fp or "<stdin>")
|
||||
except ValueError as e:
|
||||
raise usage.UsageError(str(e))
|
||||
|
||||
|
||||
def _show_identity(gridoptions, options):
|
||||
"""
|
||||
Output the public-key of a Grid Manager
|
||||
"""
|
||||
gm_config = gridoptions['config'].strip()
|
||||
assert gm_config is not None
|
||||
|
||||
gm = _load_gridmanager_config(gm_config)
|
||||
print(gm.public_identity())
|
||||
|
||||
|
||||
def _add(gridoptions, options):
|
||||
"""
|
||||
Add a new storage-server by name to a Grid Manager
|
||||
"""
|
||||
gm_config = gridoptions['config'].strip()
|
||||
fp = FilePath(gm_config) if gm_config.strip() != '-' else None
|
||||
|
||||
gm = _load_gridmanager_config(gm_config)
|
||||
try:
|
||||
gm.add_storage_server(
|
||||
options['name'],
|
||||
options['storage_public_key'],
|
||||
)
|
||||
except KeyError:
|
||||
raise usage.UsageError(
|
||||
"A storage-server called '{}' already exists".format(options['name'])
|
||||
)
|
||||
|
||||
_save_gridmanager_config(fp, gm)
|
||||
return 0
|
||||
|
||||
|
||||
def _remove(gridoptions, options):
|
||||
"""
|
||||
Remove an existing storage-server by name from a Grid Manager
|
||||
"""
|
||||
gm_config = gridoptions['config'].strip()
|
||||
fp = FilePath(gm_config) if gm_config.strip() != '-' else None
|
||||
gm = _load_gridmanager_config(gm_config)
|
||||
|
||||
try:
|
||||
gm.remove_storage_server(options['name'])
|
||||
except KeyError:
|
||||
raise usage.UsageError(
|
||||
"No storage-server called '{}' exists".format(options['name'])
|
||||
)
|
||||
cert_count = 0
|
||||
if fp is not None:
|
||||
while fp.child('{}.cert.{}'.format(options['name'], cert_count)).exists():
|
||||
fp.child('{}.cert.{}'.format(options['name'], cert_count)).remove()
|
||||
cert_count += 1
|
||||
|
||||
_save_gridmanager_config(fp, gm)
|
||||
return 0
|
||||
|
||||
|
||||
def _list(gridoptions, options):
|
||||
"""
|
||||
List all storage-servers known to a Grid Manager
|
||||
"""
|
||||
gm_config = gridoptions['config'].strip()
|
||||
fp = FilePath(gm_config) if gm_config.strip() != '-' else None
|
||||
|
||||
gm = _load_gridmanager_config(gm_config)
|
||||
for name in sorted(gm.storage_servers.keys()):
|
||||
print("{}: {}".format(name, gm.storage_servers[name].public_key()))
|
||||
if fp:
|
||||
cert_count = 0
|
||||
while fp.child('{}.cert.{}'.format(name, cert_count)).exists():
|
||||
container = json.load(fp.child('{}.cert.{}'.format(name, cert_count)).open('r'))
|
||||
cert_data = json.loads(container['certificate'])
|
||||
expires = datetime.utcfromtimestamp(cert_data['expires'])
|
||||
delta = datetime.utcnow() - expires
|
||||
if delta.total_seconds() < 0:
|
||||
print("{}: cert {}: valid until {} ({})".format(name, cert_count, expires, abbreviate_time(delta)))
|
||||
else:
|
||||
print("{}: cert {}: expired ({})".format(name, cert_count, abbreviate_time(delta)))
|
||||
cert_count += 1
|
||||
|
||||
|
||||
def _sign(gridoptions, options):
|
||||
"""
|
||||
sign a new certificate
|
||||
"""
|
||||
gm_config = gridoptions['config'].strip()
|
||||
fp = FilePath(gm_config) if gm_config.strip() != '-' else None
|
||||
gm = _load_gridmanager_config(gm_config)
|
||||
|
||||
expiry_seconds = int(options['expiry_days']) * 86400
|
||||
|
||||
try:
|
||||
certificate = gm.sign(options['name'], expiry_seconds)
|
||||
except KeyError:
|
||||
raise usage.UsageError(
|
||||
"No storage-server called '{}' exists".format(options['name'])
|
||||
)
|
||||
|
||||
certificate_data = json.dumps(certificate, indent=4)
|
||||
print(certificate_data)
|
||||
if fp is not None:
|
||||
next_serial = 0
|
||||
while fp.child("{}.cert.{}".format(options['name'], next_serial)).exists():
|
||||
next_serial += 1
|
||||
with fp.child('{}.cert.{}'.format(options['name'], next_serial)).open('w') as f:
|
||||
f.write(certificate_data)
|
||||
|
||||
|
||||
grid_manager_commands = {
|
||||
CreateOptions: _create,
|
||||
ShowIdentityOptions: _show_identity,
|
||||
AddOptions: _add,
|
||||
RemoveOptions: _remove,
|
||||
ListOptions: _list,
|
||||
SignOptions: _sign,
|
||||
}
|
||||
|
||||
@inlineCallbacks
|
||||
def gridmanager(config):
|
||||
"""
|
||||
Runs the 'tahoe grid-manager' command.
|
||||
"""
|
||||
if config.subCommand is None:
|
||||
print(config)
|
||||
returnValue(1)
|
||||
|
||||
try:
|
||||
f = grid_manager_commands[config.subOptions.__class__]
|
||||
except KeyError:
|
||||
print(config.subOptions, grid_manager_commands.keys())
|
||||
print("Unknown command 'tahoe grid-manager {}': no such grid-manager subcommand".format(config.subCommand))
|
||||
returnValue(2)
|
||||
|
||||
x = yield f(config, config.subOptions)
|
||||
returnValue(x)
|
||||
|
||||
subCommands = [
|
||||
["grid-manager", None, GridManagerOptions,
|
||||
"Grid Manager subcommands: use 'tahoe grid-manager' for a list."],
|
||||
]
|
||||
|
||||
dispatch = {
|
||||
"grid-manager": gridmanager,
|
||||
}
|
Loading…
Reference in New Issue