nice stubs for the 'web' library

bin/install

@@ -1,8 +1,7 @@
 #!/bin/bash
 
-PYTHON_EXE="/usr/bin/env python"
-
 FORCE_FRESH_INSTALL="yes"
+NIMBUS_ALLOW_ROOT_INSTALL="no"
 
 NIMBUS_SRC_REL="`dirname $0`/.."
 NIMBUS_SRC=`cd $NIMBUS_SRC_REL; pwd`
@@ -44,15 +43,21 @@ if [ -d $NIMBUS_HOME ] && [ "$(ls -A $NIMBUS_HOME)" ]; then
     fi
 fi
 
+
+if [ ! -d $NIMBUS_HOME ]; then
+    mkdir $NIMBUS_HOME
+fi
+
+PYTHON_EXE="/usr/bin/env python"
 # returns 0 if Python 2.4+
 $PYTHON_EXE -c "import sys; sys.exit(sys.version_info < (2,4))"
 if [ $? -ne 0 ]; then
     echo "ERROR: Your system must have Python version 2.4 or later."
     exit 1
 fi
 
+$NIMBUS_SRC/bin/create-nimbus-home $NIMBUS_HOME 2>&1 | tee $NIMBUS_HOME/install.log
 
-$NIMBUS_SRC/bin/create-nimbus-home $NIMBUS_HOME
 
 if [ $? -ne 0 ]; then
     echo ""
@@ -66,7 +71,6 @@ if [ ! -f $CUMULUS_ENV ]; then
     exit 1
 fi
 
-
 echo "-----------------------------------------------------------------"
 echo " Configuring installed services"
 echo "-----------------------------------------------------------------"
@@ -90,68 +94,4 @@ if [ $? -ne 0 ]; then
 fi
 
 
-CUMULUS_REPO_BUCKET=`$CONFIG_SCRIPT --print-repobucket`
-if [ $? -ne 0 ]; then
-    echo "Could not determine Cumulus repository bucket."
-    exit 1
-fi
-
-CUMULUS_HOST=`$CONFIG_SCRIPT --print-hostname`
-if [ $? -ne 0 ]; then
-    echo "Could not determine chosen hostname."
-    exit 1
-fi
-
-echo ""
-echo "Creating Cumulus repository with the following commands:"
-echo ""
-
-REPOCMD1="$NIMBUS_HOME/bin/nimbusctl cumulus start"
-REPOCMD2="$NIMBUS_HOME/cumulus/bin/cumulus-create-repo-admin nimbusadmin@${CUMULUS_HOST} $CUMULUS_REPO_BUCKET"
-REPOCMD3="$NIMBUS_HOME/bin/nimbusctl cumulus stop"
-
-echo "    $REPOCMD1"
-echo "    $REPOCMD2"
-echo "    $REPOCMD3"
-echo ""
-
-$REPOCMD1
-if [ $? -ne 0 ]; then
-    echo "Could not start Cumulus."
-    exit 1
-fi
-
-$REPOCMD2
-if [ $? -ne 0 ]; then
-    echo "Could not create Cumulus repository."
-    exit 1
-fi
-
-$REPOCMD3
-if [ $? -ne 0 ]; then
-    echo "Could not stop Cumulus? (continuing)"
-fi
-
-echo ""
-echo ""
-echo "-----------------------------------------------------------------"
-echo " Nimbus installation succeeded!"
-echo "-----------------------------------------------------------------"
-echo ""
-echo "However, additional configuration may be necessary:"
-echo ""
-echo "    To run the auto-configuration program, launch:"
-echo "        $NIMBUS_HOME/services/share/nimbus-autoconfig/autoconfig.sh"
-echo ""
-echo "    To run the cloud configuration admin helper, launch:"
-echo "        $NIMBUS_HOME/services/share/nimbus-autoconfig/cloud-admin.sh"
-echo ""
-
-echo "Refer to the Administrator Guide for details:"
-echo "    http://www.nimbusproject.org/docs/"
-echo ""
-echo "You can start/stop Nimbus services with the nimbusctl command. e.g:"
-echo "    $NIMBUS_HOME/bin/nimbusctl start"
-echo ""
-
-exit 0
+$NIMBUS_SRC/bin/install-real.sh  "${@}" 2>&1 | tee -a $NIMBUS_HOME/install.log

cumulus/src/etc/acl.sql

@@ -41,8 +41,10 @@ insert into object_types(name) values ('hdfs');
 -- IDs and credentials and such that references this single ID
 create table users_canonical(
     id char(36) PRIMARY KEY,
-    friendly_name varchar(64) UNIQUE
+    friendly_name varchar(64) UNIQUE NOT NULL
 );
+insert into users_canonical(id, friendly_name) values ('CumulusAuthenticatedUser', 'CumulusAuthenticatedUser');
+insert into users_canonical(id, friendly_name) values ('CumulusPublicUser', 'CumulusPublicUser');
 
 -- insert into users_canonical(id, friendly_name) values ('CumulusPublicUser', 'CumulusPublicUser');
 -- insert into users_canonical(id, friendly_name) values ('CumulusAuthenticatedUser', 'CumulusAuthenticatedUser');
@@ -80,6 +82,8 @@ create table user_alias(
     UNIQUE(friendly_name, alias_type)
 );
 
+insert into user_alias(user_id, alias_name, friendly_name, alias_type) values ('CumulusAuthenticatedUser', 'CumulusAuthenticatedUser', 'CumulusAuthenticatedUser', 1);
+insert into user_alias(user_id, alias_name, friendly_name, alias_type) values ('CumulusPublicUser', 'CumulusPublicUser', 'CumulusPublicUser', 1);
 -- the actual data.
 -- this can be a file, a dhfs file key, or a gridftp url (?)
 -- it is names speced by the url spec

cumulus/src/etc/env.sh.in

@@ -1,9 +1,10 @@
 #!/bin/sh
 
+pypath="@INSTALLDIR@/lib:@INSTALLDIR@/lib/python2.5/site-packages/"
 if [ "X${PYTHONPATH}" == "X" ]; then
-    PYTHONPATH=@INSTALLDIR@
+    PYTHONPATH=$pypath
 else
-    PYTHONPATH=@INSTALLDIR@:${PYTHONPATH}
+    PYTHONPATH=$pypath:${PYTHONPATH}
 fi
 export PYTHONPATH
 

cumulus/src/pycb/__init__.py

@@ -65,7 +65,7 @@ def __init__(self):
 
         if config_error:
             print """cumulus.ini file must have the following set:
-installdir=<path to cumulus installation
+installdir=<path to cumulus installation>
 
 The search path for cumulus.ini is:
 

cumulus/src/pycb/cbAuthzSecurity.py

@@ -273,26 +273,6 @@ def __init__(self, con_str):
 
         self.con_str = con_str
 
-        db_obj = DB(con_str=self.con_str)
-        # add a public user (if not there)
-        try:
-            pub = User(db_obj, uu=pycb.public_user_id, friendly=pycb.public_user_id, create=True)
-            pu = pub.create_alias(pycb.public_user_id, pynimbusauthz.alias_type_s3, pycb.public_user_id)
-        except:
-            #pycb.log(logging.INFO, "error adding user public %s" % (sys.exc_info()[0]), tb = traceback)
-            pass
-            #traceback.print_exc(file=sys.stdout)
-        # add a authenticated user (if not there)
-        try:
-            authed = User(db_obj, uu=pycb.authenticated_user_id, friendly=pycb.authenticated_user_id, create=True)
-            au = authed.create_alias(pycb.authenticated_user_id, pynimbusauthz.alias_type_s3, pycb.authenticated_user_id)
-        except:
-            #pycb.log(logging.INFO, "error adding user authed %s" % (sys.exc_info()[0]), tb=traceback)
-            #traceback.print_exc(file=sys.stdout)
-            pass
-        db_obj.commit()
-        #db_obj.close()
-        # load the users for global use
         authed_user = self.get_user(pycb.authenticated_user_id)
         public_user = self.get_user(pycb.public_user_id)
 
@@ -302,7 +282,7 @@ def get_user(self, id):
 
     def create_user(self, display_name, id, pw, opts):
         db_obj = DB(con_str=self.con_str)
-        user = User(db_obj)
+        user = User(db_obj, friendly=display_name)
         user_alias = user.create_alias(id, "s3", display_name, alias_data=pw)
         db_obj.commit()
         db_obj.close()

cumulus/src/pycb/tools/__init__.py

@@ -21,6 +21,7 @@ def print_report(report_obj, cols, opts):
             out_line = out_line + delim + v
             delim = d
         else:
+            c = c.replace('_', " ")
             pynimbusauthz.print_msg(opts, 0,  "%-15s : %s" % (c, v))
 
     pynimbusauthz.print_msg(opts, 0,  out_line)

cumulus/src/pynimbusauthz/__init__.py

@@ -29,6 +29,10 @@
 
 Version = "0.1"
 
+def long_help_callback(option, opt, value, parser, all_opts):
+    for o in all_opts:
+        print o
+
 def reverse_lookup_type(dict, val):
     for x in dict.keys():
         if dict[x] == val:

cumulus/src/pynimbusauthz/cmd_opts.py

@@ -5,8 +5,8 @@
 
 class cbOpts(object):
 
-    def __init__(self, long, short, description, default, vals=None, range=None, flag=None, count=False):
-        self.long = "--" + long
+    def __init__(self, long, short, description, default, vals=None, range=None, flag=None, count=False, long_help=False):
+        self.long = "--" + long.replace('_', '-')
         self.dest = long
         self.short = "-" + short
         self.vals = vals
@@ -15,6 +15,7 @@ def __init__(self, long, short, description, default, vals=None, range=None, fla
         self.range = range
         self.description = description
         self.count = count
+        self.long_help = long_help
 
     def get_error_msg(self):
         if self.flag != None:

cumulus/src/pynimbusauthz/user.py

@@ -15,11 +15,9 @@ def __init__(self, db_obj, uu=None, friendly=None, create=False):
             else:
                 self.uuid = str(uuid.uuid1())
             if friendly == None:
-                s = "INSERT INTO users_canonical(id) values(?)"
-                data = (self.uuid,)
-            else:
-                s = "INSERT INTO users_canonical(id, friendly_name) values(?, ?)"
-                data = (self.uuid,friendly,)
+                raise Exception('You must specify a friendly name')
+            s = "INSERT INTO users_canonical(id, friendly_name) values(?, ?)"
+            data = (self.uuid,friendly,)
 
             db_obj._run_no_fetch(s, data)
             self.friendly_name = friendly
@@ -134,15 +132,14 @@ def create_alias(self, alias_name, alias_type, friendly_name, alias_data=None):
         i = "INSERT INTO user_alias(user_id, alias_name, alias_type"
         v = "values(?, ?, ?"
         data = [self.uuid, alias_name, at]
+        i = i + ", friendly_name"
+        v = v + ", ?"
+        data.append(friendly_name)
 
         if alias_data != None:
             i = i + ", alias_type_data"
             v = v + ", ?"
             data.append(alias_data)
-        if friendly_name != None:
-            i = i + ", friendly_name"
-            v = v + ", ?"
-            data.append(friendly_name)
 
         s = i + ')' + v + ')'
 

home/sbin/nimbus_new_user.py

@@ -25,7 +25,7 @@
 import shlex
 
 g_created_cert_files=False
-g_report_options = ["cert", "key", "dn", "canonical_id", "accessid", "accesssecret", "url"]
+g_report_options = ["cert", "key", "dn", "canonical_id", "access_id", "access_secret", "url", "web_id"]
 
 
 def get_nimbus_home():
@@ -113,13 +113,13 @@ def setup_options(argv):
     all_opts.append(opt)
     opt = cbOpts("cn", "n", "This is used to set the common name when generating a new certificate.  If none is specified the email address is used.  This can be optionally used in conjunction with --key and --cert", None)
     all_opts.append(opt)
-    opt = cbOpts("accessid", "a", "Instead of generating a new access id/secret pair, use this one.  This must be used with the --accesssecret option", None)
+    opt = cbOpts("access_id", "a", "Instead of generating a new access id/secret pair, use this one.  This must be used with the --access-secret option", None)
     all_opts.append(opt)
-    opt = cbOpts("accesssecret", "p", "Instead of generating a new access id/secret pair, use this one.  This must be used with the --accessid option", None)
+    opt = cbOpts("access_secret", "p", "Instead of generating a new access id/secret pair, use this one.  This must be used with the --access-id option", None)
     all_opts.append(opt)
     opt = cbOpts("dest", "d", "The directory to put all of the new files into.", None)
     all_opts.append(opt)
-    opt = cbOpts("web", "w", "Set the web user name.  If not set and a web user is desired a username will be created from the email address.", None)
+    opt = cbOpts("web_id", "w", "Set the web user name.  If not set and a web user is desired a username will be created from the email address.", None)
     all_opts.append(opt)
     opt = cbOpts("noweb", "W", "Do not put stuff into webapp sqlite", False)
     all_opts.append(opt)
@@ -141,27 +141,28 @@ def setup_options(argv):
     if o.cert == None and o.key != None or o.cert != None and o.key == None:
         print "key and cert must be used together"
         pynimbusauthz.parse_args(parser, all_opts, ["--help"])
-    if o.accessid == None and o.accesssecret != None or o.accessid != None and o.accesssecret == None:
-        print "secret and accessid must be used together"
+    if o.access_id == None and o.access_secret != None or o.access_id != None and o.access_secret == None:
+        print "secret and access-id must be used together"
         pynimbusauthz.parse_args(parser, all_opts, ["--help"])
     if o.noweb and o.nocert and o.noaccess:
         print "you must want this tool to do something"
         pynimbusauthz.parse_args(parser, all_opts, ["--help"])
     if o.dest == None:
-        o.dest = tempfile.mkdtemp()
+        nh = get_nimbus_home() + "/var/ca/"
+        o.dest = tempfile.mkdtemp(suffix='cert', prefix='tmp', dir=nh)
     else:
         try:
             os.mkdir(o.dest)
         except:
             pass
 
     # verify the id/secret length
-    if o.accessid != None:
-        if len(o.accessid) != 21:
-            print "secret and accessid must be used together"
+    if o.access_id != None:
+        if len(o.access_id) != 21:
+            print "secret and access_id must be used together"
             pynimbusauthz.parse_args(parser, all_opts, ["--help"])
-        if len(o.accesssecret) != 42:
-            print "secret and accessid must be used together"
+        if len(o.access_secret) != 42:
+            print "secret and access_id must be used together"
             pynimbusauthz.parse_args(parser, all_opts, ["--help"])
     if o.cert != None:
         if not os.path.isfile(o.cert):
@@ -209,11 +210,11 @@ def create_user(o):
         # create canonical user
         user = User(db, friendly=o.emailaddr)
         o.canonical_id = user.get_id()
-        if not o.noaccess and o.accessid == None:
-            o.accessid = pynimbusauthz.random_string_gen(21)
-            o.accesspw = pynimbusauthz.random_string_gen(42)
+        if not o.noaccess and o.access_id == None:
+            o.access_id = pynimbusauthz.random_string_gen(21)
+            o.access_secret = pynimbusauthz.random_string_gen(42)
             # add to db
-            ua1 = user.create_alias(o.accessid, pynimbusauthz.alias_type_s3, o.emailaddr, alias_data=o.accesspw)
+            ua1 = user.create_alias(o.access_id, pynimbusauthz.alias_type_s3, o.emailaddr, alias_data=o.access_secret)
 
         if not o.nocert:
             # if not give a dn we need to get it from the provided cert, or 
@@ -229,10 +230,11 @@ def create_user(o):
             add_gridmap(o)
 
         if not o.noweb:
-            if o.web == None:
-                o.web = o.emailaddr.__hash__()
-            # call into web api
+            if o.web_id == None:
+                o.web_id = o.emailaddr.__hash__()
+            do_web_bidnes(o)
             pass
+        do_group_bidnes(o)
 
         db.commit()
     except Exception, ex1:
@@ -243,6 +245,12 @@ def create_user(o):
         db.rollback()
         raise ex1
 
+def do_web_bidnes(o):
+    pass
+
+def do_group_bidnes(o):
+    pass
+
 def report_results(o):
     pycb.tools.print_report(o, o.report, o)