ó h'dWc@s¾dZddlZddlmZmZmZmZmZmZm Z m Z m Z m Z m Z mZmZmZmZmZmZmZmZddlmZmZdefd„ƒYZdS(s AI Client Interface iÿÿÿÿN(tEventsGeneratort ERROR_TYPEt ARCHITECTUREt AIServerErrortObjectChangedEventtClientStatusEventt CreatedEventt DeletedEventt MACAddresstmake_credentialt CertificatetKeytFWt AUTH_NONEtFW_KEYStSERVICE_STATUSt check_authst CLIENT_AUTHt SERVICE_AUTH(tsecuritytget_server_instancetClientcBsŽeZdZdd„Zed„ƒZed„ƒZd„Ze d„ƒZ e d„ƒZ e d„ƒZ e d„ƒZ e d „ƒZe d „ƒZe d „ƒZe d „ƒZd „Zd„Zd„Zed„ƒZe d„ƒZe d„ƒZe d„ƒZe d„ƒZe d„ƒZd„Zeed„Zdd„Zd„Zd„Z d„Z!e d„ƒZ"d„Z#d„Z$RS( sThe Client interface represents a client in the AI server. Each specific client is associated with exactly one AI service. The following event types are possible for a Client: - ObjectChangedEvent - ClientStatusEvent - DeletedEvent - CreatedEvent cCs||_||_||_t|_d|_d|_t|t ƒsjt t j t dƒt|ƒƒ‚n|dk rŒ|j|j|ƒn|jjj|j|ƒt|_t|_t|_t|_t|_t|_d|_d|_tt|ƒjt t!t"t#gƒdS(s[This method adds a new client to this service, initializing with the specified values. Parameters service: Service This is a reference to the Service that this Client is to be associated with. mac_address: MACAddress This is the MAC address of the client system. This should be unique in the AI server. The format of the MAC address may be one of several variations: Hexadecimal, separated by colons, e.g.: "AA:BB:CC:DD:EE:FF" Client ID, with or without the '01' prefix, e.g. "01AABBCCDDEEFF" or "AABBCCDDEEFF". boot_args: Dictionary Optional: This only applies to X86 clients. If provided, then these arguments are used to set the boot arguments in the grub.cfg file specific to this new client. Return Value None Errors / Exceptions AIServerError The following error types can be raised by this method: - DuplicateEntry This error/exception will be raised if the mac_address value matches any existing client on the AI server. - InvalidValue Some of the parameters passed are invalid. sInvalid Mac address: '%s'N($t_servicet _mac_addresst _boot_argstFalset_custom_grubcfgtNonet_grubcfgt _client_dictt isinstanceRRRt INVALID_VALUEt_tstrtvalidate_boot_argstservicet_clientstaddtmac_address_strR t_keyt_certt _ca_certst_deleted_certst_aest_sha1t_has_credentialst _is_securetsuperRt__init__RRRR(tselfR#t mac_addresst boot_args((s client.pyR03s."                 c Ksttƒtƒ}|jd|ƒ}|r8|d}nd }||||}tƒ}tƒ}||d<|jj|d<|j |d<|j r¢|j |dR&R?R3RR@R#R$RARR%(R1R#R8R9RGRHR:RZ((s client.pytupdate_serviceas$          c Csûttƒ|j|j|ƒ|jrAttjtdƒƒ‚n|j rr|jjrrttjtdƒƒ‚nt ƒ}t ƒ}||d<|jj |d<|j |d<||dR&RR@R(R1R3R8R9RGRHR:RZ((s client.pytupdate_boot_argss,            c Csättƒ|jjtjkr:ttjt dƒƒ‚nt ƒ}t ƒ}||d<|jj |d<|j |d<||dR&RR@RRRPRR(R1tcontentsR8R9RGRHR:RZ((s client.pytupdate_grubcfgÊs*             cCsö|dkrtSt|tƒsDttjtdƒt|ƒƒ‚n|j t j krqttjtdƒƒ‚nx~|j ƒD]p\}}t|t ƒ s¡| rÀttjtdƒ|ƒ‚nt|t ƒs~ttjtdƒ|ƒ‚q~q~WtS(sæValidates the boot_args provided. Parameters service: Service Service for which these boot args need to be checked. boot_args: Dictionary This only applies to X86 clients. These arguments are used to set the boot arguments in the menu.list or grub.cfg file specific to this client. Return Value Boolean True if the boot arguments are valid. Errors / Exceptions AIServerError The following error types can be raised by this method: - InvalidValue This signifies that an invalid value was passed as a parameter. sInvalid boot arguments: '%s's/Boot arguments not supported for SPARC servicessInvalid boot argument: '%s's!Invalid boot argument value: '%s'N(RRPRR=RRRR R!RaRRptitemst basestring(RBR#R3tkeyRV((s client.pyR"s$       cCs(tƒjo'|jdk o'|jdk S(s0Returns True if this client is considered secureN(Rtis_security_enabledt security_keyRt security_cert(R1((s client.pyt is_secure0s cCsttƒ|jtkrˆ|j}tƒj}|jd|d|jj ƒ}|dk r||\}}t t ||ƒ|_qˆd|_n|jS(sEReturns Client's key. Returns: a Key object or None. tcidtsvcN( RRR'R R^RRtget_client_keyR#R>RR R (R1Rztsecobjt client_keyt key_sourcetkey_file((s client.pyRw6s      cCsttƒ|jtkrˆ|j}tƒj}|jd|d|jj ƒ}|dk r||\}}t t ||ƒ|_qˆd|_n|jS(sUReturns Client's certificate. Returns: a Certificate object or None. RzR{N( RRR(R R^RRtget_client_certR#R>RR R (R1RzR}t client_certt cert_sourcet cert_file((s client.pyRxIs       c Csttƒtƒj}|j}|jtkrŽ|jtj d|d|j j ƒ}|dk r‚|\}}t t||ƒ|_qŽd|_n|jtkrý|jtjd|d|j j ƒ}|dk rñ|\}}t t||ƒ|_qýd|_nt|j|jƒS(suGet client's FW key. Returns: a tuple of two (ENCR_AES & HMAC_SHA1) FW objects, or None. RzR{N(RRRRR^R+R tget_client_fw_keytsectENCR_AESR#R>RR R R,t HMAC_SHA1R( R1R}Rzt service_aest aes_sourcet aes_contentst service_sha1t sha1_sourcet sha1_contents((s client.pytfw_key^s$         cCsÈttƒ|jtkrÁtƒ}|j}tƒj}|jd|d|j j ƒ}|dk rµ|\}}t |tƒsˆ|g}nx*|D]}|j tt||ƒƒqWn||_n|jS(sjGets the CA certificates for the client. Returns a list, possibly empty, of Certificates. RzR{N(RRR)R R<R^RRtget_client_cacrtR#R>RRtappendR R (R1tca_certsRzR}t client_cat ca_sourcet ca_contentst ca_content((s client.pyR’|s         c Csãttƒtƒ}tƒ}||dt|_qJt|_n|S( sODeletes the cert corresponding to the given hash from the client. Parameters hash_str: String A string containing the hash value of the certificate. Return Value String The task name that will be executed by this checkpoint. Errors / Exceptions AIServerError The following error types can be raised by this method: - DuplicateEntry The cert has already been removed or it's scheduled to be removed in the current queue. s=Certificate identified by hash (%s) has already been deleted.R5t cert_hashR˜s2solaris_install/ai/server/internal/delete_securitytDeleteClientSecurityCheckpointsdelete-client-certificateR8R9R:N(RRR*R RRtDUPLICATE_ENTRYR R<R=R&RR@R‘Rxthashtdefault_client_has_credentialstdefault_client_security_certR(RRR-RP(R1thash_strR8R9RGRHR:RZ((s client.pyt delete_certNs8                c Cs'ttƒ|js.ttjtdƒƒ‚ntƒ}tƒ}||d<|j |dRRR\(R1tstr_list((s client.pyt__str__õs   N(%t__name__t __module__t__doc__RR0t classmethodRJRWRAtpropertyR#R2R&R^R3R?RkR_RmRnRrR"RyRwRxRR’R›RPRŸR§R¨R°R·R±RÄRÆ(((s client.pyR's>  E; *   . ; 60 '- : - 9 3 -(RÉR»tsolaris_install.ai.serverRRRRRRRRRR R R R R RRRRRt"solaris_install.ai.server.internalRR†RR(((s client.pyts |