Merge pull request GENI-NSF#1706 from tcmitchell/iss1393-update-keys

Update SSH keys on existing resources

Author: tcmitchell

CHANGES.md

@@ -4,8 +4,12 @@
 
 ## Changes
 
+* Provide a way to update SSH keys on existing resources
+  ([#1393](https://github.com/GENI-NSF/geni-portal/issues/1393))
 * Add some notes to geni-fetch-aggmon for testing
+  ([#1703](https://github.com/GENI-NSF/geni-portal/issues/1703))
 * Update the Jacks URL per Emulab's request
+  ([#1704](https://github.com/GENI-NSF/geni-portal/issues/1704))
 
 ## Installation Notes
 

geni-portal.spec

@@ -346,6 +346,7 @@ rm -rf $RPM_BUILD_ROOT
 %{webdir}/secure/do-renew.php
 %{webdir}/secure/do-slice-search.php
 %{webdir}/secure/do-update-user-preferences.php
+%{webdir}/secure/do-update-keys.php
 %{webdir}/secure/do-upload-project-members.php
 %{webdir}/secure/do-user-admin.php
 %{webdir}/secure/do-user-search.php
@@ -438,6 +439,7 @@ rm -rf $RPM_BUILD_ROOT
 %{webdir}/secure/slice-map-view.php
 %{webdir}/secure/slice-member.php
 %{webdir}/secure/slice-table.css
+%{webdir}/secure/slice.js
 %{webdir}/secure/slice.php
 %{webdir}/secure/slicecred.php
 %{webdir}/secure/sliceresource.php
@@ -454,6 +456,8 @@ rm -rf $RPM_BUILD_ROOT
 %{webdir}/secure/tool-omniconfig.php
 %{webdir}/secure/tool-slices.js
 %{webdir}/secure/tools-user.js
+%{webdir}/secure/updatekeys.js
+%{webdir}/secure/updatekeys.php
 %{webdir}/secure/upload-file.php
 %{webdir}/secure/upload-project-members.php
 %{webdir}/secure/uploadsshkey.php

lib/php/sa_client.php

@@ -35,7 +35,7 @@
 //   get_slices_for_member(sa_url, member_id, is_member, role=null)
 //   lookup_slice_details(sa_url, slice_uuids)
 //   get_slices_for_projects(sa_url, project_uuids, allow_expired=false)
-//   modify_slice_membership(sa_url, slice_id, 
+//   modify_slice_membership(sa_url, slice_id,
 //        members_to_add, members_to_change_role, members_to_remove)
 //   add_slice_member(sa_url, project_id, member_id, role)
 //   remove_slice_member(sa_url, slice_id, member_id)
@@ -58,7 +58,7 @@
 			'SLICE_EXPIRED' => SA_SLICE_TABLE_FIELDNAME::EXPIRED,
 			'SLICE_DESCRIPTION' => SA_SLICE_TABLE_FIELDNAME::SLICE_DESCRIPTION);
 
-$SAMEMBERCHAPI2PORTAL = array('SLICE_ROLE' => SA_SLICE_MEMBER_TABLE_FIELDNAME::ROLE, 
+$SAMEMBERCHAPI2PORTAL = array('SLICE_ROLE' => SA_SLICE_MEMBER_TABLE_FIELDNAME::ROLE,
 			      'SLICE_MEMBER_UID' => SA_SLICE_MEMBER_TABLE_FIELDNAME::MEMBER_ID);
 
 $SADETAILSKEYS = array('SLICE_UID',
@@ -125,12 +125,12 @@ function create_slice($sa_url, $signer, $project_id, $project_name, $slice_name,
                                                         $options);
   $project_urns = array_keys($lookup_project_urn_return);
   $project_urn = $project_urns[0];
-  $options = array('fields' => 
+  $options = array('fields' =>
 		   array('SLICE_NAME' => $slice_name,
 			 'SLICE_DESCRIPTION' => $description,
 			 'SLICE_PROJECT_URN' => $project_urn));
   $options = array_merge($options, $client->options());
-  $slice = $client->create_slice($client->creds(), $options); 
+  $slice = $client->create_slice($client->creds(), $options);
   $converted_slice = slice_details_chapi2portal($slice);
   // CHAPI: TODO reformat return arguments
   return $converted_slice;
@@ -179,7 +179,7 @@ function lookup_slice_ids($sa_url, $signer, $project_id)
 
 /* lookup a set of slices by name, project_id, member_id */
 /* That is, the set of slices for which this member_id is a member */
-function lookup_slices($sa_url, $signer, $project_id, $member_id)  // 
+function lookup_slices($sa_url, $signer, $project_id, $member_id)  //
 {
   $client = XMLRPCClient::get_client($sa_url, $signer);
 
@@ -280,11 +280,9 @@ function _conv_mid2urn_map_s($sa_url, $signer, $amap)
 // Make a POA geni_update_users call on all aggregates at which this slice
 // has resources, updating keys for existing members, removing keys
 // for removed members
-function update_user_keys_on_slivers($sa_url, $signer, $slice_id, 
-				     $slice_urn,
-				     $members_to_add,
-				     $members_to_change,
-				     $members_to_remove)
+function update_user_keys_on_slivers($sa_url, $signer, $slice_id, $slice_urn,
+                                     $members_to_add, $members_to_change,
+                                     $members_to_remove)
 {
   $username = $signer->username;
   $ma_url = sa_to_ma_url($sa_url);
@@ -339,7 +337,7 @@ function update_user_keys_on_slivers($sa_url, $signer, $slice_id,
   // invoke omni to call the geni_update_users POA
   $slice_users_json = json_encode($slice_users);
   $slice_users_filename = writeDataToTempFile($slice_users_json);
-  $args = array("--optionsfile", $slice_users_filename, 
+  $args = array("--optionsfile", $slice_users_filename,
 		"poa", $slice_urn, 'geni_update_users');
   $res = invoke_omni_function($am_urls, $signer, $args,
 			      array(), 0, 0, false, NULL, 3);
@@ -349,16 +347,16 @@ function update_user_keys_on_slivers($sa_url, $signer, $slice_id,
   unlink($slice_users_filename);
 
   return $res;
-  
+
 }
 
 // Modify slice membership according to given lists to add/change_role/remove
 // $members_to_add and $members_to_change role are both
 //     dictionaries of {member_id => role, ....}
 // $members_to_delete is a list of member_ids
-function modify_slice_membership($sa_url, $signer, $slice_id, 
-				 $members_to_add, 
-				 $members_to_change, 
+function modify_slice_membership($sa_url, $signer, $slice_id,
+				 $members_to_add,
+				 $members_to_change,
 				 $members_to_remove)
 {
   $slice_urn = get_slice_urn($sa_url, $signer, $slice_id);
@@ -367,7 +365,7 @@ function modify_slice_membership($sa_url, $signer, $slice_id,
   $members_to_add = _conv_mid2urn_map_s($sa_url, $signer, $members_to_add);
   $members_to_change = _conv_mid2urn_map_s($sa_url, $signer, $members_to_change);
   $members_to_remove = _conv_mid2urn_s($sa_url, $signer, $members_to_remove);
-  
+
   $options = array();
   if (sizeof($members_to_add)>0)    { $options['members_to_add']    = $members_to_add; }
   if (sizeof($members_to_change)>0) { $options['members_to_change'] = $members_to_change; }
@@ -385,16 +383,16 @@ function modify_slice_membership($sa_url, $signer, $slice_id,
 function add_slice_member($sa_url, $signer, $slice_id, $member_id, $role)
 {
   $member_roles = array($member_id => $role);
-  $result = modify_slice_membership($sa_url, $signer, $slice_id, 
+  $result = modify_slice_membership($sa_url, $signer, $slice_id,
 				    $member_roles, array(), array());
   return $result;
 }
 
-// Remove a member from given slice 
+// Remove a member from given slice
 function remove_slice_member($sa_url, $signer, $slice_id, $member_id)
 {
   $member_to_remove = array($member_id);
-  $result = modify_slice_membership($sa_url, $signer, $slice_id, 
+  $result = modify_slice_membership($sa_url, $signer, $slice_id,
 				    array(), array(), $member_to_remove);
   return $result;
 }
@@ -403,7 +401,7 @@ function remove_slice_member($sa_url, $signer, $slice_id, $member_id)
 function change_slice_member_role($sa_url, $signer, $slice_id, $member_id, $role)
 {
   $member_roles = array($member_id => $role);
-  $result = modify_slice_membership($sa_url, $signer, $slice_id, 
+  $result = modify_slice_membership($sa_url, $signer, $slice_id,
 				    array(), $member_roles, array());
   return $result;
 }
@@ -423,20 +421,20 @@ function get_slice_members($sa_url, $signer, $slice_id, $role=null)
   $options = array_merge($options, $client->options());
   $result = $client->lookup_slice_members($slice_urn, $client->creds(), $options);
   $converted_result = array();
-  foreach($result as $row) { 
+  foreach($result as $row) {
     $converted_row = convert_role(slice_member_chapi2portal($row));
     $converted_result[] = $converted_row;
   }
-  return $converted_result;  
+  return $converted_result;
 }
 
 // Return list of slice_id's, member ID's and roles associated with slice of a given project
 // If role is provided, filter to members of given role
 // CHAPI: This should be [{'slice_id' => slice1, 'role' => role1, 'member_id' => mem1}*]
-// 
+//
 
 // slice-> PROJECT_URN
-// 
+//
 function get_slice_members_for_project($sa_url, $signer, $project_id, $role=null)
 {
   // this probably wont work unless you are an operator
@@ -477,12 +475,12 @@ function get_slice_members_for_project($sa_url, $signer, $project_id, $role=null
     // Exclude slices of which I'm not a member
     if (!array_key_exists($surn, $my_slice_urns))
       continue;
-    
+
     $options = array_merge($moptions, $client->options());
     $mems = $client->lookup_slice_members($surn, $client->creds(), $options);
     foreach ($mems as $mtup) {
-      $slice_member = array(SA_SLICE_TABLE_FIELDNAME::SLICE_ID => $sid, 
-			    SA_SLICE_MEMBER_TABLE_FIELDNAME::MEMBER_ID => $mtup['SLICE_MEMBER_UID'], 
+      $slice_member = array(SA_SLICE_TABLE_FIELDNAME::SLICE_ID => $sid,
+			    SA_SLICE_MEMBER_TABLE_FIELDNAME::MEMBER_ID => $mtup['SLICE_MEMBER_UID'],
 			    SA_SLICE_MEMBER_TABLE_FIELDNAME::ROLE => $mtup['SLICE_ROLE']);
       $slice_member = convert_role($slice_member);
       $results[] = $slice_member;
@@ -494,7 +492,7 @@ function get_slice_members_for_project($sa_url, $signer, $project_id, $role=null
 // Return list of slice ID's and Roles for given member_id for slices to which member belongs
 // If is_member is true, return slices for which member is a member
 // If is_member is false, return slices for which member is NOT a member
-// If role is provided, filter on slices 
+// If role is provided, filter on slices
 //    for which member has given role (is_member = true)
 //    for which member does NOT have given role (is_member = false)
 // FIXME: optional project_id to constrain to a given project?
@@ -520,7 +518,7 @@ function get_slices_for_member($sa_url, $signer, $member_id, $is_member, $role=n
   // Convert columns from 'external' to 'internal' format
   $converted_results = array();
   foreach($results as $row) {
-    $converted_row = array(SA_SLICE_MEMBER_TABLE_FIELDNAME::SLICE_ID => $row['SLICE_UID'], 
+    $converted_row = array(SA_SLICE_MEMBER_TABLE_FIELDNAME::SLICE_ID => $row['SLICE_UID'],
 			   SA_SLICE_MEMBER_TABLE_FIELDNAME::ROLE => $row['SLICE_ROLE'],
 			   SA_SLICE_TABLE_FIELDNAME::EXPIRED => $row['EXPIRED']);
     $converted_row = convert_role($converted_row);
@@ -558,7 +556,7 @@ function get_slices_in_projects($sa_url, $signer, $slice_uuids, $project_uuids,
 {
   $client = XMLRPCClient::get_client($sa_url, $signer);
   $projects = array();
-  foreach($project_uuids as $project_uuid) { 
+  foreach($project_uuids as $project_uuid) {
     $projects[$project_uuid] = array();
   }
   //  error_log("GSFP.PROJECT_UUIDS = " . print_r($project_uuids, true));
@@ -581,9 +579,9 @@ function get_slices_in_projects($sa_url, $signer, $slice_uuids, $project_uuids,
 
   // Convert from external to internal field names
   //  error_log("GSFP.PROJECTS = " . print_r($projects, true));
-// return map of (project_uid_1 => (slice_data_1, ...), 
+// return map of (project_uid_1 => (slice_data_1, ...),
 //                project_uid_2 => (slice_data_2, ..), ..)
-  return $projects;  
+  return $projects;
 }
 
 

lib/php/tool-breadcrumbs.php

@@ -101,9 +101,9 @@
 		 "sshkeyedit.php" => "profile.php",
 		"generatesshkey.php" => "profile.php",
 		"tool-omniconfig.php" => "profile.php",
-		 "edit-slice-member.php" => "slice.php", 
-		 "edit-project-member.php" => "project.php", 
-		 "upload-project-members.php" => "project.php", 
+		 "edit-slice-member.php" => "slice.php",
+		 "edit-project-member.php" => "project.php",
+		 "upload-project-members.php" => "project.php",
 		 "accept-project-invite.php" => "project.php",
 		 "rspecupload.php" => "profile.php",
 		 "tool-rspecs.php" => "profile.php",
@@ -113,7 +113,8 @@
                  "gemini.php" => "slice.php",
 		 "tool-aggwarning.php" => "slice.php",
 		 "send_bug_report.php" => "slice.php",
-		 "contact-us.php" => "home.php");
+		 "contact-us.php" => "home.php",
+                 "updatekeys.php" => "slice.php");
 
 // Array from script name to a pretty name
 // FIXME: From a DB that the script uses too?
@@ -168,8 +169,8 @@
 		 "sshkeyedit.php" => "Edit SSH Public Key Attributes",
 		"generatesshkey.php" => "Generate SSH Keypair",
 		"tool-omniconfig.php" => "Omni command line tool",
-	       "edit-slice-member.php" => "Edit Slice Membership: %slice_name", 
-	       "edit-project-member.php" => "Edit Project Membership: %project_name", 
+	       "edit-slice-member.php" => "Edit Slice Membership: %slice_name",
+	       "edit-project-member.php" => "Edit Project Membership: %project_name",
 	       "upload-project-members.php" => "Upload Project Members : %project_name",
 	       "accept-project-invite.php" => "Accept Project Invite : %project_name",
 	       "rspecupload.php" => "Edit Resource Specification",
@@ -180,7 +181,8 @@
 	       "gemini.php" => "GENI Desktop",
 	       "tool-aggwarning.php" => "Query All Aggregates",
 	       "send_bug_report.php" => "Send Problem Report",
-	       "contact-us.php" => "Contact Us");
+	       "contact-us.php" => "Contact Us",
+               "updatekeys.php" => "Update SSH Keys");
 
 // Look up in the 2 arrays above
 // Carefully checking for the project_id variant
@@ -268,4 +270,3 @@ function getCrumbString($href, $thisname)
 }
 
 print "<div id='breadcrumb'>" . $crumb . "</div>\n";
-

portal/Makefile.am

@@ -116,6 +116,7 @@ dist_svcweb_DATA = \
 	www/portal/do-renew-slice.php \
 	www/portal/do-renew.php \
 	www/portal/do-slice-search.php \
+	www/portal/do-update-keys.php \
 	www/portal/do-update-user-preferences.php \
 	www/portal/do-upload-project-members.php \
 	www/portal/do-user-admin.php \
@@ -197,6 +198,7 @@ dist_svcweb_DATA = \
 	www/portal/slice-map-view.php \
 	www/portal/slice-map-data.php \
 	www/portal/slice-member.php \
+	www/portal/slice.js \
 	www/portal/slice.php \
 	www/portal/slice-jacks.css \
 	www/portal/slice-table.css \
@@ -215,6 +217,8 @@ dist_svcweb_DATA = \
 	www/portal/tool-omniconfig.php \
 	www/portal/tool-slices.js \
 	www/portal/tools-user.js \
+	www/portal/updatekeys.js \
+	www/portal/updatekeys.php \
 	www/portal/upload-file.php \
 	www/portal/upload-project-members.php \
 	www/portal/uploadsshkey.php \