This repository has been archived by the owner on Oct 5, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbcdmi
executable file
·421 lines (383 loc) · 21.5 KB
/
bcdmi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
#!/bin/bash
#CDMI Tools (v0.3) by Salvatore Pinto - 05.08.2013
function usage {
echo "Usage:
$0 -e <endpoint> <action> [options]
<endpoint> is the endpoint of the CDMI service.
<action> is the action to be performed on the storage. Possible actions are:
auth Display auth information (for integration with other services)
list List contents of the container [default action]
stat Get info for the file (as CDMI metadata)
publicurl Retreive object public url (for public data access)
get Download file
put Upload a file (needs -T switch in the arguments)
post Update metadata (see post command options for the metadata list)
delete Delete a file (or container)
mkdir Create folder
Generic options:
-o | --output <file> Redirect output to file <file>
--auth-file <file> Local authorization file. Default authorization file is $_LOCAL_AUTH .
This file cointains the service authorization data. See sample authorization file for more info
-a | --auth Override authorization data (format shall be understandable by cURL command line).
--cdmi-version <version> Version of the CDMI standard to use (default $_CDMI_VERSION)
--crl-update Update CRL before creating a new proxy. Recommended if fetch-crl is not enabled in the cron (ex. on Windows machines)
--ca-path <path> Use the following CA path for HTTPs certificates verification (default to /etc/grid-security/certificates if present)
-k | --insecure Do not verify HTTPs certificate in the API calls (not recommended)
put command:
-T | --upload-file <file> File to upload [mandatory]
delete command:
-r Enable recursive directory deletion
post command:
-m <metadata> Add metadata features. Metadata format is pipe separated <name>=<value> . Allowed metadata is
readacl Read permission for containers. Allowed values are '.r:*' or '.'
writeacl Write permission for containers. Allowed values are '.r:*' or '.'
weblist Listing of container contents in web format. Allowed values are 'true' or 'false'
"
exit 1
}
function error {
ec="$1"
dsc="$2"
if [[ -z "$dsc" ]]; then
dsc="$ec"
ec=255
fi
[[ -z "$dsc" ]] && dsc="Unknow Error!!!"
echo "ERROR: $dsc" 1>&2
exit $ec
}
#Default arguments
_DEBUG=false
_ENDPOINT=
_PATH=
_AUTH=
_LOCAL_AUTH=$0.auth
_ACTION=
_POST_META=
_CDMI_VERSION=1.0.1
_FILE_TO_UPLOAD=
_FILE_OUTPUT=
_RECURSIVE=false
_CRL_UPDATE=false
_CURL_OPTS=
#Parse arguments
[[ -z "$1" ]] && usage
while [[ "$#" -gt 0 ]]; do
case "$1" in
-d | --debug) _DEBUG=true; shift 1 ;;
-a | --auth) _AUTH="$2"; shift 2 ;;
-A | --auth-file) _LOCAL_AUTH="$2"; shift 2 ;;
-e | --endpoint) _ENDPOINT="${2%/}"; shift 2 ;;
--cdmi-version) _CDMI_VERSION="$2"; shift 2 ;;
-T | --upload-file) _FILE_TO_UPLOAD="$2"; shift 2 ;;
-o | --output) _FILE_OUTPUT="$2"; shift 2 ;;
-a | --action) _ACTION="$2"; shift 2 ;;
-k | --insecure) _CURL_OPTS="$_CURL_OPTS -k"; shift 1;;
--ca-path) _CURL_OPTS="$_CURL_OPTS --capath $_CURL_OPTS"; shift 1;;
-r) _RECURSIVE=true; shift 1 ;;
-m) _POST_META="$2"; shift 2 ;;
--crl-update) _CRL_UPDATE=true; shift 1 ;;
-h | --help) usage ;;
*)
if [[ -z "$_ACTION" ]]; then
_ACTION="$1"; shift 1;
else
_PATH="${_PATH%/}/$1"; shift 1;
fi
;;
esac
done
#Redirect output to a file if required
if [[ -n "$_FILE_OUTPUT" ]]; then
exec 1>$_FILE_OUTPUT
fi
#If prensent, load authorization file
if [[ -n "$_LOCAL_AUTH" && -e "$_LOCAL_AUTH" ]]; then
$_DEBUG && echo "[DEBUG] Loading authorization file" >&2
source "$_LOCAL_AUTH"
#If present, not expired and related to the same endpoint, load token cache file infomration
_LOCAL_AUTH_CACHE="${_LOCAL_AUTH}.cache"
if [[ -e "$_LOCAL_AUTH_CACHE" ]]; then
CACHE_EXPIRE_TIME="`sed -n 's/^CACHE_EXPIRE_TIME="\\(.*\\)"/\1/p' $_LOCAL_AUTH_CACHE`"
CACHE_RELATED_ENDPOINT="`sed -n 's/^CACHE_RELATED_ENDPOINT="\\(.*\\)"/\1/p' $_LOCAL_AUTH_CACHE`"
if [[ -n "$CACHE_EXPIRE_TIME" && `date +%s` -lt `date -d "$CACHE_EXPIRE_TIME" +%s` && "$CACHE_RELATED_ENDPOINT" == "$_ENDPOINT" ]]; then
$_DEBUG && echo "[DEBUG] Loading cached authorization file data" >&2
source $_LOCAL_AUTH_CACHE
fi
fi
fi
#Authorization
$_DEBUG && echo "[DEBUG] Initializing authorization" >&2
if [[ "$AUTH_TYPE" == "basic" ]]; then
#HTTP basic authentication
$_DEBUG && echo "[DEBUG] using HTTP basic authentication: $AUTH_USERNAME / ***********" >&2
AUTH="Authorization: Basic `echo -n "$AUTH_USERNAME:$AUTH_PASSWORD" | base64`"
elif [[ "$AUTH_TYPE" == "token" ]]; then
#HTTP token authentication
$_DEBUG && echo "[DEBUG] using HTTP token authentication: $AUTH_TOKEN" >&2
AUTH="X-Auth-Token: $AUTH_TOKEN"
elif [[ "$AUTH_TYPE" == "keystone-basic" ]]; then
#Keystone authentication (with username/password)
$_DEBUG && echo "[DEBUG] using keystone (username/password) authentication" >&2
if [[ -n "$AUTH_TOKEN" ]]; then
#Token is still valid, just use it
$_DEBUG && echo "[DEBUG] valid token found ( $AUTH_TOKEN ). using it." >&2
AUTH="X-Auth-Token: $AUTH_TOKEN"
else
#Token is not valid anymore, re-generate it
$_DEBUG && echo "[DEBUG] no valid token found, creating a new one." >&2
error 127 "Not jet implemented"
fi
elif [[ "$AUTH_TYPE" == "keystone-voms" || "$AUTH_TYPE" == "keystone-myproxy" ]]; then
#Keystone authentication (with VOMS proxy certificate)
$_DEBUG && echo "[DEBUG] using keystone (VOMS) authentication" >&2
#Set CA PATH
if [[ "${_CURL_OPTS//--capath/}" == "$_CURL_OPTS" ]]; then
[[ -z "$AUTH_KEYSTONE_CAPATH" ]] && AUTH_KEYSTONE_CAPATH=/etc/grid-security/certificates
_CURL_OPTS="$_CURL_OPTS --capath $AUTH_KEYSTONE_CAPATH"
fi
if [[ "$_ACTION" == "auth" ]]; then
#If action is auth, to recreate a new token
AUTH_TOKEN=
fi
#Get token (if not defined already from the cache)
if [[ -n "$AUTH_TOKEN" ]]; then
#Token is still valid, just use it
$_DEBUG && echo "[DEBUG] valid token found in the cache ( $AUTH_TOKEN ). using it." >&2
AUTH="X-Auth-Token: $AUTH_TOKEN"
else
#Token is not valid anymore, re-generate it
$_DEBUG && echo "[DEBUG] no valid token found, creating a new one." >&2
if $_CRL_UPDATE; then
#Run fetch-crl if specified, this is required for VOMS tools
$_DEBUG && echo "[DEBUG] Updating CRLs..." >&2
fetch-crl &>/dev/null
fi
#Get proxy credential, if any
if [[ -n "$AUTH_KEYSTONE_PROXY" ]]; then
$_DEBUG && echo "[DEBUG] checking proxy validity." >&2
#Check proxy certificate validity and VO name
voms-proxy-info -file "$AUTH_KEYSTONE_PROXY" -exists
[[ $? -ne 0 ]] && error 192 "Specified proxy certificate is not valid anymore. Please generate a new proxy or specify the user certificate."
VONAME="`voms-proxy-info -file "$AUTH_KEYSTONE_PROXY" -all | gawk '{if($1=="VO")print $3}'`"
[[ $? -ne 0 ]] && error 192 "Specified proxy certificate is not valid anymore. Please generate a new proxy or specify the user certificate."
#Check the proxy VO extensions validity (if specified)
if [[ -n "$AUTH_KEYSTONE_VOMSEXT" && "$VONAME" != "$AUTH_KEYSTONE_VOMSEXT" ]]; then
#No valid VOMS extensions provided with the proxy, re-create a new proxy
$_DEBUG && echo "[DEBUG] No valid VOMS extensions provided in the proxy. Create a new temporary proxy for autentication." >&2
TMP_OPTS="-rfc -n"
[[ -n "$X509_VOMSES" ]] && TMP_OPTS="$TMP_OPTS -vomses $X509_VOMSES"
export X509_USER_PROXY="$AUTH_KEYSTONE_PROXY"
voms-proxy-init -voms "$AUTH_KEYSTONE_VOMSEXT" -out "$AUTH_KEYSTONE_PROXY.vomsext" $TMP_OPTS &>/dev/null
if [[ $? -ne 0 ]]; then
rm -f "$AUTH_KEYSTONE_PROXY.vomsext"
voms-proxy-init -voms "$AUTH_KEYSTONE_VOMSEXT" -out "$AUTH_KEYSTONE_PROXY.vomsext" $TMP_OPTS -debug
error 192 "Failed to generate temporary user proxy."
fi
AUTH_KEYSTONE_PROXY=$AUTH_KEYSTONE_PROXY.vomsext
export X509_USER_PROXY=
fi
elif [[ -n "$AUTH_KEYSTONE_CERT" && -n "$AUTH_KEYSTONE_KEY" && -n "$AUTH_KEYSTONE_VOMSEXT" ]]; then
$_DEBUG && echo "[DEBUG] generating temporary proxy." >&2
AUTH_KEYSTONE_PROXY="$0.tempproxy"
#Generate a proxy from the certificate (with VOMS extensions)
TMP_OPTS="-rfc"
[[ -n "$X509_VOMSES" ]] && TMP_OPTS="$TMP_OPTS -vomses $X509_VOMSES"
voms-proxy-init -cert "$AUTH_KEYSTONE_CERT" -key "$AUTH_KEYSTONE_KEY" -voms "$AUTH_KEYSTONE_VOMSEXT" -out "$AUTH_KEYSTONE_PROXY" $TMP_OPTS &>/dev/null
if [[ $? -ne 0 ]]; then
voms-proxy-info -file "$AUTH_KEYSTONE_PROXY" -exists
if [[ $? -ne 0 ]]; then
rm -f "$AUTH_KEYSTONE_PROXY"
voms-proxy-init -cert "$AUTH_KEYSTONE_CERT" -key "$AUTH_KEYSTONE_KEY" -voms "$AUTH_KEYSTONE_VOMSEXT" -out "$AUTH_KEYSTONE_PROXY" $TMP_OPTS -debug
error 192 "Failed to generate temporary user proxy."
fi
fi
elif [[ -n "$AUTH_MYPROXY_SERVER" && -n "$AUTH_USERNAME" && -n "$AUTH_KEYSTONE_VOMSEXT" ]]; then
$_DEBUG && echo "[DEBUG] generating temporary proxy from myproxy." >&2
AUTH_KEYSTONE_PROXY="$0.tempproxy"
#Generate a proxy from the myproxy (with VOMS extensions)
AUTH_MYPROXY_SERVER="-s ${AUTH_MYPROXY_SERVER/:/ -p }"
if [[ -n "$AUTH_PASSWORD" ]]; then
echo "$AUTH_PASSWORD" | myproxy-logon -S $AUTH_MYPROXY_SERVER -l $AUTH_USERNAME -o "${AUTH_KEYSTONE_PROXY}m" > /dev/null
res="${PIPESTATUS[1]}"
else
myproxy-logon $AUTH_MYPROXY_SERVER -l $AUTH_USERNAME -o "${AUTH_KEYSTONE_PROXY}m"
res=$?
fi
if [[ $res -ne 0 ]]; then
error 193 "Failed to get proxy from myproxy. Are credentials wrong?"
fi
#Sign the proxy with VOMS extensions
TMP_OPTS="-rfc -n"
[[ -n "$X509_VOMSES" ]] && TMP_OPTS="$TMP_OPTS -vomses $X509_VOMSES"
export X509_USER_PROXY="${AUTH_KEYSTONE_PROXY}m"
voms-proxy-init -voms "$AUTH_KEYSTONE_VOMSEXT" -out "$AUTH_KEYSTONE_PROXY" $TMP_OPTS &>/dev/null
if [[ $? -ne 0 ]]; then
voms-proxy-info -file "$AUTH_KEYSTONE_PROXY" -exists
if [[ $? -ne 0 ]]; then
rm -f "$AUTH_KEYSTONE_PROXY"
voms-proxy-init -voms "$AUTH_KEYSTONE_VOMSEXT" -out "$AUTH_KEYSTONE_PROXY" $TMP_OPTS -debug
error 192 "Failed to sign temporary user proxy."
fi
fi
rm -f "${AUTH_KEYSTONE_PROXY}m"
export X509_USER_PROXY=
else
error 194 "Please setup a proxy or certificate for Keystone authentication and VOMS extension in the bcdmi.auth file"
fi
#Get Keystone URI
if [[ -z "$AUTH_KEYSTONE_URI" ]]; then
#Try to get the keystone url from the endpoint
AUTH_KEYSTONE_URI=`curl $_CURL_OPTS -v -H "X-CDMI-Specification-Version: $_CDMI_VERSION" "${_ENDPOINT}" 2>&1 | sed -n "s|< www-authenticate *: *Keystone uri *= *[\"\\\']*\([^\"\\\']*\).*$|\1|Ip"`
#Try to get the keystone URI for OpenStack CDMI implementation
[[ -z "$AUTH_KEYSTONE_URI" ]] && AUTH_KEYSTONE_URI=`curl $_CURL_OPTS -v -H "X-CDMI-Specification-Version: $_CDMI_VERSION" "${_ENDPOINT%/AUTH_*}/AUTH_testauth" 2>&1 | sed -n "s|< www-authenticate *: *Keystone uri *= *[\"\\\']*\([^\"\\\']*\).*$|\1|Ip"`
[[ -z "$AUTH_KEYSTONE_URI" ]] && AUTH_KEYSTONE_URI=`curl $_CURL_OPTS -v -H "X-CDMI-Specification-Version: $_CDMI_VERSION" "${_ENDPOINT%/cdmi/AUTH_*}/cdmi/AUTH_testauth" 2>&1 | sed -n "s|< www-authenticate *: *Keystone uri *= *[\"\\\']*\([^\"\\\']*\).*$|\1|Ip"`
[[ -z "$AUTH_KEYSTONE_URI" ]] && error 197 "Impossible to get Keystone URI. Please specify a custom one in the autorization file."
fi
AUTH_KEYSTONE_URI="${AUTH_KEYSTONE_URI%/}"; AUTH_KEYSTONE_URI="${AUTH_KEYSTONE_URI%/v2.0}/v2.0"
#Get tenant
if [[ -z "$AUTH_KEYSTONE_TENANT" ]]; then
#Tenant name if not specified, get tenants list
$_DEBUG && echo "[DEBUG] tenant name not specified. getting unscoped token" >&2
TMPSTR="`curl $_CURL_OPTS -s -S -X POST "$AUTH_KEYSTONE_URI/tokens" -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"auth":{"voms":true}}' --cert "$AUTH_KEYSTONE_PROXY" --key "$AUTH_KEYSTONE_PROXY" --cacert "$AUTH_KEYSTONE_PROXY" | gawk 'BEGIN{RS="\\""}{if ($0=="expires") {getline;getline;gsub("T"," ",$0);gsub("Z","",$0);printf $0","}if($0=="id"){getline;getline;printf $0;exit}}'`"
AUTH_TOKEN="${TMPSTR#*,}"
[[ -z "$AUTH_TOKEN" ]] && error 201 "failed to get unscoped token. Are you sure your certificate VOMS extension can access the service?"
AUTH="X-Auth-Token: $AUTH_TOKEN"
#get default tenant name
$_DEBUG && echo "[DEBUG] getting the tenants lists for the user via unskopen token" >&2
AUTH_KEYSTONE_TENANT=`curl $_CURL_OPTS -s -S "$AUTH_KEYSTONE_URI/tenants" -H "$AUTH" -H 'Accept: application/json' -H 'Content-Type: application/json' | gawk 'BEGIN{RS="\""}{if($0=="name"){getline;getline;printf $0","}}'`
AUTH_KEYSTONE_TENANT=${AUTH_KEYSTONE_TENANT%,}
if [[ "${AUTH_KEYSTONE_TENANT//,/}" != "$AUTH_KEYSTONE_TENANT" ]]; then
#user belongs to more than one tenant, check to which tenants he can autenticate to with this proxy
$_DEBUG && echo "[DEBUG] user belongs to more than one tenant, tryying to get the tenant associated to the VOMS signature" >&2
allowed_tenants=
for tenant in ${AUTH_KEYSTONE_TENANT//,/ }; do
TMPSTR="`curl $_CURL_OPTS -s -S -X POST "$AUTH_KEYSTONE_URI/tokens" -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"auth":{"voms":true,"tenantName":"'"$tenant"'"}}' --cert "$AUTH_KEYSTONE_PROXY" --key $AUTH_KEYSTONE_PROXY --cacert "$AUTH_KEYSTONE_PROXY" | gawk 'BEGIN{RS="\\""}{if ($0=="expires") {getline;getline;gsub("T"," ",$0);gsub("Z","",$0);printf $0","}if($0=="id"){getline;getline;printf $0;exit}}'`"
AUTH_TOKEN="${TMPSTR#*,}"
[[ -n "$AUTH_TOKEN" ]] && allowed_tenants="$allowed_tenants,$tenant"
done
AUTH_KEYSTONE_TENANT="${allowed_tenants#,}"
if [[ "${AUTH_KEYSTONE_TENANT//,/}" != "$AUTH_KEYSTONE_TENANT" ]]; then
if [[ "$_ACTION" == "auth" ]]; then
AUTH_KEYSTONE_TENANT=
else
error 203 "User belong to more than one tenant. You need to specify one in the authorization file. Possible tenants are: $AUTH_KEYSTONE_TENANT . Use auth to get the details of the allowed tenants."
fi
fi
$_DEBUG && echo "[DEBUG] Got default tenant (from VOMS signature): $AUTH_KEYSTONE_TENANT" >&2
else
#user belong to only one tenant, using it as default
$_DEBUG && echo "[DEBUG] Got default tenant: $AUTH_KEYSTONE_TENANT" >&2
fi
fi
if [[ -z "$AUTH_KEYSTONE_TENANT" ]]; then
echo "WARNING: Failed to get a default tenant. You need to specify one in the authorization file. The list of allowed tenants is provided via the auth command."
else
#Request scoped token (and get as return the endpoint path also, if any)
TMPSTR="`curl $_CURL_OPTS -s -S -X POST "$AUTH_KEYSTONE_URI/tokens" -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"auth":{"voms":true,"tenantName":"'"$AUTH_KEYSTONE_TENANT"'"}}' --cert "$AUTH_KEYSTONE_PROXY" --key $AUTH_KEYSTONE_PROXY --cacert "$AUTH_KEYSTONE_PROXY" | gawk -v e="$_ENDPOINT" 'BEGIN{RS="\\\""}{if ($0=="expires"){getline;getline;gsub("T"," ",$0);gsub("Z","",$0);expd=$0}if($0=="id"&&idd==""){getline;getline;idd=$0}if($0=="publicURL"){getline;getline;if($0~"^"e){gsub("^"e,"",$0);ptd=$0};}}END{if(idd!=""&&expd!="")print expd","idd","ptd}'`"
AUTH_TOKEN_EXPIRE_TIME="${TMPSTR%%,*}"
AUTH_TOKEN="${TMPSTR#*,}"; AUTH_TOKEN="${AUTH_TOKEN%,*}"
AUTH_TOKEN_PATH="${TMPSTR##*,}"
[[ -z "$AUTH_TOKEN" ]] && error 202 "failed to get scoped token for tenant $AUTH_KEYSTONE_TENANT"
$_DEBUG && echo "[DEBUG] got scoped token $AUTH_TOKEN (expire on $AUTH_TOKEN_EXPIRE_TIME)." >&2
$_DEBUG && [[ -n "$AUTH_TOKEN_PATH" ]] && echo "[DEBUG] got additional endpoint scoped path: $AUTH_TOKEN_PATH" >&2
AUTH="X-Auth-Token: $AUTH_TOKEN"
#Convert endpoint from SWIFT to CDMI interface (only for openstack, does nothing for other CDMI implementations)
[[ "$AUTH_TOKEN_PATH" == "${AUTH_TOKEN_PATH#/v1/}" ]] || AUTH_TOKEN_PATH="/cdmi/${AUTH_TOKEN_PATH#/v1/}"
#If the proxy is temporary, delete it
[[ "$AUTH_KEYSTONE_PROXY" == "$0.tempproxy" ]] && rm -f "$0.tempproxy"
fi
#Save data to a cache. So you do not have to autenticate each time you perform a request. The cache file expires when the token expires
if [[ -n "$_LOCAL_AUTH_CACHE" ]]; then
$_DEBUG && echo "[DEBUG] saving authorization token to cache." >&2
cat << EOF > $_LOCAL_AUTH_CACHE
#This cache file is automatically generated. It will expire on $AUTH_TOKEN_EXPIRE_TIME . Delete it if you have problems in the authentication.
CACHE_EXPIRE_TIME="$AUTH_TOKEN_EXPIRE_TIME"
CACHE_RELATED_ENDPOINT="$_ENDPOINT"
AUTH_TOKEN="$AUTH_TOKEN"
AUTH_TOKEN_PATH="$AUTH_TOKEN_PATH"
AUTH_KEYSTONE_URI="$AUTH_KEYSTONE_URI"
AUTH_KEYSTONE_TENANT="$AUTH_KEYSTONE_TENANT"
EOF
fi
fi
#If keystone defines a token path for the service, add it to the endpoint
if [[ -n "$AUTH_TOKEN_PATH" ]]; then
_ENDPOINT="${_ENDPOINT%/}/${AUTH_TOKEN_PATH#/}"
fi
elif [[ -n "$_AUTH" ]]; then
$_DEBUG && echo "[DEBUG] Manual authorization string specified. Using it." >&2
AUTH="$_AUTH"
else
error 242 "No authorization method specified. Please setup a local authorization file."
fi
#Add the specified path to the endpoint, to get the object full URI
_ENDPOINT="${_ENDPOINT%/}/${_PATH#/}"
$_DEBUG && echo "[DEBUG] Performing query $_ACTION..." >&2
if [[ "$_ACTION" == "auth" ]]; then
#Only display auth information (and tenants list)
echo "Auth type: $AUTH_TYPE"
echo "User auth header: ${AUTH#-H }"
if [[ "$AUTH_TYPE" == "keystone-voms" || "$AUTH_TYPE" == "keystone-basic" || "$AUTH_TYPE" == "keystone-myproxy" ]]; then
[[ -n "$AUTH_KEYSTONE_URI" ]] && echo "Keystone URI: $AUTH_KEYSTONE_URI" || echo "Keystone URI: (none)"
[[ -n "$AUTH_KEYSTONE_TENANT" ]] && echo "Tenant associated: $AUTH_KEYSTONE_TENANT" || echo "Tenant associated: (none)"
[[ -n "$AUTH_KEYSTONE_TENANT" && -n "$_ENDPOINT" ]] && echo "Tenant associated endpoint: $_ENDPOINT" || echo "Tenant associated endpoint: (none)"
if [[ -n "$AUTH_KEYSTONE_URI" ]]; then
echo "Tenants list:"
echo "tenant name,tenant id,tenant description"
curl $_CURL_OPTS -s -S "$AUTH_KEYSTONE_URI/tenants" -H "$AUTH" -H 'Accept: application/json' -H 'Content-Type: application/json' | gawk 'BEGIN{RS="\""}{if($0=="name"){getline;getline;tmn=$0;}if($0=="id"){getline;getline;tmid=$0;}if($0=="description"){getline;getline;tmd=$0;}if((tmn!="")&&(tmid!="")&&(tmd!="")){print tmn","tmid","tmd;tmn="";tmid="";tmd=""}}'
fi
fi
elif [[ -z "$_ACTION" || "$_ACTION" == "list" ]]; then
#List contents of the container
curl $_CURL_OPTS -s -S "$_ENDPOINT" -H "$AUTH" -H "X-CDMI-Specification-Version: $_CDMI_VERSION" | gawk 'BEGIN{RS="\""}{if($0=="children"){while($0!~"]|}"){getline;if($0~"]|}")break;getline;gsub(/ /,"%20",$0);print $0}}}'
elif [[ "$_ACTION" == "get" ]]; then
#Get content of the file
curl $_CURL_OPTS -s -S "$_ENDPOINT" -H "$AUTH"
elif [[ "$_ACTION" == "put" ]]; then
[[ -z "$_FILE_TO_UPLOAD" ]] && error 243 "You need to specify a file to upload."
curl $_CURL_OPTS "$_ENDPOINT" -H "$AUTH" -H 'Content-Type: application/binary' -T "$_FILE_TO_UPLOAD"
elif [[ "$_ACTION" == "stat" ]]; then
curl $_CURL_OPTS -s -S "$_ENDPOINT" -H "X-CDMI-Specification-Version: $_CDMI_VERSION" -H "$AUTH"
elif [[ "$_ACTION" == "publicurl" ]]; then
echo "$_ENDPOINT"
elif [[ "$_ACTION" == "delete" ]]; then
if $_RECURSIVE; then
if [[ "${_ENDPOINT%/}" == "$_ENDPOINT" ]]; then
#This is not a folder, delete the file
curl $_CURL_OPTS -s -S "$_ENDPOINT" -X DELETE -H "X-CDMI-Specification-Version: $_CDMI_VERSION" -H "$AUTH"
else
#This is a folder, list the contents and delete all the contents recursively
for f in `curl $_CURL_OPTS -s -S "$_ENDPOINT" -H "$AUTH" -H "X-CDMI-Specification-Version: $_CDMI_VERSION" | gawk 'BEGIN{RS="\""}{if($0=="children"){while($0!~"]|}"){getline;if($0~"]|}")break;getline;gsub(/ /,"%20",$0);print $0}}}'`; do
if [[ "${f%/}" == "$f" ]]; then
curl $_CURL_OPTS -s -S "$_ENDPOINT$f" -X DELETE -H "X-CDMI-Specification-Version: $_CDMI_VERSION" -H "$AUTH"
else
$0 -r -e "$_ENDPOINT" delete $f
fi
done
#Then delete the folder itself
curl $_CURL_OPTS -s -S "$_ENDPOINT" -H "X-CDMI-Specification-Version: $_CDMI_VERSION" -X DELETE -H "$AUTH"
fi
else
curl $_CURL_OPTS -s -S "$_ENDPOINT" -H "X-CDMI-Specification-Version: $_CDMI_VERSION" -X DELETE -H "$AUTH"
fi
elif [[ "$_ACTION" == "mkdir" ]]; then
curl $_CURL_OPTS -X PUT "${_ENDPOINT%/}/" -H "X-CDMI-Specification-Version: $_CDMI_VERSION" -H "$AUTH" -H 'Content-Type: application/cdmi-container' -H 'Content-Length: 0'
elif [[ "$_ACTION" == "post" ]]; then
#WARNING. This uses SWIFT API, because there is still no CDMI ACL implementation in SWIFT
_ENDPOINT="${_ENDPOINT/\/cdmi\///v1/}" #switch to SWIFT API
for META in ${_POST_META//|/ }; do
META_CODE="${META%%=*}"
META_VALUE="${META#*=}"
case "$META_CODE" in
readacl) META_CODE="X-Container-Read" ;;
writeacl) META_CODE="X-Container-Write" ;;
weblist) META_CODE="X-Container-Meta-Web-Listings" ;;
*) error 125 "Metadata code $META_CODE not valid"
esac
curl $_CURL_OPTS -s -S "$_ENDPOINT" -X POST -H "$AUTH" -H "$META_CODE: $META_VALUE" -H 'Accept-Encoding: identity'
done
else
error 150 "Action $_ACTION is not recognized."
fi
exit 0