Changeset 913dc7a for fedd


Ignore:
Timestamp:
Dec 10, 2010 9:00:16 AM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
66bb590
Parents:
62f3dd9
git-author:
Ted Faber <faber@…> (12/09/10 22:49:05)
git-committer:
Ted Faber <faber@…> (12/10/10 09:00:16)
Message:

Consolidate attribute additions and deletions

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/experiment_control.py

    r62f3dd9 r913dc7a  
    10621062        else: e.software = s
    10631063
     1064    def append_experiment_authorization(self, expid, attrs,
     1065            need_state_lock=True):
     1066        """
     1067        Append the authorization information to system state
     1068        """
     1069
     1070        for p, a in attrs:
     1071            self.auth.set_attribute(p, a)
     1072        self.auth.save()
     1073
     1074        if need_state_lock: self.state_lock.acquire()
     1075        self.state[expid]['auth'].update(attrs)
     1076        if self.state_filename: self.write_state()
     1077        if need_state_lock: self.state_lock.release()
     1078
     1079    def clear_experiment_authorizaton(self, expid, need_state_lock=True):
     1080        """
     1081        Attrs is a set of attribute principal pairs that need to be removed
     1082        from the authenticator.  Remove them and save the authenticator.
     1083        """
     1084
     1085        for p, a in attrs:
     1086            self.auth.unset_attribute(p, a)
     1087        self.auth.save()
     1088
     1089        if need_state_lock: self.state_lock.acquire()
     1090        self.state[expid]['auth'] = set()
     1091        if self.state_filename: self.write_state()
     1092        if need_state_lock: self.state_lock.release()
     1093
    10641094
    10651095    def create_experiment_state(self, fid, req, expid, expcert,
     
    10871117                status = self.state[eid].get('experimentStatus', None)
    10881118                if status and status == 'failed':
    1089                     # remove the old access attribute
    1090                     self.auth.unset_attribute(fid, old_expid)
    1091                     self.auth.save()
     1119                    # remove the old access attributes
     1120                    self.clear_experiment_authorization(self.state[eid]['auth'],
     1121                            need_state_lock=False)
    10921122                    overwrite = True
    10931123                    del self.state[eid]
     
    11051135                    'owner': fid,
    11061136                    'log' : [],
     1137                    'auth': set(),
    11071138                }
    11081139            self.state[expid] = self.state[eid]
    1109             if self.state_filename: self.write_state()
    1110             self.state_lock.release()
     1140            if self.state_filename: self.write_state()
     1141            self.state_lock.release()
    11111142        else:
    11121143            eid = self.exp_stem
     
    11261157                    'owner': fid,
    11271158                    'log' : [],
     1159                    'auth': set(),
    11281160                }
    11291161            self.state[expid] = self.state[eid]
    1130             if self.state_filename: self.write_state()
    1131             self.state_lock.release()
     1162            if self.state_filename: self.write_state()
     1163            self.state_lock.release()
     1164
     1165        # Let users touch the state.  Authorize this fid and the expid itself
     1166        # to touch the experiment, as well as allowing th eoverrides.
     1167        self.append_experiment_authorization(eid,
     1168                set([(fid, expid), (expid,expid)] + \
     1169                        [ (o, expid) for o in self.overrides]))
    11321170
    11331171        return eid
     
    13621400                    "Cannot create software directory: %s" % e)
    13631401        # The actual copying.  Everything's converted into a url for copying.
     1402        auth_attrs = set()
    13641403        for pkg in pkgs:
    13651404            loc = pkg
     
    13941433                    ( self.repo_url, path, dest)
    13951434
    1396             # Allow the individual segments to access the software.
    1397             for tb in tbparams.keys():
    1398                 self.auth.set_attribute(tbparams[tb]['allocID']['fedid'],
    1399                         "/%s/%s" % ( path, dest))
    1400             self.auth.save()
     1435            # Allow the individual segments to access the software by assigning
     1436            # an attribute to each testbed allocation that encodes the data to
     1437            # be released.  This expression collects the data for each run of
     1438            # the loop.
     1439            auth_attrs.update([
     1440                (tbparams[tb]['allocID']['fedid'], "/%s/%s" % ( path, dest)) \
     1441                        for tb in tbparams.keys()])
     1442
     1443        self.append_experiment_authorization(expid, auth_attrs)
    14011444
    14021445        # Convert the software locations in the segments into the local
     
    14671510        eid = self.create_experiment_state(fid, req, expid, expcert,
    14681511                state='empty')
    1469 
    1470         # Let users touch the state
    1471         self.auth.set_attribute(fid, expid)
    1472         self.auth.set_attribute(expid, expid)
    1473         # Override fedids can manipulate state as well
    1474         for o in self.overrides:
    1475             self.auth.set_attribute(o, expid)
    1476         self.auth.save()
    14771512
    14781513        rv = {
     
    17001735                    "Cannot copy keyfiles: %s" % e)
    17011736
    1702         # Allow the individual testbeds to access the configuration files.
    1703         for tb in tbparams.keys():
    1704             asignee = tbparams[tb]['allocID']['fedid']
    1705             for f in ("hosts", gw_secretkey_base, gw_pubkey_base):
    1706                 self.auth.set_attribute(asignee, "%s/%s" % \
    1707                         (configpath, f))
    1708             self.auth.save()
     1737        # Allow the individual testbeds to access the configuration files,
     1738        # again by setting an attribute for the relevant pathnames on each
     1739        # allocation principal.  Yeah, that's a long list comprehension.
     1740        self.append_experiment_authorization(expid, set([
     1741            (tbparams[tb]['allocID']['fedid'], "%s/%s" % (configpath, f)) \
     1742                    for tb in tbparams.keys() \
     1743                        for f in ("hosts", gw_secretkey_base, gw_pubkey_base)]))
    17091744
    17101745        attrs = [
     
    19401975            part.add_portals(top, topo, eid, pmasters, tbparams, ip_allocator,
    19411976                    connInfo, expid)
     1977
     1978            auth_attrs = set()
    19421979            # Now get access to the dynamic testbeds (those added above)
    19431980            for tb in [ t for t in topo if t not in allocated]:
     
    19481985                # Give the testbed access to keys it exports or imports
    19491986                if store_keys:
    1950                     for sk in store_keys.split(" "):
    1951                         self.auth.set_attribute(\
    1952                                 tbparams[tb]['allocID']['fedid'], sk)
    1953             self.auth.save()
     1987                    auth_keys.update(set([
     1988                        (tbparams[tb]['allocID']['fedid'], sk) \
     1989                                for sk in store_keys.split(" ")]))
     1990
     1991            if auth_attrs:
     1992                self.append_experiment_authorization(expid, auth_attrs)
    19541993
    19551994            # transit and disconnected testbeds may not have a connInfo entry.
     
    19762015        # here on out, the state will stick around a while.
    19772016
     2017        # XXX: I think this is redundant
    19782018        # Let users touch the state
    1979         self.auth.set_attribute(fid, expid)
    1980         self.auth.set_attribute(expid, expid)
     2019        # self.auth.set_attribute(fid, expid)
     2020        # self.auth.set_attribute(expid, expid)
    19812021        # Override fedids can manipulate state as well
    1982         for o in self.overrides:
    1983             self.auth.set_attribute(o, expid)
    1984         self.auth.save()
     2022        # for o in self.overrides:
     2023            # self.auth.set_attribute(o, expid)
     2024        # self.auth.save()
    19852025
    19862026        # Create a logger that logs to the experiment's state object as well as
     
    20772117        # Remove the owner info (should always be there, but...)
    20782118        if rv.has_key('owner'): del rv['owner']
     2119        if 'auth' in rv: del rv['auth']
    20792120
    20802121        # Convert the log into the allocationLog parameter and remove the
Note: See TracChangeset for help on using the changeset viewer.