Context Navigation

Changes between Version 4 and Version 5 of FeddPluginCalls

Timestamp:: Jun 29, 2010 8:06:21 AM (14 years ago)
Author:: faber
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

FeddPluginCalls

-                      v4
+                      v5
 The plug-in initializer is largely plug-in depenent, but must also set the methods to be called for each interface call in the {{{self.soap_services}}} and {{{self.xmlrpcservices}}} dicts.
 == !RequestAccess ===
+== !RequestAccess ==
 The !RequestAccess command asks the testbed to map the [FeddAbout#GlobalIdentifiers:Three-levelNames three-level name] on the call into local permissions and to do any bookkeeping associated with later attachment of resources to that allocation.  Specifically, a [http://fedd.isi.deterlab.net/trac/wiki/FeddAbout#GlobalIdentifiers:Fedids fedid] must be created.  Requests from this allocation back to the central experiment controller will be made under that principal/fedid.  Such requests gather configuration information or parameters passed between sub-experiments during creation.  The per-allocation fedid allows fine-grained control of access to thie information at the experiment controller, as well as the ability to name (and therefore request operation on) the various allocations made on this plug-in.
+A !RequestAccess message has the following format:
+{{{
+request = {
+    # list of strings of the form user:name project:name (these will be replaced by ABAC credentials in fedd 3.1)
+    'credential': [ 'user:u', 'project:p' ]
+    # Requested services
+    'service': [
+        # Each of these has an identifier, service name, server (optional), and a list of attributes as service parameters
+        { 'id': '0001', 'name': 'project_export', 'visibility': 'export', 'fedAttr: [ { 'attribute': 'att_name', 'value': 'val1'} ] }
+    ],
+}
+}}}
+The credentials are opaquely and correctly handled by the [source:fedd/trunk/federation/access.py access controller base class].  Service requests encode the various [FeddAbout#ExperimentServices services] that the facility will be asked for in this allocation.
+There are also some scheduling fields that are for future expansion.  The DETER experiment controller never includes them.
+The response message has the form:
+{{{
+response = {
+    'allocID': { 'fedid': fedidobj },
+    'service': [
+        # The meta service 'export_project' in the request has become 2 actual service descriptions with the same ID as the request
+        { 'id': '0001', 'name': 'SMB', 'visibility': 'export', 'fedAttr: [ { 'attribute': 'att_name', 'value': 'val1'} ] } ] },
+        { 'id': '0001', 'name': 'userconf', 'visibility': 'export', 'fedAttr: [ { 'attribute': 'att_name', 'value': 'val1'} ] },
+     ]
+}
+}}}
+The response includes the fedid of the allocation and the actual services exported.  Note that in the example the single '''export_project''' request has become 2 specific service exports.  See the [sources:fedd/trunk/federation/emulab_access.py emulab plug-in] for an example of how services are decoded and managed.