Plug-in Interfaces

Access controllers respond to a series of standard calls from the experiment controller to create local allocations. These are described in conceptual detail elsewhere on this site and in a ​document about the design of the ProtoGENI plug-in. This section discussed the calls and their encoding for developers interested in reading and extending existing plug-in code.

The interfaces are all described in xsd and SOAP, and these are easy enough to convert into python data structures once you know how. Below we describe the semantics of each call, and the tools available to plug-in writers to assist in implementation. These tools are available when plug-ins derive from federation.access, as federation.skeleton_access is.

Initialization

This is not an interface from the experiment controller, but we discuss it to mention the tools available for implementors. These include routines to save state and interpret the standard parts of the access database, including specializing for testbed dependent data. The method read_access(file, local_info_parser) takes the file to read and a function that takes the string following the access attribute and returns the local testbed attributes, stored into the self.access dict, keyed by the three-name being authorized. The ___init___() routine of source:fedd/trunk/federation/skeleton_access.py federation.skeleton_access] includes an example of this.

In addition, the initializer of the federation.access base class parses standard parameters from [access] section from the configuration file. The fields and corresponding class instance attributes are:

cert_file

The certificate file that contains the fedid that identifies this access controller. It is stored in self.cert_file.

cert_pw

Password for the certificate file, if any. Stored in self.cert_pw.

trusted_certs

Certificates used to validate the signatures of other fedd principals. Generally unused. Stored in self.trusted_certs.

Those first three attributes are initialized by the [access] section, if given, or [globals], if not.

access_state

The file storing persistent state. Stored in self.state_file.

certdir

Directory to store local certificates for allocations in. Stored in self.certdir.

project_priority

Affects the standard access lookup routines by preferring matches on project if true. Stored in self.project_priority, though most implementations will not need to access it.

create_debug

Intended to keep the plug-in from making any persistent changes to the facility. Plug-in writers are expected to honor it. It is stored in self.create_debug.

leave_tmpfiles

Intended to tell the plug-in not to delete temporary files. Plug-in writers are expected to honor it. Stored in self.cleanup, negated; that is if leave_tempfiles is false in the configuration self.cleanup is true. self.cleanup defaults to true.

type

Distinguishes between sub-types of the plug-in. Stored in self.access_type; semantics are up to the plug-in writer.

log_level

The level of log entries to pass to the logger. Any of the values in ​the standard python logging choices are acceptable. It is only stored as internal state of self.log, a logger allocated by the initializer.

Finally, the default initializer allocates a Lock to be acquired when accessing persistent state and reads that state from self.state_file.