Version 3 (modified by 14 years ago) (diff) | ,
---|
Plug-in Interfaces
Access controllers respond to a series of standard calls from the experiment controller to create local allocations. These are described in conceptual detail elsewhere on this site and in a document about the design of the ProtoGENI plug-in. This section discussed the calls and their encoding for developers interested in reading and extending existing plug-in code.
The interfaces are all described in xsd and SOAP, and these are easy enough to convert into python data structures once you know how. Below we describe the semantics of each call, and the tools available to plug-in writers to assist in implementation. These tools are available when plug-ins derive from federation.access, as federation.skeleton_access is.
Initialization
This is not an interface from the experiment controller, but we discuss it to mention the tools available for implementors. These include routines to save state and interpret the standard parts of the access database, including specializing for testbed dependent data. The method read_access(file, local_info_parser)
takes the file to read and a function that takes the string following the access attribute and returns the local testbed attributes, stored into the self.access dict, keyed by the three-name being authorized. The ___init___()
routine of source:fedd/trunk/federation/skeleton_access.py federation.skeleton_access] includes an example of this.
In addition, the initializer of the federation.access base class parses standard parameters from [access]
section from the configuration file. The fields and corresponding class instance attributes are:
- cert_file
-
The certificate file that contains the fedid that identifies this access controller. It is stored in
self.cert_file
. - cert_pw
-
Password for the certificate file, if any. Stored in
self.cert_pw
. - trusted_certs
-
Certificates used to validate the signatures of other fedd principals. Generally unused. Stored in
self.trusted_certs
.
Those first three attributes are initialized by the [access]
section, if given, or [globals]
, if not.
- access_state
-
The file storing persistent state. Stored in
self.state_file
. - certdir
-
Directory to store local certificates for allocations in. Stored in
self.certdir
. - project_priority
-
Affects the standard access lookup routines by preferring matches on project if true. Stored in
self.project_priority
, though most implementations will not need to access it. - create_debug
-
Intended to keep the plug-in from making any persistent changes to the facility. Plug-in writers are expected to honor it. It is stored in
self.create_debug
. - leave_tmpfiles
-
Intended to tell the plug-in not to delete temporary files. Plug-in writers are expected to honor it. Stored in
self.cleanup
, negated; that is if leave_tempfiles is false in the configurationself.cleanup
is true.self.cleanup
defaults to true. - type
-
Distinguishes between sub-types of the plug-in. Stored in
self.access_type
; semantics are up to the plug-in writer. - log_level
-
The level of log entries to pass to the logger. Any of the values in the standard python logging choices are acceptable. It is only stored as internal state of
self.log
, a logger allocated by the initializer.
Finally, the default initializer allocates a Lock to be acquired when accessing persistent state and reads that state from self.state_file
.