• Leigh B Stoller's avatar
    Some tweaks to credential handling: · 3ebffb34
    Leigh B Stoller authored
    1) Anytime we need to generate a slice credential, and the slice has
       expired, bump the slice expiration so we can create a valid credential
       and then reset the expiration. Consider if the slice expires but we
       missed it and its still active; we gotta be able to control it.
    2) From the beginning, we have done almost all RPC operations as the
       creator of the experiment. Made sense when the portal interface was not
       project aware, but now other users in the project can see and mess with
       experiments in their project. But we are still doing all the RPC
       operations as the creator of the experiment, which will need to change
       at some point, but in the short term I am seeing a lot of credential
       errors caused by an expired speaks-for credential for that creator (if
       they have not logged into the portal in a while). When this happens,
       lets generate a plain slice credential, issued to the SA, so that we can
       complete the operation. Eventually we have to make the backend project
       aware, and issue the operations as the web user doing the driving.
       Maybe as part of the larger portalization project.