Commit 00012dfd authored by Leigh B Stoller's avatar Leigh B Stoller

Fixes and improvements to dataset/image credential handling.

parent db9ffa0a
...@@ -1548,6 +1548,14 @@ sub CreateDatasetCreds($$$) ...@@ -1548,6 +1548,14 @@ sub CreateDatasetCreds($$$)
next next
if (!$dataset->IsIMDataset()); if (!$dataset->IsIMDataset());
next
if (exists($credentials{$manager_urn}) &&
exists($credentials{$manager_urn}->{$dataset_urn}));
if (!exists($credentials{$manager_urn})) {
$credentials{$manager_urn} = {};
}
# #
# For image backed datasets, we need to send along a credential # For image backed datasets, we need to send along a credential
# that allows the remote CM to securely download the dataset if # that allows the remote CM to securely download the dataset if
...@@ -1569,12 +1577,16 @@ sub CreateDatasetCreds($$$) ...@@ -1569,12 +1577,16 @@ sub CreateDatasetCreds($$$)
} }
return -1; return -1;
} }
if (!exists($credentials{$manager_urn})) { $credentials{$manager_urn}->{$dataset_urn} = $output;
$credentials{$manager_urn} = [];
}
push(@{$credentials{$manager_urn}}, $output);
} }
} }
#
# Convert to hash of lists instead of hash of hashes.
#
foreach my $urn (keys(%credentials)) {
my %creds = %{$credentials{$urn}};
$credentials{$urn} = [ values(%creds) ];
}
$$pref = \%credentials; $$pref = \%credentials;
return 0; return 0;
} }
...@@ -1676,7 +1688,12 @@ sub CreateImageCreds($$$;$) ...@@ -1676,7 +1688,12 @@ sub CreateImageCreds($$$;$)
# a remote cluster. No IMS either. # a remote cluster. No IMS either.
# #
next next
if (exists($credentials{$image_urn})); if (exists($credentials{$manager_urn}) &&
exists($credentials{$manager_urn}->{$image_urn}));
if (!exists($credentials{$manager_urn})) {
$credentials{$manager_urn} = {};
}
# #
# Generate a credential that allows the user to use a local # Generate a credential that allows the user to use a local
...@@ -1704,7 +1721,7 @@ sub CreateImageCreds($$$;$) ...@@ -1704,7 +1721,7 @@ sub CreateImageCreds($$$;$)
$$pmsg = "Could not create credential for $image_urn"; $$pmsg = "Could not create credential for $image_urn";
return -1; return -1;
} }
$credentials{$image_urn} = $credential->asString(); $credentials{$manager_urn}->{$image_urn} = $credential->asString();
next; next;
} }
...@@ -1772,9 +1789,16 @@ sub CreateImageCreds($$$;$) ...@@ -1772,9 +1789,16 @@ sub CreateImageCreds($$$;$)
print STDERR $output . "\n"; print STDERR $output . "\n";
return -1; return -1;
} }
$credentials{$image_urn} = $output; $credentials{$manager_urn}->{$image_urn} = $output;
} }
@$pref = values(%credentials); #
# Convert to hash of lists instead of hash of hashes.
#
foreach my $urn (keys(%credentials)) {
my %creds = %{$credentials{$urn}};
$credentials{$urn} = [ values(%creds) ];
}
$$pref = \%credentials;
return 0; return 0;
} }
......
...@@ -278,8 +278,8 @@ if ($retval) { ...@@ -278,8 +278,8 @@ if ($retval) {
fatal("Could not generate dataset credentials: $errmsg"); fatal("Could not generate dataset credentials: $errmsg");
} }
# Ditto images that are not global (also checks user permission). # Ditto images that are not global (also checks user permission).
my @image_credentials = (); my $image_credentials = {};
$retval = $instance->CreateImageCreds(\$errmsg, \@image_credentials); $retval = $instance->CreateImageCreds(\$errmsg, \$image_credentials);
if ($retval) { if ($retval) {
fatal("Could not generate image credentials: $errmsg"); fatal("Could not generate image credentials: $errmsg");
} }
...@@ -601,6 +601,7 @@ sub CreateSliver($) ...@@ -601,6 +601,7 @@ sub CreateSliver($)
my $cmurl = $authority->url(); my $cmurl = $authority->url();
my $urn = $authority->urn(); my $urn = $authority->urn();
my @dsetcreds = (); my @dsetcreds = ();
my @imcreds = ();
my $manifest; my $manifest;
$webtask->Refresh(); $webtask->Refresh();
...@@ -619,6 +620,9 @@ sub CreateSliver($) ...@@ -619,6 +620,9 @@ sub CreateSliver($)
if (exists($dataset_credentials->{$authority->urn()})) { if (exists($dataset_credentials->{$authority->urn()})) {
@dsetcreds = @{$dataset_credentials->{$authority->urn()}}; @dsetcreds = @{$dataset_credentials->{$authority->urn()}};
} }
if (exists($image_credentials->{$authority->urn()})) {
@imcreds = @{$image_credentials->{$authority->urn()}};
}
# #
# This creates the sliver and starts it. We have to watch for the # This creates the sliver and starts it. We have to watch for the
...@@ -640,8 +644,8 @@ sub CreateSliver($) ...@@ -640,8 +644,8 @@ sub CreateSliver($)
"credentials" => "credentials" =>
[$slice_credential->asString(), [$slice_credential->asString(),
$speaksfor_credential->asString(), $speaksfor_credential->asString(),
@dsetcreds @dsetcreds,
@image_credentials @imcreds,
], ],
"certificate" => $instance->cert(), "certificate" => $instance->cert(),
"key" => $instance->privkey(), "key" => $instance->privkey(),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment