Some tweaks to credential handling:
1) Anytime we need to generate a slice credential, and the slice has expired, bump the slice expiration so we can create a valid credential and then reset the expiration. Consider if the slice expires but we missed it and its still active; we gotta be able to control it. 2) From the beginning, we have done almost all RPC operations as the creator of the experiment. Made sense when the portal interface was not project aware, but now other users in the project can see and mess with experiments in their project. But we are still doing all the RPC operations as the creator of the experiment, which will need to change at some point, but in the short term I am seeing a lot of credential errors caused by an expired speaks-for credential for that creator (if they have not logged into the portal in a while). When this happens, lets generate a plain slice credential, issued to the SA, so that we can complete the operation. Eventually we have to make the backend project aware, and issue the operations as the web user doing the driving. Maybe as part of the larger portalization project.
Showing
- apt/APT_Geni.pm.in 55 additions, 7 deletionsapt/APT_Geni.pm.in
- apt/APT_Instance.pm.in 105 additions, 150 deletionsapt/APT_Instance.pm.in
- apt/create_instance.in 1 addition, 1 deletionapt/create_instance.in
- apt/manage_dataset.in 13 additions, 7 deletionsapt/manage_dataset.in
- apt/manage_instance.in 26 additions, 30 deletionsapt/manage_instance.in
- www/aptui/status.ajax 4 additions, 8 deletionswww/aptui/status.ajax
Loading
Please register or sign in to comment