1. 27 Jan, 2015 2 commits
    • Leigh B Stoller's avatar
      Two co-mingled sets of changes: · 85cb063b
      Leigh B Stoller authored
      1) Implement the latest dataset read/write access settings from frontend to
         backend. Also updates for simultaneous read-only usage.
      
      2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.
      
         The first changes the way that projects and users are treated at the
         CM. When set, we create real accounts (marked as nonlocal) for users and
         also create real projects (also marked as nonlocal). Users are added to
         those projects according to their credentials. The underlying experiment
         is thus owned by the user and in the project, although all the work is
         still done by the geniuser pseudo user. The advantage of this approach
         is that we can use standard emulab access checks to control access to
         objects like datasets. Maybe images too at some point.
      
         NOTE: Users are not removed from projects once they are added; we are
         going to need to deal with this, perhaps by adding an expiration stamp
         to the groups_membership tables, and using the credential expiration to
         mark it.
      
         The second new configure option turns on the web login via the geni
         trusted signer. So, if I create a sliver on a backend cluster when both
         options are set, I can use the trusted signer to log into my newly
         created account on the cluster, and see it (via the emulab classic web
         interface).
      
         All this is in flux, might end up being a bogus approach in the end.
      85cb063b
    • Leigh B Stoller's avatar
      Add ssh key management to Actions menu, do not delete keys in · 7a07142a
      Leigh B Stoller authored
      create_instance, now that user can manage multiple keys.
      7a07142a
  2. 07 Jan, 2015 1 commit
  3. 17 Dec, 2014 1 commit
  4. 16 Dec, 2014 1 commit
  5. 14 Dec, 2014 1 commit
  6. 12 Dec, 2014 1 commit
  7. 10 Dec, 2014 3 commits
  8. 09 Dec, 2014 1 commit
  9. 05 Dec, 2014 1 commit
  10. 12 Nov, 2014 1 commit
  11. 28 Oct, 2014 2 commits
  12. 01 Oct, 2014 1 commit
  13. 17 Sep, 2014 2 commits
  14. 15 Sep, 2014 1 commit
  15. 12 Sep, 2014 1 commit
  16. 09 Sep, 2014 2 commits
  17. 03 Sep, 2014 2 commits
  18. 27 Aug, 2014 3 commits
    • Leigh B Stoller's avatar
      More geni login tweaks. · 4cf3fffe
      Leigh B Stoller authored
      4cf3fffe
    • Leigh B Stoller's avatar
      Tweaks to Geni login code. Hide the button from login page and · d56f4f8b
      Leigh B Stoller authored
      login modal, must use the original direct geni-login.php page
      until we go live.
      d56f4f8b
    • Leigh B Stoller's avatar
      Large set of changes for using the Geni trusted signer tool, to · 980f6cbd
      Leigh B Stoller authored
      authenticate Geni users to CloudLab (who do not have Emulab accounts).
      CloudLab users must have an account to do anything (unlike APT which allows
      guest users). But instead of requiring them to go through the Emulab
      account creation (high bar), let then use their Geni credentials to prove
      who they are. We then build a local account for that new user, and save off
      the speaksfor credential so that we can act on their behalf when talking to
      the backend clusters (and their MA to get their ssh keys).
      
      These users do not have a local account password, so they cannot log into
      the web interface using the Emulab login page, nor do they have a shell on
      ops.
      
      Once authenticated, we put the appropriate cookies into the browser via
      javascript, so they can use the Cloud (okay, APT) web interface (they
      appear logged in).
      
      I make use of the nonlocal_id field of the users table, which was not being
      used for anything else. Officially, these are "nonlocal" users in the code
      (IsNonLocal()).
      
      When a nonlocal user instantiates a profile, we use their speaksfor
      credential to ask their home MA for their ssh keys, which we then store in
      the DB, and then provide to the aggregate via the CreateSliver call.
      Note that no provision has been made for users who edit their profile and
      add keys; I am not currently expecting these users to stumble into the web
      interface (yet).
      980f6cbd
  19. 15 Aug, 2014 1 commit
  20. 09 Aug, 2014 1 commit
  21. 07 Aug, 2014 1 commit
  22. 06 Aug, 2014 1 commit
    • Leigh B Stoller's avatar
      More work on URLs and publish. · 206f98b4
      Leigh B Stoller authored
      * Add a uuid to the profile itself. So now we have a uuid for each specific
        version, and a uuid that points to the profile as a whole.
      
      * On the manage page, move the URL to the left hand panel, and add a second
        URL. One is the URL of the specific version, and the other is a URL to
        the entire profile. Add popovers to explain the difference between.
      
      * On the instantiate page, when you use this URL, we instantiate the most
        recently published version of the profile.
      
      * Add a bit of verbiage to the publish modal.
      206f98b4
  23. 05 Aug, 2014 2 commits
  24. 31 Jul, 2014 2 commits
  25. 28 Jul, 2014 1 commit
  26. 22 Jun, 2014 1 commit
  27. 20 Jun, 2014 1 commit
  28. 21 May, 2014 2 commits