Commit 00012dfd authored by Leigh Stoller's avatar Leigh Stoller

Fixes and improvements to dataset/image credential handling.

parent db9ffa0a
......@@ -1548,6 +1548,14 @@ sub CreateDatasetCreds($$$)
next
if (!$dataset->IsIMDataset());
next
if (exists($credentials{$manager_urn}) &&
exists($credentials{$manager_urn}->{$dataset_urn}));
if (!exists($credentials{$manager_urn})) {
$credentials{$manager_urn} = {};
}
#
# For image backed datasets, we need to send along a credential
# that allows the remote CM to securely download the dataset if
......@@ -1569,12 +1577,16 @@ sub CreateDatasetCreds($$$)
}
return -1;
}
if (!exists($credentials{$manager_urn})) {
$credentials{$manager_urn} = [];
}
push(@{$credentials{$manager_urn}}, $output);
$credentials{$manager_urn}->{$dataset_urn} = $output;
}
}
#
# Convert to hash of lists instead of hash of hashes.
#
foreach my $urn (keys(%credentials)) {
my %creds = %{$credentials{$urn}};
$credentials{$urn} = [ values(%creds) ];
}
$$pref = \%credentials;
return 0;
}
......@@ -1676,7 +1688,12 @@ sub CreateImageCreds($$$;$)
# a remote cluster. No IMS either.
#
next
if (exists($credentials{$image_urn}));
if (exists($credentials{$manager_urn}) &&
exists($credentials{$manager_urn}->{$image_urn}));
if (!exists($credentials{$manager_urn})) {
$credentials{$manager_urn} = {};
}
#
# Generate a credential that allows the user to use a local
......@@ -1704,7 +1721,7 @@ sub CreateImageCreds($$$;$)
$$pmsg = "Could not create credential for $image_urn";
return -1;
}
$credentials{$image_urn} = $credential->asString();
$credentials{$manager_urn}->{$image_urn} = $credential->asString();
next;
}
......@@ -1772,9 +1789,16 @@ sub CreateImageCreds($$$;$)
print STDERR $output . "\n";
return -1;
}
$credentials{$image_urn} = $output;
$credentials{$manager_urn}->{$image_urn} = $output;
}
@$pref = values(%credentials);
#
# Convert to hash of lists instead of hash of hashes.
#
foreach my $urn (keys(%credentials)) {
my %creds = %{$credentials{$urn}};
$credentials{$urn} = [ values(%creds) ];
}
$$pref = \%credentials;
return 0;
}
......
......@@ -278,8 +278,8 @@ if ($retval) {
fatal("Could not generate dataset credentials: $errmsg");
}
# Ditto images that are not global (also checks user permission).
my @image_credentials = ();
$retval = $instance->CreateImageCreds(\$errmsg, \@image_credentials);
my $image_credentials = {};
$retval = $instance->CreateImageCreds(\$errmsg, \$image_credentials);
if ($retval) {
fatal("Could not generate image credentials: $errmsg");
}
......@@ -601,6 +601,7 @@ sub CreateSliver($)
my $cmurl = $authority->url();
my $urn = $authority->urn();
my @dsetcreds = ();
my @imcreds = ();
my $manifest;
$webtask->Refresh();
......@@ -619,6 +620,9 @@ sub CreateSliver($)
if (exists($dataset_credentials->{$authority->urn()})) {
@dsetcreds = @{$dataset_credentials->{$authority->urn()}};
}
if (exists($image_credentials->{$authority->urn()})) {
@imcreds = @{$image_credentials->{$authority->urn()}};
}
#
# This creates the sliver and starts it. We have to watch for the
......@@ -640,8 +644,8 @@ sub CreateSliver($)
"credentials" =>
[$slice_credential->asString(),
$speaksfor_credential->asString(),
@dsetcreds
@image_credentials
@dsetcreds,
@imcreds,
],
"certificate" => $instance->cert(),
"key" => $instance->privkey(),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment