Commit 364a7168 authored by Leigh Stoller's avatar Leigh Stoller

Dataset credential fix; need to send dataset creds to the aggregate

where they are used, not to all aggregates in a multisite experiment.
parent 7e178bf6
......@@ -1460,7 +1460,7 @@ sub CreateDatasetCreds($$$)
my $rspecstr = $self->rspec();
my $project = $self->GetProject();
my $geniuser = $self->GetGeniUser();
my @credentials = ();
my %credentials = ();
my $rspec = GeniXML::Parse($rspecstr);
if (! defined($rspec)) {
......@@ -1567,10 +1567,13 @@ sub CreateDatasetCreds($$$)
}
return -1;
}
push(@credentials, $output);
if (!exists($credentials{$manager_urn})) {
$credentials{$manager_urn} = [];
}
push(@{$credentials{$manager_urn}}, $output);
}
}
@$pref = @credentials;
$$pref = \%credentials;
return 0;
}
......
......@@ -855,8 +855,8 @@ if ($instance->ApplyExtensionPolicies()) {
# Generate the extra credentials that tells the backend this experiment
# can access the datasets.
my @dataset_credentials = ();
$retval = $instance->CreateDatasetCreds(\$errmsg, \@dataset_credentials);
my $dataset_credentials = {};
$retval = $instance->CreateDatasetCreds(\$errmsg, \$dataset_credentials);
if ($retval) {
$instance->Delete();
($retval < 0 ? fatal($errmsg) : UserError($errmsg));
......
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2018 University of Utah and the Flux Group.
# Copyright (c) 2008-2019 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -272,8 +272,8 @@ if (! (defined($speaksfor_credential) &&
# Generate the extra credentials that tells the backend this experiment
# can access the datasets.
#
my @dataset_credentials = ();
my $retval = $instance->CreateDatasetCreds(\$errmsg, \@dataset_credentials);
my $dataset_credentials = {};
my $retval = $instance->CreateDatasetCreds(\$errmsg, \$dataset_credentials);
if ($retval) {
fatal("Could not generate dataset credentials");
}
......@@ -590,6 +590,7 @@ sub CreateSliver($)
my $status = $aggobj->status();
my $cmurl = $authority->url();
my $urn = $authority->urn();
my @dsetcreds = ();
my $manifest;
$webtask->Refresh();
......@@ -601,6 +602,14 @@ sub CreateSliver($)
Genixmlrpc->SetTimeout(900);
#
# Dataset and image credentials are per aggregate cause of speaksfor
# rules checking at the CM.
#
if (exists($dataset_credentials->{$authority->urn()})) {
@dsetcreds = @{$dataset_credentials->{$authority->urn()}};
}
#
# This creates the sliver and starts it. We have to watch for the
# server being too busy.
......@@ -621,7 +630,7 @@ sub CreateSliver($)
"credentials" =>
[$slice_credential->asString(),
$speaksfor_credential->asString(),
@dataset_credentials
@dsetcreds
],
"certificate" => $instance->cert(),
"key" => $instance->privkey(),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment