1. 19 Nov, 2017 1 commit
    • Leigh B Stoller's avatar
      Round of changes related to dataset approval: · f431479c
      Leigh B Stoller authored
      Previously we forced all Portal datasets to auto approve at the target
      cluster, now we let the local policy settings determine that, and return
      status indicating that the dataset needs to be approved by an admin.
      
      Plumbed through the approval path to the remote cluster.
      
      Fixed up polling to handle unapproved datasets and to watch for new
      failed state that Mike added to indicate that allocation failed.
      f431479c
  2. 25 Jan, 2017 1 commit
  3. 21 Sep, 2016 1 commit
  4. 29 Aug, 2016 3 commits
  5. 04 Jan, 2016 1 commit
  6. 16 Oct, 2015 1 commit
  7. 09 Oct, 2015 1 commit
  8. 17 Mar, 2015 1 commit
  9. 10 Mar, 2015 1 commit
  10. 05 Mar, 2015 2 commits
  11. 27 Jan, 2015 1 commit
    • Leigh B Stoller's avatar
      Two co-mingled sets of changes: · 85cb063b
      Leigh B Stoller authored
      1) Implement the latest dataset read/write access settings from frontend to
         backend. Also updates for simultaneous read-only usage.
      
      2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.
      
         The first changes the way that projects and users are treated at the
         CM. When set, we create real accounts (marked as nonlocal) for users and
         also create real projects (also marked as nonlocal). Users are added to
         those projects according to their credentials. The underlying experiment
         is thus owned by the user and in the project, although all the work is
         still done by the geniuser pseudo user. The advantage of this approach
         is that we can use standard emulab access checks to control access to
         objects like datasets. Maybe images too at some point.
      
         NOTE: Users are not removed from projects once they are added; we are
         going to need to deal with this, perhaps by adding an expiration stamp
         to the groups_membership tables, and using the credential expiration to
         mark it.
      
         The second new configure option turns on the web login via the geni
         trusted signer. So, if I create a sliver on a backend cluster when both
         options are set, I can use the trusted signer to log into my newly
         created account on the cluster, and see it (via the emulab classic web
         interface).
      
         All this is in flux, might end up being a bogus approach in the end.
      85cb063b
  12. 04 Jan, 2015 1 commit
  13. 15 Dec, 2014 1 commit
  14. 03 Dec, 2014 1 commit
  15. 12 Nov, 2014 1 commit
    • Leigh B Stoller's avatar
      Lots of dataset changes. · 0adc340f
      Leigh B Stoller authored
      Project leases are now per-group, so we build a sub authority certificate
      for a remote dataset so that on the remote side, it is created inside the
      group named by the project on the local side.
      
      Many bug fixes.
      0adc340f
  16. 28 Oct, 2014 1 commit