[08/12] airavata-php-gateway git commit: AIRAVATA-2500 Prevent deleting in-use user credentials
AIRAVATA-2500 Prevent deleting in-use user credentials Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/277f3468 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/277f3468 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/277f3468 Branch: refs/heads/AIRAVATA-2500 Commit: 277f34685da4273b1ee2f030b02c2830f6ca55e9 Parents: 2782a49 Author: Marcus ChristieAuthored: Thu Sep 7 16:31:28 2017 -0400 Committer: Marcus Christie Committed: Thu Sep 7 16:31:28 2017 -0400 -- app/controllers/UserSettingsController.php | 22 +- app/views/account/credential-store.blade.php | 11 +-- 2 files changed, 26 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/277f3468/app/controllers/UserSettingsController.php -- diff --git a/app/controllers/UserSettingsController.php b/app/controllers/UserSettingsController.php index d73e874..7f449a6 100644 --- a/app/controllers/UserSettingsController.php +++ b/app/controllers/UserSettingsController.php @@ -17,7 +17,7 @@ class UserSettingsController extends BaseController $userCredentialSummaries = URPUtilities::get_all_ssh_pub_keys_summary_for_user(); $defaultCredentialToken = $userResourceProfile->credentialStoreToken; foreach ($userCredentialSummaries as $credentialSummary) { -$credentialSummary->canDelete = ($credentialSummary->token != $defaultCredentialToken); +$credentialSummary->canDelete = $this->canDeleteCredential($credentialSummary->token, $userResourceProfile); } return View::make("account/credential-store", array( @@ -27,6 +27,26 @@ class UserSettingsController extends BaseController )); } +// Don't allow deleting credential if default credential or in use by a +// userComputeResourcePreference or a userStoragePreference +private function canDeleteCredential($token, $userResourceProfile) { +if ($token == $userResourceProfile->credentialStoreToken) { +return false; +} else { +foreach ($userResourceProfile->userComputeResourcePreferences as $userCompResPref) { +if ($userCompResPref->resourceSpecificCredentialStoreToken == $token) { +return false; +} +} +foreach ($userResourceProfile->userStoragePreferences as $userStoragePreference) { +if ($userStoragePreference->resourceSpecificCredentialStoreToken == $token) { +return false; +} +} +} +return true; +} + public function setDefaultCredential() { $defaultToken = Input::get("defaultToken"); http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/277f3468/app/views/account/credential-store.blade.php -- diff --git a/app/views/account/credential-store.blade.php b/app/views/account/credential-store.blade.php index a6b0b33..32e0f0d 100644 --- a/app/views/account/credential-store.blade.php +++ b/app/views/account/credential-store.blade.php @@ -57,15 +57,14 @@ @if ($credentialSummary->token != $defaultCredentialToken) -Make Default +Make Default -@else -This is the default SSH public key that the gateway will use to authenticate to your compute and storage accounts. -@endif -@if ($credentialSummary->canDelete) Delete +class="btn btn-danger delete-credential" +@if(!$credentialSummary->canDelete) disabled @endif>Delete +@else +This is the default SSH public key that the gateway will use to authenticate to your compute and storage accounts. @endif
[03/12] airavata-php-gateway git commit: AIRAVATA-2500 Thrift stub code generation
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cf2eae7e/app/libraries/Airavata/API/Airavata.php -- diff --git a/app/libraries/Airavata/API/Airavata.php b/app/libraries/Airavata/API/Airavata.php index ae27035..c8976ba 100644 --- a/app/libraries/Airavata/API/Airavata.php +++ b/app/libraries/Airavata/API/Airavata.php @@ -3428,6 +3428,71 @@ interface AiravataIf { */ public function deleteGatewayStoragePreference(\Airavata\Model\Security\AuthzToken $authzToken, $gatewayID, $storageId); /** + * @param \Airavata\Model\Security\AuthzToken $authzToken + * @return \Airavata\Model\AppCatalog\AccountProvisioning\SSHAccountProvisioner[] + * @throws \Airavata\API\Error\InvalidRequestException + * @throws \Airavata\API\Error\AiravataClientException + * @throws \Airavata\API\Error\AiravataSystemException + * @throws \Airavata\API\Error\AuthorizationException + */ + public function getSSHAccountProvisioners(\Airavata\Model\Security\AuthzToken $authzToken); + /** + * Check if user has an SSH account on the given compute resource. This + * method will only work if the compute resource has an SSHAccountProvisioner configured for it. + * + * @param \Airavata\Model\Security\AuthzToken $authzToken + * @param string $computeResourceId + * @param string $userId + * @return bool + * @throws \Airavata\API\Error\InvalidRequestException + * @throws \Airavata\API\Error\AiravataClientException + * @throws \Airavata\API\Error\AiravataSystemException + * @throws \Airavata\API\Error\AuthorizationException + */ + public function doesUserHaveSSHAccount(\Airavata\Model\Security\AuthzToken $authzToken, $computeResourceId, $userId); + /** + * Setup and return a UserComputeResourcePreference object for this user to SSH into the given compute resource with + * the given SSH credential. This method will only work if the compute resource has an SSHAccountProvisioner + * configured for it. The returned UserComputeResourcePreference object is not saved; it is up to the client to + * call addUserComputeResourcePreference to persist it. + * + * @param \Airavata\Model\Security\AuthzToken $authzToken + * @param string $computeResourceId + * @param string $userId + * @param string $airavataCredStoreToken + * @return \Airavata\Model\AppCatalog\UserResourceProfile\UserComputeResourcePreference User specific preferences for a Computer Resource + * + * computeResourceId: + * Corelate the preference to a compute resource. + * + * + * loginUserName: + * If turned true, Airavata will override the preferences of better alternatives exist. + * + * + * preferredBatchQueue: + * Gateways can choose a defualt batch queue based on average job dimention, reservations or other metrics. + * + * scratchLocation: + * Path to the local scratch space on a HPC cluster. Typically used to create working directory for job execution. + * + * allocationProjectNumber: + * Typically used on HPC machines to charge computing usage to a account number. For instance, on XSEDE once an + *allocation is approved, an allocation number is assigned. Before passing this number with job submittions, the + *account to be used has to be added to the allocation. + * + * resourceSpecificCredentialStoreToken: + * Resource specific credential store token. If this token is specified, then it is superceeded by the gateway's + * default credential store. + * + * + * @throws \Airavata\API\Error\InvalidRequestException + * @throws \Airavata\API\Error\AiravataClientException + * @throws \Airavata\API\Error\AiravataSystemException + * @throws \Airavata\API\Error\AuthorizationException + */ + public function setupUserComputeResourcePreferencesForSSH(\Airavata\Model\Security\AuthzToken $authzToken, $computeResourceId, $userId, $airavataCredStoreToken); + /** * Register User Resource Profile. * * @param UserResourceProfile @@ -4045,7 +4110,7 @@ interface AiravataIf { /** * @param \Airavata\Model\Security\AuthzToken $authzToken * @param \Airavata\Model\Group\GroupModel $groupModel - * @return bool + * @return string * @throws \Airavata\API\Error\InvalidRequestException * @throws \Airavata\API\Error\AiravataClientException * @throws \Airavata\API\Error\AiravataSystemException @@ -4066,14 +4131,13 @@ interface AiravataIf { * @param \Airavata\Model\Security\AuthzToken $authzToken * @param string $groupId * @param string $ownerId - * @param string $gatewayId * @return bool * @throws \Airavata\API\Error\InvalidRequestException * @throws \Airavata\API\Error\AiravataClientException * @throws \Airavata\API\Error\AiravataSystemException * @throws \Airavata\API\Error\AuthorizationException */ - public function deleteGroup(\Airavata\Model\Security\AuthzToken $authzToken,
[12/12] airavata-php-gateway git commit: AIRAVATA-2500 Disallow editing auto provisioned ssh accounts
AIRAVATA-2500 Disallow editing auto provisioned ssh accounts Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/f78e49e0 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/f78e49e0 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/f78e49e0 Branch: refs/heads/AIRAVATA-2500 Commit: f78e49e07486d66fc68e9838ed858bc6bc19c3fb Parents: 4727617 Author: Marcus ChristieAuthored: Mon Sep 25 17:10:02 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 17:10:02 2017 -0400 -- app/controllers/UserSettingsController.php | 12 + .../user-compute-resource-preferences.blade.php | 27 +--- 2 files changed, 30 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f78e49e0/app/controllers/UserSettingsController.php -- diff --git a/app/controllers/UserSettingsController.php b/app/controllers/UserSettingsController.php index 7f449a6..ef17e17 100644 --- a/app/controllers/UserSettingsController.php +++ b/app/controllers/UserSettingsController.php @@ -102,6 +102,12 @@ class UserSettingsController extends BaseController public function getComputeResources(){ $userResourceProfile = URPUtilities::get_or_create_user_resource_profile(); +$gatewayResourceProfile = CRUtilities::getGatewayResourceProfile(); +$computeResourcePreferences = $gatewayResourceProfile->computeResourcePreferences; +$computeResourcePreferencesById = array(); +foreach ($computeResourcePreferences as $computeResourcePreference) { + $computeResourcePreferencesById[$computeResourcePreference->computeResourceId] = $computeResourcePreference; +} $allCRs = CRUtilities::getAllCRObjects(); foreach( $allCRs as $index => $crObject) @@ -111,6 +117,12 @@ class UserSettingsController extends BaseController // Add crDetails to each UserComputeResourcePreference foreach ($userResourceProfile->userComputeResourcePreferences as $index => $userCompResPref) { $userCompResPref->crDetails = $allCRsById[$userCompResPref->computeResourceId]; +// Disallow editing a UserComputeResourcePreference that was automatically setup by an sshAccountProvisioner +$userCompResPref->editable = true; +if (array_key_exists($userCompResPref->computeResourceId, $computeResourcePreferencesById)) { +$computeResourcePreference = $computeResourcePreferencesById[$userCompResPref->computeResourceId]; +$userCompResPref->editable = $computeResourcePreference->sshAccountProvisioner == null; +} // To figure out the unselectedCRs, remove this compute resource from allCRsById unset($allCRsById[$userCompResPref->computeResourceId]); } http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f78e49e0/app/views/partials/user-compute-resource-preferences.blade.php -- diff --git a/app/views/partials/user-compute-resource-preferences.blade.php b/app/views/partials/user-compute-resource-preferences.blade.php index 49c3f85..caedb92 100644 --- a/app/views/partials/user-compute-resource-preferences.blade.php +++ b/app/views/partials/user-compute-resource-preferences.blade.php @@ -13,14 +13,15 @@ + value="@if( isset( $preferences) ){{$preferences->loginUserName}}@endif" + @if(isset($preferences) && !$preferences->editable) disabled @endif/> Preferred Batch Queue - +editable) disabled @endif> Select a Queue from list @foreach( (array)$computeResource->batchQueues as $index => $queue) + value="@if( isset( $preferences) ){{$preferences->scratchLocation}}@endif" + @if(isset($preferences) && !$preferences->editable) disabled @endif/> @@ -44,7 +46,8 @@ + value="@if( isset( $preferences) ){{$preferences->allocationProjectNumber}}@endif" + @if(isset($preferences) && !$preferences->editable) disabled @endif/> @@ -52,7 +55,7 @@ Resource Specific SSH Key - +editable) disabled @endif> resourceSpecificCredentialStoreToken == null) selected @endif> No resource specific SSH key, just use the default one ({{{$defaultCredentialSummary->description}}}) @@ -72,7 +75,8 @@ + value="@if( isset( $preferences)
[11/12] airavata-php-gateway git commit: AIRAVATA-2500 Thrift stub code generation
AIRAVATA-2500 Thrift stub code generation Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/4727617a Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/4727617a Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/4727617a Branch: refs/heads/AIRAVATA-2500 Commit: 4727617a70ffc190f1a2ffd388848d934534c24d Parents: 8a3b0ad Author: Marcus ChristieAuthored: Mon Sep 25 16:20:25 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 16:20:25 2017 -0400 -- app/libraries/Airavata/API/Airavata.php | 10 +++ .../AppCatalog/UserResourceProfile/Types.php| 28 2 files changed, 38 insertions(+) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/4727617a/app/libraries/Airavata/API/Airavata.php -- diff --git a/app/libraries/Airavata/API/Airavata.php b/app/libraries/Airavata/API/Airavata.php index c8976ba..a22ef84 100644 --- a/app/libraries/Airavata/API/Airavata.php +++ b/app/libraries/Airavata/API/Airavata.php @@ -3485,6 +3485,11 @@ interface AiravataIf { * Resource specific credential store token. If this token is specified, then it is superceeded by the gateway's * default credential store. * + * validated: + * If true the the configuration has been validated in the sense that the username and credential can be used to + * login to the remote host and the scratchLocation is a valid location that the user has permission to write to. + * Should be treated as read-only and only mutated by Airavata middleware. + * * * @throws \Airavata\API\Error\InvalidRequestException * @throws \Airavata\API\Error\AiravataClientException @@ -3717,6 +3722,11 @@ interface AiravataIf { * Resource specific credential store token. If this token is specified, then it is superceeded by the gateway's * default credential store. * + * validated: + * If true the the configuration has been validated in the sense that the username and credential can be used to + * login to the remote host and the scratchLocation is a valid location that the user has permission to write to. + * Should be treated as read-only and only mutated by Airavata middleware. + * * * @throws \Airavata\API\Error\InvalidRequestException * @throws \Airavata\API\Error\AiravataClientException http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/4727617a/app/libraries/Airavata/Model/AppCatalog/UserResourceProfile/Types.php -- diff --git a/app/libraries/Airavata/Model/AppCatalog/UserResourceProfile/Types.php b/app/libraries/Airavata/Model/AppCatalog/UserResourceProfile/Types.php index 8ab78a0..c4a0a9c 100644 --- a/app/libraries/Airavata/Model/AppCatalog/UserResourceProfile/Types.php +++ b/app/libraries/Airavata/Model/AppCatalog/UserResourceProfile/Types.php @@ -43,6 +43,11 @@ use Thrift\Exception\TApplicationException; * Resource specific credential store token. If this token is specified, then it is superceeded by the gateway's * default credential store. * + * validated: + * If true the the configuration has been validated in the sense that the username and credential can be used to + * login to the remote host and the scratchLocation is a valid location that the user has permission to write to. + * Should be treated as read-only and only mutated by Airavata middleware. + * */ class UserComputeResourcePreference { static $_TSPEC; @@ -87,6 +92,10 @@ class UserComputeResourcePreference { * @var int */ public $reservationEndTime = null; + /** + * @var bool + */ + public $validated = false; public function __construct($vals=null) { if (!isset(self::$_TSPEC)) { @@ -131,6 +140,10 @@ class UserComputeResourcePreference { 'var' => 'reservationEndTime', 'type' => TType::I64, ), +11 => array( + 'var' => 'validated', + 'type' => TType::BOOL, + ), ); } if (is_array($vals)) { @@ -164,6 +177,9 @@ class UserComputeResourcePreference { if (isset($vals['reservationEndTime'])) { $this->reservationEndTime = $vals['reservationEndTime']; } + if (isset($vals['validated'])) { +$this->validated = $vals['validated']; + } } } @@ -256,6 +272,13 @@ class UserComputeResourcePreference { $xfer += $input->skip($ftype); } break; +case 11: + if ($ftype == TType::BOOL) { +$xfer += $input->readBool($this->validated); + } else { +$xfer +=
[06/12] airavata-php-gateway git commit: AIRAVATA-2500 Display SSHAccountProvisioner additional info
AIRAVATA-2500 Display SSHAccountProvisioner additional info Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/3f67f683 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/3f67f683 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/3f67f683 Branch: refs/heads/AIRAVATA-2500 Commit: 3f67f683459245977d90183f3039e4d11e1ffdb3 Parents: cf2eae7 Author: Marcus ChristieAuthored: Thu Sep 7 15:15:42 2017 -0400 Committer: Marcus Christie Committed: Thu Sep 7 15:30:48 2017 -0400 -- app/libraries/URPUtilities.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/3f67f683/app/libraries/URPUtilities.php -- diff --git a/app/libraries/URPUtilities.php b/app/libraries/URPUtilities.php index 906861a..33b1e5e 100644 --- a/app/libraries/URPUtilities.php +++ b/app/libraries/URPUtilities.php @@ -205,7 +205,7 @@ class URPUtilities "hostname" => $hostname, "userComputeResourcePreference" => $userComputeResourcePreference, "accountExists" => $accountExists, -"additionalInfo" => "TODO", +"additionalInfo" => $computeResourcePreference->sshAccountProvisionerAdditionalInfo, "errorMessage" => "TODO" ); }
[07/12] airavata-php-gateway git commit: AIRAVATA-2500 SSHAccountProvisioner error reporting
AIRAVATA-2500 SSHAccountProvisioner error reporting Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/2782a493 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/2782a493 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/2782a493 Branch: refs/heads/AIRAVATA-2500 Commit: 2782a4939136b7a968f3efb35ceb4c42ee627638 Parents: 2db05f4 Author: Marcus ChristieAuthored: Thu Sep 7 15:24:07 2017 -0400 Committer: Marcus Christie Committed: Thu Sep 7 16:20:04 2017 -0400 -- app/libraries/URPUtilities.php | 30 ++ 1 file changed, 18 insertions(+), 12 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2782a493/app/libraries/URPUtilities.php -- diff --git a/app/libraries/URPUtilities.php b/app/libraries/URPUtilities.php index 33b1e5e..27b4c67 100644 --- a/app/libraries/URPUtilities.php +++ b/app/libraries/URPUtilities.php @@ -189,24 +189,30 @@ class URPUtilities $computeResource = CRUtilities::get_compute_resource($computeResourceId); $hostname = $computeResource->hostName; $userComputeResourcePreference = null; -if( array_key_exists($computeResourceId, $userComputeResourcePreferences)) { -$userComputeResourcePreference = $userComputeResourcePreferences[$computeResourceId]; -$accountExists = true; -} else if ($sshAccountProvisioner->canCreateAccount) { -$userComputeResourcePreference = URPUtilities::setup_ssh_account($gatewayId, $userId, $computeResourceId, $hostname); -$accountExists = true; -} else if (Airavata::doesUserHaveSSHAccount(Session::get('authz-token'), $computeResourceId, $userId)) { -$userComputeResourcePreference = URPUtilities::setup_ssh_account($gatewayId, $userId, $computeResourceId, $hostname); -$accountExists = true; -} else { -$accountExists = false; +$errorMessage = null; +$accountExists = false; +try { +if( array_key_exists($computeResourceId, $userComputeResourcePreferences)) { +$userComputeResourcePreference = $userComputeResourcePreferences[$computeResourceId]; +$accountExists = true; +} else if ($sshAccountProvisioner->canCreateAccount) { +$userComputeResourcePreference = URPUtilities::setup_ssh_account($gatewayId, $userId, $computeResourceId, $hostname); +$accountExists = true; +} else if (Airavata::doesUserHaveSSHAccount(Session::get('authz-token'), $computeResourceId, $userId)) { +$userComputeResourcePreference = URPUtilities::setup_ssh_account($gatewayId, $userId, $computeResourceId, $hostname); +$accountExists = true; +} +} catch (Exception $ex) { +Log::error("Failed to setup SSH Account for " . $userId . " on $hostname"); +Log::error($ex); +$errorMessage = $ex->getMessage(); } $results[] = array( "hostname" => $hostname, "userComputeResourcePreference" => $userComputeResourcePreference, "accountExists" => $accountExists, "additionalInfo" => $computeResourcePreference->sshAccountProvisionerAdditionalInfo, -"errorMessage" => "TODO" +"errorMessage" => $errorMessage ); } }
[09/12] airavata-php-gateway git commit: AIRAVATA-2500 Fixing layout
AIRAVATA-2500 Fixing layout Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/20db67cb Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/20db67cb Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/20db67cb Branch: refs/heads/AIRAVATA-2500 Commit: 20db67cb21d836b6ab4dd42a8bbdb4fb3ee7fbb8 Parents: 277f346 Author: Marcus ChristieAuthored: Fri Sep 22 13:53:40 2017 -0400 Committer: Marcus Christie Committed: Fri Sep 22 13:53:58 2017 -0400 -- .../auto-provisioned-accounts.blade.php | 44 ++-- 1 file changed, 23 insertions(+), 21 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/20db67cb/app/views/partials/auto-provisioned-accounts.blade.php -- diff --git a/app/views/partials/auto-provisioned-accounts.blade.php b/app/views/partials/auto-provisioned-accounts.blade.php index 78c9648..5f56aa3 100644 --- a/app/views/partials/auto-provisioned-accounts.blade.php +++ b/app/views/partials/auto-provisioned-accounts.blade.php @@ -22,27 +22,29 @@ @foreach ($auto_provisioned_accounts as $auto_provisioned_account) - -@if ($auto_provisioned_account["errorMessage"] != null) - FAILED - -See Error Message for more information and contact Gateway Admin for help. - -@elseif ($auto_provisioned_account["accountExists"] === false) - ACCOUNT MISSING - -See Additional Info for more information on how to create your account on {{{ $auto_provisioned_account["hostname"]}}}. - -@elseif ($auto_provisioned_account["userComputeResourcePreference"] != null) - OK -@else - UNKNOWN -@endif - -{{{ $auto_provisioned_account["hostname"] }}} -{{-- Not escaping HTML to allow Gateway Admin to put HTML into additionalInfo field --}} -{{ $auto_provisioned_account["additionalInfo"] }} -{{{ $auto_provisioned_account["errorMessage"] }}} + + +@if ($auto_provisioned_account["errorMessage"] != null) + FAILED + +See Error Message for more information and contact Gateway Admin for help. + +@elseif ($auto_provisioned_account["accountExists"] === false) + ACCOUNT MISSING + +See Additional Info for more information on how to create your account on {{{ $auto_provisioned_account["hostname"]}}}. + +@elseif ($auto_provisioned_account["userComputeResourcePreference"] != null) + OK +@else + UNKNOWN +@endif + +{{{ $auto_provisioned_account["hostname"] }}} +{{-- Not escaping HTML to allow Gateway Admin to put HTML into additionalInfo field --}} +{{ $auto_provisioned_account["additionalInfo"] }} +{{{ $auto_provisioned_account["errorMessage"] }}} + @endforeach
[1/8] airavata git commit: AIRAVATA-2500 Disallow overwriting LDAP SSH key
Repository: airavata Updated Branches: refs/heads/AIRAVATA-2500 2425187bb -> 50d7bb6a5 AIRAVATA-2500 Disallow overwriting LDAP SSH key Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/42059ecc Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/42059ecc Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/42059ecc Branch: refs/heads/AIRAVATA-2500 Commit: 42059e02eaf6493cda480a6edbaad0d09961 Parents: 2425187 Author: Marcus ChristieAuthored: Wed Sep 20 16:29:26 2017 -0400 Committer: Marcus Christie Committed: Wed Sep 20 16:29:26 2017 -0400 -- .../provisioner/IULdapSSHAccountProvisioner.java| 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/airavata/blob/42059ecc/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java -- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java index 4f0ad07..69ed3f6 100644 --- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java @@ -104,7 +104,17 @@ public class IULdapSSHAccountProvisioner implements SSHAccountProvisioner { modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.ADD_ATTRIBUTE); } else { -modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE); +String oldSshPublicKey = entry.get(SSH_PUBLIC_KEY_ATTRIBUTE_NAME).getString(); +if (!oldSshPublicKey.equals(sshPublicKey)) { +// Disallow overwriting the SSH key +throw new RuntimeException("User [" + username + "] already has an SSH public key in LDAP for [" ++ ldapBaseDN + "] and overwriting it isn't allowed."); +// modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, +//sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE); +} else { +// SSH key is already installed so just return +return true; +} } ModifyResponse modifyResponse = ldapConnection.modify(modifyRequest); if (modifyResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
[5/8] airavata git commit: AIRAVATA-2500 Add 'validated' flag to UserComputeResourcePreference
AIRAVATA-2500 Add 'validated' flag to UserComputeResourcePreference Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/20fc3fdb Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/20fc3fdb Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/20fc3fdb Branch: refs/heads/AIRAVATA-2500 Commit: 20fc3fdbbd7928c63c0ee6abf1382d9970bbef67 Parents: 596eb5b Author: Marcus ChristieAuthored: Mon Sep 25 09:24:01 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 09:57:28 2017 -0400 -- .../accountprovisioning/SSHAccountManager.java | 1 + .../catalog/impl/UsrResourceProfileImpl.java| 2 ++ .../model/UserComputeResourcePreference.java| 10 ++ .../UserComputeHostPreferenceResource.java | 11 ++ .../app/catalog/util/AppCatalogJPAUtils.java| 1 + .../util/AppCatalogThriftConversion.java| 1 + .../src/main/resources/appcatalog-derby.sql | 38 +++- .../src/main/resources/appcatalog-mysql.sql | 38 .../DeltaScripts/appCatalog_schema_delta.sql| 2 ++ .../user_resource_profile_model.thrift | 8 - 10 files changed, 110 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata/blob/20fc3fdb/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java -- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java index e7e9052..136bbee 100644 --- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java @@ -180,6 +180,7 @@ public class SSHAccountManager { userComputeResourcePreference.setComputeResourceId(computeResourceId); userComputeResourcePreference.setLoginUserName(username); userComputeResourcePreference.setScratchLocation(scratchLocation); +userComputeResourcePreference.setValidated(true); return userComputeResourcePreference; } http://git-wip-us.apache.org/repos/asf/airavata/blob/20fc3fdb/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/impl/UsrResourceProfileImpl.java -- diff --git a/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/impl/UsrResourceProfileImpl.java b/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/impl/UsrResourceProfileImpl.java index b7a95f8..a7366ca 100644 --- a/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/impl/UsrResourceProfileImpl.java +++ b/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/impl/UsrResourceProfileImpl.java @@ -83,6 +83,7 @@ public class UsrResourceProfileImpl implements UsrResourceProfile { if (preference.getReservationEndTime() > 0) { resource.setReservationEndTime(AiravataUtils.getTime(preference.getReservationEndTime())); } +resource.setValidated(preference.isValidated()); resource.save(); } } @@ -142,6 +143,7 @@ public class UsrResourceProfileImpl implements UsrResourceProfile { if (preference.getReservationEndTime() > 0) { resource.setReservationEndTime(AiravataUtils.getTime(preference.getReservationEndTime())); } +resource.setValidated(preference.isValidated()); resource.save(); } } http://git-wip-us.apache.org/repos/asf/airavata/blob/20fc3fdb/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/model/UserComputeResourcePreference.java -- diff --git a/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/model/UserComputeResourcePreference.java b/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/model/UserComputeResourcePreference.java index e86248f..81ef75a 100644 --- a/modules/registry/registry-core/src/main/java/org/apache/airavata/registry/core/app/catalog/model/UserComputeResourcePreference.java
[7/8] airavata git commit: AIRAVATA-2500 data migration for new validated flag
AIRAVATA-2500 data migration for new validated flag Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ba4982c1 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ba4982c1 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ba4982c1 Branch: refs/heads/AIRAVATA-2500 Commit: ba4982c1fe90b841b250f085a5b536c21c4f3201 Parents: 29fedaf Author: Marcus ChristieAuthored: Mon Sep 25 10:38:28 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 10:38:28 2017 -0400 -- .../0.18-0.19/DeltaScripts/appCatalog_schema_delta.sql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/airavata/blob/ba4982c1/modules/registry/release-migration-scripts/0.18-0.19/DeltaScripts/appCatalog_schema_delta.sql -- diff --git a/modules/registry/release-migration-scripts/0.18-0.19/DeltaScripts/appCatalog_schema_delta.sql b/modules/registry/release-migration-scripts/0.18-0.19/DeltaScripts/appCatalog_schema_delta.sql index 04241e2..672b43b 100644 --- a/modules/registry/release-migration-scripts/0.18-0.19/DeltaScripts/appCatalog_schema_delta.sql +++ b/modules/registry/release-migration-scripts/0.18-0.19/DeltaScripts/appCatalog_schema_delta.sql @@ -31,4 +31,6 @@ CREATE TABLE SSH_ACCOUNT_PROVISIONER_CONFIG FOREIGN KEY (GATEWAY_ID, RESOURCE_ID) REFERENCES COMPUTE_RESOURCE_PREFERENCE (GATEWAY_ID, RESOURCE_ID) ON DELETE CASCADE ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -alter table USER_COMPUTE_RESOURCE_PREFERENCE add VALIDATED tinyint(1) NOT NULL DEFAULT 0; \ No newline at end of file +alter table USER_COMPUTE_RESOURCE_PREFERENCE add VALIDATED tinyint(1) NOT NULL DEFAULT 0; +-- VALIDATED defaults to false (0) but set all existing ones to be true (1) +update USER_COMPUTE_RESOURCE_PREFERENCE set VALIDATED = 1; \ No newline at end of file
[04/12] airavata-php-gateway git commit: AIRAVATA-2500 Thrift stub code generation
AIRAVATA-2500 Thrift stub code generation Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/cf2eae7e Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/cf2eae7e Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/cf2eae7e Branch: refs/heads/AIRAVATA-2500 Commit: cf2eae7e1e30bf02cb0ee30ae91f558999b9f90d Parents: f6653e2 Author: Marcus ChristieAuthored: Thu Sep 7 13:12:53 2017 -0400 Committer: Marcus Christie Committed: Thu Sep 7 15:30:43 2017 -0400 -- app/libraries/Airavata/API/Airavata.php | 4126 +++--- .../AppCatalog/AccountProvisioning/Types.php| 345 ++ .../Model/AppCatalog/GatewayProfile/Types.php | 120 +- app/libraries/Airavata/Model/Tenant/Types.php | 410 +- 4 files changed, 3326 insertions(+), 1675 deletions(-) --
[02/12] airavata-php-gateway git commit: AIRAVATA-2500 Thrift stub code generation
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cf2eae7e/app/libraries/Airavata/Model/AppCatalog/AccountProvisioning/Types.php -- diff --git a/app/libraries/Airavata/Model/AppCatalog/AccountProvisioning/Types.php b/app/libraries/Airavata/Model/AppCatalog/AccountProvisioning/Types.php new file mode 100644 index 000..541abd8 --- /dev/null +++ b/app/libraries/Airavata/Model/AppCatalog/AccountProvisioning/Types.php @@ -0,0 +1,345 @@ + 'STRING', +1 => 'CRED_STORE_PASSWORD_TOKEN', + ); +} + +class SSHAccountProvisionerConfigParam { + static $_TSPEC; + + /** + * @var string + */ + public $name = null; + /** + * @var int + */ + public $type = 0; + /** + * @var bool + */ + public $isOptional = false; + /** + * @var string + */ + public $description = null; + + public function __construct($vals=null) { +if (!isset(self::$_TSPEC)) { + self::$_TSPEC = array( +1 => array( + 'var' => 'name', + 'type' => TType::STRING, + ), +2 => array( + 'var' => 'type', + 'type' => TType::I32, + ), +3 => array( + 'var' => 'isOptional', + 'type' => TType::BOOL, + ), +4 => array( + 'var' => 'description', + 'type' => TType::STRING, + ), +); +} +if (is_array($vals)) { + if (isset($vals['name'])) { +$this->name = $vals['name']; + } + if (isset($vals['type'])) { +$this->type = $vals['type']; + } + if (isset($vals['isOptional'])) { +$this->isOptional = $vals['isOptional']; + } + if (isset($vals['description'])) { +$this->description = $vals['description']; + } +} + } + + public function getName() { +return 'SSHAccountProvisionerConfigParam'; + } + + public function read($input) + { +$xfer = 0; +$fname = null; +$ftype = 0; +$fid = 0; +$xfer += $input->readStructBegin($fname); +while (true) +{ + $xfer += $input->readFieldBegin($fname, $ftype, $fid); + if ($ftype == TType::STOP) { +break; + } + switch ($fid) + { +case 1: + if ($ftype == TType::STRING) { +$xfer += $input->readString($this->name); + } else { +$xfer += $input->skip($ftype); + } + break; +case 2: + if ($ftype == TType::I32) { +$xfer += $input->readI32($this->type); + } else { +$xfer += $input->skip($ftype); + } + break; +case 3: + if ($ftype == TType::BOOL) { +$xfer += $input->readBool($this->isOptional); + } else { +$xfer += $input->skip($ftype); + } + break; +case 4: + if ($ftype == TType::STRING) { +$xfer += $input->readString($this->description); + } else { +$xfer += $input->skip($ftype); + } + break; +default: + $xfer += $input->skip($ftype); + break; + } + $xfer += $input->readFieldEnd(); +} +$xfer += $input->readStructEnd(); +return $xfer; + } + + public function write($output) { +$xfer = 0; +$xfer += $output->writeStructBegin('SSHAccountProvisionerConfigParam'); +if ($this->name !== null) { + $xfer += $output->writeFieldBegin('name', TType::STRING, 1); + $xfer += $output->writeString($this->name); + $xfer += $output->writeFieldEnd(); +} +if ($this->type !== null) { + $xfer += $output->writeFieldBegin('type', TType::I32, 2); + $xfer += $output->writeI32($this->type); + $xfer += $output->writeFieldEnd(); +} +if ($this->isOptional !== null) { + $xfer += $output->writeFieldBegin('isOptional', TType::BOOL, 3); + $xfer += $output->writeBool($this->isOptional); + $xfer += $output->writeFieldEnd(); +} +if ($this->description !== null) { + $xfer += $output->writeFieldBegin('description', TType::STRING, 4); + $xfer += $output->writeString($this->description); + $xfer += $output->writeFieldEnd(); +} +$xfer += $output->writeFieldStop(); +$xfer += $output->writeStructEnd(); +return $xfer; + } + +} + +class SSHAccountProvisioner { + static $_TSPEC; + + /** + * @var string + */ + public $name = null; + /** + * @var bool + */ + public $canCreateAccount = null; + /** + * @var bool + */ + public $canInstallSSHKey = null; + /** + * @var \Airavata\Model\AppCatalog\AccountProvisioning\SSHAccountProvisionerConfigParam[] + */ + public $configParams = null; + + public function __construct($vals=null) { +if (!isset(self::$_TSPEC)) { + self::$_TSPEC = array( +1 => array( + 'var' => 'name', + 'type' => TType::STRING, + ), +2 => array( + 'var' =>
[3/8] airavata git commit: AIRAVATA-2500 Fix bug deriving ssh hostname
AIRAVATA-2500 Fix bug deriving ssh hostname Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/596eb5ba Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/596eb5ba Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/596eb5ba Branch: refs/heads/AIRAVATA-2500 Commit: 596eb5ba21bec45cdd5eb92a7b09f0249eddcceb Parents: 8f68bc1 Author: Marcus ChristieAuthored: Mon Sep 25 09:24:41 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 09:42:24 2017 -0400 -- .../airavata/accountprovisioning/SSHAccountManager.java | 9 + 1 file changed, 9 insertions(+) -- http://git-wip-us.apache.org/repos/asf/airavata/blob/596eb5ba/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java -- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java index 61deb49..e7e9052 100644 --- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java @@ -183,6 +183,15 @@ public class SSHAccountManager { return userComputeResourcePreference; } +private static String getSSHHostname(ComputeResourceDescription computeResourceDescription, SSHJobSubmission sshJobSubmission) { +String alternativeSSHHostName = sshJobSubmission.getAlternativeSSHHostName(); +if (alternativeSSHHostName != null && !"".equals(alternativeSSHHostName.trim())) { +return alternativeSSHHostName; +} else { +return computeResourceDescription.getHostName(); +} +} + private static SSHAccountProvisioner createSshAccountProvisioner(String gatewayId, ComputeResourcePreference computeResourcePreference) throws InvalidSetupException { String provisionerName = computeResourcePreference.getSshAccountProvisioner(); Map provisionerConfig = convertConfigParams(provisionerName, computeResourcePreference.getSshAccountProvisionerConfig());
[10/12] airavata-php-gateway git commit: AIRAVATA-2500 Using validated flag on UserComputeResourcePref
AIRAVATA-2500 Using validated flag on UserComputeResourcePref Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/8a3b0ad0 Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/8a3b0ad0 Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/8a3b0ad0 Branch: refs/heads/AIRAVATA-2500 Commit: 8a3b0ad0458c1ce132afb1a37f45ab9610095110 Parents: 20db67c Author: Marcus ChristieAuthored: Mon Sep 25 16:19:43 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 16:19:43 2017 -0400 -- app/controllers/AccountController.php | 2 +- app/controllers/ExperimentController.php| 4 +- app/libraries/ExperimentUtilities.php | 2 +- app/libraries/URPUtilities.php | 56 ++-- .../auto-provisioned-accounts.blade.php | 4 +- 5 files changed, 47 insertions(+), 21 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8a3b0ad0/app/controllers/AccountController.php -- diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php index 734e823..3bf9e0c 100644 --- a/app/controllers/AccountController.php +++ b/app/controllers/AccountController.php @@ -295,7 +295,7 @@ class AccountController extends BaseController } $auto_provisioned_accounts = URPUtilities::setup_auto_provisioned_accounts(); -Log::debug("auto_provisioned_accounts", array($auto_provisioned_accounts)); +// Log::debug("auto_provisioned_accounts", array($auto_provisioned_accounts)); if(Session::has("admin") || Session::has("admin-read-only") || Session::has("gateway-provider")){ return Redirect::to("admin/dashboard". "?status=ok=".$accessToken . "=".$username http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8a3b0ad0/app/controllers/ExperimentController.php -- diff --git a/app/controllers/ExperimentController.php b/app/controllers/ExperimentController.php index 131fa1d..dadfb29 100755 --- a/app/controllers/ExperimentController.php +++ b/app/controllers/ExperimentController.php @@ -318,7 +318,7 @@ class ExperimentController extends BaseController $computeResources = CRUtilities::create_compute_resources_select($experiment->executionId, $expVal['scheduling']->resourceHostId); -$userComputeResourcePreferences = URPUtilities::get_all_user_compute_resource_prefs(); +$userComputeResourcePreferences = URPUtilities::get_all_validated_user_compute_resource_prefs(); $userHasComputeResourcePreference = array_key_exists($expVal['scheduling']->resourceHostId, $userComputeResourcePreferences); $experimentInputs = array( @@ -459,7 +459,7 @@ class ExperimentController extends BaseController ); $queues = ExperimentUtilities::getQueueDatafromResourceId($computeResourceId); -$userComputeResourcePreferences = URPUtilities::get_all_user_compute_resource_prefs(); +$userComputeResourcePreferences = URPUtilities::get_all_validated_user_compute_resource_prefs(); $userHasComputeResourcePreference = array_key_exists($computeResourceId, $userComputeResourcePreferences); if ($userHasComputeResourcePreference) { http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8a3b0ad0/app/libraries/ExperimentUtilities.php -- diff --git a/app/libraries/ExperimentUtilities.php b/app/libraries/ExperimentUtilities.php index 9424893..ab91a3b 100755 --- a/app/libraries/ExperimentUtilities.php +++ b/app/libraries/ExperimentUtilities.php @@ -691,7 +691,7 @@ class ExperimentUtilities if ($experiment->userConfigurationData->useUserCRPref){ // Check if this user has a user CR preference for the compute // resource, if not we want to switch this flag to false -$userComputeResourcePreferences = URPUtilities::get_all_user_compute_resource_prefs(); +$userComputeResourcePreferences = URPUtilities::get_all_validated_user_compute_resource_prefs(); $userHasComputeResourcePreference = array_key_exists($computeResourceId, $userComputeResourcePreferences); $experiment->userConfigurationData->useUserCRPref = $userHasComputeResourcePreference; } http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8a3b0ad0/app/libraries/URPUtilities.php -- diff --git
[2/8] airavata git commit: AIRAVATA-2500 Adding try/catch around doesUserHaveSSHAccount
AIRAVATA-2500 Adding try/catch around doesUserHaveSSHAccount Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/8f68bc1a Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/8f68bc1a Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/8f68bc1a Branch: refs/heads/AIRAVATA-2500 Commit: 8f68bc1a9fdef0f980c7ae47ef671366fdb4373b Parents: 42059ec Author: Marcus ChristieAuthored: Wed Sep 20 16:42:37 2017 -0400 Committer: Marcus Christie Committed: Wed Sep 20 16:42:37 2017 -0400 -- .../server/handler/AiravataServerHandler.java| 19 +-- 1 file changed, 13 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata/blob/8f68bc1a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java -- diff --git a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java index febb703..162260e 100644 --- a/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java +++ b/airavata-api/airavata-api-server/src/main/java/org/apache/airavata/api/server/handler/AiravataServerHandler.java @@ -19,10 +19,7 @@ */ package org.apache.airavata.api.server.handler; -import org.apache.airavata.accountprovisioning.ConfigParam; -import org.apache.airavata.accountprovisioning.SSHAccountManager; -import org.apache.airavata.accountprovisioning.SSHAccountProvisionerFactory; -import org.apache.airavata.accountprovisioning.SSHAccountProvisionerProvider; +import org.apache.airavata.accountprovisioning.*; import org.apache.airavata.api.Airavata; import org.apache.airavata.api.airavata_apiConstants; import org.apache.airavata.api.server.util.ThriftClientPool; @@ -4008,8 +4005,18 @@ public class AiravataServerHandler implements Airavata.Iface { @Override @SecurityCheck public boolean doesUserHaveSSHAccount(AuthzToken authzToken, String computeResourceId, String userId) throws InvalidRequestException, AiravataClientException, AiravataSystemException, AuthorizationException, TException { -String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); -return SSHAccountManager.doesUserHaveSSHAccount(gatewayId, computeResourceId, userId); +try { +String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); +return SSHAccountManager.doesUserHaveSSHAccount(gatewayId, computeResourceId, userId); +} catch (Exception e) { +String errorMessage = "Error occurred while checking if [" + userId + "] has an SSH Account on [" + +computeResourceId + "]."; +logger.error(errorMessage, e); +AiravataSystemException exception = new AiravataSystemException(); +exception.setAiravataErrorType(AiravataErrorType.INTERNAL_ERROR); +exception.setMessage(errorMessage + " More info : " + e.getMessage()); +throw exception; +} } @Override
[01/12] airavata-php-gateway git commit: AIRAVATA-2500 Initial work to setup ssh accounts and display
Repository: airavata-php-gateway Updated Branches: refs/heads/AIRAVATA-2500 [created] f78e49e07 AIRAVATA-2500 Initial work to setup ssh accounts and display Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/f6653e2e Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/f6653e2e Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/f6653e2e Branch: refs/heads/AIRAVATA-2500 Commit: f6653e2e32dd1b263bbeb97ad409d12ac5ed1c37 Parents: fa310a1 Author: Marcus ChristieAuthored: Thu Sep 7 13:12:00 2017 -0400 Committer: Marcus Christie Committed: Thu Sep 7 15:29:39 2017 -0400 -- app/controllers/AccountController.php | 7 +- app/libraries/CRUtilities.php | 5 ++ app/libraries/URPUtilities.php | 71 app/views/account/dashboard.blade.php | 3 + .../auto-provisioned-accounts.blade.php | 50 ++ 5 files changed, 134 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f6653e2e/app/controllers/AccountController.php -- diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php index f9ea073..734e823 100644 --- a/app/controllers/AccountController.php +++ b/app/controllers/AccountController.php @@ -294,12 +294,15 @@ class AccountController extends BaseController umask($old_umask); } +$auto_provisioned_accounts = URPUtilities::setup_auto_provisioned_accounts(); +Log::debug("auto_provisioned_accounts", array($auto_provisioned_accounts)); + if(Session::has("admin") || Session::has("admin-read-only") || Session::has("gateway-provider")){ return Redirect::to("admin/dashboard". "?status=ok=".$accessToken . "=".$username -. "_code=" . $refreshToken . "_time=" . $validTime); +. "_code=" . $refreshToken . "_time=" . $validTime)->with("auto_provisioned_accounts", $auto_provisioned_accounts); }else{ return Redirect::to("account/dashboard". "?status=ok=".$accessToken ."=".$username -. "_code=" . $refreshToken . "_time=" . $validTime); +. "_code=" . $refreshToken . "_time=" . $validTime)->with("auto_provisioned_accounts", $auto_provisioned_accounts); } } http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f6653e2e/app/libraries/CRUtilities.php -- diff --git a/app/libraries/CRUtilities.php b/app/libraries/CRUtilities.php index 3643e72..8a815a1 100755 --- a/app/libraries/CRUtilities.php +++ b/app/libraries/CRUtilities.php @@ -544,6 +544,11 @@ class CRUtilities return $gateways; } +public static function getGatewayResourceProfile() +{ +return Airavata::getGatewayResourceProfile( Session::get('authz-token'), Session::get("gateway_id")); +} + public static function updateGatewayProfile( $data){ $gatewayResourceProfile = Airavata::getGatewayResourceProfile( Session::get('authz-token'), $data["gateway_id"]); $gatewayResourceProfile->credentialStoreToken = $data["cst"]; http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/f6653e2e/app/libraries/URPUtilities.php -- diff --git a/app/libraries/URPUtilities.php b/app/libraries/URPUtilities.php index 8632d59..906861a 100644 --- a/app/libraries/URPUtilities.php +++ b/app/libraries/URPUtilities.php @@ -161,6 +161,77 @@ class URPUtilities $gatewayId = Session::get('gateway_id'); Airavata::deleteUserResourceProfile(Session::get('authz-token'), $userId, $gatewayId); } + +/** + * Returns an array with compute resource ids as the key and each entry is a + * map with the following fields: + * * hostname: hostname of compute resource + * * userComputeResourcePreference: if UserComputeResourcePreference exists for compute resource or was able to be created + * * accountExists: (boolean) whether user account exists on cluster + * * additionalInfo: Additional info field from ComputeResourcePreference + * * errorMessage: Error message associated with trying to setup account + */ +public static function setup_auto_provisioned_accounts() +{ +$results = array(); +$gatewayResourceProfile = CRUtilities::getGatewayResourceProfile(); +$computeResourcePreferences = $gatewayResourceProfile->computeResourcePreferences; +$userComputeResourcePreferences =
[6/8] airavata git commit: AIRAVATA-2500 fixing order of arguments
AIRAVATA-2500 fixing order of arguments Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/29fedaf5 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/29fedaf5 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/29fedaf5 Branch: refs/heads/AIRAVATA-2500 Commit: 29fedaf52435c5ab97b524298bfa52a476fd80ce Parents: e5dcade Author: Marcus ChristieAuthored: Mon Sep 25 10:33:24 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 10:33:24 2017 -0400 -- .../main/java/org/apache/airavata/accountprovisioning/SSHUtil.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/airavata/blob/29fedaf5/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHUtil.java -- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHUtil.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHUtil.java index 4ac60bf..f823648 100644 --- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHUtil.java +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHUtil.java @@ -148,7 +148,7 @@ public class SSHUtil { } catch (IOException e) { throw new RuntimeException(e); } -boolean result = validate(username, hostname, 22, sshCredential); +boolean result = validate(hostname, 22, username, sshCredential); System.out.println(result); } }
[05/12] airavata-php-gateway git commit: AIRAVATA-2500 Thrift stub code generation
AIRAVATA-2500 Thrift stub code generation Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/2db05f4f Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/2db05f4f Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/2db05f4f Branch: refs/heads/AIRAVATA-2500 Commit: 2db05f4f64988558d10fc7b4b059f422a523e3f7 Parents: 3f67f68 Author: Marcus ChristieAuthored: Thu Sep 7 15:16:14 2017 -0400 Committer: Marcus Christie Committed: Thu Sep 7 15:30:48 2017 -0400 -- .../Model/AppCatalog/GatewayProfile/Types.php | 23 1 file changed, 23 insertions(+) -- http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/2db05f4f/app/libraries/Airavata/Model/AppCatalog/GatewayProfile/Types.php -- diff --git a/app/libraries/Airavata/Model/AppCatalog/GatewayProfile/Types.php b/app/libraries/Airavata/Model/AppCatalog/GatewayProfile/Types.php index da3071a..63e39bc 100644 --- a/app/libraries/Airavata/Model/AppCatalog/GatewayProfile/Types.php +++ b/app/libraries/Airavata/Model/AppCatalog/GatewayProfile/Types.php @@ -118,6 +118,10 @@ class ComputeResourcePreference { * @var array */ public $sshAccountProvisionerConfig = null; + /** + * @var string + */ + public $sshAccountProvisionerAdditionalInfo = null; public function __construct($vals=null) { if (!isset(self::$_TSPEC)) { @@ -194,6 +198,10 @@ class ComputeResourcePreference { 'type' => TType::STRING, ), ), +17 => array( + 'var' => 'sshAccountProvisionerAdditionalInfo', + 'type' => TType::STRING, + ), ); } if (is_array($vals)) { @@ -245,6 +253,9 @@ class ComputeResourcePreference { if (isset($vals['sshAccountProvisionerConfig'])) { $this->sshAccountProvisionerConfig = $vals['sshAccountProvisionerConfig']; } + if (isset($vals['sshAccountProvisionerAdditionalInfo'])) { +$this->sshAccountProvisionerAdditionalInfo = $vals['sshAccountProvisionerAdditionalInfo']; + } } } @@ -392,6 +403,13 @@ class ComputeResourcePreference { $xfer += $input->skip($ftype); } break; +case 17: + if ($ftype == TType::STRING) { +$xfer += $input->readString($this->sshAccountProvisionerAdditionalInfo); + } else { +$xfer += $input->skip($ftype); + } + break; default: $xfer += $input->skip($ftype); break; @@ -498,6 +516,11 @@ class ComputeResourcePreference { } $xfer += $output->writeFieldEnd(); } +if ($this->sshAccountProvisionerAdditionalInfo !== null) { + $xfer += $output->writeFieldBegin('sshAccountProvisionerAdditionalInfo', TType::STRING, 17); + $xfer += $output->writeString($this->sshAccountProvisionerAdditionalInfo); + $xfer += $output->writeFieldEnd(); +} $xfer += $output->writeFieldStop(); $xfer += $output->writeStructEnd(); return $xfer;
[4/8] airavata git commit: AIRAVATA-2500 Thrift stub code generation
AIRAVATA-2500 Thrift stub code generation Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/e5dcade0 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/e5dcade0 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/e5dcade0 Branch: refs/heads/AIRAVATA-2500 Commit: e5dcade08f7a91bf7bd135647358202475f37620 Parents: 20fc3fd Author: Marcus ChristieAuthored: Mon Sep 25 09:45:47 2017 -0400 Committer: Marcus Christie Committed: Mon Sep 25 09:57:28 2017 -0400 -- .../resources/lib/Airavata/API/Airavata.php | 10 ++ .../AppCatalog/UserResourceProfile/Types.php| 28 + .../UserComputeResourcePreference.java | 114 ++- 3 files changed, 148 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/airavata/blob/e5dcade0/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/API/Airavata.php -- diff --git a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/API/Airavata.php b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/API/Airavata.php index c8976ba..a22ef84 100644 --- a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/API/Airavata.php +++ b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/API/Airavata.php @@ -3485,6 +3485,11 @@ interface AiravataIf { * Resource specific credential store token. If this token is specified, then it is superceeded by the gateway's * default credential store. * + * validated: + * If true the the configuration has been validated in the sense that the username and credential can be used to + * login to the remote host and the scratchLocation is a valid location that the user has permission to write to. + * Should be treated as read-only and only mutated by Airavata middleware. + * * * @throws \Airavata\API\Error\InvalidRequestException * @throws \Airavata\API\Error\AiravataClientException @@ -3717,6 +3722,11 @@ interface AiravataIf { * Resource specific credential store token. If this token is specified, then it is superceeded by the gateway's * default credential store. * + * validated: + * If true the the configuration has been validated in the sense that the username and credential can be used to + * login to the remote host and the scratchLocation is a valid location that the user has permission to write to. + * Should be treated as read-only and only mutated by Airavata middleware. + * * * @throws \Airavata\API\Error\InvalidRequestException * @throws \Airavata\API\Error\AiravataClientException http://git-wip-us.apache.org/repos/asf/airavata/blob/e5dcade0/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/AppCatalog/UserResourceProfile/Types.php -- diff --git a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/AppCatalog/UserResourceProfile/Types.php b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/AppCatalog/UserResourceProfile/Types.php index 8ab78a0..c4a0a9c 100644 --- a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/AppCatalog/UserResourceProfile/Types.php +++ b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Model/AppCatalog/UserResourceProfile/Types.php @@ -43,6 +43,11 @@ use Thrift\Exception\TApplicationException; * Resource specific credential store token. If this token is specified, then it is superceeded by the gateway's * default credential store. * + * validated: + * If true the the configuration has been validated in the sense that the username and credential can be used to + * login to the remote host and the scratchLocation is a valid location that the user has permission to write to. + * Should be treated as read-only and only mutated by Airavata middleware. + * */ class UserComputeResourcePreference { static $_TSPEC; @@ -87,6 +92,10 @@ class UserComputeResourcePreference { * @var int */ public $reservationEndTime = null; + /** + * @var bool + */ + public $validated = false; public function __construct($vals=null) { if (!isset(self::$_TSPEC)) { @@ -131,6 +140,10 @@ class UserComputeResourcePreference { 'var' => 'reservationEndTime', 'type' => TType::I64, ), +11 => array( + 'var' => 'validated', + 'type' => TType::BOOL, + ), );