AIRAVATA-2500 Initial interfaces, APIs for account provisioning
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/1c39e2ea Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/1c39e2ea Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/1c39e2ea Branch: refs/heads/develop Commit: 1c39e2ea715f736d25d874c36a519ee0ed250162 Parents: 6488090 Author: Marcus Christie <machris...@apache.org> Authored: Wed Aug 9 15:54:07 2017 -0400 Committer: Marcus Christie <machris...@apache.org> Committed: Tue Sep 19 15:07:40 2017 -0400 ---------------------------------------------------------------------- modules/compute-account-provisioning/pom.xml | 67 +++++++++++++++++ .../accountprovisioning/ConfigParam.java | 67 +++++++++++++++++ .../accountprovisioning/SSHAccountManager.java | 69 ++++++++++++++++++ .../SSHAccountProvisioner.java | 43 +++++++++++ .../SSHAccountProvisionerFactory.java | 49 +++++++++++++ .../IULdapSSHAccountProvisioner.java | 75 ++++++++++++++++++++ ...ta.accountprovisioning.SSHAccountProvisioner | 22 ++++++ pom.xml | 1 + .../airavata-apis/airavata_api.thrift | 11 +++ .../account_provisioning_model.thrift | 40 +++++++++++ .../gateway_resource_profile_model.thrift | 5 +- 11 files changed, 448 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/modules/compute-account-provisioning/pom.xml ---------------------------------------------------------------------- diff --git a/modules/compute-account-provisioning/pom.xml b/modules/compute-account-provisioning/pom.xml new file mode 100644 index 0000000..ee89d33 --- /dev/null +++ b/modules/compute-account-provisioning/pom.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Licensed to the Apache Software Foundation (ASF) under one + ~ or more contributor license agreements. See the NOTICE file + ~ distributed with this work for additional information + ~ regarding copyright ownership. The ASF licenses this file + ~ to you under the Apache License, Version 2.0 (the + ~ "License"); you may not use this file except in compliance + ~ with the License. You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, + ~ software distributed under the License is distributed on an + ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + ~ KIND, either express or implied. See the License for the + ~ specific language governing permissions and limitations + ~ under the License. + ~ + --> + +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <parent> + <artifactId>airavata</artifactId> + <groupId>org.apache.airavata</groupId> + <version>0.17-SNAPSHOT</version> + <relativePath>../../pom.xml</relativePath> + </parent> + <modelVersion>4.0.0</modelVersion> + + <artifactId>compute-account-provisioning</artifactId> + + <dependencies> + <dependency> + <artifactId>airavata-credential-store</artifactId> + <groupId>org.apache.airavata</groupId> + <version>${project.version}</version> + </dependency> + <dependency> + <artifactId>registry-api-stubs</artifactId> + <groupId>org.apache.airavata</groupId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>com.jcraft</groupId> + <artifactId>jsch</artifactId> + <version>0.1.50</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>com.google.code.gson</groupId> + <artifactId>gson</artifactId> + <version>2.3.1</version> + </dependency> + </dependencies> + +</project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/ConfigParam.java ---------------------------------------------------------------------- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/ConfigParam.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/ConfigParam.java new file mode 100644 index 0000000..beb8bbc --- /dev/null +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/ConfigParam.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.accountprovisioning; + +public class ConfigParam { + + public enum ConfigParamType { + STRING, + CRED_TOKEN, + } + + private boolean optional = false; + private String name; + private String description; + private ConfigParamType type = ConfigParamType.STRING; + + public boolean isOptional() { + return optional; + } + + public void setOptional(boolean optional) { + this.optional = optional; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } + + public ConfigParamType getType() { + return type; + } + + public void setType(ConfigParamType type) { + this.type = type; + } + +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java ---------------------------------------------------------------------- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java new file mode 100644 index 0000000..4e00e4e --- /dev/null +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountManager.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.accountprovisioning; + +import org.apache.airavata.credential.store.client.CredentialStoreClientFactory; +import org.apache.airavata.credential.store.cpi.CredentialStoreService; +import org.apache.airavata.credential.store.exception.CredentialStoreException; +import org.apache.airavata.registry.api.client.RegistryServiceClientFactory; +import org.apache.airavata.registry.api.exception.RegistryServiceException; + +import java.util.Map; + +public class SSHAccountManager { + + // TODO: need private key too to verify + public static void setupSSHAccount(String gatewayId, String hostname, String username, String sshPublicKey) { + + // TODO: finish implementing + + // get compute resource preferences for the gateway and hostname + + // get the account provisioner and config values for the preferences + String provisionerName = null; + Map<ConfigParam,String> provisionerConfig = null; + + // instantiate and init the account provisioner + SSHAccountProvisioner sshAccountProvisioner = SSHAccountProvisionerFactory.createSSHAccountProvisioner(provisionerName, provisionerConfig); + + // First check if username has an account + boolean hasAccount = sshAccountProvisioner.hasAccount(username); + + if (!hasAccount && !sshAccountProvisioner.canCreateAccount()) { + // TODO: throw an exception + } + + // TODO: first check if SSH key is already installed, or do we care? + + // Install SSH key + + // Verify can authenticate to host + + // create the scratch location on the host + String scratchLocation = sshAccountProvisioner.getScratchLocation(username); + } + + private RegistryService.Client getRegistryServiceClient() throws RegistryServiceException { + + // TODO: finish implementing + return RegistryServiceClientFactory.createRegistryClient(null, 0); + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisioner.java ---------------------------------------------------------------------- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisioner.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisioner.java new file mode 100644 index 0000000..d997c3c --- /dev/null +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisioner.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.accountprovisioning; + +import java.util.List; +import java.util.Map; + +public interface SSHAccountProvisioner { + + /** + * An identifying name for this SSHAccountProvisioner instance. This name should be unique amongst + * all SSHAccountProvisioner implementations. + */ + default String getName() { + return this.getClass().getName(); + } + List<ConfigParam> getConfigParams(); + void init(Map<ConfigParam, String> config); + boolean hasAccount(String username); + boolean canCreateAccount(); + void createAccount(String username, String sshPublicKey); + boolean canInstallSSHKey(); + void installSSHKey(String username, String sshPublicKey); + String getScratchLocation(String username); +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisionerFactory.java ---------------------------------------------------------------------- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisionerFactory.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisionerFactory.java new file mode 100644 index 0000000..f691895 --- /dev/null +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/SSHAccountProvisionerFactory.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.accountprovisioning; + +import java.util.List; +import java.util.Map; + +public class SSHAccountProvisionerFactory { + + public static List<String> getSSHAccountProvisionerImplementationNames() { + + // TODO: implement + return null; + } + + public static List<ConfigParam> getSSHAccountProvisionerConfigParams(String provisionerName) { + + // TODO: implement + return null; + } + + public static SSHAccountProvisioner createSSHAccountProvisioner(String provisionerName, Map<ConfigParam, String> config) { + + } + + private CredentialStoreService.Client getCredentialStoreClient() throws CredentialStoreException { + + // TODO: finish implementing + return CredentialStoreClientFactory.createAiravataCSClient(null, 0); + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java ---------------------------------------------------------------------- diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java new file mode 100644 index 0000000..4ad3512 --- /dev/null +++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.accountprovisioning.provisioner; + +import org.apache.airavata.accountprovisioning.ConfigParam; +import org.apache.airavata.accountprovisioning.SSHAccountProvisioner; + +import java.util.List; +import java.util.Map; + +public class IULdapSSHAccountProvisioner implements SSHAccountProvisioner { + + @Override + public List<ConfigParam> getConfigParams() { + // TODO: implement + return null; + } + + @Override + public void init(Map<ConfigParam, String> config) { + + // TODO: implement + } + + @Override + public boolean hasAccount(String username) { + // TODO: implement + return false; + } + + @Override + public boolean canCreateAccount() { + return false; + } + + @Override + public void createAccount(String username, String sshPublicKey) { + + throw new UnsupportedOperationException("IULdapSSHAccountProvisioner does not support creating cluster accounts at this time."); + } + + @Override + public boolean canInstallSSHKey() { + return true; + } + + @Override + public void installSSHKey(String username, String sshPublicKey) { + // TODO: implement + } + + @Override + public String getScratchLocation(String username) { + // TODO: implement + return null; + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/modules/compute-account-provisioning/src/main/resources/META-INF/services/org.apache.airavata.accountprovisioning.SSHAccountProvisioner ---------------------------------------------------------------------- diff --git a/modules/compute-account-provisioning/src/main/resources/META-INF/services/org.apache.airavata.accountprovisioning.SSHAccountProvisioner b/modules/compute-account-provisioning/src/main/resources/META-INF/services/org.apache.airavata.accountprovisioning.SSHAccountProvisioner new file mode 100644 index 0000000..50d2859 --- /dev/null +++ b/modules/compute-account-provisioning/src/main/resources/META-INF/services/org.apache.airavata.accountprovisioning.SSHAccountProvisioner @@ -0,0 +1,22 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# + + +org.apache.airavata.accountprovisioning.provisioner.IULdapSSHAccountProvisioner \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 9c78519..73516c7 100644 --- a/pom.xml +++ b/pom.xml @@ -695,6 +695,7 @@ <!--<module>modules/xbaya-gui</module>--> <module>modules/distribution</module> <!--<module>modules/test-suite</module>--> + <module>modules/compute-account-provisioning</module> </modules> </profile> <profile> http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/thrift-interface-descriptions/airavata-apis/airavata_api.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift index 0a34ac6..471af41 100644 --- a/thrift-interface-descriptions/airavata-apis/airavata_api.thrift +++ b/thrift-interface-descriptions/airavata-apis/airavata_api.thrift @@ -36,6 +36,7 @@ include "../data-models/experiment-catalog-models/scheduling_model.thrift" include "../data-models/app-catalog-models/application_io_models.thrift" include "../data-models/app-catalog-models/application_deployment_model.thrift" include "../data-models/app-catalog-models/application_interface_model.thrift" +include "../data-models/resource-catalog-models/account_provisioning_model.thrift" include "../data-models/resource-catalog-models/compute_resource_model.thrift" include "../data-models/resource-catalog-models/storage_resource_model.thrift" include "../data-models/resource-catalog-models/gateway_resource_profile_model.thrift" @@ -2949,7 +2950,17 @@ service Airavata { 3: airavata_errors.AiravataSystemException ase, 4: airavata_errors.AuthorizationException ae) + list<string> getSSHAccountProvisionerNames(1: required security_model.AuthzToken authzToken) + throws (1: airavata_errors.InvalidRequestException ire, + 2: airavata_errors.AiravataClientException ace, + 3: airavata_errors.AiravataSystemException ase, + 4: airavata_errors.AuthorizationException ae) + list<account_provisioning_model.SSHAccountProvisionerConfigParam> getSSHAccountProvisionerConfigParams(1: required security_model.AuthzToken authzToken, 2: required string provisionerName) + throws (1: airavata_errors.InvalidRequestException ire, + 2: airavata_errors.AiravataClientException ace, + 3: airavata_errors.AiravataSystemException ase, + 4: airavata_errors.AuthorizationException ae) /* http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/thrift-interface-descriptions/data-models/resource-catalog-models/account_provisioning_model.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/data-models/resource-catalog-models/account_provisioning_model.thrift b/thrift-interface-descriptions/data-models/resource-catalog-models/account_provisioning_model.thrift new file mode 100644 index 0000000..b13b1c3 --- /dev/null +++ b/thrift-interface-descriptions/data-models/resource-catalog-models/account_provisioning_model.thrift @@ -0,0 +1,40 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +namespace java org.apache.airavata.model.appcatalog.accountprovisioning +namespace php Airavata.Model.AppCatalog.AccountProvisioning +namespace cpp apache.airavata.model.appcatalog.accountprovisioning +namespace py apache.airavata.model.appcatalog.accountprovisioning + +enum SSHAccountProvisionerConfigParamType { + STRING, + CRED_TOKEN +} + +struct SSHAccountProvisioner { + 1: required string name; +} + +struct SSHAccountProvisionerConfigParam { + 1: required string name; + 2: required SSHAccountProvisionerConfigParamType type = SSHAccountProvisionerConfigParamType.STRING; + 3: required bool optional = false; + 4: optional string description; +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1c39e2ea/thrift-interface-descriptions/data-models/resource-catalog-models/gateway_resource_profile_model.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/data-models/resource-catalog-models/gateway_resource_profile_model.thrift b/thrift-interface-descriptions/data-models/resource-catalog-models/gateway_resource_profile_model.thrift index d1b258c..e3686f2 100644 --- a/thrift-interface-descriptions/data-models/resource-catalog-models/gateway_resource_profile_model.thrift +++ b/thrift-interface-descriptions/data-models/resource-catalog-models/gateway_resource_profile_model.thrift @@ -25,6 +25,7 @@ namespace py apache.airavata.model.appcatalog.gatewayprofile include "compute_resource_model.thrift" include "data_movement_models.thrift" +include "account_provisioning_model.thrift" /** * Gateway specific preferences for a Computer Resource @@ -74,7 +75,9 @@ struct ComputeResourcePreference { 11: optional string qualityOfService, 12: optional string reservation, 13: optional i64 reservationStartTime, - 14: optional i64 reservationEndTime + 14: optional i64 reservationEndTime, + 15: optional string sshAccountProvisioner, + 16: optional map<SSHAccountProvisionerConfigParam, String> sshAccountProvisionerConfig } struct StoragePreference {