You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sh...@apache.org on 2016/03/19 22:07:37 UTC
airavata git commit: Added Unicore security context population code
Repository: airavata
Updated Branches:
refs/heads/develop 03ca7c91b -> 10274c11d
Added Unicore security context population code
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/10274c11
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/10274c11
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/10274c11
Branch: refs/heads/develop
Commit: 10274c11d81068cce76342372d782b7e8cdfef66
Parents: 03ca7c9
Author: Shameera Rathnayaka <sh...@gmail.com>
Authored: Sat Mar 19 17:07:11 2016 -0400
Committer: Shameera Rathnayaka <sh...@gmail.com>
Committed: Sat Mar 19 17:07:11 2016 -0400
----------------------------------------------------------------------
.../gfac/impl/task/BESJobSubmissionTask.java | 69 ++++++++++++++++++++
.../gfac/impl/task/utils/bes/SecurityUtils.java | 47 ++++++-------
2 files changed, 90 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/10274c11/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/BESJobSubmissionTask.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/BESJobSubmissionTask.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/BESJobSubmissionTask.java
index 4e718d7..cf8e4a0 100644
--- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/BESJobSubmissionTask.java
+++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/BESJobSubmissionTask.java
@@ -43,7 +43,10 @@ import org.apache.airavata.model.status.JobStatus;
import org.apache.airavata.model.status.TaskState;
import org.apache.airavata.model.status.TaskStatus;
import org.apache.airavata.model.task.TaskTypes;
+import org.apache.airavata.registry.core.experiment.catalog.model.UserConfigurationData;
import org.apache.airavata.registry.cpi.AppCatalogException;
+import org.apache.airavata.registry.cpi.ExperimentCatalogModelType;
+import org.apache.airavata.registry.cpi.RegistryException;
import org.apache.xmlbeans.XmlCursor;
import org.ggf.schemas.bes.x2006.x08.besFactory.*;
import org.ggf.schemas.jsdl.x2005.x11.jsdl.JobDefinitionType;
@@ -72,6 +75,20 @@ public class BESJobSubmissionTask implements JobSubmissionTask {
public TaskStatus execute(TaskContext taskContext) {
TaskStatus taskStatus = new TaskStatus(TaskState.CREATED);
StorageClient sc = null;
+
+ //TODO - initialize securityContext secProperties
+ try {
+ if (secProperties == null) {
+ secProperties = getSecurityConfig(taskContext.getParentProcessContext());
+ } // try secProperties = secProperties.clone() if we can't use already initialized ClientConfigurations.
+ } catch (GFacException e) {
+ String msg = "Unicorn security context initialization error";
+ log.error(msg, e);
+ taskStatus.setState(TaskState.FAILED);
+ taskStatus.setReason(msg);
+ return taskStatus;
+ }
+
try {
ProcessContext processContext = taskContext.getParentProcessContext();
JobSubmissionProtocol protocol = processContext.getJobSubmissionProtocol();
@@ -190,6 +207,26 @@ public class BESJobSubmissionTask implements JobSubmissionTask {
return taskStatus;
}
+ private DefaultClientConfiguration getSecurityConfig(ProcessContext pc) throws GFacException {
+ DefaultClientConfiguration clientConfig = null;
+ try {
+ UNICORESecurityContext unicoreSecurityContext = SecurityUtils.getSecurityContext(pc);
+ UserConfigurationData userConfigData = (UserConfigurationData) pc.getExperimentCatalog().
+ get(ExperimentCatalogModelType.USER_CONFIGURATION_DATA, pc.getExperimentId());
+ if (userConfigData.getGenerateCert()) {
+ clientConfig = unicoreSecurityContext.getDefaultConfiguration(false, userConfigData);
+ } else {
+ clientConfig = unicoreSecurityContext.getDefaultConfiguration(false);
+ }
+ } catch (RegistryException e) {
+ throw new GFacException("Error! reading user configuration data from registry", e);
+ } catch (ApplicationSettingsException e) {
+ throw new GFacException("Error! retrieving default client configurations", e);
+ }
+
+ return clientConfig;
+ }
+
protected String formatStatusMessage(String activityUrl, String status) {
return String.format("Activity %s is %s.\n", activityUrl, status);
}
@@ -305,4 +342,36 @@ public class BESJobSubmissionTask implements JobSubmissionTask {
}
return JobState.UNKNOWN;
}
+
+ /**
+ * EndpointReference need to be saved to make cancel work.
+ *
+ * @param processContext
+ * @throws GFacException
+ */
+ public boolean cancelJob(ProcessContext processContext) throws GFacException {
+ try {
+ String activityEpr = processContext.getJobModel().getJobDescription();
+ // initSecurityProperties(processContext);
+ EndpointReferenceType eprt = EndpointReferenceType.Factory
+ .parse(activityEpr);
+ JobSubmissionProtocol protocol = processContext.getJobSubmissionProtocol();
+ String interfaceId = processContext.getApplicationInterfaceDescription().getApplicationInterfaceId();
+ String factoryUrl = null;
+ if (protocol.equals(JobSubmissionProtocol.UNICORE)) {
+ UnicoreJobSubmission unicoreJobSubmission = GFacUtils.getUnicoreJobSubmission(interfaceId);
+ factoryUrl = unicoreJobSubmission.getUnicoreEndPointURL();
+ }
+ EndpointReferenceType epr = EndpointReferenceType.Factory
+ .newInstance();
+ epr.addNewAddress().setStringValue(factoryUrl);
+
+ FactoryClient factory = new FactoryClient(epr, secProperties);
+ factory.terminateActivity(eprt);
+ return true;
+ } catch (Exception e) {
+ throw new GFacException(e.getLocalizedMessage(), e);
+ }
+
+ }
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/10274c11/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/utils/bes/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/utils/bes/SecurityUtils.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/utils/bes/SecurityUtils.java
index a357e62..3a2ac9d 100644
--- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/utils/bes/SecurityUtils.java
+++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/task/utils/bes/SecurityUtils.java
@@ -59,32 +59,27 @@ public class SecurityUtils {
private final static Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
- public static void addSecurityContext(ProcessContext processContext) throws GFacException {
-
- if (!processContext.getJobSubmissionProtocol().equals(JobSubmissionProtocol.UNICORE)) {
- logger.error("This is a wrong method to invoke for UNICORE host types,please check your gfac-config.xml");
- }
- else
- {
- String credentialStoreToken = processContext.getTokenId(); // set by the framework
- RequestData requestData;
- try {
- requestData = new RequestData(ServerSettings.getDefaultUserGateway());
- } catch (ApplicationSettingsException e1) {
- throw new GFacException(e1);
- } // coming from top tier
- requestData.setTokenId(credentialStoreToken);
-
- CredentialReader credentialReader = null;
- try{
- credentialReader = GFacUtils.getCredentialReader();
- }catch (Exception e){
- logger.warn("Cannot get credential reader instance");
- }
-
- UNICORESecurityContext secCtx = new UNICORESecurityContext(credentialReader, requestData);
-// processContext.setJobSubmissionRemoteCluster(X509SecurityContext.X509_SECURITY_CONTEXT, secCtx);
- }
+ public static UNICORESecurityContext getSecurityContext(ProcessContext processContext) throws GFacException {
+
+ if (processContext.getJobSubmissionProtocol().equals(JobSubmissionProtocol.UNICORE)) {
+ String credentialStoreToken = processContext.getTokenId(); // set by the framework
+ RequestData requestData;
+ requestData = new RequestData(processContext.getProcessModel().getUserDn());
+ requestData.setTokenId(credentialStoreToken);
+ CredentialReader credentialReader = null;
+ try {
+ credentialReader = GFacUtils.getCredentialReader();
+ if (credentialReader == null) {
+ throw new GFacException("Credential reader returns null");
+ }
+ } catch (Exception e) {
+ throw new GFacException("Error while initializing credential reader");
+ }
+ return new UNICORESecurityContext(credentialReader, requestData);
+ } else {
+ throw new GFacException("Only support UNICORE job submissions, invalid job submission protocol " +
+ processContext.getJobSubmissionProtocol().name());
+ }
}
public static final KeyAndCertCredential generateShortLivedCertificate(String userDN,