Ticket #67 (assigned defect)

Opened 5 years ago

Last modified 3 years ago

Investigate consistency of --slicecredfile and framework usage of get_slice_cred

Reported by: sedwards Owned by: ahelsing
Priority: minor Milestone: A Future Release
Component: omni Version:
Keywords: Cc: gpo-sw-dev@geni.net


--slicecredfile option reads the slice credential from a file.

However this is implemented in omni.py and the underlying frameworks (especially framework_sfa.py) seem to request the slice credential independently of the code in omni.py. Double check that this is implemented correctly so that when --slicecredfile is supplied that ALL uses of the slice credential use the contents of the file.

Change History

Changed 5 years ago by sedwards

  • status changed from new to assigned
  • owner changed from ahelsing@bbn.com to ahelsing

Changed 5 years ago by tmitchel

  • milestone 1.5 deleted

Changed 5 years ago by ahelsing

Hmm. When you are talking to the CH, do you still want your cached credential?

To do this

  • FrameworkBase?: duplicate init_user_cred substituting slice for user
  • Each Framework calls this in their init method
  • Each frameworks get_slice_cred must check self.slice_cred and use that first
    • maybe first check that target URN matches?
  • what about if you just did a renew?

Changed 4 years ago by ahelsing

  • milestone set to 2.5

Changed 3 years ago by ahelsing

  • priority changed from major to minor

Changed 3 years ago by ahelsing

In framework_pg deleteslice and renewslice do not honor the saved slice cred. I'd like to replace the block that calls sa.GetCredential? in those methods with a call to handler_utils._get_slice_cred - but that means refactoring that method to take the logger, opts, and framework explicitly where it currently takes a handler.

In framework_chapi, it is get_members_of_slice, add_member_to_slice, _record_one_new_sliver, list_sliverinfo_urns, update_sliver_info, delete_sliver_info, list_sliver_infos_for_slice. But all of those do this only when talking to the PG SA, which needs a slice credential.

In framework_sfa it is renew_slice, delete_slice that call registry.GetCredential? directly

Thankfully, these aren't so bad - all of these are cases where you have to make an SA call anyhow.

As I commented oh so long ago, the framework should cache the slice cred

Changed 3 years ago by ahelsing

  • milestone changed from 2.5 to 2.6

Changed 3 years ago by ahelsing

  • milestone changed from 2.6 to 2.7

Changed 3 years ago by ahelsing

  • milestone changed from 2.7 to A Future Release
Note: See TracTickets for help on using tickets.