From e4afcec935e3b83f8dc66d94370333cb71be5419 Mon Sep 17 00:00:00 2001 From: Komal Thareja Date: Fri, 1 Aug 2025 08:52:02 -0400 Subject: [PATCH 1/2] only allow pci rescan for fpga --- fabric_cf/orchestrator/core/orchestrator_handler.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fabric_cf/orchestrator/core/orchestrator_handler.py b/fabric_cf/orchestrator/core/orchestrator_handler.py index df715998..57a954d9 100644 --- a/fabric_cf/orchestrator/core/orchestrator_handler.py +++ b/fabric_cf/orchestrator/core/orchestrator_handler.py @@ -81,7 +81,8 @@ def get_logger(self): def __authorize_request(self, *, id_token: str, action_id: ActionId, resource: BaseSliver or ExperimentTopology = None, - lease_end_time: datetime = None) -> FabricToken: + lease_end_time: datetime = None, + poa_operation: str = None) -> FabricToken: """ Authorize request :param id_token: @@ -96,6 +97,11 @@ def __authorize_request(self, *, id_token: str, action_id: ActionId, if fabric_token.subject is None: raise OrchestratorException(http_error_code=UNAUTHORIZED, message="Invalid token") + project_uuid, tags, project_name = fabric_token.first_project + if action_id == ActionId.POA and poa_operation and poa_operation == "rescan" and project_uuid and \ + tags and "Component.FPGA" not in tags: + raise OrchestratorException(http_error_code=UNAUTHORIZED, + message="POA rescan not authorized - missing permissions Component.FPGA") return fabric_token def get_broker(self, *, controller: ABCMgmtControllerMixin) -> ID: @@ -923,7 +929,8 @@ def poa(self, *, token: str, sliver_id: str, poa: PoaAvro) -> tuple[str, str]: rid = ID(uid=sliver_id) if sliver_id is not None else None - fabric_token = self.__authorize_request(id_token=token, action_id=ActionId.POA) + fabric_token = self.__authorize_request(id_token=token, action_id=ActionId.POA, + poa_operation=poa.operation) user_id = fabric_token.uuid project, tags, project_name = fabric_token.first_project From 0c029242df3cf15415dadc75d88e8b34c242bbda Mon Sep 17 00:00:00 2001 From: Komal Thareja Date: Fri, 1 Aug 2025 09:28:57 -0400 Subject: [PATCH 2/2] fix the occupied link capactity to return as json insted of dict --- fabric_cf/actor/fim/plugins/broker/aggregate_bqm_plugin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fabric_cf/actor/fim/plugins/broker/aggregate_bqm_plugin.py b/fabric_cf/actor/fim/plugins/broker/aggregate_bqm_plugin.py index 3a7f8273..4f848714 100644 --- a/fabric_cf/actor/fim/plugins/broker/aggregate_bqm_plugin.py +++ b/fabric_cf/actor/fim/plugins/broker/aggregate_bqm_plugin.py @@ -119,7 +119,7 @@ def occupied_vlans(db: ABCDatabase, node_id: str, component_name: str, start: da return result @staticmethod - def occupied_link_capacity(*, db: ABCDatabase, node_id: str, start: datetime, end: datetime) -> Capacities: + def occupied_link_capacity(*, db: ABCDatabase, node_id: str, start: datetime, end: datetime) -> str: """ Compute the total bandwidth capacity occupied on a given link node within a specific time window. @@ -149,7 +149,7 @@ def occupied_link_capacity(*, db: ABCDatabase, node_id: str, start: datetime, en bw_used = existing.get(node_id, 0) if bw_used: - return Capacities(bw=bw_used).to_dict() + return Capacities(bw=bw_used).to_json() @staticmethod def occupied_node_capacity(*, db: ABCDatabase, node_id: str, start: datetime,