Add support for configurable accounting strings

authzdb/src/org/nimbus/authz/UserAlias.java

@@ -50,4 +50,10 @@ public int getAliasType() {
     public String getAliasTypeData() {
         return aliasTypeData;
     }
+
+    public String toString() {
+
+        return "userID: '" + userId + "' aliasName: '" + aliasName + "' friendlyName: '" + friendlyName
+                + "' aliasType: '" + aliasType + "' aliasTypeData: '" + aliasTypeData + "'";
+    }
 }

service/service/java/source/etc/workspace-service/other/resource-locator-pilot.xml

@@ -6,7 +6,27 @@
                            http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
 
     <import resource="main.conflocator.xml" />
+    <import resource="authz-callout-ACTIVE.xml" />
 
+    <bean id="other.AuthzDataSource"
+        class="org.apache.commons.dbcp.BasicDataSource">
+        <property name="driverClassName" value="org.sqlite.JDBC" />
+        <property name="maxActive" value="10" />
+        <property name="maxIdle" value="4" />
+        <property name="maxWait" value="2000" />
+        <property name="poolPreparedStatements" value="true" />
+
+        <property name="url"
+            value="jdbc:sqlite://$CUMULUS{cumulus.authz.db}" />
+        <property name="username" value="nimbus"/>
+        <property name="password" value="nimbus"/>
+    </bean>
+
+
+    <bean id="other.authzDBAdapter" class="org.nimbus.authz.AuthzDBAdapter">
+        <constructor-arg ref="other.AuthzDataSource"/>
+    </bean>
+
     <bean id="nimbus-rm.scheduler.SlotManagement"
           class="org.globus.workspace.scheduler.defaults.pilot.PilotSlotManagement"
           init-method="validate">
@@ -100,13 +120,16 @@
         <property name="extraProperties" value="$PILOT{pbs.extra.properties}" />
         <property name="destination" value="$PILOT{pbs.destination}" />
         <property name="grace" value="$PILOT{pbs.grace}" />
+        <property name="accounting" value="$PILOT{pbs.accounting.type}" />
 
 
         <!-- Needed workspace service modules -->
         <constructor-arg ref="nimbus-rm.home.instance" />
         <constructor-arg ref="nimbus-rm.loglevels" />
         <constructor-arg ref="other.MainDataSource" />
         <constructor-arg ref="other.timerManager" />
+        <constructor-arg ref="other.authzDBAdapter" />
+        <constructor-arg ref="nimbus-rm.service.binding.AuthorizationCallout" />
 
         <!-- set after object creation time to avoid circular dep with home -->
         <property name="instHome" ref="nimbus-rm.home.instance" />

service/service/java/source/etc/workspace-service/pilot.conf

@@ -118,6 +118,14 @@ pbs.grace=8
 pbs.extra.properties=
 
 
+# Optional, if you would like to append an accounting string to your qsub
+# invokation, you can use either the user's certificate DN, the user's display
+# name as shown by nimbus-list-users, or the user's authz DB accounting group. 
+#
+# You can select these with 'dn', 'displayname', or 'group'
+
+pbs.accounting.type=
+
 # Optional, if configured this is prepended to the pilot exe invocation if
 # nodes needed are greater than one.  Torque uses pbsdsh for this.
 

service/service/java/source/src/org/globus/workspace/groupauthz/GroupAuthz.java

@@ -370,6 +370,21 @@ public Integer isRootPartitionUnpropTargetPermitted(URI target,
         throw new AuthorizationException(NO_POLICIES_MESSAGE);
     }
 
+    public String getGroupName(String caller) {
+
+
+        for (int i = 0; i < this.groups.length; i++) {
+
+            final GroupRights rights = getRights(caller, this.groups[i]);
+            // only first inclusion of DN is considered
+            if (rights != null) {
+                return this.groups[i].getName();
+            }
+        }
+
+        return null;
+    }
+
 
     // -------------------------------------------------------------------------
     // FOR CLOUD AUTOCONFIG

service/service/java/source/src/org/globus/workspace/scheduler/defaults/pilot/PilotSlotManagement.java

@@ -20,12 +20,16 @@
 import edu.emory.mathcs.backport.java.util.concurrent.ExecutorService;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.globus.workspace.groupauthz.GroupAuthz;
 import org.globus.workspace.scheduler.NodeExistsException;
 import org.globus.workspace.scheduler.NodeInUseException;
 import org.globus.workspace.scheduler.NodeManagement;
 import org.globus.workspace.scheduler.NodeManagementDisabled;
 import org.globus.workspace.scheduler.NodeNotFoundException;
 import org.globus.workspace.scheduler.defaults.ResourcepoolEntry;
+import org.globus.workspace.service.binding.authorization.CreationAuthorizationCallout;
+import org.nimbus.authz.AuthzDBAdapter;
+import org.nimbus.authz.UserAlias;
 import org.nimbustools.api.services.rm.DoesNotExistException;
 import org.nimbustools.api.services.rm.ResourceRequestDeniedException;
 import org.nimbustools.api.services.rm.ManageException;
@@ -118,6 +122,8 @@ public class PilotSlotManagement implements SlotManagement,
 
     private TorqueUtil torque;
 
+    private AuthzDBAdapter authzDBAdapter;
+    private CreationAuthorizationCallout authzCallout;
 
     // set from config
     private String contactPort;
@@ -138,6 +144,7 @@ public class PilotSlotManagement implements SlotManagement,
     private String destination = null; // only one for now
     private String extraProperties = null;
     private String multiJobPrefix = null;
+    private String accounting;
 
     // -------------------------------------------------------------------------
     // CONSTRUCTOR
@@ -146,7 +153,9 @@ public class PilotSlotManagement implements SlotManagement,
     public PilotSlotManagement(WorkspaceHome home,
                                Lager lager,
                                DataSource dataSource,
-                               TimerManager timerManager) {
+                               TimerManager timerManager,
+                               AuthzDBAdapter authz,
+                               CreationAuthorizationCallout authzCall) {
 
         if (home == null) {
             throw new IllegalArgumentException("home may not be null");
@@ -168,6 +177,9 @@ public PilotSlotManagement(WorkspaceHome home,
             throw new IllegalArgumentException("lager may not be null");
         }
         this.lager = lager;
+
+        this.authzDBAdapter = authz;
+        this.authzCallout = authzCall;
     }
 
 
@@ -268,6 +280,20 @@ public void setLogdirResource(Resource logdirResource) throws IOException {
         this.logdirPath = logdirResource.getFile().getAbsolutePath();
     }
 
+    public AuthzDBAdapter getAuthzDBAdapter() {
+        return authzDBAdapter;
+    }
+
+    public void setAuthzDBAdapter(AuthzDBAdapter authzDBAdapter) {
+        this.authzDBAdapter = authzDBAdapter;
+    }
+
+    public void setAccounting(String accounting) {
+        if (accounting != null && accounting.trim().length() != 0) {
+            this.accounting = accounting;
+        }
+    }
+
     // -------------------------------------------------------------------------
     // IoC INIT METHOD
     // -------------------------------------------------------------------------
@@ -669,6 +695,8 @@ private void reserveSpaceImpl(final int memory,
             ppnRequested = this.ppn;
         }
 
+        String account = getAccountString(creatorDN, this.accounting);
+
         // we know it's torque for now, no casing
         final ArrayList torquecmd;
         try {
@@ -681,7 +709,7 @@ private void reserveSpaceImpl(final int memory,
                                                   outputFile,
                                                   false,
                                                   false,
-                                                  creatorDN);
+                                                  account);
 
         } catch (WorkspaceException e) {
             final String msg = "Problem with Torque argument construction";
@@ -1693,4 +1721,52 @@ public boolean removeNode(String hostname)
     public String getVMMReport() {
         return "No VMM report when pilot is configured.";
     }
+
+    public String getAccountString(String userDN, String accountingType) {
+
+        String accountString = null;
+        if (accountingType == null) {
+            accountString = null;
+        }
+        else if (accountingType.equalsIgnoreCase("dn")) {
+
+            accountString = userDN;
+        }
+        else if (accountingType.equalsIgnoreCase("displayname")) {
+
+            try {
+                String userID = authzDBAdapter.getCanonicalUserIdFromDn(userDN);
+                final List<UserAlias> aliasList = authzDBAdapter.getUserAliases(userID);
+                for (UserAlias alias : aliasList) {
+                    if (alias.getAliasType() == AuthzDBAdapter.ALIAS_TYPE_DN) {
+
+                        accountString = alias.getFriendlyName();
+                    }
+                }
+                logger.error("Can't find display name for '" + userDN + "'. "
+                             + "No accounting string will be sent to PBS.");
+            }
+            catch (Exception e) {
+                logger.error("Can't connect to authzdb db. No accounting string will be sent to PBS.");
+            }
+        }
+        else if (accountingType.equalsIgnoreCase("group")) {
+
+            try {
+                GroupAuthz groupAuthz = (GroupAuthz)this.authzCallout;
+                accountString = groupAuthz.getGroupName(userDN);
+            }
+            catch (Exception e) {
+                logger.error("Problem getting group string. Are you sure you're using Group or SQL authz?");
+                logger.debug("full error: " + e);
+            }
+        }
+        else {
+
+            logger.error("'" + accountingType + "' isn't a valid accounting string type. "
+                         + "No accounting string will be sent to PBS.");
+        }
+
+        return accountString;
+    }
 }