Permalink
Browse files

Enhance Agent policy support

  • Loading branch information...
1 parent fc5f104 commit 4da802d72624c9f99082da6dec6d22795667f425 @shenrie shenrie committed Oct 8, 2012
View
@@ -16,6 +16,7 @@
from pyon.event.event import EventPublisher
from pyon.util.log import log
from pyon.util.containers import get_ion_ts
+from pyon.ion.resource import RT, PRED, OT, LCS
# Pyon exceptions.
from pyon.core.exception import IonException
@@ -171,9 +172,28 @@ def _on_quit(self):
pass
##############################################################
- # Governance interface.
+ # Governance interfaces and helpers
##############################################################
+ def _is_policy_enabled(self):
+ #TODO - may have to figure out another way to do this.
+
+ if self.CFG.get_safe("system.load_policy", False):
+ return True
+
+ return False
+
+ def _get_resource_commitments(self, user_id):
+
+ log.debug("Checking for commitments for user_id: " + user_id)
+
+ commitments,_ = self.clients.resource_registry.find_objects(self.resource_id, PRED.hasCommitment, RT.Commitment)
+ for com in commitments:
+ if com.consumer == user_id and com.lcstate != LCS.RETIRED:
+ return com
+
+ return None
+
def negotiate(self, resource_id="", sap_in=None):
"""
TBD.
@@ -12,7 +12,7 @@
from pyon.core.bootstrap import IonObject
from pyon.core import exception as iex
from pyon.event.event import EventPublisher
-from pyon.ion.resource import RT
+from pyon.ion.resource import RT, PRED, LCS
from pyon.util.log import log
from pyon.util.containers import get_ion_ts
@@ -52,6 +52,32 @@ def _on_init(self):
def _on_quit(self):
pass
+
+ ##############################################################
+ # Governance interfaces and helpers
+ ##############################################################
+
+ def _is_policy_enabled(self):
+ #TODO - may have to figure out another way to do this.
+
+ if self.CFG.get_safe("system.load_policy", False):
+ return True
+
+ return False
+
+ def _get_resource_commitments(self, user_id):
+
+ log.debug("Checking for commitments for user_id: " + user_id)
+ #TODO - why isn't the resource registry defined in this agent?
+
+ #commitments,_ = self.clients.resource_registry.find_objects(self.resource_id, PRED.hasCommitment, RT.Commitment)
+ #for com in commitments:
+ # if com.consumer == user_id and com.lcstate != LCS.RETIRED:
+ # return com
+
+ return None
+
+
def negotiate(self, resource_id="", sap_in=None):
pass
@@ -59,8 +59,9 @@ def start(self):
self._is_container_org_boundary = CFG.get_safe('container.org_boundary',False)
self._container_org_name = CFG.get_safe('container.org_name', CFG.get_safe('system.root_org', 'ION'))
self._container_org_id = None
+ self._system_root_org_name = CFG.get_safe('system.root_org', 'ION')
- self._is_root_org_container = (self._container_org_name == CFG.get_safe('system.root_org', 'ION'))
+ self._is_root_org_container = (self._container_org_name == self._system_root_org_name)
if self.enabled:
self.initialize_from_config(config)
@@ -23,7 +23,7 @@ class Negotiation(object):
def create_counter_proposal(self,negotiation=None, proposal_status=ProposalStatusEnum.COUNTER,
originator=ProposalOriginatorEnum.CONSUMER):
- if negotiation is None or negotiation.type_ != OT.Negotiation:
+ if negotiation is None or negotiation.type_ != RT.Negotiation:
raise BadRequest('The negotiation parameter must be a valid Negotiation object')
counter_sap = copy.deepcopy(negotiation.proposals[-1])
@@ -184,25 +184,36 @@ def _create_request_from_message(self, invocation, receiver, receiver_type='serv
ion_actor_id = invocation.get_header_value('ion-actor-id', 'anonymous')
actor_roles = invocation.get_header_value('ion-actor-roles', {})
- log.debug("XACML Request: sender: %s, receiver:%s, op:%s, ion_actor_id:%s, ion_actor_roles:%s" % (sender, receiver, op, ion_actor_id, str(actor_roles)))
+ log.debug("Using XACML Request: sender: %s, receiver:%s, op:%s, ion_actor_id:%s, ion_actor_roles:%s" % (sender, receiver, op, ion_actor_id, str(actor_roles)))
request = Request()
subject = Subject()
subject.attributes.append(self.create_string_attribute(SENDER_ID, sender))
subject.attributes.append(self.create_string_attribute(Identifiers.Subject.SUBJECT_ID, ion_actor_id))
- #Get the Org Id of this container that is running the endpoint process
- org_name = self.governance_controller.get_container_org_boundary_name()
+ #Get the Org name associated with the endpoint process
+ endpoint_process = invocation.get_arg_value('process', invocation)
+ if hasattr(endpoint_process,'org_name'):
+ org_name = endpoint_process.org_name
+ else:
+ org_name = self.governance_controller._system_root_org_name
- #If this is not a root Org container, then iterate over the roles associated with the user only for
- #the Org that this container is associated with otherwise include all roles and create attributes for each
- if self.governance_controller.is_root_org_container():
+ #If this process is not associated wiht the root Org, then iterate over the roles associated with the user only for
+ #the Org that this process is associated with otherwise include all roles and create attributes for each
+ if org_name == self.governance_controller._system_root_org_name:
+ #If the process Org name is the same for the System Root Org, then include all of them to be safe
for org in actor_roles:
self.create_org_role_attribute(actor_roles[org],subject)
else:
if actor_roles.has_key(org_name):
self.create_org_role_attribute(actor_roles[org_name],subject)
+ #Handle the special case for the ION system actor
+ if actor_roles.has_key(self.governance_controller._system_root_org_name):
+ if 'ION_MANAGER' in actor_roles[self.governance_controller._system_root_org_name]:
+ self.create_org_role_attribute(['ION_MANAGER'],subject)
+
+
request.subjects.append(subject)
resource = Resource()
@@ -212,6 +223,8 @@ def _create_request_from_message(self, invocation, receiver, receiver_type='serv
request.action = Action()
request.action.attributes.append(self.create_string_attribute(Identifiers.Action.ACTION_ID, op))
+
+
return request
def check_agent_request_policies(self, invocation):

0 comments on commit 4da802d

Please sign in to comment.