Author: challngr Date: Thu Jul 31 19:26:31 2014 New Revision: 1614964 URL: http://svn.apache.org/r1614964 Log: UIMA-3970 Add --administroators registration parm to allow multiple users to manipulate a service.
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceApi.java uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceSubmit.java uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/IUiOptions.java uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceHandler.java Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceApi.java URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceApi.java?rev=1614964&r1=1614963&r2=1614964&view=diff ============================================================================== --- uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceApi.java (original) +++ uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceApi.java Thu Jul 31 19:26:31 2014 @@ -54,6 +54,7 @@ public class DuccServiceApi UiOption.Help, UiOption.Debug, UiOption.Description, + UiOption.Administrators, UiOption.SchedulingClass, UiOption.LogDirectory, UiOption.WorkingDirectory, Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceSubmit.java URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceSubmit.java?rev=1614964&r1=1614963&r2=1614964&view=diff ============================================================================== --- uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceSubmit.java (original) +++ uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/DuccServiceSubmit.java Thu Jul 31 19:26:31 2014 @@ -45,6 +45,8 @@ public class DuccServiceSubmit UiOption.Help, UiOption.Debug, UiOption.Description, + UiOption.Administrators, // ( not used directly here, but is allowed in registration ) + UiOption.SchedulingClass, UiOption.LogDirectory, UiOption.WorkingDirectory, Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/IUiOptions.java URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/IUiOptions.java?rev=1614964&r1=1614963&r2=1614964&view=diff ============================================================================== --- uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/IUiOptions.java (original) +++ uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/IUiOptions.java Thu Jul 31 19:26:31 2014 @@ -186,6 +186,14 @@ public interface IUiOptions public String label() { return null; } }, + Administrators { + public String pname() { return "administrators"; } + public String argname() { return "list of ids"; } + public String description() { return "Blank-delimited list of userids allowed to manage this service."; } + public String example() { return "bob mary jimbo"; } + public String label() { return name(); } + }, + Instances { public String pname() { return "instances"; } public String argname() { return "integer"; } Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceHandler.java URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceHandler.java?rev=1614964&r1=1614963&r2=1614964&view=diff ============================================================================== --- uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceHandler.java (original) +++ uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceHandler.java Thu Jul 31 19:26:31 2014 @@ -32,6 +32,7 @@ import org.apache.uima.ducc.common.NodeI import org.apache.uima.ducc.common.utils.DuccLogger; import org.apache.uima.ducc.common.utils.DuccProperties; import org.apache.uima.ducc.common.utils.id.DuccId; +import org.apache.uima.ducc.transport.event.AServiceRequest; import org.apache.uima.ducc.transport.event.ServiceModifyEvent; import org.apache.uima.ducc.transport.event.ServiceQueryEvent; import org.apache.uima.ducc.transport.event.ServiceQueryReplyEvent; @@ -663,9 +664,36 @@ public class ServiceHandler return reply; } + boolean authorized(String operation, ServiceSet sset, AServiceRequest req) + { + String methodName = "authorized"; + + String userin = req.getUser(); + String userout = sset.getUser(); + + if ( userin.equals(userout) ) { // owner is always authorized + logger.info(methodName, sset.getId(), operation, "request from", userin, "allowed."); + return true; + } + + if ( serviceManager.isAdministrator(req) ) { // global admin is always authorized + logger.info(methodName, sset.getId(), operation, "request from", userin, "allowed as DUCC administrator. Service owner:", userout); + return true; + } + + if ( sset.isAuthorized(userin) ) { // registered co-owner is always authorized + logger.info(methodName, sset.getId(), operation, "request from", userin, "alloed as co-ownder. Service owner:", userout); + return true; + } + + logger.info(methodName, sset.getId(), operation, "request from", userin, "not authorized. Service owner:", userout); + return false; + + } + ServiceReplyEvent start(ServiceStartEvent ev) { - String methodName = "start"; + // String methodName = "start"; long id = ev.getFriendly(); String url = ev.getEndpoint(); @@ -674,12 +702,8 @@ public class ServiceHandler return new ServiceReplyEvent(false, "Unknown service", url, id); } - String userin = ev.getUser(); - String userout = sset.getUser(); - logger.info(methodName, sset.getId(), "userin", userin, "userout", userout, "ev.asAdministrator", ev.asAdministrator(), "ok", serviceManager.isAdministrator(ev)); - - if ( !userin.equals(userout) && !serviceManager.isAdministrator(ev) ) { - return new ServiceReplyEvent(false, "Owned by " + userout, url, sset.getId().getFriendly()); + if ( ! authorized("start", sset, ev) ) { + return new ServiceReplyEvent(false, "Owned by " + sset.getUser(), url, sset.getId().getFriendly()); } int running = sset.countImplementors(); @@ -773,13 +797,11 @@ public class ServiceHandler return new ServiceReplyEvent(false, "Unknown service", url, id); } - String userin = ev.getUser(); - String userout = sset.getUser(); - - if ( !userin.equals(userout) && !serviceManager.isAdministrator(ev) ) { - return new ServiceReplyEvent(false, "Owned by " + userout, url, sset.getId().getFriendly()); + if ( ! authorized("stop", sset, ev) ) { + return new ServiceReplyEvent(false, "Owned by " + sset.getUser(), url, sset.getId().getFriendly()); } + if ( sset.isStopped() ) { return new ServiceReplyEvent(false, "Already stopped", sset.getKey(), sset.getId().getFriendly()); } @@ -887,11 +909,8 @@ public class ServiceHandler return new ServiceReplyEvent(false, "Unknown service", url, id); } - String userin = ev.getUser(); - String userout = sset.getUser(); - - if ( !userin.equals(userout) && !serviceManager.isAdministrator(ev) ) { - return new ServiceReplyEvent(false, "Owned by " + userout, url, sset.getId().getFriendly()); + if ( ! authorized("modify", sset, ev) ) { + return new ServiceReplyEvent(false, "Owned by " + sset.getUser(), url, sset.getId().getFriendly()); } pendingRequests.add(new ApiHandler(ev, this)); @@ -920,6 +939,11 @@ public class ServiceHandler sset.setAutostart(boolval); break; + case Administrators: + sset.setJobProperty(option.pname(), value); + sset.parseAdministrators(value); + break; + // For the moment, these all update the registration but don't change internal // operation. case Description: @@ -1029,71 +1053,6 @@ public class ServiceHandler // restart_service - not yet } - //void doModify(long id, String url, int instances, Trinary autostart, boolean activate) - void doModifyOld(ServiceModifyEvent sme) - { - String methodName = "doModify"; - - long id = sme.getFriendly(); - String url = sme.getEndpoint(); - ServiceSet sset = serviceStateHandler.getServiceForApi(id, url); - - DuccProperties mods = sme.getProperties(); - - String pingArguments = mods.getStringProperty("service_ping_arguments", null); - String pingClass = mods.getStringProperty("service_ping_class" , null); - String pingClasspath = mods.getStringProperty("service_ping_classpath", null); - String pingJvmArgs = mods.getStringProperty("service_ping_jvm_args" , null); - String pingTimeout = mods.getStringProperty("service_ping_timeout" , null); - String pingDolog = mods.getStringProperty("service_ping_dolog" , null); - - int instances = mods.getIntProperty("instances", -1); - boolean activate = mods.getBooleanProperty("activate", true); - - if ( instances > 0 ) { - // old sset.setNInstances(instances); // also persists instances - if ( activate ) { - int running = sset.countImplementors(); - int diff = instances - running; - - if ( diff > 0 ) { - sset.start(diff); - } else if ( diff < 0 ) { - sset.stop(-diff); - } - } - } - - if ( mods.containsKey("autostart" ) ) { - sset.setAutostart(mods.getBooleanProperty("autostart", true)); - } - - if ( pingArguments != null ) sset.setJobProperty("service_ping_arguments", pingArguments); - if ( pingClass != null ) sset.setJobProperty("service_ping_class" , pingClass); - if ( pingClasspath != null ) sset.setJobProperty("service_ping_classpath", pingClasspath); - if ( pingJvmArgs != null ) sset.setJobProperty("service_jvm_args" , pingJvmArgs); - if ( pingTimeout != null ) sset.setJobProperty("service_ping_timeout" , pingTimeout); - if ( pingDolog != null ) sset.setJobProperty("service_ping_dolog" , pingDolog); - - try { - sset.saveServiceProperties(); - sset.saveMetaProperties(); - } catch ( Exception e ) { - logger.error(methodName, null, "Service", id, ": Internal error, unable to store service descriptor. " + url); - } - - // Must restart pinger if anything about it changed. - if ( (pingClass != null) || - (pingArguments != null) || - (pingClasspath != null) || - (pingJvmArgs != null) || - (pingTimeout != null) || - (pingDolog != null) ) { - // sset.restartPinger(pingClass, pingArguments, pingClasspath, pingJvmArgs, pingTimeout, pingDolog); - } - - } - public ServiceReplyEvent unregister(ServiceUnregisterEvent ev) { String methodName = "unregister"; @@ -1109,13 +1068,8 @@ public class ServiceHandler ev.setEndpoint(url); ev.setFriendly(id); - String userin = ev.getUser(); - String userout = sset.getUser(); - - logger.info(methodName, sset.getId(), "Unregister received from", userin); - - if ( !userin.equals(userout) && !serviceManager.isAdministrator(ev) ) { - return new ServiceReplyEvent(false, "Owned by " + userout, url, sset.getId().getFriendly()); + if ( ! authorized("unregister", sset, ev) ) { + return new ServiceReplyEvent(false, "Owned by " + sset.getUser(), url, sset.getId().getFriendly()); } serviceStateHandler.unregister(sset);