Example 1 with NodeUserAllPermission
use of org.ow2.proactive.permissions.NodeUserAllPermission in project scheduling by ow2-proactive.
the class RMCore method releaseNodes.
/**
* {@inheritDoc}
*/
public BooleanWrapper releaseNodes(NodeSet nodes) {
if (nodes.getExtraNodes() != null) {
// do not forget to release extra nodes
nodes.addAll(nodes.getExtraNodes());
}
// exception to throw in case of problems
RuntimeException exception = null;
NodeSet nodesReleased = new NodeSet();
NodeSet nodesFailedToRelease = new NodeSet();
for (Node node : nodes) {
String nodeURL = null;
try {
nodeURL = node.getNodeInformation().getURL();
logger.debug("Releasing node " + nodeURL);
} catch (RuntimeException e) {
logger.debug("A Runtime exception occurred while obtaining information on the node," + "the node must be down (it will be detected later)", e);
// node is down, will be detected by pinger
exception = new IllegalStateException(e.getMessage(), e);
nodesFailedToRelease.add(node);
}
// verify whether the node has not been removed from the RM
if (this.allNodes.containsKey(nodeURL)) {
RMNode rmnode = this.getNodebyUrl(nodeURL);
// free
if (rmnode.isFree()) {
logger.warn("Client " + caller + " tries to release the already free node " + nodeURL);
nodesFailedToRelease.add(node);
} else if (rmnode.isDown()) {
logger.warn("Node was down, it cannot be released");
nodesFailedToRelease.add(node);
} else {
Set<? extends IdentityPrincipal> userPrincipal = rmnode.getOwner().getSubject().getPrincipals(UserNamePrincipal.class);
Permission ownerPermission = new PrincipalPermission(rmnode.getOwner().getName(), userPrincipal);
try {
caller.checkPermission(ownerPermission, caller + " is not authorized to free node " + node.getNodeInformation().getURL(), new RMCoreAllPermission(), new NodeUserAllPermission(), new NSAdminPermission());
if (rmnode.isToRemove()) {
removeNodeFromCoreAndSource(rmnode, caller);
nodesReleased.add(node);
if (delayedNodeSourceRemovalEvents.containsKey(rmnode.getNodeSourceName()) && nodeSourceCanBeRemoved(rmnode.getNodeSourceName())) {
logger.debug(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + " is eligible to remove.");
final Entry<RMNodeSourceEvent, NodeSource> remove = delayedNodeSourceRemovalEvents.remove(rmnode.getNodeSourceName());
final RMNodeSourceEvent removedEvent = remove.getKey();
final NodeSource nodeSource = remove.getValue();
logger.info(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + HAS_BEEN_SUCCESSFULLY + removedEvent.getEventType().getDescription());
this.monitoring.nodeSourceEvent(removedEvent);
nodeSource.shutdown(this.caller);
} else if (delayedNodeSourceUndeploying.containsKey(rmnode.getNodeSourceName()) && nodeSourceCanBeRemoved(rmnode.getNodeSourceName())) {
logger.debug(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + " is eligible to undeploy.");
final NodeSource nodeSource = delayedNodeSourceUndeploying.remove(rmnode.getNodeSourceName());
logger.info(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + HAS_BEEN_SUCCESSFULLY + "undeployed.");
nodeSource.shutdown(this.caller);
}
} else {
internalSetFree(rmnode);
nodesReleased.add(node);
}
} catch (SecurityException ex) {
logger.error(ex.getMessage(), ex);
nodesFailedToRelease.add(node);
exception = ex;
}
}
} else {
logger.warn("Cannot release unknown node " + nodeURL);
nodesFailedToRelease.add(node);
exception = new IllegalArgumentException("Cannot release unknown node " + nodeURL);
}
}
logger.info("Nodes released : " + nodesReleased);
if (!nodesFailedToRelease.isEmpty()) {
logger.warn("Nodes failed to release : " + nodesFailedToRelease);
}
if (exception != null) {
// throwing the latest exception we had
throw exception;
}
return new BooleanWrapper(true);
}
Also used :
NodeSet(org.ow2.proactive.utils.NodeSet)
RMNodeSourceEvent(org.ow2.proactive.resourcemanager.common.event.RMNodeSourceEvent)
NodeSet(org.ow2.proactive.utils.NodeSet)
Set(java.util.Set)
ImmutableSet(com.google.common.collect.ImmutableSet)
HashSet(java.util.HashSet)
RMDeployingNode(org.ow2.proactive.resourcemanager.rmnode.RMDeployingNode)
Node(org.objectweb.proactive.core.node.Node)
RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode)
PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission)
NodeUserAllPermission(org.ow2.proactive.permissions.NodeUserAllPermission)
UserNamePrincipal(org.ow2.proactive.authentication.principals.UserNamePrincipal)
RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission)
NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission)
NodeSource(org.ow2.proactive.resourcemanager.nodesource.NodeSource)
BooleanWrapper(org.objectweb.proactive.core.util.wrapper.BooleanWrapper)
RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode)
Entry(java.util.Map.Entry)
Permission(java.security.Permission)
NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission)
NodeUserAllPermission(org.ow2.proactive.permissions.NodeUserAllPermission)
MethodCallPermission(org.ow2.proactive.permissions.MethodCallPermission)
RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission)
PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission)
IdentityPrincipal(org.ow2.proactive.authentication.principals.IdentityPrincipal)
Example 2 with NodeUserAllPermission
use of org.ow2.proactive.permissions.NodeUserAllPermission in project scheduling by ow2-proactive.
the class SelectionManager method filterOut.
/**
* Removes exclusion nodes and nodes not accessible for the client
*/
private List<RMNode> filterOut(List<RMNode> freeNodes, Criteria criteria, Client client) {
// Get inclusion/exclusion list for the final check
Set<String> inclusion = criteria.getAcceptableNodesUrls();
NodeSet exclusion = criteria.getBlackList();
// Is a token specified at the task level ?
boolean nodeWithTokenRequested = criteria.getNodeAccessToken() != null && !criteria.getNodeAccessToken().isEmpty();
// If yes, add it to the client Principals list as TokenPrincipal object
TokenPrincipal tokenPrincipal = null;
if (nodeWithTokenRequested) {
logger.debug("Node access token specified " + criteria.getNodeAccessToken());
tokenPrincipal = new TokenPrincipal(criteria.getNodeAccessToken());
client.getSubject().getPrincipals().add(tokenPrincipal);
}
// Can client has access to the node ?
List<RMNode> filteredList = new ArrayList<>();
HashSet<Permission> clientPermissions = new HashSet<>();
for (RMNode node : freeNodes) {
try {
if (node.isProtectedByToken() && !nodeWithTokenRequested && !isClientNodeUserAllPermission(client)) {
logger.debug("Node " + node.getNodeURL() + " is protected by token");
continue;
}
if (!clientPermissions.contains(node.getUserPermission())) {
client.checkPermission(node.getUserPermission(), client + " is not authorized to get the node " + node.getNodeURL() + " from " + node.getNodeSource().getName(), new NodeUserAllPermission());
// YES
clientPermissions.add(node.getUserPermission());
}
} catch (SecurityException e) {
// NO
logger.debug(e.getMessage());
continue;
}
// we do not consider this node. We only consider nodes protected by the token required by the client.
if (nodeWithTokenRequested && !node.isProtectedByToken()) {
continue;
}
// we will avoid it here
if (nodeWithTokenRequested) {
PrincipalPermission perm = (PrincipalPermission) node.getUserPermission();
// checking explicitly that node has this token identity
if (!perm.hasPrincipal(tokenPrincipal)) {
if (logger.isDebugEnabled()) {
logger.debug(client + " does not have required token to get the node " + node.getNodeURL() + " from " + node.getNodeSource().getName());
}
continue;
}
}
if (!contains(exclusion, node) && ((inclusion != null) ? inclusion.contains(node.getNodeURL()) : true)) {
filteredList.add(node);
}
}
return filteredList;
}
Also used :
NodeSet(org.ow2.proactive.utils.NodeSet)
PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission)
NodeUserAllPermission(org.ow2.proactive.permissions.NodeUserAllPermission)
RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode)
NodeUserAllPermission(org.ow2.proactive.permissions.NodeUserAllPermission)
Permission(java.security.Permission)
PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission)
TokenPrincipal(org.ow2.proactive.authentication.principals.TokenPrincipal)
Aggregations
Permission (java.security.Permission)2
NodeUserAllPermission (org.ow2.proactive.permissions.NodeUserAllPermission)2
PrincipalPermission (org.ow2.proactive.permissions.PrincipalPermission)2
RMNode (org.ow2.proactive.resourcemanager.rmnode.RMNode)2
NodeSet (org.ow2.proactive.utils.NodeSet)2
ImmutableSet (com.google.common.collect.ImmutableSet)1
HashSet (java.util.HashSet)1
Entry (java.util.Map.Entry)1
Set (java.util.Set)1
Node (org.objectweb.proactive.core.node.Node)1
BooleanWrapper (org.objectweb.proactive.core.util.wrapper.BooleanWrapper)1
IdentityPrincipal (org.ow2.proactive.authentication.principals.IdentityPrincipal)1
TokenPrincipal (org.ow2.proactive.authentication.principals.TokenPrincipal)1
UserNamePrincipal (org.ow2.proactive.authentication.principals.UserNamePrincipal)1
MethodCallPermission (org.ow2.proactive.permissions.MethodCallPermission)1
NSAdminPermission (org.ow2.proactive.permissions.NSAdminPermission)1
RMCoreAllPermission (org.ow2.proactive.permissions.RMCoreAllPermission)1
RMNodeSourceEvent (org.ow2.proactive.resourcemanager.common.event.RMNodeSourceEvent)1
NodeSource (org.ow2.proactive.resourcemanager.nodesource.NodeSource)1
RMDeployingNode (org.ow2.proactive.resourcemanager.rmnode.RMDeployingNode)1
