Commit ea0a1ee9 authored by ccacciari's avatar ccacciari
Browse files

minor changes in test rules, documentations, patches

parent 47eee99d
B2SAFE module 2.0 [2014/04/13]
- added an integrity check mechanism: see <module_home>/docs/integrityCheck.pdf
- improved the PID interlinking mechanism: see <module_home>/docs/PID_interlinking-1.pdf
- defined a rule for the replication of a single object: see <module_home>/docs/transferSingleFile.jpg
B2SAFE module 2.1 [2014/05/31]
- refined the integrity check mechanism
- defined a rule for the replication of a collection of objects
- added a script to deploy automatically the module
- bug fixing
Configurations
[authz.map.json]
- iRODS 3.3.x is required.
- in case you are using the version 3.3.0 please apply the patch in "rsExecCmd.patch" placed the dir "patches".
- in the rule file "eudat.re": there are two new rules called "EUDATAuthZ" and "getAuthZParameters".
The "getEUDATAuthZ" calls an external python script placed in iRODS_home/server/bin/cmd and called "authZ.manager.py".
Which requires a configuration file placed in iRODS_home/modules/BE2SAFE/cmd and called "authz.map.json".
The script provides just a couple of methods: "test" and "check", which returns a boolean value of True if the authorization is granted,
False otherwise.
The authorization decision is based on the file "authz.map.json", which contains triplets (subject, action, target) called assertions.
So, for example, passing to the script in input a request like:
testuser#testzone, read, /iRODS_home/modules/B2SAFE/cmd/credentials
It will be accepted if the json file contains:
"assertion 1":
{ "subject":
[ "testuser#testzone" ],
"action":
[ "read" ],
"target":
[ "/iRODS_home/modules/B2SAFE/cmd/credentials" ]
}
Or even:
"assertion 1":
{ "subject":
[ "*#testzone" ],
"action":
[ "read" ],
"target":
[ "/iRODS_home/modules/B2SAFE/cmd/*" ]
}
Because it supports the wild characters in the same way a shell do.
- in the rulebase file "core.re" the hook shoul be configured using the patch "corere.patch" placed in the folder "patches" of the module.
- The entry point for rules specific for certain external executables should be called inside the "getEUDATAuthZ" as fall back.
[log.manager.conf]
- just configure the logging level (INFO, DEBUG, ERROR) and the path to the logging directory:
{
"log_level": "DEBUG",
"log_dir": "/<iRODS path>/modules/B2SAFE/log",
}
......@@ -121,7 +121,7 @@ The command files are written to the shared iRODS space and are used to control
3) *.pid.update
Contians a command to update a PID:
Contains a command to update a PID:
"update;*pid;*new_pid"
*pid the handle of the source object (the parent)
......
......@@ -10,7 +10,7 @@
+# if a parameter is not provided, then it is the empty string
+acPreProcForExecCmd(*cmd, *args, *addr, *hint) {
+ if (*cmd != "authZ.manager.py") {
+ getEUDATAuthZ("$userNameClient#$rodsZoneClient", *cmd, *args, *response);
+ EUDATAuthZ("$userNameClient#$rodsZoneClient", *cmd, *args, *response);
+ }
+}
# ----------------------------------------------------------------------------
......
......@@ -140,7 +140,7 @@ EUDATTransferSingleFile(*path_of_transfered_file,*target_of_transfered_file) {
# according to the format: cause::path_of_transfer_file::target_of_transfer_file.
#
# Parameters:
# *buffer_length [IN] max number of failed transfer to process.
# *buffer_length [IN] max number of failed transfers to process.
# It has to be > 1.
#
# Author: Long Phan, Juelich
......
#
# Test for the re-transfering of objects related to previously failed replications
#
test {
EUDATTransferUsingFailLog(*buffer_length);
}
INPUT *buffer_length=100
OUTPUT ruleExecOut
~
#
# Test for transfer complete Collection Dir and all of data objects in its from *Path to *replicaPath.
#
test {
transferUsingFailLog(*destination_Collection,*logFailedFilePath, *Key);
}
INPUT *destination_Collection="/DATACENTER/Data17/", *Key = "Path_of_failed_Files"
OUTPUT ruleExecOut
~
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment