Policies
The XACML policies generated by the Policy Adminitration
Point code use the "Ordered Permit Overrides" policy algorithm instead of
"Deny Overrides" policy algorithm.
New resource categories:
-
DataBase category for OKS editor and administration
tools.
-
ResourceManager category for the Resource Manager
TDAQ component.
- BCM category for the BCM subdetector panel.
Server
- Allow to set the server backlog size through an
environment variable TDAQ_AM_SERVER_SOCKET_BACKLOG.
- Added the PAP_UPDATE control message to invalidate
the internal PAP cache when the policies are changed.
- Reads the configuration variables from an LDAP
server if provided
- Logging levels naming changed: NORMAL -> MINIMUM, VERBOSE -> NORMAL, VERY VERBOSE -> VERBOSE
Client API
Reads first the configuration from the file /sw/tdaq/AccessManager/cfg/client.cfg, then from
environment. If the configuration file is not found, then an information
messages is logged to indicate this. The production environment must make sure the file is available (even if it's empty). The configuration file must contain lines with the following format:
#The line with comments must start
with '#' character
VARIABLE_NAME=VARIABLE_VALUE
C++ API
- Contact the next AM server in the list in case a
timeout occurs during answer receiving from the server.
- The am server history contains now the server ip
addresses next to their names.
- Use poll function for the
socket timeout operations.
- Changed the gethostbyname
function with getaddrinfo because the former is not thread safe.
Java API
- Set the log level to none if the AM authorization is
disabled so that no log files and directories are created.
- Fixed the RunControlResource object to get the partition name from the ResourceTypePartition input value
Tools
-
amUserRoles:
-
added the "-G" flag to specify a role category to
prefix the roles to be processed
-
allow to process more users in the same time
provided either in the command line or in a input text file
-
amPAP:
-
added the functionality to update the policies on the local disk of AM servers defined in LDAP