Hi Chris,
It looks like instead of updating it's added a second resource. If you do a:
pap-admin lp -show-all-ids
It'll show something like -
id=a4b3b473-077c-4475-a3ad-765540b3dc2d
resource "http://gla.scotgrid.ac.uk/svr026" {
obligation "http://glite.org/xacml/obligation/local-environment-map" {
}
id=public-70071864-d19b-4a2b-90de-230cbd2acf02
action ".*" {
id=e5aba1f4-a141-4e2b-be37-aaba98ace5f3
rule permit { vo="dteam" }
id=a2b5fc3a-e75b-4155-bb25-f9e6203330b1
rule permit { vo="atlas" }
......
....
This gives a hash for each policy which you can then individually update, or in our case we have a policy file that we can do a:
pap-admin upf a4b3b473-077c-4475-a3ad-765540b3dc2d <mypolicyfile>
Where upf is update policy from file, this updates the resource tag for svr026 in our example. In looking around I never found a tool for automatically creating a policy file, if anyone knows if there is one it would be useful to have.
Hope that's of use,
Gareth
On 13 Feb 2013, at 13:31, Christopher J. Walker wrote:
> I have been doing some experiments with argus.
>
> I updated the permissions for one CE - at least I thought I did, but
> when I update the policy, I seem to have policies listed twice for one
> resource. Which policies will be applied? This seems like a bug to me,
> but maybe someone can convince me I'm wrong.
>
> Also, given that the policies for all the CEs are going to be the same
> (and presumably the SE similarly), do other sites have a makefile or
> something to generate policies?
>
> Here are the policies:
>
> [root@argus01 ~]# pap-admin lp
>
> default (local):
>
>
> resource "http://esc.qmul.ac.uk/ce05" {
> obligation "http://glite.org/xacml/obligation/local-environment-map" {
> }
>
> action ".*" {
> rule permit { vo="ops" }
> rule permit { vo="dteam" }
> rule permit { vo="atlas" }
> }
> }
>
> resource "http://esc.qmul.ac.uk/ce05" {
> obligation "http://glite.org/xacml/obligation/local-environment-map" {
> }
>
> action ".*" {
> rule permit { vo="ops" }
> rule permit { vo="dteam" }
> rule permit { vo="atlas" }
> rule permit { vo="lhcb" }
> rule permit { vo="cms" }
> rule permit { vo="biomed" }
> rule permit { vo="zeus" }
> rule permit { vo="cedar" }
> rule permit { vo="mice" }
> rule permit { vo="pheno" }
> rule permit { vo="ilc" }
> rule permit { vo="hone" }
> rule permit { vo="t2k.org" }
> rule permit { vo="vo.londongrid.ac.uk" }
> rule permit { vo="superbvo.org" }
> rule permit { vo="camont" }
> rule permit { vo="ngs.ac.uk" }
> rule permit { vo="supernemo.vo.eu-egee.org" }
> rule permit { vo="cernatschool.org" }
> rule permit { vo="snoplus.snolab.ca" }
> rule permit { vo="neiss.org.uk" }
> }
> }
>
>
>
>
> Chris
|