[gold-users] Permissions and Charging Rates

Scott Jackson scottmo at adaptivecomputing.com
Tue May 11 11:18:30 MDT 2010

Hi Brian,

Brian O'Connor wrote:
> Hi
>    please forgive these beginner questions.
> I need help understanding permissions and charging rates and how these 
> apply to
> resources.
> lets use a "Bar" paradigm.
> I accustomed to regarding permissions as being related to a patron, 
> like me, a resource,
> like beer, and then allowed actions on that resource, like drinking 
> it. There are also
> action qualifiers like how much beer and when I can drink it.
> using the Bar paradigm, within Gold the patrons are users, and 
> resources are Objects right?
> gold> Object Query
> Name                  Association Parent      Child        Description
> --------------------- ----------- ----------- ------------ 
> --------------------------------------------------
> Object                False                                Object
> Attribute             False                                Attribute
> Action                False                                Action
> Transaction           False                                Transaction Log
> System                False                                System
> User                  False                                User
> Role                  False                                Role
> RoleAction            True        Role        Action       Role Action 
> Association
> RoleUser              True        Role        User         Role User 
> Association
> Password              False                                Password
> ANY                   False                                Any Object
> NONE                  False                                No Object
> Organization          False                                Virtual 
> Organization
> Project               False                                Project
> Machine               False                                Machine
> ProjectUser           True        Project     User         Membership 
> mapping Users to Projects
> ProjectMachine        True        Project     Machine      Membership 
> mapping Machines to Projects
> Account               False                                Account
> AccountProject        True        Account     Project      Project 
> Access control List
> AccountUser           True        Account     User         User Access 
> control List
> AccountMachine        True        Account     Machine      Machine 
> Access control List
> AccountOrganization   True        Account     Organization Forwarding 
> Account Information
> Allocation            False                                Allocation
> Reservation           False                                Reservation
> ReservationAllocation True        Reservation Allocation   Reservation 
> Allocation Association
> Quotation             False                                Quotation
> ChargeRate            False                                Charge Rates
> QuotationChargeRate   True        Quotation   ChargeRate   Charge Rate 
> guaranteed by the associated Quotation
> Job                   False                                Job
> AccountAccount        True        Account     Account      Account 
> Deposit Linkage
> but where are the actions defined?
In the Action table:

scottmo at mana:/software/moab-5.4$ goldsh Action Query
Object                Name     Display Description
--------------------- -------- ------- -----------
Object                Create   False              
Object                Query    False              
Object                Modify   False              
Object                Delete   False              
Object                Undelete False              
Attribute             Create   False              
Attribute             Query    False              
Attribute             Modify   False              
Attribute             Delete   False              
Attribute             Undelete False              
Action                Create   False              
Action                Query    False              
Action                Modify   False              
Action                Delete   False              
Action                Undelete False              
Transaction           Query    True               
Transaction           Undo     False              
Transaction           Redo     False              
System                Create   False              
System                Query    False              
System                Modify   False              
System                Delete   False              
System                Undelete False              
System                Refresh  False              
User                  Create   True               
User                  Query    True               
User                  Modify   True               
User                  Delete   True               
User                  Undelete True               
Role                  Create   False              
Role                  Query    False              
Role                  Modify   False              
Role                  Delete   False              
Role                  Undelete False              
RoleAction            Create   False              
RoleAction            Query    False              
RoleAction            Modify   False              
RoleAction            Delete   False              
RoleAction            Undelete False              
RoleUser              Create   False              
RoleUser              Query    False              
RoleUser              Modify   False              
RoleUser              Delete   False              
RoleUser              Undelete False              
Password              Create   False              
Password              Query    False              
Password              Modify   False              
Password              Delete   False              
Password              Undelete False              
ANY                   ANY      False   Any Action 
NONE                  NONE     False   No Action  
Organization          Create   True    Create     
Organization          Query    True    Query      
Organization          Modify   True    Modify     
Organization          Delete   True    Delete     
Organization          Undelete True    Undelete   
Project               Create   True    Create     
Project               Query    True    Query      
Project               Modify   True    Modify     
Project               Delete   True    Delete     
Project               Undelete True    Undelete   
Machine               Create   True    Create     
Machine               Query    True    Query      
Machine               Modify   True    Modify     
Machine               Delete   True    Delete     
Machine               Undelete True    Undelete   
ProjectUser           Create   True    Create     
ProjectUser           Query    True    Query      
ProjectUser           Modify   True    Modify     
ProjectUser           Delete   True    Delete     
ProjectUser           Undelete True    Undelete   
ProjectMachine        Create   True    Create     
ProjectMachine        Query    True    Query      
ProjectMachine        Modify   True    Modify     
ProjectMachine        Delete   True    Delete     
ProjectMachine        Undelete True    Undelete   
Account               Create   True    Create     
Account               Query    True    Query      
Account               Modify   True    Modify     
Account               Delete   True    Delete     
Account               Undelete True    Undelete   
Account               Withdraw True    Withdraw   
Account               Balance  True    Balance    
Account               Deposit  True    Deposit    
Account               Transfer True    Transfer   
AccountProject        Create   True    Create     
AccountProject        Query    True    Query      
AccountProject        Modify   True    Modify     
AccountProject        Delete   True    Delete     
AccountProject        Undelete True    Undelete   
AccountUser           Create   True    Create     
AccountUser           Query    True    Query      
AccountUser           Modify   True    Modify     
AccountUser           Delete   True    Delete     
AccountUser           Undelete True    Undelete   
AccountMachine        Create   True    Create     
AccountMachine        Query    True    Query      
AccountMachine        Modify   True    Modify     
AccountMachine        Delete   True    Delete     
AccountMachine        Undelete True    Undelete   
AccountOrganization   Create   False   Create     
AccountOrganization   Query    False   Query      
AccountOrganization   Modify   False   Modify     
AccountOrganization   Delete   False   Delete     
AccountOrganization   Undelete False   Undelete   
Allocation            Create   False   Create     
Allocation            Query    True    Query      
Allocation            Modify   True    Modify     
Allocation            Delete   True    Delete     
Allocation            Undelete True    Undelete   
Allocation            Refresh  False   Refresh    
Reservation           Create   False   Create     
Reservation           Query    True    Query      
Reservation           Modify   False   Modify     
Reservation           Delete   True    Delete     
Reservation           Undelete True    Undelete   
ReservationAllocation Create   False   Create     
ReservationAllocation Query    True    Query      
ReservationAllocation Modify   False   Modify     
ReservationAllocation Delete   False   Delete     
ReservationAllocation Undelete False   Undelete   
Quotation             Create   False   Create     
Quotation             Query    True    Query      
Quotation             Modify   False   Modify     
Quotation             Delete   True    Delete     
Quotation             Undelete True    Undelete   
ChargeRate            Create   True    Create     
ChargeRate            Query    True    Query      
ChargeRate            Modify   True    Modify     
ChargeRate            Delete   True    Delete     
ChargeRate            Undelete True    Undelete   
QuotationChargeRate   Create   False   Create     
QuotationChargeRate   Query    True    Query      
QuotationChargeRate   Modify   False   Modify     
QuotationChargeRate   Delete   False   Delete     
QuotationChargeRate   Undelete False   Undelete   
Job                   Create   True    Create     
Job                   Query    True    Query      
Job                   Modify   True    Modify     
Job                   Delete   True    Delete     
Job                   Undelete True    Undelete   
Job                   Charge   False   Charge     
Job                   Reserve  False   Reserve    
Job                   Quote    False   Quote      
Job                   Refund   True    Refund     
AccountAccount        Create   False   Create     
AccountAccount        Query    False   Query      
AccountAccount        Modify   False   Modify     
AccountAccount        Delete   False   Delete     
AccountAccount        Undelete False   Undelete   

> I can create a role and a role action, but these are just strings, 
> where do I relate actual gold
> functionality to a resource
These are more than just strings. They relate to the actions in the 
Action table shown above.
> gold> Role Create Name=Fred
> Name Description
> ---- -----------
> Fred
> Successfully created 1 Role
> gold> RoleAction Create Role=Fred Object=Job Name=Sparkle
> Role Object Name    Instance
> ---- ------ ------- --------
> Fred Job    Sparkle ANY
> Successfully created 1 RoleAction
> gold> RoleAction Query
> Role         Object         Name    Instance
> ------------ -------------- ------- --------
> SystemAdmin  ANY            ANY     ANY
> Anonymous    ANY            Query   ANY
> Anonymous    Password       ANY     SELF
> Anonymous    Account        Balance ANY
> ProjectAdmin Project        ANY     ADMIN
> UserServices Job            Refund  ANY
> UserServices User           ANY     ANY
> UserServices Machine        ANY     ANY
> UserServices Project        ANY     ANY
> UserServices ProjectUser    ANY     ANY
> UserServices ProjectMachine ANY     ANY
> Scheduler    Job            Charge  ANY
> Scheduler    Job            Quote   ANY
> Scheduler    Job            Reserve ANY
> Scheduler    Reservation    Delete  ANY
> OVERRIDE     Account        Balance ANY
> UserServices Job            Quote   ANY
> Fred         Job            Sparkle ANY
> gold>
> So how do I find out what a particular action is..i.e the Refund action?
> ..an how do I apply some sort of actual Gold functionality to the 
> "Sparkle" action?
There are some default actions which are understood in the underlying 
Base.pm module. These include Create, Query, Modify, Delete and 
Undelete. These are implemented in Gold subroutines. In the Bank.pm 
module, there is additional business logic to make Gold behave as an 
allocation manager. Many of the Base actions are overridden, and other 
allocation-manager actions are implemented in the code (charge, balance, 
deposit, etc). Creating a Sparkle Action is not going to do anything for 
you unless you implement the action in a module (i.e. Radiate.pm) and 
then modify Proxy.pm to look for your custom overrides/implementations:

     # First try performing custom Radiate action if not scoped to base 
        if (! $scope)
            # Try calling custom radiate actions
            my $response = Gold::Radiate->execute($self);

            my $code = $response->getCode();
            if ($code ne "313" && $code ne "315")
                return $response;
       # If it falls through, try to perform the Base action
        $self->{_response} = Gold::Base->execute($self);

> What I am trying to do is set things up so that a user can ask for a 
> quote in his
> own project/account but not others, but default user that are created 
> by the gui or
> user.autocreate are not authorised to get a quote.

Unfortunately, there is not a built-in Instance Type that will grab the 
Project of the Quote and check for Actor membership in that project. 
This would have to be enabled in code as an OVERRIDE RoleAction. You 
would do this by Adding a RoleAction of Role=OVERRIDE, Object=Job, 
Action=Quote, (Instance=ANY). Then, you would have to add code in the 
quote subroutine in Bank.pm with the desired business logic. See the 
override code in balance for an example.
> The other thing I'd like to do is set up two machines with different 
> charging rates(cpu/mem etc).
> How can I associate a group of Charges with a machine so that gquote 
> -m machine2 picks it up.
> I seem to have to use gquote -X Machine=machine2
Well, gquote -X Machine=machine2 should be the same as gquote -m 
machine2 except that -X Machine will key off of the actual word Machine 
instead of -m which will key off of MachineName (i.e. you could put 
MachineName in as the ChargeRate Name in ChargeRate).

However, about the only thing you can do charge-wise with named job 
properties is to apply a name-based multiplier rate. So, you could add a 
ChargeRate of (Name=MachineName, Instance=machine2, Rate=2) and this 
would apply a multiple of 2 to the overall charge. This may come close 
to what you want, but it is not going to get you different cpu charge 
rates and different memory chargerates depending on the machine you are 
coming from.

To do this, your options are:

1) Use two gold's, one for each machine.
2) Do your own charge algorithm in a prolog and epilog and pass the 
charge/reserve/quote in via g{quote|reserve|charge} -X Charge=12345.45 
where you calculate the charge yourself and Gold just accepts the value.
3) Wait for gold 2.2 which I just started working on last week.
4) Mess with the code yourself:)

In Gold 2.2, I am adding a new Type field in the ChargeRate object and 
there will be support for a new simple Multi-dimensional Value Based 

Here is a table indicating the types of chargerates that will be 
supported in the new minor version of Gold:

Type        Name(i.e)   Instance(i.e.)   Rate(i.e)    Description
----------  ----------  ---------------  -----------  
Resource    Processors                   10           Value Based 
Resource (VBR)
Usage       Power                        500          Value Based Usage 
Quality     QOS         Premium          2            Name Based 
Multiplier (NBM)
Service     License     Abacus           10           Name Based 
Resource (NBR)
Multiplier  Discount                     0.5          Value Based 
Multiplier (VBM)
Feature     Feature     Telescope        5            Name Based Usage (NBU)
Fee         Shipping                     100          external Value 
Based Usage (xVBU)
Token       Zone        Asia             400          external Name 
Based Usage (xNBU)
(Disk)       User        scottmo          10          Multi-dimensional 

So, using the MVBR, you would add a line like:

Type=Memory Name=MachineName Instance=machine1 Rate=.1 
Description="memory on machine1 charges at .1"
Type=Memory Name=MachineName Instance=machine2 Rate=.2 
Description="memory on machine2 charges at .2"

Then use gquote -m machine2 -M 2048 ..., or just use Moab as usual 
because MachineName (and I think requested Memory) will route in via 
Moab Gold calls.

This will take a few months to get done and documented. I will be happy 
to keep you in mind as a beta tester if desired.



