Description (See the patch #4367)
The Argus 1.2 release fixes some bugs and implement some new features.
PAP features:
- The pap-admin CLI now implements the obligation management commands 'add-obligation' and 'remove-obligation'. These commands can be used to add/remove obligations to/from existing policies.
- The pap-admin CLI add-policy command now supports the creation of policy containing obligations at resource or action scope.
PEP daemon features:
- The group mapfile now allows DN and FQAN based group names mapping.
- The gridmap POSIX account mapping obligation handler now handles DN and FQAN based account mapping. DN based mapping is preferred upon FQAN based mapping (configurable).
- The gridmap files now support FQAN pattern matching as described in EGEE document https://edms.cern.ch/file/975443/1/EGEE-III-JRA1_FQAN_wildcard_v1.1.pdf
- A new generic grid authorization profile PIP handles both the Grid CE v1.0 and Grid WN v1.0 authorization profiles.
Dependent Patches
| Number | Description |
|---|---|
| There are no dependent patches. | |
Fixed Bugs
| Number | Description |
|---|---|
| #64340 | [ARGUS] profile attribute/group-id doesn't contain primary group |
| #65802 | [Argus] PAP should have a status handler on localhost:8151 |
| #60044 | [ARGUS] pap-admin lp command should support filtering by resource and action |
| #66669 | [Argus] PAP Admin fails with certicate containing the '/' character in an RDN |
| #68805 | [Argus] add support for DN mapping in group mapfile |
| #67387 | [Argus] PEP API C include files are not actually C |
| #63023 | [ARGUS] PEP Java client library should be available as a jar downloadable from the ETICS repository |
| #68595 | [Argus] pap-admin add-policy -obligation <obligation-id> parameter |
| #69263 | [Argus] pepd.ini doesn't allow no pips defined |
| #72430 | [Argus] RPM upgrade overwrite locally edited pdp.ini and pepd.ini config files |
| #68808 | [Argus] update PIP to support the XACML Grid CE profile |
| #63180 | [ARGUS] pap-admin script doesn't resolve softlink |
| #64197 | [Argus] timestamps in pepd process.log do not show the date |
| #66574 | [Argus] pool account mapping problem: .dteam -> dteamprod001 |
| #69197 | [Argus] Implement a consistent FQAN and/or DN based user mapping strategy |
| #68858 | [Argus] pepd.ini without SECURITY section cause a NullPointerException at start |
| #68599 | [Argus] pap-admin should be able to remove an existing obligation |
| #65542 | [yaim-argus] /etc/init.d scripts 'status' command doesn't return 1 on error |
| #72078 | [Argus] wrong pfqan.xacml-id in attribute-mappings.ini |
Updated Rpms (See the full list)
| Name | Version | Full Rpm Name | Description |
|---|---|---|---|
| glite-ARGUS | 3.2.4-2 | glite-ARGUS-3.2.4-2.sl5.x86_64.rpm | yum glite-ARGUS metapackage |
| glite-authz-gsi-pep-callout | 1.1.1-1 | glite-authz-gsi-pep-callout-1.1.1-1.sl5.x86_64.rpm | Argus Authorization Service GSI PEP callout module (Globus 4 compatible) |
| glite-authz-pap | 1.2.2-2 | glite-authz-pap-1.2.2-2.noarch.rpm | Argus Authorization Service Policy Administration Point (PAP) |
| glite-authz-pdp | 1.2.0-2 | glite-authz-pdp-1.2.0-2.noarch.rpm | Argus Authorization Service Policy Decision Point (PDP) |
| glite-authz-pep-c | 1.3.1-1 | glite-authz-pep-c-1.3.1-1.sl5.x86_64.rpm | Argus Authorization Service PEP client library for C |
| glite-authz-pep-c-cli | 1.3.1-1 | glite-authz-pep-c-cli-1.3.1-1.sl5.x86_64.rpm | Argus Authorization Service PEP command line interface: pepcli |
| glite-authz-pep-common | 2.0.0-2 | glite-authz-pep-common-2.0.0-2.noarch.rpm | Argus Authorization Service PEP daemon and client common library |
| glite-authz-pep-java | 2.0.0-3 | glite-authz-pep-java-2.0.0-3.noarch.rpm | Argus Authorization Service PEP client library for Java |
| glite-authz-pepd | 1.2.0-2 | glite-authz-pepd-1.2.0-2.noarch.rpm | Argus Authorization Service Policy Enforcement Point (PEP) Daemon |
| glite-version | 3.2.3-1 | glite-version-3.2.3-1.noarch.rpm | glite-version |
| glite-yaim-argus_server | 1.2.0-1 | glite-yaim-argus_server-1.2.0-1.noarch.rpm | yaim configuration scripts for the ARGUS_server nodetype |
| glite-yaim-core | 4.0.13-2 | glite-yaim-core-4.0.13-2.noarch.rpm | YAIM core package |
| vdt_globus_essentials | VDT1.10.1x86_64_rhap_5-4 | vdt_globus_essentials-VDT1.10.1x86_64_rhap_5-4.x86_64.rpm | vdt_globus_essentials |
Service reconfiguration after update
Service must be reconfigured.
Service restart after update
Service must be restarted.