Merge pull request #424 from fabric-testbed/pci-rescan-only-fpga

kthare10 · web-flow · commit 435453660b9a · 2025-08-01T10:53:02.000-04:00
Pci rescan only fpga
diff --git a/fabric_cf/actor/fim/plugins/broker/aggregate_bqm_plugin.py b/fabric_cf/actor/fim/plugins/broker/aggregate_bqm_plugin.py
@@ -119,7 +119,7 @@ def occupied_vlans(db: ABCDatabase, node_id: str, component_name: str, start: da
         return result
 
     @staticmethod
-    def occupied_link_capacity(*, db: ABCDatabase, node_id: str, start: datetime, end: datetime) -> Capacities:
+    def occupied_link_capacity(*, db: ABCDatabase, node_id: str, start: datetime, end: datetime) -> str:
         """
         Compute the total bandwidth capacity occupied on a given link node within a specific time window.
 
@@ -149,7 +149,7 @@ def occupied_link_capacity(*, db: ABCDatabase, node_id: str, start: datetime, en
 
         bw_used = existing.get(node_id, 0)
         if bw_used:
-            return Capacities(bw=bw_used).to_dict()
+            return Capacities(bw=bw_used).to_json()
 
     @staticmethod
     def occupied_node_capacity(*, db: ABCDatabase, node_id: str, start: datetime,
diff --git a/fabric_cf/orchestrator/core/orchestrator_handler.py b/fabric_cf/orchestrator/core/orchestrator_handler.py
@@ -81,7 +81,8 @@ def get_logger(self):
 
     def __authorize_request(self, *, id_token: str, action_id: ActionId,
                             resource: BaseSliver or ExperimentTopology = None,
-                            lease_end_time: datetime = None) -> FabricToken:
+                            lease_end_time: datetime = None,
+                            poa_operation: str = None) -> FabricToken:
         """
         Authorize request
         :param id_token:
@@ -96,6 +97,11 @@ def __authorize_request(self, *, id_token: str, action_id: ActionId,
 
         if fabric_token.subject is None:
             raise OrchestratorException(http_error_code=UNAUTHORIZED, message="Invalid token")
+        project_uuid, tags, project_name = fabric_token.first_project
+        if action_id == ActionId.POA and poa_operation and poa_operation == "rescan" and project_uuid and \
+                tags and "Component.FPGA" not in tags:
+            raise OrchestratorException(http_error_code=UNAUTHORIZED,
+                                        message="POA rescan not authorized - missing permissions Component.FPGA")
         return fabric_token
 
     def get_broker(self, *, controller: ABCMgmtControllerMixin) -> ID:
@@ -923,7 +929,8 @@ def poa(self, *, token: str, sliver_id: str, poa: PoaAvro) -> tuple[str, str]:
 
             rid = ID(uid=sliver_id) if sliver_id is not None else None
 
-            fabric_token = self.__authorize_request(id_token=token, action_id=ActionId.POA)
+            fabric_token = self.__authorize_request(id_token=token, action_id=ActionId.POA,
+                                                    poa_operation=poa.operation)
             user_id = fabric_token.uuid
             project, tags, project_name = fabric_token.first_project
 
