From 12928399d541e6967c989c8b7f052aa206108cd0 Mon Sep 17 00:00:00 2001 From: Alejandro Huertas Herrero Date: Tue, 17 Sep 2019 16:18:54 +0200 Subject: [PATCH] F #3064: add datasores clusters encrypted attrs (#3722) --- include/ClusterPool.h | 4 +++- include/ClusterTemplate.h | 27 ++++++++++++++++++++++++++- include/DatastorePool.h | 4 +++- include/DatastoreTemplate.h | 26 ++++++++++++++++++++++++++ share/etc/oned.conf | 4 ++++ src/cluster/ClusterPool.cc | 8 +++++++- src/cluster/ClusterTemplate.cc | 22 ++++++++++++++++++++++ src/cluster/SConstruct | 3 ++- src/datastore/DatastorePool.cc | 7 ++++++- src/datastore/DatastoreTemplate.cc | 22 ++++++++++++++++++++++ src/datastore/SConstruct | 3 ++- src/host/HostTemplate.cc | 1 - src/nebula/Nebula.cc | 10 ++++++++-- 13 files changed, 131 insertions(+), 10 deletions(-) create mode 100644 src/cluster/ClusterTemplate.cc create mode 100644 src/datastore/DatastoreTemplate.cc diff --git a/include/ClusterPool.h b/include/ClusterPool.h index 183ef1ff50..f6a441e6a0 100644 --- a/include/ClusterPool.h +++ b/include/ClusterPool.h @@ -26,7 +26,9 @@ using namespace std; class ClusterPool : public PoolSQL { public: - ClusterPool(SqlDB * db, const VectorAttribute * vnc_conf); + ClusterPool(SqlDB * db, + const VectorAttribute * vnc_conf, + vector& encrypted_attrs); ~ClusterPool(){}; diff --git a/include/ClusterTemplate.h b/include/ClusterTemplate.h index e1b95dff7f..9433f36197 100644 --- a/include/ClusterTemplate.h +++ b/include/ClusterTemplate.h @@ -31,8 +31,33 @@ public: Template(false,'=',"TEMPLATE"){}; ~ClusterTemplate(){}; -}; + ClusterTemplate(ClusterTemplate& ct):Template(ct){}; + + // ------------------------------------------------------------------------- + // Encrypted attributes interface implementation + // ------------------------------------------------------------------------- + virtual void encrypt(const std::string& one_key) + { + Template::encrypt(one_key, encrypted); + } + + virtual void decrypt(const std::string& one_key) + { + Template::decrypt(one_key, encrypted); + } + + static void parse_encrypted(vector& ea) + { + Template::parse_encrypted(ea, encrypted); + } + +private: + /** + * Encrypted attribute list for ClusterTemplates + */ + static std::map > encrypted; +}; /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ diff --git a/include/DatastorePool.h b/include/DatastorePool.h index b9cdd32df6..4c76021cfa 100644 --- a/include/DatastorePool.h +++ b/include/DatastorePool.h @@ -26,7 +26,9 @@ using namespace std; class DatastorePool : public PoolSQL { public: - DatastorePool(SqlDB * db, const vector& _inherit_attrs); + DatastorePool(SqlDB * db, + const vector& _inherit_attrs, + vector& encrypted_attrs); ~DatastorePool(){}; diff --git a/include/DatastoreTemplate.h b/include/DatastoreTemplate.h index 85d450e88a..60559d0759 100644 --- a/include/DatastoreTemplate.h +++ b/include/DatastoreTemplate.h @@ -31,6 +31,32 @@ public: Template(false,'=',"TEMPLATE"){}; ~DatastoreTemplate(){}; + + DatastoreTemplate(DatastoreTemplate& dt):Template(dt){}; + + // ------------------------------------------------------------------------- + // Encrypted attributes interface implementation + // ------------------------------------------------------------------------- + virtual void encrypt(const std::string& one_key) + { + Template::encrypt(one_key, encrypted); + } + + virtual void decrypt(const std::string& one_key) + { + Template::decrypt(one_key, encrypted); + } + + static void parse_encrypted(vector& ea) + { + Template::parse_encrypted(ea, encrypted); + } + +private: + /** + * Encrypted attribute list for DatastoreTemlpates + */ + static std::map > encrypted; }; /* -------------------------------------------------------------------------- */ diff --git a/share/etc/oned.conf b/share/etc/oned.conf index 64c3ab8880..bd41599065 100644 --- a/share/etc/oned.conf +++ b/share/etc/oned.conf @@ -1072,6 +1072,10 @@ HOST_ENCRYPTED_ATTR = "VCENTER_PASSWORD" HOST_ENCRYPTED_ATTR = "NSX_PASSWORD" HOST_ENCRYPTED_ATTR = "ONE_PASSWORD" +# CLUSTER_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN" + +# DATASTORE_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN" + # VM_ENCRYPTED_ATTR = "PACKET_TOKEN # VM_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN diff --git a/src/cluster/ClusterPool.cc b/src/cluster/ClusterPool.cc index fdddbb8bfc..925294ffc0 100644 --- a/src/cluster/ClusterPool.cc +++ b/src/cluster/ClusterPool.cc @@ -17,6 +17,7 @@ #include "ClusterPool.h" #include "Nebula.h" #include "NebulaLog.h" +#include "ClusterTemplate.h" #include @@ -35,7 +36,9 @@ const int ClusterPool::DEFAULT_CLUSTER_ID = 0; /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -ClusterPool::ClusterPool(SqlDB * db, const VectorAttribute * _vnc_conf): +ClusterPool::ClusterPool(SqlDB * db, + const VectorAttribute * _vnc_conf, + vector& encrypted_attrs): PoolSQL(db, Cluster::table), vnc_conf(_vnc_conf) { ostringstream oss; @@ -76,6 +79,9 @@ ClusterPool::ClusterPool(SqlDB * db, const VectorAttribute * _vnc_conf): set_lastOID(99); } + // Parse encrypted attributes + ClusterTemplate::parse_encrypted(encrypted_attrs); + return; error_bootstrap: diff --git a/src/cluster/ClusterTemplate.cc b/src/cluster/ClusterTemplate.cc new file mode 100644 index 0000000000..bccec5c8ae --- /dev/null +++ b/src/cluster/ClusterTemplate.cc @@ -0,0 +1,22 @@ +/* -------------------------------------------------------------------------- */ +/* Copyright 2002-2019, OpenNebula Project, OpenNebula Systems */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ +/* not use this file except in compliance with the License. You may obtain */ +/* a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ +/* See the License for the specific language governing permissions and */ +/* limitations under the License. */ +/* -------------------------------------------------------------------------- */ + +#include "ClusterTemplate.h" + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ + +std::map > ClusterTemplate::encrypted; diff --git a/src/cluster/SConstruct b/src/cluster/SConstruct index 50dd220a48..6d8499a7ca 100644 --- a/src/cluster/SConstruct +++ b/src/cluster/SConstruct @@ -23,7 +23,8 @@ lib_name='nebula_cluster' # Sources to generate the library source_files=[ 'ClusterPool.cc', - 'Cluster.cc' + 'Cluster.cc', + 'ClusterTemplate.cc' ] # Build library diff --git a/src/datastore/DatastorePool.cc b/src/datastore/DatastorePool.cc index 45b028f874..94feb1db25 100644 --- a/src/datastore/DatastorePool.cc +++ b/src/datastore/DatastorePool.cc @@ -17,6 +17,7 @@ #include "DatastorePool.h" #include "Nebula.h" #include "NebulaLog.h" +#include "DatastoreTemplate.h" #include @@ -40,7 +41,8 @@ const int DatastorePool::FILE_DS_ID = 2; DatastorePool::DatastorePool( SqlDB * db, - const vector& _inherit_attrs) : + const vector& _inherit_attrs, + vector& encrypted_attrs) : PoolSQL(db, Datastore::table) { @@ -163,6 +165,9 @@ DatastorePool::DatastorePool( set_lastOID(99); } + // Parse encrypted attributes + DatastoreTemplate::parse_encrypted(encrypted_attrs); + return; error_bootstrap: diff --git a/src/datastore/DatastoreTemplate.cc b/src/datastore/DatastoreTemplate.cc new file mode 100644 index 0000000000..89adfbb891 --- /dev/null +++ b/src/datastore/DatastoreTemplate.cc @@ -0,0 +1,22 @@ +/* -------------------------------------------------------------------------- */ +/* Copyright 2002-2019, OpenNebula Project, OpenNebula Systems */ +/* */ +/* Licensed under the Apache License, Version 2.0 (the "License"); you may */ +/* not use this file except in compliance with the License. You may obtain */ +/* a copy of the License at */ +/* */ +/* http://www.apache.org/licenses/LICENSE-2.0 */ +/* */ +/* Unless required by applicable law or agreed to in writing, software */ +/* distributed under the License is distributed on an "AS IS" BASIS, */ +/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */ +/* See the License for the specific language governing permissions and */ +/* limitations under the License. */ +/* -------------------------------------------------------------------------- */ + +#include "DatastoreTemplate.h" + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ + +std::map > DatastoreTemplate::encrypted; diff --git a/src/datastore/SConstruct b/src/datastore/SConstruct index f3056f430d..58b7a51ca0 100644 --- a/src/datastore/SConstruct +++ b/src/datastore/SConstruct @@ -23,7 +23,8 @@ lib_name='nebula_datastore' # Sources to generate the library source_files=[ 'DatastorePool.cc', - 'Datastore.cc' + 'Datastore.cc', + 'DatastoreTemplate.cc' ] # Build library diff --git a/src/host/HostTemplate.cc b/src/host/HostTemplate.cc index 483a454de4..f2f16bd119 100644 --- a/src/host/HostTemplate.cc +++ b/src/host/HostTemplate.cc @@ -20,4 +20,3 @@ /* -------------------------------------------------------------------------- */ std::map > HostTemplate::encrypted; - diff --git a/src/nebula/Nebula.cc b/src/nebula/Nebula.cc index d59ab3c013..a19e845901 100644 --- a/src/nebula/Nebula.cc +++ b/src/nebula/Nebula.cc @@ -532,10 +532,13 @@ void Nebula::start(bool bootstrap_only) { /* -------------------------- Cluster Pool -------------------------- */ const VectorAttribute * vnc_conf; + vector cluster_encrypted_attrs; + + nebula_configuration->get("CLUSTER_ENCRYPTED_ATTR", cluster_encrypted_attrs); vnc_conf = nebula_configuration->get("VNC_PORTS"); - clpool = new ClusterPool(logdb, vnc_conf); + clpool = new ClusterPool(logdb, vnc_conf, cluster_encrypted_attrs); /* --------------------- VirtualMachine Pool ------------------------ */ vector vm_restricted_attrs; @@ -645,6 +648,7 @@ void Nebula::start(bool bootstrap_only) vector img_restricted_attrs; vector inherit_image_attrs; vector inherit_ds_attrs; + vector ds_encrypted_attrs; nebula_configuration->get("DEFAULT_IMAGE_TYPE", image_type); nebula_configuration->get("DEFAULT_DEVICE_PREFIX", device_prefix); @@ -659,7 +663,9 @@ void Nebula::start(bool bootstrap_only) nebula_configuration->get("INHERIT_DATASTORE_ATTR", inherit_ds_attrs); - dspool = new DatastorePool(logdb, inherit_ds_attrs); + nebula_configuration->get("DATASTORE_ENCRYPTED_ATTR", ds_encrypted_attrs); + + dspool = new DatastorePool(logdb, inherit_ds_attrs, ds_encrypted_attrs); /* ----- Document, Zone, VDC, VMTemplate, SG and Makerket Pools ----- */ docpool = new DocumentPool(logdb);