shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-03 01:17:41 +03:00
Code Releases Wiki Activity

F #3064: add datasores clusters encrypted attrs (#3722)

Browse Source
This commit is contained in:
Alejandro Huertas Herrero 2019-09-17 16:18:54 +02:00 committed by Ruben S. Montero
parent e92c43d501
commit 12928399d5
13 changed files with 131 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/ClusterPool.h
View File

@ -26,7 +26,9 @@ using namespace std;
class ClusterPool : public PoolSQL class ClusterPool : public PoolSQL
{ {
public: public:
ClusterPool(SqlDB * db, const VectorAttribute * vnc_conf); ClusterPool(SqlDB * db,
const VectorAttribute * vnc_conf,
vector<const SingleAttribute *>& encrypted_attrs);
~ClusterPool(){}; ~ClusterPool(){};

27
include/ClusterTemplate.h
View File

@ -31,8 +31,33 @@ public:
Template(false,'=',"TEMPLATE"){}; Template(false,'=',"TEMPLATE"){};
~ClusterTemplate(){}; ~ClusterTemplate(){};
};
ClusterTemplate(ClusterTemplate& ct):Template(ct){};
// -------------------------------------------------------------------------
// Encrypted attributes interface implementation
// -------------------------------------------------------------------------
virtual void encrypt(const std::string& one_key)
{
Template::encrypt(one_key, encrypted);
}
virtual void decrypt(const std::string& one_key)
{
Template::decrypt(one_key, encrypted);
}
static void parse_encrypted(vector<const SingleAttribute *>& ea)
{
Template::parse_encrypted(ea, encrypted);
}
private:
/**
* Encrypted attribute list for ClusterTemplates
*/
static std::map<std::string, std::set<std::string> > encrypted;
};
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

4
include/DatastorePool.h
View File

@ -26,7 +26,9 @@ using namespace std;
class DatastorePool : public PoolSQL class DatastorePool : public PoolSQL
{ {
public: public:
DatastorePool(SqlDB * db, const vector<const SingleAttribute *>& _inherit_attrs); DatastorePool(SqlDB * db,
const vector<const SingleAttribute *>& _inherit_attrs,
vector<const SingleAttribute *>& encrypted_attrs);
~DatastorePool(){}; ~DatastorePool(){};

26
include/DatastoreTemplate.h
View File

@ -31,6 +31,32 @@ public:
Template(false,'=',"TEMPLATE"){}; Template(false,'=',"TEMPLATE"){};
~DatastoreTemplate(){}; ~DatastoreTemplate(){};
DatastoreTemplate(DatastoreTemplate& dt):Template(dt){};
// -------------------------------------------------------------------------
// Encrypted attributes interface implementation
// -------------------------------------------------------------------------
virtual void encrypt(const std::string& one_key)
{
Template::encrypt(one_key, encrypted);
}
virtual void decrypt(const std::string& one_key)
{
Template::decrypt(one_key, encrypted);
}
static void parse_encrypted(vector<const SingleAttribute *>& ea)
{
Template::parse_encrypted(ea, encrypted);
}
private:
/**
* Encrypted attribute list for DatastoreTemlpates
*/
static std::map<std::string, std::set<std::string> > encrypted;
}; };
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */

4
share/etc/oned.conf
View File

@ -1072,6 +1072,10 @@ HOST_ENCRYPTED_ATTR = "VCENTER_PASSWORD"
HOST_ENCRYPTED_ATTR = "NSX_PASSWORD" HOST_ENCRYPTED_ATTR = "NSX_PASSWORD"
HOST_ENCRYPTED_ATTR = "ONE_PASSWORD" HOST_ENCRYPTED_ATTR = "ONE_PASSWORD"
# CLUSTER_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN"
# DATASTORE_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN"
# VM_ENCRYPTED_ATTR = "PACKET_TOKEN # VM_ENCRYPTED_ATTR = "PACKET_TOKEN
# VM_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN # VM_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN

8
src/cluster/ClusterPool.cc
View File

@ -17,6 +17,7 @@
#include "ClusterPool.h" #include "ClusterPool.h"
#include "Nebula.h" #include "Nebula.h"
#include "NebulaLog.h" #include "NebulaLog.h"
#include "ClusterTemplate.h"
#include <stdexcept> #include <stdexcept>
@ -35,7 +36,9 @@ const int ClusterPool::DEFAULT_CLUSTER_ID = 0;
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
ClusterPool::ClusterPool(SqlDB * db, const VectorAttribute * _vnc_conf): ClusterPool::ClusterPool(SqlDB * db,
const VectorAttribute * _vnc_conf,
vector<const SingleAttribute *>& encrypted_attrs):
PoolSQL(db, Cluster::table), vnc_conf(_vnc_conf) PoolSQL(db, Cluster::table), vnc_conf(_vnc_conf)
{ {
ostringstream oss; ostringstream oss;
@ -76,6 +79,9 @@ ClusterPool::ClusterPool(SqlDB * db, const VectorAttribute * _vnc_conf):
set_lastOID(99); set_lastOID(99);
} }
// Parse encrypted attributes
ClusterTemplate::parse_encrypted(encrypted_attrs);
return; return;
error_bootstrap: error_bootstrap:

22
src/cluster/ClusterTemplate.cc Normal file
View File

@ -0,0 +1,22 @@
/* -------------------------------------------------------------------------- */
/* Copyright 2002-2019, OpenNebula Project, OpenNebula Systems */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
#include "ClusterTemplate.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
std::map<std::string, std::set<std::string> > ClusterTemplate::encrypted;

3
src/cluster/SConstruct
View File

@ -23,7 +23,8 @@ lib_name='nebula_cluster'
# Sources to generate the library # Sources to generate the library
source_files=[ source_files=[
'ClusterPool.cc', 'ClusterPool.cc',
'Cluster.cc' 'Cluster.cc',
'ClusterTemplate.cc'
] ]
# Build library # Build library

7
src/datastore/DatastorePool.cc
View File

@ -17,6 +17,7 @@
#include "DatastorePool.h" #include "DatastorePool.h"
#include "Nebula.h" #include "Nebula.h"
#include "NebulaLog.h" #include "NebulaLog.h"
#include "DatastoreTemplate.h"
#include <stdexcept> #include <stdexcept>
@ -40,7 +41,8 @@ const int DatastorePool::FILE_DS_ID = 2;
DatastorePool::DatastorePool( DatastorePool::DatastorePool(
SqlDB * db, SqlDB * db,
const vector<const SingleAttribute *>& _inherit_attrs) : const vector<const SingleAttribute *>& _inherit_attrs,
vector<const SingleAttribute *>& encrypted_attrs) :
PoolSQL(db, Datastore::table) PoolSQL(db, Datastore::table)
{ {
@ -163,6 +165,9 @@ DatastorePool::DatastorePool(
set_lastOID(99); set_lastOID(99);
} }
// Parse encrypted attributes
DatastoreTemplate::parse_encrypted(encrypted_attrs);
return; return;
error_bootstrap: error_bootstrap:

22
src/datastore/DatastoreTemplate.cc Normal file
View File

@ -0,0 +1,22 @@
/* -------------------------------------------------------------------------- */
/* Copyright 2002-2019, OpenNebula Project, OpenNebula Systems */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may */
/* not use this file except in compliance with the License. You may obtain */
/* a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, software */
/* distributed under the License is distributed on an "AS IS" BASIS, */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */
/* See the License for the specific language governing permissions and */
/* limitations under the License. */
/* -------------------------------------------------------------------------- */
#include "DatastoreTemplate.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
std::map<std::string, std::set<std::string> > DatastoreTemplate::encrypted;

3
src/datastore/SConstruct
View File

@ -23,7 +23,8 @@ lib_name='nebula_datastore'
# Sources to generate the library # Sources to generate the library
source_files=[ source_files=[
'DatastorePool.cc', 'DatastorePool.cc',
'Datastore.cc' 'Datastore.cc',
'DatastoreTemplate.cc'
] ]
# Build library # Build library

1
src/host/HostTemplate.cc
View File

@ -20,4 +20,3 @@
/* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */
std::map<std::string, std::set<std::string> > HostTemplate::encrypted; std::map<std::string, std::set<std::string> > HostTemplate::encrypted;

10
src/nebula/Nebula.cc
View File

@ -532,10 +532,13 @@ void Nebula::start(bool bootstrap_only)
{ {
/* -------------------------- Cluster Pool -------------------------- */ /* -------------------------- Cluster Pool -------------------------- */
const VectorAttribute * vnc_conf; const VectorAttribute * vnc_conf;
vector<const SingleAttribute *> cluster_encrypted_attrs;
nebula_configuration->get("CLUSTER_ENCRYPTED_ATTR", cluster_encrypted_attrs);
vnc_conf = nebula_configuration->get("VNC_PORTS"); vnc_conf = nebula_configuration->get("VNC_PORTS");
clpool = new ClusterPool(logdb, vnc_conf); clpool = new ClusterPool(logdb, vnc_conf, cluster_encrypted_attrs);
/* --------------------- VirtualMachine Pool ------------------------ */ /* --------------------- VirtualMachine Pool ------------------------ */
vector<const SingleAttribute *> vm_restricted_attrs; vector<const SingleAttribute *> vm_restricted_attrs;
@ -645,6 +648,7 @@ void Nebula::start(bool bootstrap_only)
vector<const SingleAttribute *> img_restricted_attrs; vector<const SingleAttribute *> img_restricted_attrs;
vector<const SingleAttribute *> inherit_image_attrs; vector<const SingleAttribute *> inherit_image_attrs;
vector<const SingleAttribute *> inherit_ds_attrs; vector<const SingleAttribute *> inherit_ds_attrs;
vector<const SingleAttribute *> ds_encrypted_attrs;
nebula_configuration->get("DEFAULT_IMAGE_TYPE", image_type); nebula_configuration->get("DEFAULT_IMAGE_TYPE", image_type);
nebula_configuration->get("DEFAULT_DEVICE_PREFIX", device_prefix); nebula_configuration->get("DEFAULT_DEVICE_PREFIX", device_prefix);
@ -659,7 +663,9 @@ void Nebula::start(bool bootstrap_only)
nebula_configuration->get("INHERIT_DATASTORE_ATTR", inherit_ds_attrs); nebula_configuration->get("INHERIT_DATASTORE_ATTR", inherit_ds_attrs);
dspool = new DatastorePool(logdb, inherit_ds_attrs); nebula_configuration->get("DATASTORE_ENCRYPTED_ATTR", ds_encrypted_attrs);
dspool = new DatastorePool(logdb, inherit_ds_attrs, ds_encrypted_attrs);
/* ----- Document, Zone, VDC, VMTemplate, SG and Makerket Pools ----- */ /* ----- Document, Zone, VDC, VMTemplate, SG and Makerket Pools ----- */
docpool = new DocumentPool(logdb); docpool = new DocumentPool(logdb);