bug #847: Update EC2Query for the new auth framework

2025-03-21 14:50:08 +03:00 · 2011-10-25 16:36:21 +02:00 · 2011-10-25 16:36:21 +02:00 · 198c60b6a4
commit 198c60b6a4
parent bb4911a50c
5 changed files with 47 additions and 38 deletions
--- a/src/cloud/common/CloudAuth/EC2CloudAuth.rb
+++ b/src/cloud/common/CloudAuth/EC2CloudAuth.rb
@ -18,26 +18,22 @@ module EC2CloudAuth
    def auth(env, params={})
        username = params['AWSAccessKeyId']
        one_pass = get_password(username)
-        return "Invalid credentials" unless one_pass
+        return nil unless one_pass

        signature = case params['SignatureVersion']
            when "1" then signature_v1(params.clone,one_pass)
            when "2" then signature_v2(params.clone,one_pass,env,true,false)
        end

-        if params['Signature'] != signature
-            if params['SignatureVersion']=="2"
-                signature = signature_v2(params.clone,one_pass,env,false,false)
-                if params['Signature'] != signature
-                    return "Invalid Credentials"
-                end
-            else
-                return "Invalid Credentials"
+        if params['Signature'] == signature
+            return username
+        elsif params['SignatureVersion']=="2"
+            signature = signature_v2(params.clone,one_pass,env,false,false)
+            if params['Signature'] == signature
+                return username
            end
        end

-        @token = @server_auth.login_token(username)
-        @client = Client.new(@token, @conf[:one_xmlrpc])
        return nil
    end

--- a/src/cloud/ec2/etc/econe.conf
+++ b/src/cloud/ec2/etc/econe.conf
@ -24,11 +24,16 @@
 # SSL proxy that serves the API (set if is being used)
 #:ssl_server: fqdm.of.the.server

-# Authentication protocol for the econe server:
+# Authentication driver for incomming requests
 #   ec2, default Acess key and Secret key scheme
 #   x509, for x509 certificates based authentication
 :auth: ec2

+# Authentication driver to communicate with OpenNebula core
+:core_auth: cipher
+# Life-time in seconds for token renewal (that used to handle OpenNebula auths)
+:token_expiration_delta: 1800
+
 # VM types allowed and its template file (inside templates directory)
 :instance_types:
  :m1.small:
--- a/src/cloud/ec2/lib/EC2QueryServer.rb
+++ b/src/cloud/ec2/lib/EC2QueryServer.rb
@ -61,18 +61,10 @@ class EC2QueryServer < CloudServer

    ###########################################################################

-    def initialize(config)
+    def initialize(client, config)
        super(config)
-    end
-    
-    def authenticate(env, params)
-        econe_host = @config[:ssl_server]
-        econe_host ||= @config[:server]

-        econe_port = @config[:port]
-
-        params.merge!({:econe_host => econe_host, :econe_port => econe_port})
-        super(env, params)
+        @client = client
    end

    ###########################################################################
@ -80,7 +72,7 @@ class EC2QueryServer < CloudServer
    ###########################################################################

    def upload_image(params)
-        image = ImageEC2.new(Image.build_xml, self.client, params['file'])
+        image = ImageEC2.new(Image.build_xml, @client, params['file'])

        template = image.to_one_template
        if OpenNebula.is_error?(template)
@ -102,7 +94,7 @@ class EC2QueryServer < CloudServer
        # Get the Image ID
        tmp, img=params['ImageLocation'].split('-')

-        image = Image.new(Image.build_xml(img.to_i), self.client)
+        image = Image.new(Image.build_xml(img.to_i), @client)

        # Enable the new Image
        rc = image.info
@ -120,7 +112,7 @@ class EC2QueryServer < CloudServer

    def describe_images(params)
        user_flag = OpenNebula::Pool::INFO_GROUP
-        impool = ImagePool.new(self.client, user_flag)
+        impool = ImagePool.new(@client, user_flag)
        impool.info

        erb_version = params['Version']
@ -159,7 +151,7 @@ class EC2QueryServer < CloudServer
        template_text = template.result(binding)

        # Start the VM.
-        vm = VirtualMachine.new(VirtualMachine.build_xml, self.client)
+        vm = VirtualMachine.new(VirtualMachine.build_xml, @client)

        rc = vm.allocate(template_text)
        if OpenNebula::is_error?(rc)
@ -179,7 +171,7 @@ class EC2QueryServer < CloudServer

    def describe_instances(params)
        user_flag = OpenNebula::Pool::INFO_MINE
-        vmpool = VirtualMachinePool.new(self.client, user_flag)
+        vmpool = VirtualMachinePool.new(@client, user_flag)
        vmpool.info

        erb_version = params['Version']
@ -196,7 +188,7 @@ class EC2QueryServer < CloudServer

        tmp, vmid=vmid.split('-') if vmid[0]==?i

-        vm = VirtualMachine.new(VirtualMachine.build_xml(vmid),self.client)
+        vm = VirtualMachine.new(VirtualMachine.build_xml(vmid),@client)
        rc = vm.info

        return OpenNebula::Error.new('Unsupported'),400 if OpenNebula::is_error?(rc)
--- a/src/cloud/ec2/lib/econe-server.rb
+++ b/src/cloud/ec2/lib/econe-server.rb
@ -43,6 +43,7 @@ require 'sinatra'
 require 'yaml'

 require 'EC2QueryServer'
+require 'CloudAuth'

 include OpenNebula

@ -73,24 +74,34 @@ if CloudServer.is_port_open?(settings.config[:server],
    puts "Port busy, please shutdown the service or move econe server port."
    exit 1
 end
+ 
+set :cloud_auth, CloudAuth.new(settings.config)
+
+econe_host = conf[:ssl_server]
+econe_host ||= conf[:server]
+econe_port = conf[:port]
+    
+set :econe_host, econe_host
+set :econe_port, econe_port

 ##############################################################################
 # Actions
 ##############################################################################

 before do
-    @econe_server = EC2QueryServer.new(settings.config)
-
    begin
-        result = @econe_server.authenticate(request.env, params)
+        params[:econe_host] = settings.econe_host
+        params[:econe_port] = settings.econe_port
+        username = settings.cloud_auth.auth(request.env, params)
    rescue Exception => e
-        # Add a log message
        error 500, error_xml("AuthFailure", 0)
    end

-    if result
-        # Add a log message
-        error 400, error_xml("AuthFailure", 0)
+    if username.nil?
+        error 401, error_xml("AuthFailure", 0)
+    else
+        client = settings.cloud_auth.client(username)
+        @econe_server = EC2QueryServer.new(client, settings.config)
    end
 end

--- a/src/cloud/occi/etc/occi-server.conf
+++ b/src/cloud/occi/etc/occi-server.conf
@ -27,10 +27,15 @@
 # Configuration for OpenNebula's Virtual Networks
 #:bridge: NAME_OF_DEFAULT_BRIDGE

-# Authentication protocol for the OCCI server:
-#   basic, for OpenNebula's user-password scheme
+# Authentication driver for incomming requests
+#   occi, for OpenNebula's user-password scheme
 #   x509, for x509 certificates based authentication
-:auth: basic
+:auth: occi
+
+# Authentication driver to communicate with OpenNebula core
+:core_auth: cipher
+# Life-time in seconds for token renewal (that used to handle OpenNebula auths)
+:token_expiration_delta: 1800

 # VM types allowed and its template file (inside templates directory)
 :instance_types: