shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-23 22:50:09 +03:00
Code Releases Wiki Activity

Feature #687: ACL string syntax for oneacl

Browse Source
This commit is contained in:
Tino Vázquez 2011-06-30 15:48:08 +02:00
parent 7520a50dd3
commit 19d3db124e
5 changed files with 93 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/cli/etc/oneacl.yaml
View File

@ -1,25 +1,31 @@
---
:ID:
:desc: To which resource owner the rule applies to
:size: 5
:right: true
:USER:
:desc: To which resource owner the rule applies to
:size: 4
:size: 8
:right: true
:RESOURCE_VHNIUTG:
:RES_VHNIUTG:
:desc: Which resource the rule applies to
:size: 16
:size: 11
:RID:
:desc: Resource ID
:size: 4
:size: 5
:right: true
:OPERATION_CDUMIPpTW:
:OPE_CDUMIPpTW:
:desc: Operation to which the rule applies
:size: 19
:size: 13
:right: true
:default:
- :ID
- :USER
- :RESOURCE_VHNIUTG
- :RES_VHNIUTG
- :RID
- :OPERATION_CDUMIPpTW
- :OPE_CDUMIPpTW

53
src/cli/one_helper/oneacl_helper.rb
View File

@ -24,6 +24,43 @@ class OneAclHelper < OpenNebulaHelper::OneHelper
def self.conf_file
"oneacl.yaml"
end
def add_rule(options, arg0, arg1=nil, arg2=nil)
aclp = OpenNebula::AclPool.new( OpenNebula::Client.new() )
if arg2
rc = aclp.addrule( arg0, arg1, arg2 )
else
rc = aclp.addrule_with_str( arg0 )
end
if OpenNebula.is_error?(rc)
[-1, rc.message]
else
if !rc
puts "Rule added" if options[:verbose]
return 0
end
return [-1, rc[:users].message] if OpenNebula.is_error?(rc[:users])
return [-1, rc[:resources].message] if OpenNebula.is_error?(
rc[:resources])
return [-1, rc[:rights].message] if OpenNebula.is_error?(
rc[:rights])
end
end
def delete_rule(id)
acl = OpenNebula::AclPool.new( OpenNebula::Client.new() )
rc = acl.delrule( id )
if OpenNebula.is_error?(rc)
[-1, rc.message]
else
puts "Rule deleted" if options[:verbose]
0
end
end
private
@ -92,27 +129,33 @@ class OneAclHelper < OpenNebulaHelper::OneHelper
config_file=self.class.table_conf
table=CLIHelper::ShowTable.new(config_file, self) do
column :ID, "Rule Identifier",
:size=>5 do |d|
d['ID']
end
column :USER, "To which resource owner the rule applies to",
:size=>4 do |d|
:size=>8 do |d|
d['STRING'].split(" ")[0]
end
column :RESOURCE_VHNIUTG, "Resource to which the rule applies" do |d|
column :RES_VHNIUTG, "Resource to which the rule applies" do |d|
OneAclHelper::resource_mask d['STRING'].split(" ")[1]
end
column :RID, "Resource ID", :right, :size=>4 do |d|
column :RID, "Resource ID", :right, :size=>8 do |d|
d['STRING'].split(" ")[1].split("/")[1]
end
column :OPERATION_CDUMIPpTW, "Operation to which the rule applies" do |d|
column :OPE_CDUMIPpTW, "Operation to which the rule applies" do |d|
OneAclHelper::right_mask d['STRING'].split(" ")[2]
end
default :USER, :RESOURCE_VHNIUTG, :RID, :OPERATION_CDUMIPpTW
default :ID, :USER, :RESOURCE_VHNIUTG, :RID, :OPERATION_CDUMIPpTW
end
table.show(pool, options)
end
end

27
src/cli/oneacl
View File

@ -54,17 +54,8 @@ cmd = CommandParser::CmdParser.new(ARGV) do
Adds a new ACL rule
EOT
command :addrule, addrule_desc, :user, :resource, :rights do
acl = OpenNebula::AclPool.new( OpenNebula::Client.new() )
rc = acl.addrule( args[0], args[1], args[2] )
if OpenNebula.is_error?(rc)
[-1, rc.message]
else
puts "Rule added" if options[:verbose]
0
end
command :addrule, addrule_desc, [:user,:rulestr], [:resource, nil], [:rights, nil] do
helper.add_rule(options, args[0], args[1], args[2] )
end
delrule_desc = <<-EOT.unindent
@ -72,17 +63,7 @@ cmd = CommandParser::CmdParser.new(ARGV) do
EOT
command :delrule, delrule_desc, :id do
acl = OpenNebula::Acl.new( OpenNebula::Client.new() )
rc = acl.delrule( args[0] )
if OpenNebula.is_error?(rc)
[-1, rc.message]
else
puts "Rule deleted" if options[:verbose]
0
end
helper.delete_rule( args[0] )
end
list_desc = <<-EOT.unindent
@ -90,6 +71,6 @@ cmd = CommandParser::CmdParser.new(ARGV) do
EOT
command :list, list_desc,:options=>OpenNebulaHelper::XML do
helper.list_pool(options)
helper.list_pool( options )
end
end

55
src/oca/ruby/OpenNebula/Acl.rb
View File

@ -72,28 +72,16 @@ module OpenNebula
}
def initialize(rule_xml=nil)
def initialize(rule_str=nil)
@content = {
:users => 0,
:resources => 0,
:rights => 0
:users => 0,
:resources => 0,
:rights => 0
}
parse_rule(rule_xml)
parse_rule(rule_str) if rule_str
end
def initialize(users,resources,rights, str)
str=str.split(" ")
@content = {
:users => users,
:resources => resources,
:rights => rights,
:users_str => str.size==3?str[0]:0,
:resources_str => str.size==3?str[1]:0,
:rights_str => str.size==3?str[2]:0
}
end
def set_hex_rule(users,resources,rights)
set_hex_users users
@ -114,21 +102,22 @@ module OpenNebula
end
def set_users(users)
@content[:users] = users.to_s(10)
@content[:users] = users.to_i.to_s(10)
end
def set_resources(resources)
@content[:resources] = resources.to_s(10)
@content[:resources] = resources.to_i.to_s(10)
end
def set_rights(rights)
@content[:rights] = rights.to_s(10)
end
@content[:rights] = rights.to_i.to_s(10)
end
def parse_rule(rule_str)
begin
rule_str = rule_str.split(" ")
parse_users(rule_str[0])
parse_resource(rule_str[1])
parse_resources(rule_str[1])
parse_rights(rule_str[2])
rescue Exception => e
@content[:users] = OpenNebula::Error.new(e.message)
@ -153,15 +142,13 @@ module OpenNebula
return
end
resources[0].each{ |resource|
resources[0].split("+").each{ |resource|
next if !RESOURCES[resource.upcase]
@content[:resources] = @content[:resources]
+ RESOURCES[resource.upcase]
@content[:resources] = @content[:resources] + RESOURCES[resource.upcase].to_i
}
@content[:resources] = @content[:resources] +
calculate_user(resources[1])
calculate_users(resources[1]).to_i
@content[:resources] = @content[:resources].to_s(16)
rescue Exception => e
@ -179,7 +166,7 @@ module OpenNebula
@content[:rights] = @content[:rights] + RIGHTS[right.upcase]
}
@content[:rights] = @content[:rights].to_s(16)
@content[:rights] = @content[:rights].to_i.to_s(16)
rescue Exception => e
@content[:rights] = OpenNebula::Error.new(e.message)
end
@ -187,20 +174,22 @@ module OpenNebula
def calculate_users(users_str)
if users == "*"
if users_str == "*"
return USERS["ALL"]
end
value = 0
value = 0
case users[0..0]
case users_str[0..0]
when "#"
value = USERS["UID"]
when "@"
value = USERS["GID"]
end
users_value = users_str[1..-1].to_i + value
return value + users[1..-1].to_i
return users_value.to_i.to_s(16)
end
def users

12
src/oca/ruby/OpenNebula/AclPool.rb
View File

@ -68,12 +68,14 @@ module OpenNebula
# Adds a new ACL rule.
#
# +rule+ Rule class
def addrule_with_class(rule)
# +rule+ Rule tring
def addrule_with_str(rule_str)
rule = Acl.new rule_str
return rule.error if rule.is_error?
rc = @client.call( ACL_POOL_METHODS[:addrule],
rule.user,
rule.users,
rule.resources,
rule.rights )
@ -98,10 +100,6 @@ module OpenNebula
return rc
end
#######################################################################
# Helpers
#######################################################################
private
end