diff --git a/src/cli/etc/oneacl.yaml b/src/cli/etc/oneacl.yaml new file mode 100644 index 0000000000..e53a1bad8e --- /dev/null +++ b/src/cli/etc/oneacl.yaml @@ -0,0 +1,25 @@ +--- +:USER: + :desc: To which resource owner the rule applies to + :size: 4 + :right: true + +:RESOURCE_VHNIUTG: + :desc: Which resource the rule applies to + :size: 16 + +:RID: + :desc: Resource ID + :size: 4 + :right: true + +:OPERATION_CDUMIPpTW: + :desc: Operation to which the rule applies + :size: 19 + :right: true + +:default: +- :USER +- :RESOURCE_VHNIUTG +- :RID +- :OPERATION_CDUMIPpTW diff --git a/src/cli/one_helper/oneacl_helper.rb b/src/cli/one_helper/oneacl_helper.rb new file mode 100644 index 0000000000..916d4be256 --- /dev/null +++ b/src/cli/one_helper/oneacl_helper.rb @@ -0,0 +1,118 @@ +# -------------------------------------------------------------------------- # +# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +require 'one_helper' + +class OneAclHelper < OpenNebulaHelper::OneHelper + def self.rname + "ACL" + end + + def self.conf_file + "oneacl.yaml" + end + + private + + def factory_pool(filter) + OpenNebula::AclPool.new(@client) + end + + # TODO check that @content[:resources_str] is valid + def self.resource_mask(str) + resource_type=str.split("/")[0] + + mask = "-------" + + resource_type.split("+").each{|type| + case type + when "VM" + mask[0] = "V" + when "HOST" + mask[1] = "H" + when "NET" + mask[2] = "N" + when "IMAGE" + mask[3] = "I" + when "USER" + mask[4] = "U" + when "TEMPLATE" + mask[5] = "T" + when "GROUP" + mask[6] = "G" + end + } + mask + end + + # TODO check that @content[:resources_str] is valid + def self.right_mask(str) + mask = "---------" + + str.split("+").each{|type| + case type + when "CREATE" + mask[0] = "C" + when "DELETE" + mask[1] = "D" + when "USE" + mask[2] = "U" + when "MANAGE" + mask[3] = "M" + when "INFO" + mask[4] = "I" + when "INFO_POOL" + mask[5] = "P" + when "INFO_POOL_MINE" + mask[6] = "p" + when "INSTANTIATE" + mask[8] = "T" + when "CHOWN" + mask[9] = "W" + end + } + + mask + end + + def format_pool(pool, options, top=false) + config_file=self.class.table_conf + + table=CLIHelper::ShowTable.new(config_file, self) do + column :USER, "To which resource owner the rule applies to", + :size=>4 do |d| + d['STRING'].split(" ")[0] + end + + column :RESOURCE_VHNIUTG, "Resource to which the rule applies" do |d| + OneAclHelper::resource_mask d['STRING'].split(" ")[1] + end + + column :RID, "Resource ID", :right, :size=>4 do |d| + d['STRING'].split(" ")[1].split("/")[1] + end + + column :OPERATION_CDUMIPpTW, "Operation to which the rule applies" do |d| + OneAclHelper::right_mask d['STRING'].split(" ")[2] + end + + default :USER, :RESOURCE_VHNIUTG, :RID, :OPERATION_CDUMIPpTW + end + + table.show(pool, options) + + end +end \ No newline at end of file diff --git a/src/cli/oneacl b/src/cli/oneacl index 318284dae1..d4001ffac1 100755 --- a/src/cli/oneacl +++ b/src/cli/oneacl @@ -28,11 +28,13 @@ $: << RUBY_LIB_LOCATION $: << RUBY_LIB_LOCATION+"/cli" require 'command_parser' -require 'one_helper' +require 'one_helper/oneacl_helper' cmd = CommandParser::CmdParser.new(ARGV) do usage "oneacl COMMAND [args..] [options..]" version OpenNebulaHelper::ONE_VERSION + + helper = OneAclHelper.new ######################################################################## # Global Options @@ -53,7 +55,7 @@ cmd = CommandParser::CmdParser.new(ARGV) do EOT command :addrule, addrule_desc, :user, :resource, :rights do - acl = OpenNebula::Acl.new( OpenNebula::Client.new() ) + acl = OpenNebula::AclPool.new( OpenNebula::Client.new() ) rc = acl.addrule( args[0], args[1], args[2] ) @@ -88,15 +90,6 @@ cmd = CommandParser::CmdParser.new(ARGV) do EOT command :list, list_desc,:options=>OpenNebulaHelper::XML do - acl = OpenNebula::Acl.new( OpenNebula::Client.new() ) - - rc = acl.info() - - if OpenNebula.is_error?(rc) - [-1, rc.message] - else - puts acl.to_xml - 0 - end + helper.list_pool(options) end end diff --git a/src/oca/ruby/OpenNebula.rb b/src/oca/ruby/OpenNebula.rb index 98f2bcec04..c536eefe7a 100644 --- a/src/oca/ruby/OpenNebula.rb +++ b/src/oca/ruby/OpenNebula.rb @@ -40,6 +40,7 @@ require 'OpenNebula/TemplatePool' require 'OpenNebula/Group' require 'OpenNebula/GroupPool' require 'OpenNebula/Acl' +require 'OpenNebula/AclPool' module OpenNebula diff --git a/src/oca/ruby/OpenNebula/Acl.rb b/src/oca/ruby/OpenNebula/Acl.rb index f61bbed424..52698f1d9a 100644 --- a/src/oca/ruby/OpenNebula/Acl.rb +++ b/src/oca/ruby/OpenNebula/Acl.rb @@ -14,91 +14,7 @@ # limitations under the License. # #--------------------------------------------------------------------------- # -require 'OpenNebula/Pool' - module OpenNebula - class Acl < XMLElement - - ####################################################################### - # Constants and Class Methods - ####################################################################### - ACL_METHODS = { - :info => "acl.info", - :addrule => "acl.addrule", - :delrule => "acl.delrule" - } - - ####################################################################### - # Class constructor - ####################################################################### - def initialize(client) - @client = client - end - - ####################################################################### - # XML-RPC Methods - ####################################################################### - - # Retrieves the ACL rule set - def info() - rc = @client.call( ACL_METHODS[:info] ) - - if !OpenNebula.is_error?(rc) - initialize_xml(rc, 'ACL') - rc = nil - end - - return rc - end - - # Adds a new ACL rule. - # - # +user+ A hex number, e.g. 0x100000001 - # +resource+ A hex number, e.g. 0x2100000001 - # +rights+ A hex number, e.g. 0x10 - def addrule(user, resource, rights) - rc = @client.call( ACL_METHODS[:addrule], user, resource, rights ) - - rc = nil if !OpenNebula.is_error?(rc) - - return rc - end - - # Adds a new ACL rule. - # - # +rule+ Rule class - def addrule(rule) - return rule.error if rule.is_error? - - rc = @client.call( ACL_METHODS[:addrule], rule.user, - user.resources, - user.rights ) - - rc = nil if !OpenNebula.is_error?(rc) - - return rc - end - - # Deletes an existing ACL rule. - # - # +id+ Rule id - def delrule(id) - rc = @client.call( ACL_METHODS[:delrule], id.to_i ) - - rc = nil if !OpenNebula.is_error?(rc) - - return rc - end - - ####################################################################### - # Helpers - ####################################################################### - - private - - end - - # Abstract rules of the type USER RESOURCE RIGHTS # which are: # USER -> # @@ -123,7 +39,7 @@ module OpenNebula # INFO_POOL_MINE # INSTANTIATE # CHOWN - class Rule + class Acl USERS = { "UID" => 4294967296, @@ -156,14 +72,27 @@ module OpenNebula } - def initialize(rule_str=nil) + def initialize(rule_xml=nil) @content = { :users => 0, :resources => 0, :rights => 0 } - parse_rule(rule_str) if rule_str + parse_rule(rule_xml) + end + + def initialize(users,resources,rights, str) + str=str.split(" ") + + @content = { + :users => users, + :resources => resources, + :rights => rights, + :users_str => str.size==3?str[0]:0, + :resources_str => str.size==3?str[1]:0, + :rights_str => str.size==3?str[2]:0 + } end def set_hex_rule(users,resources,rights) @@ -184,6 +113,17 @@ module OpenNebula @content[:rights] = rights end + def set_users(users) + @content[:users] = users.to_s(10) + end + + def set_resources(resources) + @content[:resources] = resources.to_s(10) + end + + def set_rights(rights) + @content[:rights] = rights.to_s(10) + end def parse_rule(rule_str) begin rule_str = rule_str.split(" ") @@ -278,7 +218,10 @@ module OpenNebula def is_error? OpenNebula.is_error?(@content[:users]) || OpenNebula.is_error?(@content[:resources]) || - OpenNebula.is_error?(@content[:rights]) + OpenNebula.is_error?(@content[:rights]) || + @content[:users] == 0 || + @content[:resources] == 0 || + @content[:rights] == 0 end def error @@ -286,6 +229,6 @@ module OpenNebula return part if OpenNebula.is_error?(part) } end - + end end diff --git a/src/oca/ruby/OpenNebula/AclPool.rb b/src/oca/ruby/OpenNebula/AclPool.rb new file mode 100644 index 0000000000..8b49b898c5 --- /dev/null +++ b/src/oca/ruby/OpenNebula/AclPool.rb @@ -0,0 +1,109 @@ +# -------------------------------------------------------------------------- # +# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +require 'OpenNebula/Pool' + +module OpenNebula + class AclPool < Pool + + ####################################################################### + # Constants and Class Methods + ####################################################################### + ACL_POOL_METHODS = { + :info => "acl.info", + :addrule => "acl.addrule", + :delrule => "acl.delrule" + } + + ####################################################################### + # Class constructor + ####################################################################### + def initialize(client) + super('ACL_POOL','ACL',client) + end + + def factory(element_xml) + acl=REXML::Document.new(element_xml).root + OpenNebula::Acl.new(acl['USER'], acl['RESOURCE'], acl['RIGHTS']) + end + + ####################################################################### + # XML-RPC Methods + ####################################################################### + + # Retrieves the ACL Pool + def info() + # Retrieves all the Acls in the pool. + super(ACL_POOL_METHODS[:info]) + end + + # Adds a new ACL rule. + # + # +user+ A hex number, e.g. 0x100000001 + # +resource+ A hex number, e.g. 0x2100000001 + # +rights+ A hex number, e.g. 0x10 + def addrule(user, resource, rights) + rc = @client.call( ACL_POOL_METHODS[:addrule], + user, + resource, + rights ) + + rc = nil if !OpenNebula.is_error?(rc) + + return rc + end + + # Adds a new ACL rule. + # + # +rule+ Rule class + def addrule_with_class(rule) + return rule.error if rule.is_error? + + rc = @client.call( ACL_POOL_METHODS[:addrule], + rule.user, + rule.resources, + rule.rights ) + + rc = nil if !OpenNebula.is_error?(rc) + + return rc + end + + # Deletes an existing ACL rule. + # + # +user+ A hex number, e.g. 0x100000001 + # +resource+ A hex number, e.g. 0x2100000001 + # +rights+ A hex number, e.g. 0x10 + def delrule(user, resource, rights) + rc = @client.call( ACL_POOL_METHODS[:delrule], + user, + resource, + rights ) + + rc = nil if !OpenNebula.is_error?(rc) + + return rc + end + + ####################################################################### + # Helpers + ####################################################################### + + private + + end + +end