Delete delta_token_expiration parameter from Cloud conf files

2025-03-21 14:50:08 +03:00 · 2011-12-02 18:33:11 +01:00 · 2011-12-02 18:33:11 +01:00 · 487ec888b5
commit 487ec888b5
parent 8239c283d3
8 changed files with 25 additions and 23 deletions
--- a/src/cloud/common/CloudAuth.rb
+++ b/src/cloud/common/CloudAuth.rb
@ -33,7 +33,8 @@ class CloudAuth

    # Default interval for timestamps. Tokens will be generated using the same
    # timestamp for this interval of time.
-    EXPIRE_DELTA = 36000
+    # THIS VALUE CANNOT BE LOWER THAN EXPIRE_MARGIN
+    EXPIRE_DELTA = 1800

    # Tokens will be generated if time > EXPIRE_TIME - EXPIRE_MARGIN
    EXPIRE_MARGIN = 300
@ -44,11 +45,7 @@ class CloudAuth
    def initialize(conf)
        @conf = conf

-        # @token_expiration_delta:  Number of seconds that will be used
-        #   the same timestamp for the token generation
-        # @token_expiration_time:   Current timestamp to be used in tokens.
-        @token_expiration_delta = @conf[:token_expiration_delta] || EXPIRE_DELTA
-        @token_expiration_time = Time.now.to_i + @token_expiration_delta
+        @token_expiration_time = Time.now.to_i + EXPIRE_DELTA

        if AUTH_MODULES.include?(@conf[:auth])
            require 'CloudAuth/' + AUTH_MODULES[@conf[:auth]]
@ -90,13 +87,24 @@ class CloudAuth
        end
    end

+    def auth(env, params={})
+        username = do_auth(env, params)
+
+        if username.nil?
+            update_userpool_cache
+            do_auth(env, params)
+        else
+            username
+        end
+    end
+
    protected

    def expiration_time
        time_now = Time.now.to_i

        if time_now > @token_expiration_time - EXPIRE_MARGIN
-            @token_expiration_time = time_now + @token_expiration_delta
+            @token_expiration_time = time_now + EXPIRE_DELTA
            update_userpool_cache
        end

--- a/src/cloud/common/CloudAuth/EC2CloudAuth.rb
+++ b/src/cloud/common/CloudAuth/EC2CloudAuth.rb
@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #

 module EC2CloudAuth
-    def auth(env, params={})
+    def do_auth(env, params={})
        username = params['AWSAccessKeyId']
        one_pass = get_password(username)
        return nil unless one_pass
--- a/src/cloud/common/CloudAuth/OCCICloudAuth.rb
+++ b/src/cloud/common/CloudAuth/OCCICloudAuth.rb
@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #

 module OCCICloudAuth
-    def auth(env, params={})
+    def do_auth(env, params={})
        auth = Rack::Auth::Basic::Request.new(env)

        if auth.provided? && auth.basic?
@ -28,6 +28,6 @@ module OCCICloudAuth
            end
        end

-        return nil 
-    end 
+        return nil
+    end
 end
--- a/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb
+++ b/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb
@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #

 module SunstoneCloudAuth
-    def auth(env, params={})
+    def do_auth(env, params={})
        auth = Rack::Auth::Basic::Request.new(env)

        if auth.provided? && auth.basic?
@ -28,6 +28,6 @@ module SunstoneCloudAuth
            end
        end

-        return nil 
-    end 
+        return nil
+    end
 end
--- a/src/cloud/common/CloudAuth/X509CloudAuth.rb
+++ b/src/cloud/common/CloudAuth/X509CloudAuth.rb
@ -15,7 +15,7 @@
 #--------------------------------------------------------------------------- #

 module X509CloudAuth
-    def auth(env, params={})
+    def do_auth(env, params={})
        # For https, the web service should be set to include the user cert in the environment.
        cert_line   = env['HTTP_SSL_CLIENT_CERT']
        cert_line   = nil if cert_line == '(null)' # For Apache mod_ssl
--- a/src/cloud/ec2/etc/econe.conf
+++ b/src/cloud/ec2/etc/econe.conf
@ -33,8 +33,6 @@
 #   cipher, for symmetric cipher encryption of tokens
 #   x509, for x509 certificate encryption of tokens
 :core_auth: cipher
-# Life-time in seconds for token renewal (that used to handle OpenNebula auths)
-:token_expiration_delta: 1800

 # VM types allowed and its template file (inside templates directory)
 :instance_types:
--- a/src/cloud/occi/etc/occi-server.conf
+++ b/src/cloud/occi/etc/occi-server.conf
@ -36,8 +36,6 @@
 #   cipher, for symmetric cipher encryption of tokens
 #   x509, for x509 certificate encryption of tokens
 :core_auth: cipher
-# Life-time in seconds for token renewal (that used to handle OpenNebula auths)
-:token_expiration_delta: 1800

 # VM types allowed and its template file (inside templates directory)
 :instance_types:
--- a/src/sunstone/etc/sunstone-server.conf
+++ b/src/sunstone/etc/sunstone-server.conf
@ -14,9 +14,7 @@
 #   cipher, for symmetric cipher encryption of tokens
 #   x509, for x509 certificate encryption of tokens
 :core_auth: cipher
-# Life-time in seconds for token renewal (that used to handle OpenNebula auths)
-:token_expiration_delta: 1800
-	
+
 # VNC Configuration
 :vnc_proxy_base_port: 29876
-:novnc_path: 
+:novnc_path: