shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-02-02 09:47:00 +03:00
Code Releases Wiki Activity

F #1345: Support for Image Encrypted attributes

Browse Source
This commit is contained in:
Ruben S. Montero 2021-02-17 12:56:37 +00:00
parent ba8efa45e1
commit 60dd3a3cce
No known key found for this signature in database
GPG Key ID: A0CEA6FA880A1D87
8 changed files with 49 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/ImagePool.h
View File

@ -41,7 +41,8 @@ public:
const std::string& __default_dev_prefix,
const std::string& __default_cdrom_dev_prefix,
std::vector<const SingleAttribute *>& restricted_attrs,
const std::vector<const SingleAttribute *>& _inherit_image_attrs);
std::vector<const SingleAttribute *>& encrypted_attrs,
const std::vector<const SingleAttribute *>& inherit_attrs);
~ImagePool(){};

23
include/ImageTemplate.h
View File

@ -63,11 +63,34 @@ public:
Template::parse_restricted(ra, restricted);
}
// -------------------------------------------------------------------------
// Encrypted attributes interface implementation
// -------------------------------------------------------------------------
virtual void encrypt(const std::string& one_key)
{
Template::encrypt(one_key, encrypted);
}
virtual void decrypt(const std::string& one_key)
{
Template::decrypt(one_key, encrypted);
}
static void parse_encrypted(std::vector<const SingleAttribute *>& ea)
{
Template::parse_encrypted(ea, encrypted);
}
private:
/**
* Restricted attribute list for ImageTemplates
*/
static std::map<std::string, std::set<std::string> > restricted;
/**
* Encrypted attribute list for ImageTemplates
*/
static std::map<std::string, std::set<std::string> > encrypted;
};
/* -------------------------------------------------------------------------- */

2
share/etc/oned.conf
View File

@ -947,6 +947,8 @@ HOST_ENCRYPTED_ATTR = "ONE_PASSWORD"
# VM_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN
VM_ENCRYPTED_ATTR = "CONTEXT/PASSWORD"
IMAGE_ENCRYPTED_ATTR = "LUKS_PASSWORD"
# VNET_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN
# VNET_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN
# VNET_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN

3
src/cli/oneimage
View File

@ -408,7 +408,8 @@ CommandParser::CmdParser.new(ARGV) do
Shows information for the given Image
EOT
command :show, show_desc, :imageid, :options => OpenNebulaHelper::FORMAT do
command :show, show_desc, :imageid,
:options => [OpenNebulaHelper::FORMAT, OpenNebulaHelper::DECRYPT] do
helper.show_resource(args[0], options)
end

3
src/image/ImagePool.cc
View File

@ -46,6 +46,7 @@ ImagePool::ImagePool(
const string& __default_dev_prefix,
const string& __default_cdrom_dev_prefix,
vector<const SingleAttribute *>& restricted_attrs,
vector<const SingleAttribute *>& encrypted_attrs,
const vector<const SingleAttribute *>& _inherit_attrs)
: PoolSQL(db, one_db::image_table)
{
@ -71,6 +72,8 @@ ImagePool::ImagePool(
}
ImageTemplate::parse_restricted(restricted_attrs);
ImageTemplate::parse_encrypted(encrypted_attrs);
}
/* -------------------------------------------------------------------------- */

5
src/image/ImageTemplate.cc
View File

@ -21,5 +21,6 @@
std::map<std::string, std::set<std::string> > ImageTemplate::restricted;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
std::map<std::string, std::set<std::string> > ImageTemplate::encrypted;

21
src/nebula/Nebula.cc
View File

@ -750,9 +750,12 @@ void Nebula::start(bool bootstrap_only)
string cd_dev_prefix;
vector<const SingleAttribute *> img_restricted_attrs;
vector<const SingleAttribute *> inherit_image_attrs;
vector<const SingleAttribute *> inherit_ds_attrs;
vector<const SingleAttribute *> img_inherit_attrs;
vector<const SingleAttribute *> ds_inherit_attrs;
vector<const SingleAttribute *> ds_encrypted_attrs;
vector<const SingleAttribute *> img_encrypted_attrs;
nebula_configuration->get("DEFAULT_IMAGE_TYPE", image_type);
nebula_configuration->get("DEFAULT_DEVICE_PREFIX", device_prefix);
@ -760,16 +763,16 @@ void Nebula::start(bool bootstrap_only)
nebula_configuration->get("IMAGE_RESTRICTED_ATTR", img_restricted_attrs);
nebula_configuration->get("INHERIT_IMAGE_ATTR", inherit_image_attrs);
ipool = new ImagePool(logdb, image_type, device_prefix, cd_dev_prefix,
img_restricted_attrs, inherit_image_attrs);
nebula_configuration->get("INHERIT_DATASTORE_ATTR", inherit_ds_attrs);
nebula_configuration->get("INHERIT_IMAGE_ATTR", img_inherit_attrs);
nebula_configuration->get("INHERIT_DATASTORE_ATTR", ds_inherit_attrs);
nebula_configuration->get("DATASTORE_ENCRYPTED_ATTR", ds_encrypted_attrs);
nebula_configuration->get("IMAGE_ENCRYPTED_ATTR", img_encrypted_attrs);
dspool = new DatastorePool(logdb, inherit_ds_attrs, ds_encrypted_attrs);
ipool = new ImagePool(logdb, image_type, device_prefix, cd_dev_prefix,
img_restricted_attrs, img_encrypted_attrs, img_inherit_attrs);
dspool = new DatastorePool(logdb, ds_inherit_attrs, ds_encrypted_attrs);
/* ----- Document, Zone, VDC, VMTemplate, SG and Makerket Pools ----- */
vector<const SingleAttribute *> doc_encrypted_attrs;

4
src/oca/ruby/opennebula/image.rb
View File

@ -103,8 +103,8 @@ module OpenNebula
#######################################################################
# Retrieves the information of the given Image.
def info()
super(IMAGE_METHODS[:info], 'IMAGE')
def info(decrypt = false)
super(IMAGE_METHODS[:info], 'IMAGE', decrypt)
end
alias_method :info!, :info