diff --git a/src/authm_mad/remotes/quota/authorize b/src/authm_mad/remotes/quota/authorize deleted file mode 100755 index 19c0ca02f4..0000000000 --- a/src/authm_mad/remotes/quota/authorize +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env ruby - -# -------------------------------------------------------------------------- # -# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); you may # -# not use this file except in compliance with the License. You may obtain # -# a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -#--------------------------------------------------------------------------- # - -ONE_LOCATION=ENV["ONE_LOCATION"] - -if !ONE_LOCATION - RUBY_LIB_LOCATION="/usr/lib/one/ruby" - ETC_LOCATION="/etc/one/" -else - RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby" - ETC_LOCATION=ONE_LOCATION+"/etc/" -end - -$: << RUBY_LIB_LOCATION - -require 'scripts_common' -require 'quota' - -user_id = ARGV.shift - -overall_evalutation = ARGV.pop -exit -1 if overall_evalutation == 0 - -quota = Quota.new - -#q = { -# :cpu => 10, -# :memory => 2048, -# :storage => 100000, -# :num_vms => 5 -#} -# -#quota.set(1, q) -#OpenNebula.log_debug("quotas: #{quota.get(1)}") - -ARGV.each {|request| - rc = quota.check_request(user_id, request) - - if rc - OpenNebula.error_message rc - exit -1 - end -} - -#OpenNebula.log_debug("AUTHORIZE ARGS: #{ARGV.join(' ')}") - -exit 0 \ No newline at end of file diff --git a/src/authm_mad/remotes/quota/one_usage.rb b/src/authm_mad/remotes/quota/one_usage.rb deleted file mode 100644 index 0d83e684d2..0000000000 --- a/src/authm_mad/remotes/quota/one_usage.rb +++ /dev/null @@ -1,124 +0,0 @@ -# -------------------------------------------------------------------------- # -# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); you may # -# not use this file except in compliance with the License. You may obtain # -# a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -#--------------------------------------------------------------------------- # - -require 'OpenNebula' - -# This class retrieves and caches vms and its consuption grouped -# by users. 'update_user' method should be called to fill data for -# a user before any calculation is made -class OneUsage - VM_USAGE = { - :cpu => { - :proc_info => lambda {|template| template['CPU']}, - :xpath => 'TEMPLATE/CPU' - }, - :memory => { - :proc_info => lambda {|template| template['MEMORY']}, - :xpath => 'TEMPLATE/MEMORY' - }, - :num_vms => { - :proc_info => lambda {|template| 1 }, - :xpath => 'ID', - :count => true - } - } - - IMAGE_USAGE = { - :storage => { - :proc_info => lambda {|template| File.size(template['PATH']) }, - :proc_total => 'TEMPLATE/SIZE' - } - } - - RESOURCES = ["VM", "IMAGE"] - - def initialize() - @client = OpenNebula::Client.new - @usage = Hash.new - end - - def total(user_id, resource=nil, force=false) - usage = Hash.new - - if force - resources = [resource] if RESOURCES.include?(resource) - - resources.each{ |res| - pool = get_pool(res, user_id) - - base_xpath = "/#{res}_POOL/#{resource}" - OneUsage.const_get("#{res}_USAGE".to_sym).each { |key, params| - usage[key] ||= 0 - pool.each_xpath("#{base_xpath}/#{params[:xpath]}") { |elem| - usage[key] += params[:count] ? 1 : elem.to_i - } - } - - @usage[:user_id] ||= Hash.new - @usage[:user_id].merge!(usage) - } - else - usage = get_usage(user_id) - end - - usage - end - - # Retrieve the useful information of the template for the specified - # kind of resource - def get_resources(resource, xml_template) - template = OpenNebula::XMLElement.new - template.initialize_xml(xml_template, 'TEMPLATE') - - info = Hash.new - - self.class.const_get("#{resource}_USAGE").each { |key, params| - info[key] = params[:proc_info].call(template).to_i - } - - info - end - - private - - def get_usage(user_id) - usage = @usage[:user_id] - - unless usage - usage = Hash.new - - keys = VM_USAGE.keys + IMAGE_USAGE.keys - keys.each { |key| - usage[key] = 0 - } - - @usage[:user_id] = usage - end - - usage - end - - # Returns a an Array than contains the elements of the resource Pool - def get_pool(resource, user_id) - pool = case resource - when "VM" then OpenNebula::VirtualMachinePool.new(@client, user_id) - when "IMAGE" then OpenNebula::ImagePool.new(@client, user_id) - end - - rc = pool.info - return pool - end -end diff --git a/src/authm_mad/remotes/quota/quota.rb b/src/authm_mad/remotes/quota/quota.rb deleted file mode 100644 index e46a7eb7f9..0000000000 --- a/src/authm_mad/remotes/quota/quota.rb +++ /dev/null @@ -1,155 +0,0 @@ -# -------------------------------------------------------------------------- # -# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); you may # -# not use this file except in compliance with the License. You may obtain # -# a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -#--------------------------------------------------------------------------- # - -require 'one_usage' -require 'sequel' -require 'base64' - -# Quota functionality for auth driver. Stores in database limits for each -# user and using OneUsage is able to retrieve resource usage from -# OpenNebula daemon and check if it is below limits -class Quota - attr_accessor :defaults - - TABLE_NAME = :quotas - - DB_QUOTA_SCHEMA = { - :cpu => Float, - :memory => Integer, - :num_vms => Integer, - :storage => Integer - } - - CONF = { - :db => "sqlite:///tmp/onequota.db", - :defaults => { - :cpu => nil, - :memory => nil, - :num_vms => nil, - :storage => nil - } - } - - # 'db' is a Sequel database where to store user limits and client - # is OpenNebula::Client used to connect to OpenNebula daemon - def initialize(conf={}) - # TBD merge with the conf file - @conf=CONF - - @defaults=@conf[:defaults] - - @db=Sequel.connect(@conf[:db]) - - create_table - @table=@db[TABLE_NAME] - - @one_usage=OneUsage.new - end - - ########################################################################### - # DB handling - ########################################################################### - - # Creates database quota table if it does not exist - def create_table - @db.create_table?(TABLE_NAME) do - Integer :uid - - DB_QUOTA_SCHEMA.each { |key,value| - column key, value - } - - primary_key :uid - index :uid - end - end - - # Adds new user limits - def set(uid, quota={}) - data=quota.delete_if{|key,value| !DB_QUOTA_SCHEMA.keys.include?(key)} - - quotas=@table.filter(:uid => uid) - - if quotas.first - quotas.update(data) - else - @table.insert(data.merge!(:uid => uid)) - end - end - - # Gets user limits - def get(uid) - limit=@table.filter(:uid => uid).first - if limit - limit - else - @conf[:defaults] - end - end - - - ########################################################################### - # Authorization - ########################################################################### - - def check_request(user_id, request) - obj, template_or_id, op, owner, pub, acl_eval = request.split(':') - - if acl_eval == 0 - return "ACL evaluation denied" - end - - # Check if this op needs to check the quota - return false unless with_quota?(obj, op) - - # If the object is a template the info should be retrived from the - # VM pool. - obj = "VM" if obj == "TEMPLATE" - template = Base64::decode64(template_or_id) - - check_quotas(user_id.to_i, obj, template) - end - - def check_quotas(user_id, obj, template) - info = @one_usage.get_resources(obj, template) - total = @one_usage.total(obj, user_id) - quota = get(user_id) - - msg = "" - info.each { |quota_name, quota_requested| - spent = total[quota_name].to_i + quota_requested.to_i - if quota[quota_name] && spent > quota[quota_name].to_i - msg << " #{quota_name.to_s.upcase} quota exceeded " - msg << "(Quota: #{quota[quota_name].to_i}, " - msg << "Used: #{spent.to_i}, " - msg << "Asked: #{quota_requested.to_i})." - end - } - - if msg=="" - return false - else - return msg.strip - end - end - - def with_quota?(obj, op) - return (obj == "VM" && op == "CREATE") || - (obj == "IMAGE" && op == "CREATE") || - (obj == "TEMPLATE" && op == "INSTANTIATE") - end -end -