feature #4065: Add onegate token to vcenter contextualization

(cherry picked from commit 497831ab74de7149271090d368672a950eded2f0)
2025-03-20 10:50:08 +03:00 · 2015-11-06 15:25:57 +01:00 · 2015-11-06 15:25:57 +01:00 · b7698cb99d
commit b7698cb99d
parent be7251e422
2 changed files with 51 additions and 4 deletions
--- a/src/vm/VirtualMachine.cc
+++ b/src/vm/VirtualMachine.cc
@ -1059,6 +1059,10 @@ int VirtualMachine::parse_context(string& error_str)

        context_parsed->replace("ONEGATE_ENDPOINT", endpoint);
        context_parsed->replace("VMID", oid);
+
+        // The token_password is taken from the owner user's template.
+        // We store this original owner in case a chown operation is performed.
+        add_template_attribute("CREATED_BY", uid);
    }

    return rc;
@ -3271,10 +3275,6 @@ int VirtualMachine::generate_context(string &files, int &disk_id,
            return -1;
        }

-        // The token_password is taken from the owner user's template.
-        // We store this original owner in case a chown operation is performed.
-        add_template_attribute("CREATED_BY", uid);
-
        token_file.open(history->token_file.c_str(), ios::out);

        if (token_file.fail())
--- a/src/vmm_mad/remotes/vcenter/vcenter_driver.rb
+++ b/src/vmm_mad/remotes/vcenter/vcenter_driver.rb
@ -41,6 +41,7 @@ require 'yaml'
 require 'opennebula'
 require 'base64'
 require 'openssl'
+require 'openssl'

 module VCenterDriver

@ -1484,6 +1485,52 @@ private
                context_text += context_element.name + "='" +
                                context_element.text.gsub("'", "\\'") + "'\n"
            }
+
+            # OneGate
+            onegate_token_flag = xml.root.elements["/VM/TEMPLATE/CONTEXT/TOKEN"]
+            if onegate_token_flag and onegate_token_flag.text == "YES"
+                # Create the OneGate token string
+                vmid_str  = xml.root.elements["/VM/ID"].text
+                stime_str = xml.root.elements["//HISTORY[SEQ=0]/STIME"].text
+                str_to_encrypt = "#{vmid_str}:#{stime_str}"
+
+                user_id = xml.root.elements['//CREATED_BY'].text
+
+                if user_id.nil?
+                    logger.error {"VMID:#{vmid} CREATED_BY not present" \
+                        " in the VM TEMPLATE"}
+                    return nil
+                end
+
+                user = OpenNebula::User.new_with_id(user_id,
+                                                    OpenNebula::Client.new)
+                rc   = user.info
+
+                if OpenNebula.is_error?(rc)
+                    logger.error {"VMID:#{vmid} user.info" \
+                        " error: #{rc.message}"}
+                    return nil
+                end
+
+                token_password = user['TEMPLATE/TOKEN_PASSWORD']
+
+                if token_password.nil?
+                    logger.error {"VMID:#{vmid} TOKEN_PASSWORD not present"\
+                        " in the USER:#{user_id} TEMPLATE"}
+                    return nil
+                end
+
+                cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+                cipher.encrypt
+                cipher.key = token_password
+                onegate_token = cipher.update(str_to_encrypt)
+                onegate_token << cipher.final
+
+                onegate_token_64 = Base64.encode64(onegate_token).chop
+
+                context_text += "ONEGATE_TOKEN='#{onegate_token_64}'\n"
+            end
+
            context_text = Base64.encode64(context_text.chop)
            config_array +=
                     [{:key=>"guestinfo.opennebula.context",