mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-23 17:33:56 +03:00
bug #847: OCCI Server update to new Auth framework
This commit is contained in:
parent
0e822f4035
commit
bb4911a50c
@ -808,7 +808,7 @@ COMMON_CLOUD_LIB_FILES="src/cloud/common/CloudServer.rb \
|
||||
|
||||
COMMON_CLOUD_CLIENT_LIB_FILES="src/cloud/common/CloudClient.rb"
|
||||
|
||||
CLOUD_AUTH_LIB_FILES="src/cloud/common/CloudAuth/BasicCloudAuth.rb \
|
||||
CLOUD_AUTH_LIB_FILES="src/cloud/common/CloudAuth/OCCICloudAuth.rb \
|
||||
src/cloud/common/CloudAuth/SunstoneCloudAuth.rb \
|
||||
src/cloud/common/CloudAuth/EC2CloudAuth.rb \
|
||||
src/cloud/common/CloudAuth/X509CloudAuth.rb"
|
||||
@ -860,6 +860,8 @@ OCCI_LIB_FILES="src/cloud/occi/lib/OCCIServer.rb \
|
||||
src/cloud/occi/lib/VirtualMachinePoolOCCI.rb \
|
||||
src/cloud/occi/lib/VirtualNetworkOCCI.rb \
|
||||
src/cloud/occi/lib/VirtualNetworkPoolOCCI.rb \
|
||||
src/cloud/occi/lib/UserOCCI.rb \
|
||||
src/cloud/occi/lib/UserPoolOCCI.rb \
|
||||
src/cloud/occi/lib/ImageOCCI.rb \
|
||||
src/cloud/occi/lib/ImagePoolOCCI.rb"
|
||||
|
||||
|
@ -14,12 +14,10 @@
|
||||
# limitations under the License. #
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
require 'server_cipher_auth'
|
||||
|
||||
class CloudAuth
|
||||
# These are the authentication methods for the user requests
|
||||
AUTH_MODULES = {
|
||||
"basic" => 'BasicCloudAuth',
|
||||
"occi" => 'OCCICloudAuth',
|
||||
"sunstone" => 'SunstoneCloudAuth' ,
|
||||
"ec2" => 'EC2CloudAuth',
|
||||
"x509" => 'X509CloudAuth'
|
||||
|
@ -14,7 +14,7 @@
|
||||
# limitations under the License. #
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
module BasicCloudAuth
|
||||
module OCCICloudAuth
|
||||
def auth(env, params={})
|
||||
auth = Rack::Auth::Basic::Request.new(env)
|
||||
|
||||
@ -23,15 +23,11 @@ module BasicCloudAuth
|
||||
|
||||
one_pass = get_password(username)
|
||||
|
||||
if one_pass && one_pass == Digest::SHA1.hexdigest(password)
|
||||
@token = @server_auth.login_token(username)
|
||||
@client = Client.new(@token, @conf[:one_xmlrpc])
|
||||
return nil
|
||||
else
|
||||
return "Authentication failure"
|
||||
if one_pass && one_pass == password
|
||||
return username
|
||||
end
|
||||
else
|
||||
return "Basic auth not provided"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
return nil
|
||||
end
|
||||
end
|
@ -15,7 +15,6 @@
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
require 'OpenNebula'
|
||||
require 'CloudAuth'
|
||||
|
||||
##############################################################################
|
||||
# This class represents a generic Cloud Server using the OpenNebula Cloud
|
||||
@ -49,17 +48,7 @@ class CloudServer
|
||||
def initialize(config)
|
||||
# --- Load the Cloud Server configuration file ---
|
||||
@config = config
|
||||
@cloud_auth = CloudAuth.new(@config)
|
||||
end
|
||||
|
||||
def authenticate(env, params={})
|
||||
@cloud_auth.auth(env, params)
|
||||
end
|
||||
|
||||
def client
|
||||
@cloud_auth.client
|
||||
end
|
||||
|
||||
#
|
||||
# Prints the configuration of the server
|
||||
#
|
||||
|
@ -41,7 +41,7 @@ class OCCIServer < CloudServer
|
||||
# Server initializer
|
||||
# config_file:: _String_ path of the config file
|
||||
# template:: _String_ path to the location of the templates
|
||||
def initialize(config)
|
||||
def initialize(client, config)
|
||||
super(config)
|
||||
|
||||
if config[:ssl_server]
|
||||
@ -49,6 +49,8 @@ class OCCIServer < CloudServer
|
||||
else
|
||||
@base_url="http://#{config[:server]}:#{config[:port]}"
|
||||
end
|
||||
|
||||
@client = client
|
||||
end
|
||||
|
||||
# Prepare the OCCI XML Response
|
||||
@ -75,7 +77,7 @@ class OCCIServer < CloudServer
|
||||
user_flag = -1
|
||||
|
||||
vmpool = VirtualMachinePoolOCCI.new(
|
||||
self.client,
|
||||
@client,
|
||||
user_flag)
|
||||
|
||||
# --- Prepare XML Response ---
|
||||
@ -102,7 +104,7 @@ class OCCIServer < CloudServer
|
||||
user_flag = -1
|
||||
|
||||
network_pool = VirtualNetworkPoolOCCI.new(
|
||||
self.client,
|
||||
@client,
|
||||
user_flag)
|
||||
|
||||
# --- Prepare XML Response ---
|
||||
@ -128,7 +130,7 @@ class OCCIServer < CloudServer
|
||||
user_flag = -1
|
||||
|
||||
image_pool = ImagePoolOCCI.new(
|
||||
self.client,
|
||||
@client,
|
||||
user_flag)
|
||||
|
||||
# --- Prepare XML Response ---
|
||||
@ -151,7 +153,7 @@ class OCCIServer < CloudServer
|
||||
# status code
|
||||
def get_users(request)
|
||||
# --- Get Users Pool ---
|
||||
user_pool = UserPoolOCCI.new(self.client)
|
||||
user_pool = UserPoolOCCI.new(@client)
|
||||
|
||||
# --- Prepare XML Response ---
|
||||
rc = user_pool.info
|
||||
@ -180,7 +182,7 @@ class OCCIServer < CloudServer
|
||||
# --- Create the new Instance ---
|
||||
vm = VirtualMachineOCCI.new(
|
||||
VirtualMachine.build_xml,
|
||||
self.client,
|
||||
@client,
|
||||
request.body.read,
|
||||
@config[:instance_types],
|
||||
@config[:template_location])
|
||||
@ -205,7 +207,7 @@ class OCCIServer < CloudServer
|
||||
# --- Get the VM ---
|
||||
vm = VirtualMachineOCCI.new(
|
||||
VirtualMachine.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
# --- Prepare XML Response ---
|
||||
rc = vm.info
|
||||
@ -230,7 +232,7 @@ class OCCIServer < CloudServer
|
||||
# --- Get the VM ---
|
||||
vm = VirtualMachineOCCI.new(
|
||||
VirtualMachine.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
rc = vm.info
|
||||
return rc, 404 if OpenNebula::is_error?(rc)
|
||||
@ -250,7 +252,7 @@ class OCCIServer < CloudServer
|
||||
# --- Get the VM ---
|
||||
vm = VirtualMachineOCCI.new(
|
||||
VirtualMachine.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
rc = vm.info
|
||||
if OpenNebula.is_error?(rc)
|
||||
@ -278,7 +280,7 @@ class OCCIServer < CloudServer
|
||||
# --- Create the new Instance ---
|
||||
network = VirtualNetworkOCCI.new(
|
||||
VirtualNetwork.build_xml,
|
||||
self.client,
|
||||
@client,
|
||||
request.body,
|
||||
@config[:bridge])
|
||||
|
||||
@ -301,7 +303,7 @@ class OCCIServer < CloudServer
|
||||
def get_network(request, params)
|
||||
network = VirtualNetworkOCCI.new(
|
||||
VirtualNetwork.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
# --- Prepare XML Response ---
|
||||
rc = network.info
|
||||
@ -324,7 +326,7 @@ class OCCIServer < CloudServer
|
||||
def delete_network(request, params)
|
||||
network = VirtualNetworkOCCI.new(
|
||||
VirtualNetwork.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
rc = network.info
|
||||
return rc, 404 if OpenNebula::is_error?(rc)
|
||||
@ -346,7 +348,7 @@ class OCCIServer < CloudServer
|
||||
|
||||
vnet = VirtualNetworkOCCI.new(
|
||||
VirtualNetwork.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
rc = vnet.info
|
||||
return rc, 400 if OpenNebula.is_error?(rc)
|
||||
@ -386,7 +388,7 @@ class OCCIServer < CloudServer
|
||||
|
||||
image = ImageOCCI.new(
|
||||
Image.build_xml,
|
||||
self.client,
|
||||
@client,
|
||||
occixml,
|
||||
request.params['file'])
|
||||
|
||||
@ -410,7 +412,7 @@ class OCCIServer < CloudServer
|
||||
# --- Get the Image ---
|
||||
image = ImageOCCI.new(
|
||||
Image.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
rc = image.info
|
||||
|
||||
@ -434,7 +436,7 @@ class OCCIServer < CloudServer
|
||||
# --- Get the Image ---
|
||||
image = ImageOCCI.new(
|
||||
Image.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
rc = image.info
|
||||
return rc, 404 if OpenNebula::is_error?(rc)
|
||||
@ -456,7 +458,7 @@ class OCCIServer < CloudServer
|
||||
|
||||
image = ImageOCCI.new(
|
||||
Image.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
rc = image.info
|
||||
return rc, 400 if OpenNebula.is_error?(rc)
|
||||
@ -491,7 +493,7 @@ class OCCIServer < CloudServer
|
||||
# --- Get the USER ---
|
||||
user = UserOCCI.new(
|
||||
User.build_xml(params[:id]),
|
||||
self.client)
|
||||
@client)
|
||||
|
||||
# --- Prepare XML Response ---
|
||||
rc = user.info
|
||||
|
@ -46,6 +46,7 @@ require 'sinatra'
|
||||
require 'yaml'
|
||||
|
||||
require 'OCCIServer'
|
||||
require 'CloudAuth'
|
||||
|
||||
include OpenNebula
|
||||
|
||||
@ -77,20 +78,24 @@ end
|
||||
set :host, settings.config[:server]
|
||||
set :port, settings.config[:port]
|
||||
|
||||
set :cloud_auth, CloudAuth.new(settings.config)
|
||||
|
||||
##############################################################################
|
||||
# Helpers
|
||||
##############################################################################
|
||||
|
||||
before do
|
||||
@occi_server = OCCIServer.new(settings.config)
|
||||
begin
|
||||
result = @occi_server.authenticate(request.env)
|
||||
username = settings.cloud_auth.auth(request.env, params)
|
||||
rescue Exception => e
|
||||
error 500, e.message
|
||||
end
|
||||
|
||||
if result
|
||||
error 401, result
|
||||
if username.nil?
|
||||
return [401, ""]
|
||||
else
|
||||
client = settings.cloud_auth.client(username)
|
||||
@occi_server = OCCIServer.new(client, settings.config)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -6,6 +6,8 @@
|
||||
:port: 9869
|
||||
|
||||
# Authentication driver for incomming requests
|
||||
# sunstone, for OpenNebula's user-password scheme
|
||||
# x509, for x509 certificates based authentication
|
||||
:auth: sunstone
|
||||
|
||||
# Authentication driver to communicate with OpenNebula core
|
||||
|
Loading…
Reference in New Issue
Block a user