Merge branch 'master' of git.opennebula.org:one

2025-03-21 14:50:08 +03:00 · 2011-07-11 17:53:17 +02:00 · 2011-07-11 17:53:17 +02:00 · c47734d6bd
commit c47734d6bd
parent 7d266cc63e 6ca933e7e7
23 changed files with 122 additions and 95 deletions
--- a/src/acl/AclManager.cc
+++ b/src/acl/AclManager.cc
@ -64,10 +64,20 @@ AclManager::AclManager(SqlDB * _db) : db(_db), lastOID(-1)

    if (lastOID == -1)
    {
-        // Add a default rule
-        // @1 VM+NET+IMAGE+TEMPLATE/* CREATE+INFO_POOL_MINE
+        // Add a default rules for the ACL engine
        string error_str;
-        add_rule(0x200000001LL, 0x2d400000000LL, 0x41LL, error_str);
+
+        // Users in group USERS can create and look at standard resources
+        // @1 VM+NET+IMAGE+TEMPLATE/* CREATE+INFO_POOL_MINE
+        add_rule(0x0000000200000001LL, 
+                 0x000002d400000000LL, 
+                 0x0000000000000041LL, error_str);
+
+        // Users in USERS can deploy VMs in any HOST
+        // @1 HOST/* USE
+        add_rule(0x0000000200000001LL, 
+                 0x0000002400000000LL, 
+                 0x0000000000000004LL, error_str);
    }
 }

--- a/src/authm/AuthManager.cc
+++ b/src/authm/AuthManager.cc
@ -82,15 +82,20 @@ void AuthRequest::add_auth(Object        ob,
        gid == GroupPool::ONEADMIN_ID ||

        // User is the owner of the object, for certain operations
-        (   owner == uid &&
-            ( op == DELETE || op == USE || op == MANAGE ||
-              op == INFO   || op == INSTANTIATE )
+        ( owner == uid &&
+           ( op == DELETE || op == USE || op == MANAGE ||
+             op == INFO   || op == INSTANTIATE )
        ) ||

        // Object is public and user is in its group, for certain operations
-        (   pub && ( gid == ob_gid ) &&
-            (op == USE || op == INSTANTIATE || op == INFO ) &&
-            (ob == NET || ob == IMAGE || ob == TEMPLATE)
+        ( pub && ( gid == ob_gid ) &&
+           ( op == USE || op == INSTANTIATE || op == INFO ) &&
+           ( ob == NET || ob == IMAGE || ob == TEMPLATE)
+        ) ||
+
+        // User can show and MANAGE (change passwd) their own information
+        ( uid == ob_id_int && ob == USER &&
+           ( op == INFO || op == MANAGE )  
        )
    )
    {
--- a/src/cli/etc/onegroup.yaml
+++ b/src/cli/etc/onegroup.yaml
@ -8,12 +8,7 @@
  :size: 15
  :left: true

-:USER: 
-  :desc: Username of the Group owner
-  :size: 8
-  :left: true
-
 :default:
 - :ID
- :USER
 - :NAME
+
--- a/src/cli/etc/oneimage.yaml
+++ b/src/cli/etc/oneimage.yaml
@ -5,7 +5,7 @@

 :NAME: 
  :desc: Name of the Image
-  :size: 12
+  :size: 16
  :left: true

 :USER: 
@ -24,7 +24,7 @@

 :REGTIME: 
  :desc: Registration time of the Image
-  :size: 20
+  :size: 16

 :PUBLIC: 
  :desc: Whether the Image is public or not
--- a/src/cli/etc/onevnet.yaml
+++ b/src/cli/etc/onevnet.yaml
@ -32,7 +32,7 @@

 :PUBLIC: 
  :desc: Whether the Virtual Network is public or not
-  :size: 1
+  :size: 3

 :LEASES: 
  :desc: Number of this Virtual Networks given leases
--- a/src/cli/one_helper.rb
+++ b/src/cli/one_helper.rb
@ -331,11 +331,11 @@ EOT
        "OpenNebula #{poolname} name or id"
    end

-    def OpenNebulaHelper.public_to_str(str)
+    def OpenNebulaHelper.boolean_to_str(str)
        if str.to_i == 1
-            public_str = "Y"
+            "Yes"
        else
-            public_str = "N"
+            "No"
        end
    end

--- a/src/cli/one_helper/onegroup_helper.rb
+++ b/src/cli/one_helper/onegroup_helper.rb
@ -68,12 +68,7 @@ class OneGroupHelper < OpenNebulaHelper::OneHelper
                d["NAME"]
            end

-            column :USER, "Username of the Group owner", :left,
-                    :size=>8 do |d|
-                helper.user_name(d, options)
-            end
-
-            default :ID, :USER, :NAME
+            default :ID, :NAME
        end

        if top
--- a/src/cli/one_helper/oneimage_helper.rb
+++ b/src/cli/one_helper/oneimage_helper.rb
@ -25,10 +25,6 @@ class OneImageHelper < OpenNebulaHelper::OneHelper
        "oneimage.yaml"
    end

-    def self.persistent_to_str(str)
-        str.to_i==1 ? "Yes" : "No"
-    end
-
    def self.state_to_str(id)
        id = id.to_i
        state_str = Image::IMAGE_STATES[id]
@ -63,15 +59,18 @@ class OneImageHelper < OpenNebulaHelper::OneHelper
        CLIHelper.print_header(str_h1 % "IMAGE #{image['ID']} INFORMATION")
        puts str % ["ID", image.id.to_s]
        puts str % ["NAME", image.name]
-        puts str % ["TYPE", image.type_str]            
+        puts str % ["USER", image['UNAME']]
+        puts str % ["GROUP", image['GNAME']]
+        puts str % ["TYPE", image.type_str]
        puts str % ["REGISTER TIME",
            OpenNebulaHelper.time_to_str(image['REGTIME'])]
-        puts str % ["PUBLIC", OpenNebulaHelper.public_to_str(image['PUBLIC'])]
+        puts str % ["PUBLIC",
+            OpenNebulaHelper.boolean_to_str(image['PUBLIC'])]
        puts str % ["PERSISTENT",
-            OneImageHelper.persistent_to_str(image["PERSISTENT"])]
-        puts str % ["SOURCE", image['SOURCE']]    
+            OpenNebulaHelper.boolean_to_str(image["PERSISTENT"])]
+        puts str % ["SOURCE", image['SOURCE']]
        puts str % ["STATE", image.short_state_str]
-        puts str % ["RUNNING_VMS", image['RUNNING_VMS']]            
+        puts str % ["RUNNING_VMS", image['RUNNING_VMS']]
        puts

        CLIHelper.print_header(str_h1 % "IMAGE TEMPLATE",false)
@ -110,12 +109,12 @@ class OneImageHelper < OpenNebulaHelper::OneHelper

            column :PUBLIC, "Whether the Image is public or not",
                    :size=>3 do |d|
-                OpenNebulaHelper.public_to_str(d["PUBLIC"])
+                OpenNebulaHelper.boolean_to_str(d["PUBLIC"])
            end

            column :PERSISTENT, "Whether the Image is persistent or not",
                    :size=>3 do |d|
-                OneImageHelper.persistent_to_str(d["PERSISTENT"])
+                OpenNebulaHelper.boolean_to_str(d["PERSISTENT"])
            end

            column :STAT, "State of the Image", :size=>4 do |d|
--- a/src/cli/one_helper/onetemplate_helper.rb
+++ b/src/cli/one_helper/onetemplate_helper.rb
@ -48,10 +48,12 @@ class OneTemplateHelper < OpenNebulaHelper::OneHelper
            str_h1 % "TEMPLATE #{template['ID']} INFORMATION")
        puts str % ["ID", template.id.to_s]
        puts str % ["NAME", template.name]
+        puts str % ["USER", template['UNAME']]
+        puts str % ["GROUP", template['GNAME']]
        puts str % ["REGISTER TIME",
            OpenNebulaHelper.time_to_str(template['REGTIME'])]
        puts str % ["PUBLIC",
-            OpenNebulaHelper.public_to_str(template['PUBLIC'])]
+            OpenNebulaHelper.boolean_to_str(template['PUBLIC'])]
        puts

        CLIHelper.print_header(str_h1 % "TEMPLATE CONTENTS",false)
@ -85,7 +87,7 @@ class OneTemplateHelper < OpenNebulaHelper::OneHelper

            column :PUBLIC, "Whether the Template is public or not",
                :size=>3 do |d|
-                OpenNebulaHelper.public_to_str(d["PUBLIC"])
+                OpenNebulaHelper.boolean_to_str(d["PUBLIC"])
            end

            default :ID, :USER, :GROUP, :NAME, :REGTIME, :PUBLIC
--- a/src/cli/one_helper/oneuser_helper.rb
+++ b/src/cli/one_helper/oneuser_helper.rb
@ -70,16 +70,10 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
        CLIHelper.print_header(str_h1 % "USER #{user['ID']} INFORMATION")
        puts str % ["ID",       user.id.to_s]
        puts str % ["NAME",     user.name]
-        puts str % ["MAIN_GROUP",    user.gid]
+        puts str % ["GROUP",    user.gid]
        puts str % ["PASSWORD", user['PASSWORD']]
-        puts str % ["ENABLED",  user['ENABLED']]
-        puts
-
-        CLIHelper.print_header(str_h1 % "GROUPS", false)
-        CLIHelper.print_header("%-15s %-20s" % ["ID","NAME"])
-        user.group_ids.each do |gid|
-            puts "%-15s %-20s" % [gid, self.gid_to_str(gid.to_s)]
-        end
+        puts str % ["ENABLED",
+            OpenNebulaHelper.boolean_to_str(user['ENABLED'])]
    end

    def format_pool(pool, options, top=false)
--- a/src/cli/one_helper/onevm_helper.rb
+++ b/src/cli/one_helper/onevm_helper.rb
@ -70,6 +70,8 @@ class OneVMHelper < OpenNebulaHelper::OneHelper
            str_h1 % "VIRTUAL MACHINE #{vm['ID']} INFORMATION")
        puts str % ["ID", vm.id.to_s]
        puts str % ["NAME", vm.name]
+        puts str % ["USER", vm['UNAME']]
+        puts str % ["GROUP", vm['GNAME']]
        puts str % ["STATE", vm.state_str]
        puts str % ["LCM_STATE", vm.lcm_state_str]
        puts str % ["HOSTNAME",
@ -78,7 +80,8 @@ class OneVMHelper < OpenNebulaHelper::OneHelper
        puts str % ["START TIME", OpenNebulaHelper.time_to_str(vm['STIME'])]
        puts str % ["END TIME", OpenNebulaHelper.time_to_str(vm['ETIME'])]
        value=vm['DEPLOY_ID']
-        puts str % ["DEPLOY ID:", value=="" ? "-" : value]
+        puts str % ["DEPLOY ID", value=="" ? "-" : value]
+
        puts

        CLIHelper.print_header(str_h1 % "VIRTUAL MACHINE MONITORING",false)
@ -208,7 +211,7 @@ class OneVMHelper < OpenNebulaHelper::OneHelper

        vm_hash=vm.to_hash

-        history=vm_hash['VM']['HISTORY_RECORDS']['HISTORY']
+        history=[vm_hash['VM']['HISTORY_RECORDS']['HISTORY']].flatten

        table.show(history)
    end
--- a/src/cli/one_helper/onevnet_helper.rb
+++ b/src/cli/one_helper/onevnet_helper.rb
@ -52,9 +52,11 @@ class OneVNetHelper < OpenNebulaHelper::OneHelper
            ["VIRTUAL NETWORK #{vn.id.to_s} INFORMATION"])

        str="%-10s: %-20s"
-        puts str % ["ID: ", vn.id.to_s]
-        puts str % ["UID: ", vn["UID"]]
-        puts str % ["PUBLIC", OpenNebulaHelper.public_to_str(vn['PUBLIC'])]
+        puts str % ["ID", vn.id.to_s]
+        puts str % ["USER", vn['UNAME']]
+        puts str % ["GROUP", vn['GNAME']]
+        puts str % ["PUBLIC", OpenNebulaHelper.boolean_to_str(vn['PUBLIC'])]
+
        puts
        CLIHelper.print_header(str_h1 % ["VIRTUAL NETWORK TEMPLATE"], false)

@ -106,7 +108,7 @@ class OneVNetHelper < OpenNebulaHelper::OneHelper

            column :PUBLIC, "Whether the Virtual Network is public or not",
                    :size=>1 do |d|
-                OpenNebulaHelper.public_to_str(d['PUBLIC'])
+                OpenNebulaHelper.boolean_to_str(d['PUBLIC'])
            end

            column :LEASES, "Number of this Virtual Network's given leases",
--- a/src/cli/oneuser
+++ b/src/cli/oneuser
@ -137,8 +137,10 @@ cmd=CommandParser::CmdParser.new(ARGV) do
        Shows information for the given User
    EOT

-    command :show, show_desc, :userid, :options=>OpenNebulaHelper::XML do
-        helper.show_resource(args[0],options)
+    command :show, show_desc, [:userid, nil],
+            :options=>OpenNebulaHelper::XML do
+        user=args[0] || OpenNebula::User::SELF
+        helper.show_resource(user,options)
    end

 end
--- a/src/cli/onevm
+++ b/src/cli/onevm
@ -314,7 +314,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do

    command :chown, chown_desc, [:range, :vmid_list], :userid,
            [:groupid,nil] do
-        gid = args[2].nil? ? -1 : args[2].to_id
+        gid = args[2].nil? ? -1 : args[2].to_i
        helper.perform_actions(args[0],options,"Owner/Group changed") do |vm|
            vm.chown(args[1].to_i, gid)
        end
--- a/src/cli/onevnet
+++ b/src/cli/onevnet
@ -148,7 +148,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do

    command :chown, chown_desc, [:range, :vnid_list], :userid,
            [:groupid,nil] do
-        gid = args[2].nil? ? -1 : args[2].to_id
+        gid = args[2].nil? ? -1 : args[2].to_i
        helper.perform_actions(args[0],options,"Owner/Group changed") do |vn|
            vn.chown(args[1].to_i, gid)
        end
--- a/src/cloud/ec2/bin/econe-describe-instances
+++ b/src/cloud/ec2/bin/econe-describe-instances
@ -33,7 +33,7 @@ List and describe running instances

 Usage:
    econe-describe-instances [OPTIONS]
-    
+
 Options:

    --help, -h
@ -95,7 +95,7 @@ begin
    end
 rescue Exception => e
    exit -1
-end 
+end

 auth = "#{access}:#{secret}" if secret && access

@ -116,11 +116,11 @@ end
 instances = rc['reservationSet']['item'][0]['instancesSet']['item']
 owner     = rc['reservationSet']['item'][0]['ownerId']

-fmt = "%-12s  %-13s  %-13s  %-13s %-15s %-10s"  
+fmt = "%-10s  %-11s  %-13s  %-11s %-15s %-10s"

 if headers
    puts fmt % ["Owner", "Id", "ImageId", "State", "IP", "Type"]
-    puts "------------------------------------------------------------------------------------------------------------" 
+    puts "-----------------------------------------------------------------------------------"
 end

 if instances
--- a/src/cloud/ec2/bin/econe-server
+++ b/src/cloud/ec2/bin/econe-server
@ -1,4 +1,4 @@
-#! /bin/sh 
+#! /bin/sh

 # -------------------------------------------------------------------------- #
 # Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org)             #
@ -16,11 +16,11 @@
 # limitations under the License.                                             #
 #--------------------------------------------------------------------------- #

-if [ -z "$ONE_LOCATION" ]; then 
+if [ -z "$ONE_LOCATION" ]; then
    ECONE_PID=/var/run/one/econe-server.pid
    ECONE_SERVER=/usr/lib/one/ruby/cloud/econe/econe-server.rb
    ECONE_LOCK_FILE=/var/lock/one/.econe.lock
-    ECONE_LOG=/var/log/one/econe-server.log   
+    ECONE_LOG=/var/log/one/econe-server.log
    ECONE_ETC=/etc/one/econe.conf
 else
    ECONE_PID=$ONE_LOCATION/var/econe-server.pid
@ -28,21 +28,21 @@ else
    ECONE_LOCK_FILE=$ONE_LOCATION/var/.econe.lock
    ECONE_LOG=$ONE_LOCATION/var/econe-server.log
    ECONE_ETC=$ONE_LOCATION/etc/econe.conf
-fi 
+fi

 setup()
 {
    eval `grep ^IMAGE_DIR= $ECONE_ETC`
    export TMPDIR=$IMAGE_DIR/tmp
    mkdir -p $TMPDIR
-	
+
 	if [ -f $ECONE_LOCK_FILE ]; then
 		if [ -f  $ECONE_PID ]; then
 			ONEPID=`cat $ECONE_PID`
 			ps $ECONE_PID > /dev/null 2>&1
 			if [ $? -eq 0 ]; then
 				echo "econe-server is still running (PID:$ECONE_PID). Please try 'occi-server stop' first."
-				exit 1 
+				exit 1
 			fi
 		fi
 		echo "Stale .lock detected. Erasing it."
@ -54,30 +54,32 @@ start()
 {
 	if [ ! -f "$ECONE_SERVER" ]; then
 		echo "Can not find $ECONE_SERVER."
-		exit 1		
+		exit 1
 	fi
-		
+
 	# Start the econe-server daemon
-	ruby $ECONE_SERVER > $ECONE_LOG 2>&1 & 
-	
+	ruby $ECONE_SERVER > $ECONE_LOG 2>&1 &
+
 	LASTRC=$?
 	LASTPID=$!

 	if [ $LASTRC -ne 0 ]; then
-		echo "Error executing $ECONE_SERVER"
-		exit 1			
+		echo "Error executing econe-server."
+		echo "Check $ECONE_LOG for more information"
+		exit 1
 	else
 		echo $LASTPID > $ECONE_PID
 	fi
-	
-	sleep 1
+
+	sleep 2
 	ps $LASTPID > /dev/null 2>&1
-	
+
 	if [ $? -ne 0 ]; then
-		echo "Error executing $ECONE_SERVER."
+		echo "Error executing econe-server."
+		echo "Check $ECONE_LOG for more information"
 		exit 1
 	fi
-	
+
 	echo "econe-server started"
 }

--- a/src/cloud/ec2/etc/templates/m1.small.erb
+++ b/src/cloud/ec2/etc/templates/m1.small.erb
@ -5,7 +5,7 @@ NAME   = eco-vm
 CPU    = 0.2
 MEMORY = 256

-#Put here specific OS configurations for the cloud hypervisors
+# Put here specific OS configurations for the cloud hypervisors
 #OS = [ kernel     = /vmlinuz,
 #       initrd     = /initrd.img,
 #       root       = sda1,
@ -13,7 +13,8 @@ MEMORY = 256

 DISK = [ IMAGE_ID   = <%= erb_vm_info[:img_id] %> ]

-NIC=[NETWORK="Public EC2"]
+# Put here the ID of the VNET with the IPs for the EC2 VMs
+NIC=[NETWORK_ID=<EC2-VNET-ID>]

 IMAGE_ID = <%= erb_vm_info[:ec2_img_id] %>
 INSTANCE_TYPE = <%= erb_vm_info[:instance_type ]%>
--- a/src/cloud/ec2/lib/EC2QueryClient.rb
+++ b/src/cloud/ec2/lib/EC2QueryClient.rb
@ -48,7 +48,8 @@ module EC2QueryClient
            elsif ENV["EC2_ACCESS_KEY"] and ENV["EC2_SECRET_KEY"]
                ec2auth = [ENV["EC2_ACCESS_KEY"], ENV["EC2_SECRET_KEY"]]
            else
-                ec2auth=CloudClient::get_one_auth
+                ec2auth = CloudClient::get_one_auth
+                ec2auth[1] = Digest::SHA1.hexdigest(ec2auth[1])
            end

            if !ec2auth
@ -56,7 +57,7 @@ module EC2QueryClient
            end

            @access_key_id     = ec2auth[0]
-            @access_key_secret = Digest::SHA1.hexdigest(ec2auth[1])
+            @access_key_secret = ec2auth[1]

            # Server location

--- a/src/oca/ruby/OpenNebula/User.rb
+++ b/src/oca/ruby/OpenNebula/User.rb
@ -31,6 +31,8 @@ module OpenNebula
            :delgroup => "user.delgroup"
        }

+        SELF = -1
+
        # Creates a User description with just its identifier
        # this method should be used to create plain User objects.
        # +id+ the id of the user
@ -60,7 +62,7 @@ module OpenNebula
        # ---------------------------------------------------------------------
        # XML-RPC Methods for the User Object
        # ---------------------------------------------------------------------
-        
+
        # Retrieves the information of the given User.
        def info()
            super(USER_METHODS[:info], 'USER')
--- a/src/oca/ruby/OpenNebula/XMLUtils.rb
+++ b/src/oca/ruby/OpenNebula/XMLUtils.rb
@ -214,14 +214,15 @@ module OpenNebula

                        str_line << n.collect {|n2|
                            if n2 && n2.class==REXML::Element
-                                str = ind_tab + n2.name + "="
-                                str += n2.text if n2.text
+                                str = ""
+                                str << ind_tab << n2.name << '='
+                                str << attr_to_str(n2.text) if n2.text
                                str
                            end
-                        }.compact.join(","+ind_enter)
+                        }.compact.join(','+ind_enter)
                        str_line<<" ]"
                    else
-                        str_line<<n.name << "=" << n.text.to_s
+                        str_line << n.name << '=' << attr_to_str(n.text.to_s)
                    end
                    str_line
                end
@ -284,6 +285,17 @@ module OpenNebula

            hash
        end
+    
+    private
+        def attr_to_str(attr)
+            attr.gsub!('"',"\\\"")
+
+            if attr.match(/[=,' ']/)
+                return '"' + attr + '"'
+            end
+
+            return attr
+        end
    end

    ###########################################################################
--- a/src/rm/RequestManagerInfo.cc
+++ b/src/rm/RequestManagerInfo.cc
@ -28,11 +28,6 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList,
    PoolObjectSQL * object;
    string          str;

-    if ( basic_authorization(oid, att) == false )
-    {
-        return;
-    }
-
    if ( oid == -1 )
    {
        if ( auth_object == AuthRequest::USER )
@ -45,6 +40,11 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList,
        }
    }

+    if ( basic_authorization(oid, att) == false )
+    {
+        return;
+    }
+
    object = pool->get(oid,true);

    if ( object == 0 )                             
--- a/src/rm/RequestManagerVMTemplate.cc
+++ b/src/rm/RequestManagerVMTemplate.cc
@ -27,6 +27,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
    string name = xmlrpc_c::value_string(paramList.getString(2));

    int    rc, ouid, ogid, vid;
+    bool   pub;

    Nebula& nd = Nebula::instance();
    VirtualMachinePool* vmpool = nd.get_vmpool();
@ -51,6 +52,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
    tmpl = rtmpl->clone_template();
    ouid = rtmpl->get_uid();
    ogid = rtmpl->get_gid();
+    pub  = rtmpl->isPublic();
    
    rtmpl->unlock();

@ -61,7 +63,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList
    {
        AuthRequest ar(att.uid, att.gid);

-        ar.add_auth(auth_object, id, ogid, auth_op, ouid, false);
+        ar.add_auth(auth_object, id, ogid, auth_op, ouid, pub);

        VirtualMachine::set_auth_request(att.uid, ar, tmpl);