shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-04-01 06:50:25 +03:00
Code Releases Wiki Activity

F #4775: Add Group membership to one.user.allocate API call

Browse Source
This commit is contained in:
Carlos Martín 2016-09-23 13:27:45 +02:00
parent f1915898a2
commit d17818a32b
14 changed files with 455 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
include/RequestManagerAllocate.h
View File

@ -61,15 +61,17 @@ protected:
virtual Template * get_object_template() { return 0; };
virtual int pool_allocate(xmlrpc_c::paramList const& _paramList,
virtual Request::ErrorCode pool_allocate(
xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att)
{
return -1;
return Request::INTERNAL;
};
virtual int pool_allocate(xmlrpc_c::paramList const& _paramList,
virtual Request::ErrorCode pool_allocate(
xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att,
@ -143,10 +145,10 @@ public:
return new VirtualMachineTemplate;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
bool allocate_authorization(Template * obj_template,
RequestAttributes& att,
@ -179,7 +181,7 @@ public:
return new VirtualNetworkTemplate;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att,
@ -251,10 +253,10 @@ public:
return new VirtualMachineTemplate;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
bool allocate_authorization(Template * obj_template,
RequestAttributes& att,
@ -282,7 +284,7 @@ public:
/* --------------------------------------------------------------------- */
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att,
@ -312,11 +314,12 @@ public:
UserAllocate():
RequestManagerAllocate("UserAllocate",
"Returns user information",
"A:ssss",
"A:ssssA",
false)
{
Nebula& nd = Nebula::instance();
pool = nd.get_upool();
gpool = nd.get_gpool();
auth_object = PoolObjectSQL::USER;
hidden_params.insert(2); // password argument
@ -324,10 +327,12 @@ public:
~UserAllocate(){};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
private:
GroupPool * gpool;
};
/* ------------------------------------------------------------------------- */
@ -351,10 +356,10 @@ public:
~GroupAllocate(){};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
private:
VdcPool * vdcpool;
@ -386,7 +391,7 @@ public:
return new DatastoreTemplate;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att,
@ -426,10 +431,10 @@ public:
~ClusterAllocate(){};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
};
/* ------------------------------------------------------------------------- */
@ -458,10 +463,10 @@ public:
return new Template;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
};
/* ------------------------------------------------------------------------- */
@ -493,10 +498,10 @@ public:
return new Template;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
};
/* ------------------------------------------------------------------------- */
@ -525,10 +530,10 @@ public:
return new Template;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
};
/* ------------------------------------------------------------------------- */
@ -557,10 +562,10 @@ public:
return new Template;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
};
@ -590,10 +595,10 @@ public:
return new Template;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
bool allocate_authorization(Template * obj_template,
RequestAttributes& att,
@ -626,7 +631,7 @@ public:
return new MarketPlaceTemplate;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);
@ -659,7 +664,7 @@ public:
return new MarketPlaceAppTemplate;
};
int pool_allocate(xmlrpc_c::paramList const& _paramList,
Request::ErrorCode pool_allocate(xmlrpc_c::paramList const& _paramList,
Template * tmpl,
int& id,
RequestAttributes& att);

3
include/UserPool.h
View File

@ -54,12 +54,11 @@ public:
*/
int allocate (
int * oid,
int gid,
const string& uname,
const string& gname,
const string& password,
const string& auth,
bool enabled,
const vector<int>& gids,
string& error_str);
/**

37
src/cli/oneuser
View File

@ -131,7 +131,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do
:name => "driver",
:large => "--driver driver",
:format => String,
:description => "Driver to autehnticate this user"
:description => "Driver to authenticate this user"
}
FORCE = {
@ -157,6 +157,28 @@ cmd=CommandParser::CmdParser.new(ARGV) do
}
}
GROUP_CREATE = {
:name => "group",
:large => "--group id|name" ,
:description => "Comma-separated list of Groups for the new User. "\
"The first Group will be the main one.",
:format => String,
:proc => lambda { |o, options|
gids = o.split(",").map { |g|
id = OpenNebulaHelper.rname_to_id(g, "GROUP")
if (id[0] == -1)
puts id[1]
exit -1
end
id[1]
}
[0, gids]
}
}
GLOBAL = {
:name => "global",
:large => "--global" ,
@ -169,7 +191,9 @@ cmd=CommandParser::CmdParser.new(ARGV) do
:description => "enable stdin password"
}
create_options = [READ_FILE, SHA1, SSH, X509, KEY, CERT, DRIVER]
auth_options = [READ_FILE, SHA1, SSH, X509, KEY, CERT, DRIVER]
create_options = auth_options.clone.unshift(GROUP_CREATE)
login_options = [SSH,
X509,
@ -212,6 +236,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do
Examples:
oneuser create my_user my_password
oneuser create my_user -r /tmp/mypass
oneuser create my_user my_password --group users,102,testers
oneuser create my_user --ssh --key /tmp/id_rsa
oneuser create my_user --ssh -r /tmp/public_key
oneuser create my_user --x509 --cert /tmp/my_cert.pem
@ -232,8 +257,10 @@ cmd=CommandParser::CmdParser.new(ARGV) do
driver = options[:driver] || OpenNebula::User::CORE_AUTH
gids = options[:group] || []
helper.create_resource(options) do |user|
user.allocate(args[0], pass, driver)
user.allocate(args[0], pass, driver, gids)
end
end
@ -411,7 +438,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do
EOT
command :passwd, passwd_desc, :userid, [:password, nil],
:options=>create_options do
:options=>auth_options do
if args[1]
pass = args[1]
else
@ -474,7 +501,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do
EOT
command :chauth, chauth_desc, :userid, [:auth, nil], [:password, nil],
:options=>create_options do
:options=>auth_options do
if options[:driver]
driver = options[:driver]
elsif args[1]

12
src/oca/ruby/opennebula/group.rb
View File

@ -331,9 +331,9 @@ module OpenNebula
@client)
if udriver
rc = group_admin.allocate(uadmin, upasswd, udriver)
rc = group_admin.allocate(uadmin, upasswd, udriver, [self.id])
else
rc = group_admin.allocate(uadmin, upasswd)
rc = group_admin.allocate(uadmin, upasswd, nil, [self.id])
end
if OpenNebula.is_error?(rc)
@ -341,14 +341,6 @@ module OpenNebula
end
end
# Set admin user groups to self
rc = group_admin.chgrp(self.id)
if OpenNebula.is_error?(rc)
group_admin.delete
return rc
end
rc = self.add_admin(group_admin.id)
if OpenNebula.is_error?(rc)

5
src/oca/ruby/opennebula/user.rb
View File

@ -98,8 +98,9 @@ module OpenNebula
# +username+ Name of the new user.
#
# +password+ Password for the new user
def allocate(username, password, driver=CORE_AUTH)
super(USER_METHODS[:allocate], username, password, driver)
def allocate(username, password, driver=nil, gids=[])
driver = CORE_AUTH if driver.nil?
super(USER_METHODS[:allocate], username, password, driver, gids)
end
# Replaces the template contents

233
src/rm/RequestManagerAllocate.cc
View File

@ -177,11 +177,11 @@ void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params,
return;
}
rc = pool_allocate(params, tmpl, id, att, cluster_id, cluster_name);
ErrorCode ec = pool_allocate(params, tmpl, id, att, cluster_id, cluster_name);
if ( rc < 0 )
if ( ec != SUCCESS )
{
failure_response(INTERNAL, att);
failure_response(ec, att);
return;
}
@ -229,7 +229,7 @@ void RequestManagerAllocate::request_execute(xmlrpc_c::paramList const& params,
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualMachineAllocate::pool_allocate(
Request::ErrorCode VirtualMachineAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -253,16 +253,18 @@ int VirtualMachineAllocate::pool_allocate(
if ( rc < 0 )
{
quota_rollback(&tmpl_back, Quotas::VIRTUALMACHINE, att);
return Request::INTERNAL;
}
return rc;
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualNetworkAllocate::pool_allocate(
Request::ErrorCode VirtualNetworkAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -280,8 +282,15 @@ int VirtualNetworkAllocate::pool_allocate(
cluster_ids.insert(cluster_id);
}
return vpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,-1,
int rc = vpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,-1,
vtmpl, &id, cluster_ids, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
@ -578,7 +587,7 @@ void ImageAllocate::request_execute(xmlrpc_c::paramList const& params,
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int TemplateAllocate::pool_allocate(
Request::ErrorCode TemplateAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -588,8 +597,15 @@ int TemplateAllocate::pool_allocate(
VirtualMachineTemplate * ttmpl=static_cast<VirtualMachineTemplate *>(tmpl);
return tpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
int rc = tpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
ttmpl, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
@ -626,7 +642,7 @@ bool TemplateAllocate::allocate_authorization(
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int HostAllocate::pool_allocate(
Request::ErrorCode HostAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -640,14 +656,21 @@ int HostAllocate::pool_allocate(
HostPool * hpool = static_cast<HostPool *>(pool);
return hpool->allocate(&id, host, im_mad, vmm_mad, cluster_id, cluster_name,
int rc = hpool->allocate(&id, host, im_mad, vmm_mad, cluster_id, cluster_name,
att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int UserAllocate::pool_allocate(
Request::ErrorCode UserAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -657,15 +680,64 @@ int UserAllocate::pool_allocate(
string passwd = xmlrpc_c::value_string(paramList.getString(2));
string driver = xmlrpc_c::value_string(paramList.getString(3));
UserPool * upool = static_cast<UserPool *>(pool);
vector<int> gids;
int ugid = att.gid;
string ugname = att.gname;
vector<xmlrpc_c::value> param_arr;
vector<xmlrpc_c::value>::const_iterator it;
if ( att.gid == GroupPool::ONEADMIN_ID )
if ( paramList.size() > 4 )
{
ugid = GroupPool::USERS_ID;
ugname = GroupPool::USERS_NAME;
param_arr = xmlrpc_c::value_array(paramList.getArray(4)).vectorValueValue();
}
AuthRequest ar(att.uid, att.group_ids);
for (it = param_arr.begin(); it != param_arr.end(); it++)
{
int gid = xmlrpc_c::value_int(*it);
gids.push_back(gid);
PoolObjectAuth perms;
Group* group = gpool->get(gid, true);
if (group == 0)
{
att.resp_id = gid;
att.resp_obj = PoolObjectSQL::GROUP;
return NO_EXISTS;
}
// For compatibility with previous versions, a group admin can create
// a new user in his group only with the USE CREATE permission.
if (att.gid != gid)
{
group->get_permissions(perms);
ar.add_auth(AuthRequest::MANAGE, perms); // MANAGE GROUP
}
group->unlock();
}
if ( att.uid != UserPool::ONEADMIN_ID )
{
if (UserPool::authorize(ar) == -1)
{
att.resp_msg = ar.message;
return Request::AUTHORIZATION;
}
}
if (gids.empty())
{
if ( att.gid == GroupPool::ONEADMIN_ID )
{
gids.push_back(GroupPool::USERS_ID);
}
else
{
gids.push_back(att.gid);
}
}
if (driver.empty())
@ -673,13 +745,21 @@ int UserAllocate::pool_allocate(
driver = UserPool::CORE_AUTH;
}
return upool->allocate(&id,ugid,uname,ugname,passwd,driver,true,att.resp_msg);
int rc = static_cast<UserPool *>(pool)->allocate(&id,uname,passwd,
driver,true,gids,att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int GroupAllocate::pool_allocate(
Request::ErrorCode GroupAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -695,7 +775,7 @@ int GroupAllocate::pool_allocate(
if (rc == -1)
{
return rc;
return Request::INTERNAL;
}
Vdc* vdc = vdcpool->get(VdcPool::DEFAULT_ID, true);
@ -709,13 +789,18 @@ int GroupAllocate::pool_allocate(
vdc->unlock();
}
return rc;
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int DatastoreAllocate::pool_allocate(
Request::ErrorCode DatastoreAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -733,14 +818,21 @@ int DatastoreAllocate::pool_allocate(
cluster_ids.insert(cluster_id);
}
return dspool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
int rc = dspool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
ds_tmpl, &id, cluster_ids, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int ClusterAllocate::pool_allocate(
Request::ErrorCode ClusterAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -750,13 +842,20 @@ int ClusterAllocate::pool_allocate(
ClusterPool * clpool = static_cast<ClusterPool *>(pool);
return clpool->allocate(name, &id, att.resp_msg);
int rc = clpool->allocate(name, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int DocumentAllocate::pool_allocate(
Request::ErrorCode DocumentAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -766,8 +865,15 @@ int DocumentAllocate::pool_allocate(
DocumentPool * docpool = static_cast<DocumentPool *>(pool);
return docpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
int rc = docpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
type, tmpl, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
@ -789,7 +895,7 @@ void ZoneAllocate::request_execute(xmlrpc_c::paramList const& params,
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int ZoneAllocate::pool_allocate(
Request::ErrorCode ZoneAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -799,13 +905,20 @@ int ZoneAllocate::pool_allocate(
ZonePool * zonepool = static_cast<ZonePool *>(pool);
return zonepool->allocate(tmpl, &id, att.resp_msg);
int rc = zonepool->allocate(tmpl, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int SecurityGroupAllocate::pool_allocate(
Request::ErrorCode SecurityGroupAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -813,14 +926,21 @@ int SecurityGroupAllocate::pool_allocate(
{
SecurityGroupPool * sgpool = static_cast<SecurityGroupPool *>(pool);
return sgpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
int rc = sgpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
tmpl, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VdcAllocate::pool_allocate(
Request::ErrorCode VdcAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -830,13 +950,20 @@ int VdcAllocate::pool_allocate(
VdcPool * vdcpool = static_cast<VdcPool *>(pool);
return vdcpool->allocate(tmpl, &id, att.resp_msg);
int rc = vdcpool->allocate(tmpl, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualRouterAllocate::pool_allocate(
Request::ErrorCode VirtualRouterAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -844,8 +971,15 @@ int VirtualRouterAllocate::pool_allocate(
{
VirtualRouterPool * vrpool = static_cast<VirtualRouterPool *>(pool);
return vrpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
int rc = vrpool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
tmpl, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
@ -891,7 +1025,7 @@ bool VirtualRouterAllocate::allocate_authorization(
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int MarketPlaceAllocate::pool_allocate(
Request::ErrorCode MarketPlaceAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -900,14 +1034,21 @@ int MarketPlaceAllocate::pool_allocate(
MarketPlacePool * mppool = static_cast<MarketPlacePool *>(pool);
MarketPlaceTemplate * ttmpl = static_cast<MarketPlaceTemplate *>(tmpl);
return mppool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
int rc = mppool->allocate(att.uid, att.gid, att.uname, att.gname, att.umask,
ttmpl, &id, att.resp_msg);
if (rc < 0)
{
return Request::INTERNAL;
}
return Request::SUCCESS;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int MarketPlaceAppAllocate::pool_allocate(
Request::ErrorCode MarketPlaceAppAllocate::pool_allocate(
xmlrpc_c::paramList const& paramList,
Template * tmpl,
int& id,
@ -929,7 +1070,7 @@ int MarketPlaceAppAllocate::pool_allocate(
if ( mp == 0 )
{
att.resp_msg = "Cannot find associated MARKETPLACE";
return -1;
return Request::INTERNAL;
}
std::string mp_name = mp->get_name();
@ -939,7 +1080,7 @@ int MarketPlaceAppAllocate::pool_allocate(
att.resp_msg = "Create disabled for market: " + mp_name;
mp->unlock();
return -1;
return Request::ACTION;
}
if ( mp->get_zone_id() != Nebula::instance().get_zone_id() )
@ -947,7 +1088,7 @@ int MarketPlaceAppAllocate::pool_allocate(
att.resp_msg = "Marketplace is not in this OpenNebula zone";
mp->unlock();
return -1;
return Request::ACTION;
}
mp->to_xml(mp_data);
@ -962,7 +1103,7 @@ int MarketPlaceAppAllocate::pool_allocate(
if (rc < 0)
{
return rc;
return Request::INTERNAL;
}
mp = mppool->get(mp_id, true);
@ -982,7 +1123,7 @@ int MarketPlaceAppAllocate::pool_allocate(
app->unlock();
}
return -1;
return Request::INTERNAL;
}
mp->add_marketapp(id);
@ -996,9 +1137,9 @@ int MarketPlaceAppAllocate::pool_allocate(
// ---------------------------------------------------------------------- //
if (marketm->import_app(id, mp_data, att.resp_msg) == -1)
{
return -1;
return Request::INTERNAL;
}
return 0;
return Request::SUCCESS;
}

3
src/sunstone/models/OpenNebulaJSON/UserJSON.rb
View File

@ -28,7 +28,8 @@ module OpenNebulaJSON
self.allocate(user_hash['name'],
user_hash['password'],
user_hash['auth_driver'])
user_hash['auth_driver'],
user_hash['gids'])
end
def perform_action(template_json)

2
src/sunstone/public/app/tabs/groups-tab/form-panels/create.js
View File

@ -61,7 +61,7 @@ define(function(require) {
}
};
this.userCreation = new UserCreation(FORM_PANEL_ID);
this.userCreation = new UserCreation(FORM_PANEL_ID, { group_select: false });
BaseFormPanel.call(this);
}

3
src/sunstone/public/app/tabs/users-tab/dialogs/auth-driver.js
View File

@ -40,7 +40,8 @@ define(function(require) {
function Dialog() {
this.dialogId = DIALOG_ID;
this.userCreation = new UserCreation(DIALOG_ID, {name: false, password: false});
this.userCreation = new UserCreation(DIALOG_ID,
{name: false, password: false, group_select: false});
BaseDialog.call(this);
}

3
src/sunstone/public/app/tabs/users-tab/dialogs/password.js
View File

@ -41,7 +41,8 @@ define(function(require) {
function Dialog() {
this.dialogId = DIALOG_ID;
this.userCreation = new UserCreation(DIALOG_ID, {name: false, auth_driver: false});
this.userCreation = new UserCreation(DIALOG_ID,
{name: false, auth_driver: false, group_select: false});
BaseDialog.call(this);
}

8
src/sunstone/public/app/tabs/users-tab/form-panels/create.js
View File

@ -24,6 +24,8 @@ define(function(require) {
var Sunstone = require('sunstone');
var Locale = require('utils/locale');
var UserCreation = require('tabs/users-tab/utils/user-creation');
var Sunstone = require('sunstone');
var Notifier = require('utils/notifier');
/*
TEMPLATES
@ -88,6 +90,12 @@ define(function(require) {
"user" : this.userCreation.retrieve(context)
};
if (user_json.user.gid == "-1" && user_json.user.gids.lenght != 0){
Sunstone.hideFormPanelLoading(this.tabId);
Notifier.notifyError(Locale.tr("To define secondary groups you need to also set the main group"));
return false;
}
Sunstone.runAction("User.create",user_json);
return false;
}

50
src/sunstone/public/app/tabs/users-tab/utils/user-creation.js
View File

@ -18,6 +18,9 @@ define(function(require) {
var TemplateHTML = require('hbs!./user-creation/html');
var Config = require('sunstone-config');
var GroupsTable = require('tabs/groups-tab/datatable');
var UniqueId = require('utils/unique-id');
var ResourceSelect = require('utils/resource-select');
/**
* @param {string} idPrefix
@ -26,6 +29,7 @@ define(function(require) {
* - name: true, false
* - password: true, false
* - auth_driver: true, false
* - group_select: true, false
*/
function UserCreation(idPrefix, options) {
this.idPrefix = idPrefix;
@ -48,11 +52,21 @@ define(function(require) {
this.options.auth_driver = true;
}
if (this.options.group_select == undefined){
this.options.group_select = true;
}
if (Config.onedConf.AUTH_MAD !== undefined && Config.onedConf.AUTH_MAD['AUTHN'] !== undefined) {
this.authMadNameList = Config.onedConf.AUTH_MAD['AUTHN'].split(',');
} else {
this.authMadNameList = []
}
this.groupsTable = new GroupsTable('user-creation-'+UniqueId.id(), {
info: false,
select: true,
selectOptions: {'multiple_choice': true}
});
}
UserCreation.prototype.constructor = UserCreation;
@ -68,7 +82,8 @@ define(function(require) {
function _html(){
return TemplateHTML({
'idPrefix': this.idPrefix,
'authMadNameList': this.authMadNameList
'authMadNameList': this.authMadNameList,
'groupsTableHTML': this.groupsTable.dataTableHTML
});
}
@ -93,6 +108,11 @@ define(function(require) {
$('.auth_driver_row', context).hide();
}
if (this.options.group_select == false){
$('.main_group_row', context).hide();
$('.secondary_groups_row', context).hide();
}
$('#'+that.idPrefix+'_driver', context).change(function(){
if ($(this).val() == "ldap"){
$('#'+that.idPrefix+'_pass',context).removeAttr('required');
@ -113,6 +133,16 @@ define(function(require) {
$('input[name="custom_auth"]',context).removeAttr('required');
}
});
ResourceSelect.insert({
context: $('.main_group_div', context),
resourceName: 'Group',
extraOptions: '<option value="-1">'+Locale.tr("Default")+'</option>',
emptyValue: false
});
that.groupsTable.initialize();
this.groupsTable.refreshResourceTableSelect();
}
/**
@ -135,10 +165,26 @@ define(function(require) {
user_password = "-";
}
var gid = $("div.main_group_div .resource_list_select", context).val();
var groups = [];
if (gid != "-1"){
groups = [parseInt(gid)];
}
var selectedGroupsList = that.groupsTable.retrieveResourceTableSelect();
$.each(selectedGroupsList, function(i,id){
groups.push( parseInt(id) );
});
return {
"name" : user_name,
"password" : user_password,
"auth_driver" : driver
"auth_driver" : driver,
"gid" : gid,
"gids" : groups
};
}

19
src/sunstone/public/app/tabs/users-tab/utils/user-creation/html.hbs
View File

@ -47,3 +47,22 @@
</div>
</div>
</div>
<div class="row main_group_row">
<div class="large-12 columns">
<label>
{{tr "Main Group"}}
<div class="main_group_div">
</div>
</label>
</div>
</div>
<div class="row secondary_groups_row">
<div class="large-12 columns">
<br/>
<label>
{{tr "Secondary Groups"}}
</label>
<br/>
{{{groupsTableHTML}}}
</div>
</div>

153
src/um/UserPool.cc
View File

@ -67,6 +67,7 @@ UserPool::UserPool(SqlDB * db,
string one_name;
string one_pass;
string random;
vector<int> gids;
string filenames[5];
string error_str;
@ -153,13 +154,14 @@ UserPool::UserPool(SqlDB * db,
ofile.close();
}
gids.push_back(GroupPool::ONEADMIN_ID);
allocate(&one_uid,
GroupPool::ONEADMIN_ID,
one_name,
GroupPool::ONEADMIN_NAME,
one_pass,
UserPool::CORE_AUTH,
true,
gids,
error_str);
if ( one_uid != 0 )
@ -168,12 +170,11 @@ UserPool::UserPool(SqlDB * db,
}
allocate(&server_uid,
GroupPool::ONEADMIN_ID,
SERVER_NAME,
GroupPool::ONEADMIN_NAME,
one_util::sha1_digest(random),
"server_cipher",
true,
gids,
error_str);
if ( server_uid != 1 )
@ -224,23 +225,25 @@ error_common:
int UserPool::allocate (
int * oid,
int gid,
const string& uname,
const string& gname,
const string& password,
const string& auth,
bool enabled,
const vector<int>& gids,
string& error_str)
{
Nebula& nd = Nebula::instance();
User * user;
GroupPool * gpool;
GroupPool * gpool = nd.get_gpool();
Group * group;
string auth_driver = auth;
string upass = password;
int gid;
string gname;
ostringstream oss;
if (nd.is_federation_slave())
@ -282,11 +285,32 @@ int UserPool::allocate (
upass = one_util::sha1_digest(password);
}
if (gids.empty())
{
goto error_no_groups;
}
gid = gids[0];
group = gpool->get(gid, true);
if( group == 0 )
{
goto error_group;
}
gname = group->get_name();
group->unlock();
// Build a new User object
user = new User(-1, gid, uname, gname, upass, auth_driver, enabled);
// Add the primary group to the collection
user->groups.add(gid);
// Add the primary and secondary groups to the collection
for(vector<int>::const_iterator it = gids.begin(); it != gids.end(); it++)
{
user->add_group(*it);
}
// Set a password for the OneGate tokens
user->add_template_attribute("TOKEN_PASSWORD", one_util::random_password());
@ -299,21 +323,23 @@ int UserPool::allocate (
return *oid;
}
// Adds User to group
gpool = nd.get_gpool();
group = gpool->get(gid, true);
if( group == 0 )
// Add the user to the main and secondary groups
for(vector<int>::const_iterator it = gids.begin(); it != gids.end(); it++)
{
return -1;
group = gpool->get(*it, true);
if( group == 0 ) //Secondary group no longer exists
{
goto error_group;
}
group->add_user(*oid);
gpool->update(group);
group->unlock();
}
group->add_user(*oid);
gpool->update(group);
group->unlock();
return *oid;
error_pass:
@ -328,6 +354,44 @@ error_duplicated:
oss << "NAME is already taken by USER " << user->get_oid() << ".";
goto error_common;
error_no_groups:
oss << "The array of groups needs to have at least one Group ID.";
goto error_common;
error_group:
user = get(*oid, true);
if ( user != 0 )
{
string aux_str;
drop(user, aux_str);
user->unlock();
}
// Remove from all the groups, just in case the user id was added to a any
// of them before a non-existing group was found
for(vector<int>::const_iterator it = gids.begin(); it != gids.end(); it++)
{
group = gpool->get(*it, true);
if( group == 0 ) //Secondary group no longer exists
{
continue;
}
group->del_user(*oid);
gpool->update(group);
group->unlock();
}
oss << "One or more of the groups "
<< one_util::join(gids.begin(), gids.end(), ',') << " do not exist.";
goto error_common;
error_common:
*oid = -1;
error_str = oss.str();
@ -895,9 +959,7 @@ bool UserPool::authenticate_external(const string& username,
Nebula& nd = Nebula::instance();
AuthManager * authm = nd.get_authm();
GroupPool * gpool = nd.get_gpool();
User* user;
Group* group;
Group* group;
int gid = -1;
int rc;
@ -905,6 +967,8 @@ bool UserPool::authenticate_external(const string& username,
set<int>::iterator it;
set<int> empty_set;
vector<int> v_group_ids;
AuthRequest ar(-1,empty_set);
if (authm == 0)
@ -965,13 +1029,17 @@ bool UserPool::authenticate_external(const string& username,
group->unlock();
}
// Copy set into vector, copying the group_id first to make sure it is
// the main group
v_group_ids.push_back(group_id);
copy(group_ids.begin(), group_ids.end(), back_inserter(v_group_ids));
allocate(&user_id,
group_id,
mad_name,
gname,
mad_pass,
driver_name,
true,
v_group_ids,
error_str);
if ( user_id == -1 )
@ -979,39 +1047,6 @@ bool UserPool::authenticate_external(const string& username,
goto auth_failure_user;
}
//--------------------------------------------------------------------------
// Add the user to the secondary groups
//--------------------------------------------------------------------------
user = get(user_id,true);
if ( user == 0 )
{
error_str = "User object could not be retrieved";
goto auth_failure_user;
}
for(it = ++group_ids.begin(); it != group_ids.end(); it++)
{
group = gpool->get(*it, true);
if( group == 0 ) //Secondary group no longer exists
{
continue;
}
group->add_user(user_id);
gpool->update(group);
group->unlock();
user->add_group(*it);
}
update(user);
user->unlock();
uname = mad_name;
password = mad_pass;