mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-16 22:50:10 +03:00
Task #909: Update oZones to be compatible with new auth.
The zona passwords are now encrypted at creation time and decrypted when needed to create OpenNebula clients. VDC user creation updated too.
This commit is contained in:
Hector Sanjuan
parent
b03cbd907b
commit
e8fd81a780
@ -28,7 +28,13 @@ require 'OZones/AggregatedImages'
|
||||
require 'OZones/AggregatedUsers'
|
||||
require 'OZones/AggregatedTemplates'
|
||||
|
||||
require 'openssl'
|
||||
require 'digest/sha1'
|
||||
require 'base64'
|
||||
|
||||
module OZones
|
||||
|
||||
CIPHER="aes-256-cbc"
|
||||
# -------------------------------------------------------------------------
|
||||
# The Error Class represents a generic error in the OZones
|
||||
# library. It contains a readable representation of the error.
|
||||
@ -66,4 +72,37 @@ module OZones
|
||||
def self.str_to_json(str)
|
||||
return JSON.pretty_generate({:message => str})
|
||||
end
|
||||
|
||||
def self.readKey
|
||||
begin
|
||||
credentials = IO.read(ENV['OZONES_AUTH']).strip
|
||||
return Digest::SHA1.hexdigest(credentials);
|
||||
rescue
|
||||
return "";
|
||||
end
|
||||
end
|
||||
|
||||
def self.encrypt(plain_txt)
|
||||
#prepare cipher object
|
||||
cipher = OpenSSL::Cipher.new(CIPHER)
|
||||
cipher.encrypt
|
||||
cipher.key = OZones.readKey
|
||||
|
||||
enc_txt = cipher.update(plain_txt)
|
||||
enc_txt << cipher.final
|
||||
|
||||
Base64::encode64(enc_txt).strip.delete("\n")
|
||||
end
|
||||
|
||||
def self.decrypt(b64_txt)
|
||||
#prepare cipher object
|
||||
cipher = OpenSSL::Cipher.new(CIPHER)
|
||||
cipher.decrypt
|
||||
cipher.key = OZones.readKey
|
||||
|
||||
enc_txt = Base64::decode64(b64_txt)
|
||||
|
||||
plain_txt = cipher.update(enc_txt)
|
||||
plain_txt << cipher.final
|
||||
end
|
||||
end
|
||||
|
||||
@ -34,7 +34,7 @@ module OZones
|
||||
|
||||
zone_pool_hash = zone.to_hash["ZONE"]
|
||||
|
||||
client = OpenNebula::Client.new(zone.ONENAME + ":" + zone.ONEPASS,
|
||||
client = OpenNebula::Client.new("#{zone.ONENAME}:#{zone.ONEPASS}",
|
||||
zone.ENDPOINT)
|
||||
|
||||
pool = factory(client)
|
||||
|
||||
@ -90,10 +90,8 @@ module OZones
|
||||
@zone = zone
|
||||
end
|
||||
|
||||
@client = OpenNebula::Client.new(
|
||||
"#{@zone.ONENAME}:#{@zone.ONEPASS}",
|
||||
@zone.ENDPOINT,
|
||||
false)
|
||||
@client = OpenNebula::Client.new("#{@zone.ONENAME}:#{@zone.ONEPASS}",
|
||||
@zone.ENDPOINT)
|
||||
end
|
||||
|
||||
def to_json
|
||||
@ -115,7 +113,7 @@ module OZones
|
||||
#Create a vdc record
|
||||
@vdc = Vdc.new
|
||||
|
||||
vdcpass = Digest::SHA1.hexdigest(vdc_data.delete(:VDCADMINPASS))
|
||||
vdcpass = vdc_data.delete(:VDCADMINPASS)
|
||||
@vdc.attributes = vdc_data
|
||||
|
||||
# Create a group in the zone with the VDC name
|
||||
|
||||
@ -66,6 +66,12 @@ module OZones
|
||||
return zone_attributes
|
||||
end
|
||||
|
||||
def ONEPASS
|
||||
pw = super
|
||||
OZones.decrypt(pw)
|
||||
end
|
||||
|
||||
|
||||
#######################################################################
|
||||
# Zone Data Management
|
||||
#######################################################################
|
||||
@ -79,12 +85,13 @@ module OZones
|
||||
}
|
||||
|
||||
# Digest and check credentials
|
||||
zone_data[:ONEPASS] = Digest::SHA1.hexdigest(zone_data[:ONEPASS])
|
||||
name = zone_data[:ONENAME]
|
||||
pass = zone_data[:ONEPASS]
|
||||
|
||||
$stderr.puts zone_data
|
||||
zone_data[:ONEPASS] = OZones.encrypt(pass)
|
||||
|
||||
rc = OpenNebulaZone::check_oneadmin(zone_data[:ONENAME],
|
||||
zone_data[:ONEPASS],
|
||||
rc = OpenNebulaZone::check_oneadmin(name,
|
||||
pass,
|
||||
zone_data[:ENDPOINT])
|
||||
|
||||
if OpenNebula.is_error?(rc)
|
||||
@ -101,6 +108,7 @@ module OZones
|
||||
zone.attributes = zone_data
|
||||
zone.save
|
||||
rescue => e
|
||||
$stderr.puts e.backtrace
|
||||
return OZones::Error.new(e.message)
|
||||
end
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user