mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-24 02:03:52 +03:00
Feature #2570: Improve CLI support for new group functionality
This commit is contained in:
parent
9adf83c7d2
commit
eb515a4756
@ -524,7 +524,6 @@ INSTALL_CLIENT_FILES=(
|
||||
CLI_BIN_FILES:$BIN_LOCATION
|
||||
CLI_LIB_FILES:$LIB_LOCATION/ruby/cli
|
||||
ONE_CLI_LIB_FILES:$LIB_LOCATION/ruby/cli/one_helper
|
||||
ETC_CLIENT_FILES:$ETC_LOCATION
|
||||
OZONES_BIN_CLIENT_FILES:$BIN_LOCATION
|
||||
OZONES_LIB_CLIENT_CLI_FILES:$LIB_LOCATION/ruby/cli
|
||||
OZONES_LIB_CLIENT_CLI_HELPER_FILES:$LIB_LOCATION/ruby/cli/ozones_helper
|
||||
@ -1172,8 +1171,7 @@ ONEDB_MIGRATOR_FILES="src/onedb/2.0_to_2.9.80.rb \
|
||||
|
||||
ETC_FILES="share/etc/oned.conf \
|
||||
share/etc/defaultrc \
|
||||
src/scheduler/etc/sched.conf \
|
||||
src/cli/etc/group.default"
|
||||
src/scheduler/etc/sched.conf"
|
||||
|
||||
VMWARE_ETC_FILES="src/vmm_mad/remotes/vmware/vmwarerc"
|
||||
|
||||
@ -1492,8 +1490,6 @@ CLI_CONF_FILES="src/cli/etc/onegroup.yaml \
|
||||
src/cli/etc/onezone.yaml \
|
||||
src/cli/etc/oneacct.yaml"
|
||||
|
||||
ETC_CLIENT_FILES="src/cli/etc/group.default"
|
||||
|
||||
#-----------------------------------------------------------------------------
|
||||
# Sunstone files
|
||||
#-----------------------------------------------------------------------------
|
||||
|
@ -36,15 +36,29 @@ class OneGroupHelper < OpenNebulaHelper::OneHelper
|
||||
puts "ID: #{group.id.to_s}"
|
||||
end
|
||||
|
||||
puts "Creating default ACL rules from #{GROUP_DEFAULT}" if options[:verbose]
|
||||
puts "Creating default ACL rules: #{GROUP_DEFAULT_ACLS}" if options[:verbose]
|
||||
|
||||
exit_code , msg = group.create_acls
|
||||
exit_code , msg = group.create_default_acls
|
||||
|
||||
puts msg
|
||||
puts msg if msg
|
||||
|
||||
exit_code
|
||||
end
|
||||
|
||||
def create_complete_resource(group_hash)
|
||||
group = factory
|
||||
exit_code , msg = group.create(group_hash)
|
||||
|
||||
puts msg if msg
|
||||
|
||||
if OpenNebula.is_error?(exit_code)
|
||||
puts exit_code.message if exit_code.message
|
||||
return -1
|
||||
else
|
||||
return 0
|
||||
end
|
||||
end
|
||||
|
||||
def format_pool(options)
|
||||
config_file = self.class.table_conf
|
||||
|
||||
@ -126,6 +140,35 @@ class OneGroupHelper < OpenNebulaHelper::OneHelper
|
||||
table
|
||||
end
|
||||
|
||||
# Parses a OpenNebula template string and turns it into a Hash
|
||||
# @param [String] tmpl_str template
|
||||
# @return [Hash, Zona::Error] Hash or Error
|
||||
def parse_template(tmpl_str)
|
||||
name_reg =/[\w\d_-]+/
|
||||
variable_reg =/\s*(#{name_reg})\s*=\s*/
|
||||
single_variable_reg =/^#{variable_reg}([^\[]+?)(#.*)?$/
|
||||
|
||||
tmpl = Hash.new
|
||||
tmpl['user'] = Hash.new
|
||||
|
||||
tmpl_str.scan(single_variable_reg) do | m |
|
||||
key = m[0].strip.downcase
|
||||
value = m[1].strip
|
||||
case key
|
||||
when "admin_user_name"
|
||||
tmpl['user']['name']=value
|
||||
when "admin_user_password"
|
||||
tmpl['user']['password']=value
|
||||
when "admin_user_auth_driver"
|
||||
tmpl['user']['auth_driver']=value
|
||||
else
|
||||
tmpl[key] = value
|
||||
end
|
||||
end
|
||||
|
||||
return tmpl
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def factory(id=nil)
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -75,13 +75,46 @@ cmd=CommandParser::CmdParser.new(ARGV) do
|
||||
|
||||
create_desc = <<-EOT.unindent
|
||||
Creates a new Group
|
||||
|
||||
TODO extend
|
||||
|
||||
EOT
|
||||
|
||||
command :create, create_desc, :name do
|
||||
command :create, create_desc, [:file, nil], :options =>
|
||||
OpenNebulaHelper::GROUP_OPTIONS do
|
||||
|
||||
|
||||
if args[0] && !options.empty?
|
||||
STDERR.puts "You can not use both template file and template"<<
|
||||
" creation options."
|
||||
next -1
|
||||
end
|
||||
|
||||
if options && options[:admin_user]
|
||||
if !options[:admin_passwd]
|
||||
STDERR.puts "Admin user needs password"
|
||||
next -1
|
||||
end
|
||||
|
||||
admin_user=Hash.new
|
||||
admin_user[:name] = options[:admin_user]
|
||||
admin_user[:password] = options[:admin_passwd]
|
||||
if options[:admin_driver]
|
||||
admin_user[:auth_driver] = options[:admin_driver]
|
||||
end
|
||||
options[:user] = admin_user
|
||||
end
|
||||
|
||||
if args[0]
|
||||
helper.create_complete_resource(helper.parse_template(File.open(args[0]).read))
|
||||
elsif !options.empty?
|
||||
helper.create_complete_resource(options)
|
||||
else
|
||||
helper.create_resource(options) do |group|
|
||||
group.allocate(args[0])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
delete_desc = <<-EOT.unindent
|
||||
Deletes the given Group
|
||||
|
@ -35,12 +35,8 @@ module OpenNebula
|
||||
# Flag for requesting connected user's group info
|
||||
SELF = -1
|
||||
|
||||
#Default location for group ACL's
|
||||
if ENV['ONE_LOCATION']
|
||||
GROUP_DEFAULT = ENV['ONE_LOCATION'] + "/etc/group.default"
|
||||
else
|
||||
GROUP_DEFAULT = "/etc/one/group.default"
|
||||
end
|
||||
#Default resource ACL's for group for group ACL's
|
||||
GROUP_DEFAULT_ACLS = "VM+NET+IMAGE+TEMPLATE"
|
||||
|
||||
# Creates a Group description with just its identifier
|
||||
# this method should be used to create plain Group objects.
|
||||
@ -64,42 +60,6 @@ module OpenNebula
|
||||
super(xml,client)
|
||||
end
|
||||
|
||||
#######################################################################
|
||||
# Group utils
|
||||
#######################################################################
|
||||
|
||||
# Creates ACLs for the group. The ACL rules are described in a file
|
||||
def create_acls(filename = GROUP_DEFAULT)
|
||||
if !File.readable?(filename)
|
||||
return -1, "Cannot read deafult ACL file for group"
|
||||
end
|
||||
|
||||
msg = String.new
|
||||
|
||||
File.open(filename).each_line{ |l|
|
||||
next if l.match(/^#/)
|
||||
|
||||
rule = "@#{@pe_id} #{l}"
|
||||
parse = OpenNebula::Acl.parse_rule(rule)
|
||||
|
||||
if OpenNebula.is_error?(parse)
|
||||
return -1, "Error parsing rule #{rule}: #{parse.message}"
|
||||
end
|
||||
|
||||
xml = OpenNebula::Acl.build_xml
|
||||
acl = OpenNebula::Acl.new(xml, @client)
|
||||
|
||||
rc = acl.allocate(*parse)
|
||||
|
||||
if OpenNebula.is_error?(rc)
|
||||
return -1, "Error creating rule #{rule}: #{rc.message}"
|
||||
else
|
||||
msg << "ACL_ID: #{acl.id}\n"
|
||||
end
|
||||
}
|
||||
|
||||
return 0, msg
|
||||
end
|
||||
|
||||
#######################################################################
|
||||
# XML-RPC Methods for the Group Object
|
||||
@ -112,6 +72,107 @@ module OpenNebula
|
||||
|
||||
alias_method :info!, :info
|
||||
|
||||
def create(group_hash)
|
||||
group_hash=Hash[group_hash.map{|(k,v)| [k.to_sym,v]}]
|
||||
if group_hash[:user]
|
||||
group_hash[:user]=Hash[group_hash[:user].map{|(k,v)|
|
||||
[k.to_sym,v]}]
|
||||
end
|
||||
|
||||
rc_alloc = self.allocate(group_hash[:name])
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
# If we have resource providers, add them
|
||||
if group_hash[:cluster_ids]
|
||||
for cid in group_hash[:cluster_ids]
|
||||
# TODO 0 is zone_id
|
||||
self.add_provider({"zone_id"=>0, "cluster_id"=>cid.to_i})
|
||||
end
|
||||
end
|
||||
|
||||
rc, msg = create_default_acls(group_hash[:resources])
|
||||
if OpenNebula.is_error?(rc)
|
||||
self.delete
|
||||
return -1, "Error creating ACL's #{acls}: #{rc.message}"
|
||||
end
|
||||
|
||||
# Create admin group
|
||||
if group_hash[:admin_group]
|
||||
admin_group = OpenNebula::Group.new(OpenNebula::Group.build_xml,
|
||||
@client)
|
||||
rc_alloc = admin_group.allocate(group_hash[:admin_group])
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
# Create group admin user
|
||||
if group_hash[:user] and group_hash[:user][:name] and
|
||||
group_hash[:user][:password]
|
||||
user = OpenNebula::User.new(OpenNebula::User.build_xml,
|
||||
@client)
|
||||
if !group_hash[:user][:auth_driver]
|
||||
rc_alloc = user.allocate(group_hash[:user][:name],
|
||||
group_hash[:user][:password])
|
||||
else
|
||||
rc_alloc = user.allocate(group_hash[:user][:name],
|
||||
group_hash[:user][:password],
|
||||
group_hash[:user][:auth_driver])
|
||||
end
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
admin_group.delete
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
rc_alloc = user.chgrp(self.id)
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
user.delete
|
||||
admin_group.delete
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
rc_alloc = user.addgroup(admin_group.id)
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
user.delete
|
||||
admin_group.delete
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
# Set ACLs for group admin
|
||||
acls = Array.new
|
||||
|
||||
acls << "@#{admin_group.id} USER/* CREATE"
|
||||
acls << "@#{admin_group.id} USER/@#{self.id} " \
|
||||
"USE+MANAGE+ADMIN"
|
||||
acls << "@#{admin_group.id} " \
|
||||
"VM+IMAGE+NET+TEMPLATE/@#{self.id} USE+MANAGE"
|
||||
|
||||
rc, tmp = create_group_acls(acls)
|
||||
|
||||
if OpenNebula.is_error?(rc)
|
||||
user.delete
|
||||
admin_group.delete
|
||||
self.delete
|
||||
return -1, "Error creating acl rules"
|
||||
end
|
||||
end
|
||||
end
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
# Allocates a new Group in OpenNebula
|
||||
#
|
||||
# +groupname+ A string containing the name of the Group.
|
||||
@ -158,6 +219,33 @@ module OpenNebula
|
||||
return call(GROUP_METHODS[:del_provider], @pe_id, zone_id.to_i, cluster_id.to_i)
|
||||
end
|
||||
|
||||
#######################################################################
|
||||
# Group utils
|
||||
#######################################################################
|
||||
# Creates an acl array of acl strings. Returns true or error and
|
||||
# a comma-separated list with the new acl ids
|
||||
def create_group_acls(acls)
|
||||
acls_ids = Array.new
|
||||
rc = true
|
||||
|
||||
acls.each{|rule|
|
||||
acl = OpenNebula::Acl.new(OpenNebula::Acl.build_xml,@client)
|
||||
rc = acl.allocate(*OpenNebula::Acl.parse_rule(rule))
|
||||
break if OpenNebula.is_error?(rc)
|
||||
|
||||
acls_ids << acl.id
|
||||
}
|
||||
|
||||
return rc, acls_ids
|
||||
end
|
||||
|
||||
def create_default_acls(resources=nil)
|
||||
resources = GROUP_DEFAULT_ACLS if !resources
|
||||
acls = Array.new
|
||||
acls << "@#{self.id} #{resources}/* CREATE"
|
||||
create_group_acls(acls)
|
||||
end
|
||||
|
||||
# ---------------------------------------------------------------------
|
||||
# Helpers to get information
|
||||
# ---------------------------------------------------------------------
|
||||
|
@ -26,103 +26,7 @@ module OpenNebulaJSON
|
||||
return group_hash
|
||||
end
|
||||
|
||||
rc_alloc = self.allocate(group_hash['name'])
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
# If we have resource providers, add them
|
||||
if group_hash['cluster_ids']
|
||||
for cid in group_hash['cluster_ids']
|
||||
# TODO 0 is zone_id
|
||||
self.add_provider({"zone_id"=>0, "cluster_id"=>cid.to_i})
|
||||
end
|
||||
else # No Resource provider
|
||||
# This rule allows users in the group to deploy VMs
|
||||
# in any host in the cloud
|
||||
acls = Array.new
|
||||
acls << "@#{self.id} HOST/* MANAGE"
|
||||
rc, tmp = create_group_acls(acls)
|
||||
if OpenNebula.is_error?(rc)
|
||||
self.delete
|
||||
return -1, "Error creating rule #{rule}: #{rc.message}"
|
||||
end
|
||||
end
|
||||
|
||||
# Set default ACLs for group
|
||||
rc_acl, msg = self.create_acls
|
||||
if rc_acl == -1
|
||||
self.delete
|
||||
return rc_acl
|
||||
end
|
||||
|
||||
# Create admin group
|
||||
if group_hash['admin_group']
|
||||
admin_group = OpenNebula::Group.new(OpenNebula::Group.build_xml,
|
||||
@client)
|
||||
rc_alloc = admin_group.allocate(group_hash['admin_group'])
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
# Create group admin user
|
||||
if group_hash['user'] and group_hash['user']['name'] and
|
||||
group_hash['user']['password']
|
||||
user = OpenNebula::User.new(OpenNebula::User.build_xml,
|
||||
@client)
|
||||
rc_alloc = user.allocate(group_hash['user']['name'],
|
||||
group_hash['user']['password'],
|
||||
group_hash['user']['auth_driver'])
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
admin_group.delete
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
rc_alloc = user.chgrp(self.id)
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
user.delete
|
||||
admin_group.delete
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
rc_alloc = user.addgroup(admin_group.id)
|
||||
|
||||
if OpenNebula.is_error?(rc_alloc)
|
||||
# Rollback
|
||||
user.delete
|
||||
admin_group.delete
|
||||
self.delete
|
||||
return rc_alloc
|
||||
end
|
||||
|
||||
# Set ACLs for group admin
|
||||
acls = Array.new
|
||||
|
||||
acls << "@#{admin_group.id} USER/* CREATE"
|
||||
acls << "@#{admin_group.id} USER/@#{self.id} " \
|
||||
"USE+MANAGE+ADMIN"
|
||||
acls << "@#{admin_group.id} " \
|
||||
"VM+IMAGE+TEMPLATE/@#{self.id} USE+MANAGE"
|
||||
|
||||
rc, tmp = create_group_acls(acls)
|
||||
|
||||
if OpenNebula.is_error?(rc)
|
||||
self.delete
|
||||
return -1, "Error creating acl rules"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
return rc_alloc
|
||||
super(group_hash)
|
||||
end
|
||||
|
||||
def perform_action(template_json)
|
||||
@ -160,24 +64,5 @@ module OpenNebulaJSON
|
||||
def del_provider(params=Hash.new)
|
||||
super(params['zone_id'].to_i, params['cluster_id'].to_i)
|
||||
end
|
||||
|
||||
# Creates an acl array of acl strings. Returns true or error and
|
||||
# a comma-separated list with the new acl ids
|
||||
def create_group_acls(acls)
|
||||
`echo "ACLS #{acls}" >> /tmp/uu`
|
||||
acls_ids = Array.new
|
||||
rc = true
|
||||
|
||||
acls.each{|rule|
|
||||
acl = OpenNebula::Acl.new(OpenNebula::Acl.build_xml,@client)
|
||||
rc = acl.allocate(*OpenNebula::Acl.parse_rule(rule))
|
||||
|
||||
break if OpenNebula.is_error?(rc)
|
||||
|
||||
acls_ids << acl.id
|
||||
}
|
||||
|
||||
return rc, acls_ids
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
x
Reference in New Issue
Block a user