shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-02-23 21:57:43 +03:00
Code Releases Wiki Activity

feature #203: Integrated VM allocation with AuthManager

Browse Source
This commit is contained in:
Ruben S. Montero 2010-07-09 12:10:05 +02:00
parent f9dbce8935
commit edea2edf2b
12 changed files with 158 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/Image.h
View File

@ -105,7 +105,7 @@ public:
* Returns true if the image is public
* @return true if the image is public
*/
bool is_public()
bool isPublic()
{
return (public_img == 1);
};

28
include/ImagePool.h
View File

@ -29,6 +29,8 @@
using namespace std;
class AuthRequest;
/**
* The Image Pool class.
*/
@ -168,31 +170,7 @@ public:
* @param disk the disk to be generated
* @return 0 on success, -1 error, -2 not using the pool
*/
int disk_attribute(VectorAttribute * disk, int * index)
{
string source;
Image * img;
source = disk->vector_value("NAME");
if (source.empty())
{
return -2;
}
img = get(source,true);
if (img == 0)
{
return -1;
}
int rc = img->disk_attribute(disk,index);
img->unlock();
return rc;
}
int disk_attribute(VectorAttribute * disk, int * index, AuthRequest * ar);
static const string& source_prefix()
{

2
include/UserPool.h
View File

@ -138,7 +138,7 @@ public:
* @param ar, an Authorization Request
* @return -1 if authz failed, 0 otherwise
*/
int authorize(AuthRequest& ar);
static int authorize(AuthRequest& ar);
/**
* Dumps the User pool in XML format. A filter can be also added to the

6
include/VirtualMachine.h
View File

@ -31,6 +31,8 @@ using namespace std;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
class AuthRequest;
/**
* The Virtual Machine class. It represents a VM...
*/
@ -702,7 +704,7 @@ public:
* Get all network leases for this Virtual Machine
* @return 0 if success
*/
int get_network_leases();
int get_network_leases(AuthRequest *ar);
/**
* Releases all network leases taken by this Virtual Machine
@ -713,7 +715,7 @@ public:
* Get all disk images for this Virtual Machine
* @return 0 if success
*/
int get_disk_images();
int get_disk_images(AuthRequest *ar);
/**
* Releases all disk images taken by this Virtual Machine

11
include/VirtualNetwork.h
View File

@ -58,6 +58,15 @@ public:
// Virtual Network Public Methods
// *************************************************************************
/**
* Get the Vnet unique identifier VNID, that matches the OID of the object
* @return VNID Image identifier
*/
int get_vnid() const
{
return oid;
};
/**
* Gets the uid of the owner of the Virtual Network
* @return uid
@ -71,7 +80,7 @@ public:
* Returns true if the Virtual Network is public
* @return true if the Virtual Network is public
*/
bool is_public()
bool isPublic()
{
return (public_vnet == 1);
};

27
include/VirtualNetworkPool.h
View File

@ -24,6 +24,7 @@
using namespace std;
class AuthRequest;
/**
* The Virtual Network Pool class. ...
@ -87,31 +88,7 @@ public:
* @param vid of the VM requesting the lease
* @return 0 on success, -1 error, -2 not using the pool
*/
int nic_attribute(VectorAttribute * nic, int vid)
{
string network;
VirtualNetwork * vnet;
network = nic->vector_value("NETWORK");
if (network.empty())
{
return -2;
}
vnet = get(network,true);
if (vnet == 0)
{
return -1;
}
int rc = vnet->nic_attribute(nic,vid);
vnet->unlock();
return rc;
}
int nic_attribute(VectorAttribute * nic, int vid, AuthRequest *ar);
/**
* Updates the template of a VN, adding a new attribute (replacing it if

35
src/image/ImagePool.cc
View File

@ -19,6 +19,7 @@
/* ************************************************************************** */
#include "ImagePool.h"
#include "AuthManager.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -187,3 +188,37 @@ int ImagePool::dump(ostringstream& oss, const string& where)
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int ImagePool::disk_attribute(VectorAttribute * disk,
int * index,
AuthRequest * ar)
{
string source;
Image * img;
source = disk->vector_value("NAME");
if (source.empty())
{
return -2;
}
img = get(source,true);
if (img == 0)
{
return -1;
}
int rc = img->disk_attribute(disk,index);
ar->add_auth(AuthRequest::IMAGE,
img->get_iid(),
AuthRequest::USE,
img->get_uid(),
img->isPublic());
img->unlock();
return rc;
}

3
src/rm/RequestManagerAction.cc
View File

@ -18,6 +18,7 @@
#include "NebulaLog.h"
#include "Nebula.h"
#include "UserPool.h"
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -76,7 +77,7 @@ void RequestManager::VirtualMachineAction::execute(
ar.add_auth(AuthRequest::VM,vid,AuthRequest::MANAGE,uid,false);
if (upool->authorize(ar) == -1)
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}

40
src/rm/RequestManagerAllocate.cc
View File

@ -27,55 +27,34 @@ void RequestManager::VirtualMachineAllocate::execute(
xmlrpc_c::value * const retval)
{
string session;
string username;
string password;
string vm_template;
int vid;
int uid;
int rc;
Nebula& nd = Nebula::instance();
DispatchManager * dm = nd.get_dm();
User * user;
ostringstream oss;
vector<xmlrpc_c::value> arrayData;
xmlrpc_c::value_array * arrayresult;
NebulaLog::log("ReM",Log::DEBUG,"VirtualMachineAllocate invoked");
session = xmlrpc_c::value_string(paramList.getString(0));
vm_template = xmlrpc_c::value_string(paramList.getString(1));
vm_template += "\n";
// First, we need to authenticate the user
//Authenticate the user
rc = VirtualMachineAllocate::upool->authenticate(session);
if ( rc == -1 )
if (rc == -1)
{
goto error_authenticate;
}
User::split_secret(session,username,password);
// Now let's get the user
user = VirtualMachineAllocate::upool->get(username,true);
if ( user == 0 )
{
goto error_get_user;
}
uid = user->get_uid();
user->unlock();
rc = dm->allocate(uid,vm_template,&vid);
rc = dm->allocate(rc,vm_template,&vid);
if ( rc < 0 )
{
@ -99,19 +78,8 @@ error_authenticate:
oss << "User not authenticated, aborting RequestManagerAllocate call.";
goto error_common;
error_get_user:
oss << "User not recognized, cannot allocate VirtualMachine";
goto error_common;
error_allocate:
if (rc == -1)
{
oss << "Error inserting VM in the database, check oned.log";
}
else
{
oss << "Error parsing VM template";
}
oss << "Error inserting VM in the database, check oned.log";
goto error_common;
error_common:

50
src/rm/RequestManagerImageInfo.cc
View File

@ -23,14 +23,14 @@
void RequestManager::ImageInfo::execute(
xmlrpc_c::paramList const& paramList,
xmlrpc_c::value * const retval)
{
{
string session;
int iid;
int uid;
int iid;
int uid;
int rc;
Image * image;
ostringstream oss;
/* -- RPC specific vars -- */
@ -42,30 +42,30 @@ void RequestManager::ImageInfo::execute(
// Get the parameters
session = xmlrpc_c::value_string(paramList.getString(0));
iid = xmlrpc_c::value_int (paramList.getInt(1));
// Get image from the ImagePool
image = ImageInfo::ipool->get(iid,true);
if ( image == 0 )
{
goto error_image_get;
image = ImageInfo::ipool->get(iid,true);
if ( image == 0 )
{
goto error_image_get;
}
uid = image->get_uid();
// Check if it is a valid user
rc = ImageInfo::upool->authenticate(session);
if ( rc != 0 && rc != uid && !image->is_public())
{
goto error_authenticate;
if ( rc != 0 && rc != uid && !image->isPublic())
{
goto error_authenticate;
}
oss << *image;
image->unlock();
// All nice, return the host info to the client
// All nice, return the host info to the client
arrayData.push_back(xmlrpc_c::value_boolean(true)); // SUCCESS
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
@ -76,13 +76,13 @@ void RequestManager::ImageInfo::execute(
delete arrayresult; // and get rid of the original
return;
error_image_get:
oss << "Error getting image with ID = " << iid;
oss << "Error getting image with ID = " << iid;
goto error_common;
error_authenticate:
oss << "User doesn't exist, or not authorized to use image with " <<
oss << "User doesn't exist, or not authorized to use image with " <<
"ID = " << iid << " , ImageInfo call aborted.";
image->unlock();
goto error_common;
@ -91,13 +91,13 @@ error_common:
arrayData.push_back(xmlrpc_c::value_boolean(false)); // FAILURE
arrayData.push_back(xmlrpc_c::value_string(oss.str()));
NebulaLog::log("ReM",Log::ERROR,oss);
NebulaLog::log("ReM",Log::ERROR,oss);
xmlrpc_c::value_array arrayresult_error(arrayData);
*retval = arrayresult_error;
return;
}

39
src/vm/VirtualMachine.cc
View File

@ -26,6 +26,7 @@
#include "VirtualMachine.h"
#include "VirtualNetworkPool.h"
#include "NebulaLog.h"
#include "AuthManager.h"
#include "Nebula.h"
@ -267,6 +268,8 @@ int VirtualMachine::insert(SqlDB * db)
string value;
ostringstream oss;
AuthRequest ar(uid);
// -----------------------------------------------------------------------
// Set a template ID if it wasn't already assigned
// ------------------------------------------------------------------------
@ -303,7 +306,7 @@ int VirtualMachine::insert(SqlDB * db)
// Get network leases
// ------------------------------------------------------------------------
rc = get_network_leases();
rc = get_network_leases(&ar);
if ( rc != 0 )
{
@ -314,7 +317,7 @@ int VirtualMachine::insert(SqlDB * db)
// Get disk images
// ------------------------------------------------------------------------
rc = get_disk_images();
rc = get_disk_images(&ar);
if ( rc != 0 )
{
@ -341,6 +344,26 @@ int VirtualMachine::insert(SqlDB * db)
parse_graphics();
// ------------------------------------------------------------------------
// Authorize this request
// ------------------------------------------------------------------------
if ( uid != 0 ) // uid == 0 means oneadmin
{
string t64;
ar.add_auth(AuthRequest::VM,
vm_template.to_xml(t64),
AuthRequest::CREATE,
uid,
false);
if (UserPool::authorize(ar) == -1)
{
goto error_authorize;
}
}
// ------------------------------------------------------------------------
// Insert the template first, so we get a valid template ID. Then the VM
// ------------------------------------------------------------------------
@ -385,6 +408,10 @@ error_context:
error_requirements:
NebulaLog::log("ONE",Log::ERROR, "Could not parse REQUIREMENTS for VM");
goto error_common;
error_authorize:
NebulaLog::log("ONE",Log::ERROR, "Error authorizing VM creation");
error_common:
release_network_leases();
@ -792,7 +819,7 @@ void VirtualMachine::get_requirements (int& cpu, int& memory, int& disk)
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualMachine::get_disk_images()
int VirtualMachine::get_disk_images(AuthRequest *ar)
{
int num_disks, rc;
vector<Attribute * > disks;
@ -814,7 +841,7 @@ int VirtualMachine::get_disk_images()
continue;
}
rc = ipool->disk_attribute(disk, &index);
rc = ipool->disk_attribute(disk, &index, ar);
if (rc == -1) // 0 OK, -2 not using the Image pool
{
@ -875,7 +902,7 @@ void VirtualMachine::release_disk_images()
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualMachine::get_network_leases()
int VirtualMachine::get_network_leases(AuthRequest *ar)
{
int num_nics, rc;
vector<Attribute * > nics;
@ -896,7 +923,7 @@ int VirtualMachine::get_network_leases()
continue;
}
rc = vnpool->nic_attribute(nic, oid);
rc = vnpool->nic_attribute(nic, oid, ar);
if (rc == -1)
{

38
src/vnm/VirtualNetworkPool.cc
View File

@ -16,6 +16,7 @@
#include "VirtualNetworkPool.h"
#include "NebulaLog.h"
#include "AuthManager.h"
#include <sstream>
#include <ctype.h>
@ -214,3 +215,40 @@ int VirtualNetworkPool::dump(ostringstream& oss, const string& where)
return rc;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualNetworkPool::nic_attribute(VectorAttribute * nic,
int vid,
AuthRequest * ar)
{
string network;
VirtualNetwork * vnet;
network = nic->vector_value("NETWORK");
if (network.empty())
{
return -2;
}
vnet = get(network,true);
if (vnet == 0)
{
return -1;
}
int rc = vnet->nic_attribute(nic,vid);
ar->add_auth(AuthRequest::NET,
vnet->get_vnid(),
AuthRequest::USE,
vnet->get_uid(),
vnet->isPublic());
vnet->unlock();
return rc;
}