bosh-director 1.3000.0 → 1.3001.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ba2ff6a9c8c7c521d934f1f35d503ca599c61716
-  data.tar.gz: 5cecae6a2b9ad5d9276a02f22cfaced254f93318
+  metadata.gz: 91ee041025021bd6951468bb3b7ddade9cfbd156
+  data.tar.gz: 88e4bbd9f8d8ace47039dc90ca417f993973b9e9
 SHA512:
-  metadata.gz: 32db876c4d563a6118289e956926b957c636bbe9ae00636f723b3adf2832a5d880b779b50b7ba2c10bd55d9d9849066c17e1dc0500babd85bd8d728d5b101b81
-  data.tar.gz: 021630149470426da1313f8af9e008ca2a4724dff5f144f26e2b4ff8459359fefb0ca1650de4e1a7c0e7d57b560dcb273638339af8173e57c4c2aa591d6684ea
+  metadata.gz: 7c1c17476af49745d5ec1f2b2ca1753c2af6fac762ffe8e7e4fa089e36e9f957a503f381a4fea17c42d8d8d4cffe27a7f48975e73c85eba124f159c217b1843d
+  data.tar.gz: 43f25613d07eb8adacc947eb4f9073fcf3727b0636582bf00942ab918ef7013674103c1245477fc72c3dd09679d479ddd94d84fff0578b2691588ae35b5da354

data/lib/bosh/director/api/controllers/info_controller.rb

@@ -7,7 +7,7 @@ module Bosh::Director
         false
       end
 
-      get '/', scope: :read do
+      get '/' do
         status = {
           'name' => Config.name,
           'uuid' => Config.uuid,

data/lib/bosh/director/api/extensions/scoping.rb

@@ -34,9 +34,14 @@ module Bosh::Director
               end
             end
 
-            if (@user.nil? || !@user.has_access?(scope)) && requires_authentication?
+            if requires_authentication? && (@user.nil? || !identity_provider.valid_access?(@user, scope))
               response['WWW-Authenticate'] = 'Basic realm="BOSH Director"'
-              throw(:halt, [401, "Not authorized\n"])
+              if @user.nil?
+                message = "Not authorized\n"
+              else
+                message = "Not authorized: #{request.path} requires one of the scopes: #{identity_provider.required_scopes(scope).join(", ")}\n"
+              end
+              throw(:halt, [401, message])
             end
           end
         end

data/lib/bosh/director/api/local_identity_provider.rb

@@ -21,30 +21,24 @@ module Bosh
         def get_user(request_env)
           auth ||= Rack::Auth::Basic::Request.new(request_env)
           raise AuthenticationError unless auth.provided? && auth.basic? && auth.credentials
-          if @user_manager.authenticate(*auth.credentials)
-            username = auth.credentials.first
-            password = auth.credentials[1]
-            LocalUser.new(@user_manager, username, password)
-          else
+
+          unless @user_manager.authenticate(*auth.credentials)
             raise AuthenticationError
           end
-        end
 
-        class LocalUser
-
-          attr_reader :username
+          LocalUser.new(*auth.credentials)
+        end
 
-          def initialize(user_manager, username, password)
-            @user_manager = user_manager
-            @username = username
-            @password = password
-          end
+        def valid_access?(user, _)
+          @user_manager.authenticate(user.username, user.password)
+        end
 
-          def has_access?(_)
-            @user_manager.authenticate(@username, @password)
-          end
+        def required_scopes(_)
+          raise NotImplemented
         end
       end
+
+      class LocalUser < Struct.new(:username, :password); end
     end
   end
 end

data/lib/bosh/director/api/uaa_identity_provider.rb

@@ -27,47 +27,60 @@ module Bosh
         def get_user(request_env)
           auth_header = request_env['HTTP_AUTHORIZATION']
           token = @token_coder.decode(auth_header)
-          UaaUser.new(token, @director_uuid)
+          UaaUser.new(token)
         rescue CF::UAA::DecodeError, CF::UAA::AuthError => e
           raise AuthenticationError, e.message
         end
-      end
 
-      class UaaUser
+        def valid_access?(user, requested_access)
+          if user.scopes
+            required_scopes = required_scopes(requested_access)
+            return has_admin_scope?(user.scopes) || contains_requested_scope?(required_scopes, user.scopes)
+          end
 
-        attr_reader :token
+          false
+        end
 
-        def initialize(token, director_uuid)
-          @token = token
-          @director_uuid = director_uuid
+        def required_scopes(requested_access)
+          permissions[requested_access]
         end
 
-        def username
-          @token['user_name'] || @token['client_id']
+        private
+
+        def permissions
+          {
+            :read  => ['bosh.admin', "bosh.#{@director_uuid}.admin", 'bosh.read', "bosh.#{@director_uuid}.read"],
+            :write => ['bosh.admin', "bosh.#{@director_uuid}.admin"]
+          }
         end
 
-        def has_access?(requested_access)
-          if @token['scope']
-            if token_has_admin_scope?(@token['scope'])
-              return true
-            end
+        def has_admin_scope?(token_scopes)
+          !(intersect(permissions[:write], token_scopes).empty?)
+        end
 
-            if requested_access == :read && token_has_read_scope?(@token['scope'])
-              return true
-            end
-          end
+        def contains_requested_scope?(valid_scopes, token_scopes)
+          return false unless valid_scopes
+          !(intersect(valid_scopes, token_scopes).empty?)
+        end
 
-          false
+        def intersect(valid_scopes, token_scopes)
+          valid_scopes & token_scopes
         end
+      end
 
-        private
+      class UaaUser
+        attr_reader :token
+
+        def initialize(token)
+          @token = token
+        end
 
-        def token_has_read_scope?(token_scope)
-          token_scope.include?('bosh.read') || token_scope.include?("bosh.#{@director_uuid}.read")
+        def username
+          @token['user_name'] || @token['client_id']
         end
 
-        def token_has_admin_scope?(token_scope)
-          token_scope.include?('bosh.admin') || token_scope.include?("bosh.#{@director_uuid}.admin")
+        def scopes
+          @token['scope']
         end
       end
     end

data/lib/bosh/director/api/user/config_user_manager.rb

@@ -11,22 +11,13 @@ module Bosh::Director
         false
       end
 
-      # @param [String] name User name
-      def find_by_name(name)
-        user = @users.find { |u| u['name'] == name }
-        if user.nil?
-          raise UserNotFound, "User `#{name}' doesn't exist"
-        end
-        User.new(user)
-      end
-
       def authenticate(username, password)
         return false if username.empty? || password.empty?
 
-        user = find_by_name(username)
-        user.password == password
-      rescue UserNotFound
-        false
+        user = @users.find { |u| u['name'] == username }
+        return false if user.nil?
+
+        user['password'] == password
       end
 
       def delete_user(_)
@@ -45,16 +36,5 @@ module Bosh::Director
         raise NotSupported
       end
     end
-
-    private
-
-    class User
-      attr_reader :username, :password
-
-      def initialize(options)
-        @username = options.fetch('name')
-        @password = options.fetch('password')
-      end
-    end
   end
 end

data/lib/bosh/director/api/user/database_user_manager.rb

@@ -3,17 +3,6 @@
 module Bosh::Director
   module Api
     class DatabaseUserManager
-
-      # @param [String] name User name
-      # @return [Models::User] User
-      def find_by_name(name)
-        user = Models::User[:username => name]
-        if user.nil?
-          raise UserNotFound, "User `#{name}' doesn't exist"
-        end
-        user
-      end
-
       def supports_api_update?
         true
       end
@@ -59,6 +48,16 @@ module Bosh::Director
 
       private
 
+      # @param [String] name User name
+      # @return [Models::User] User
+      def find_by_name(name)
+        user = Models::User[:username => name]
+        if user.nil?
+          raise UserNotFound, "User `#{name}' doesn't exist"
+        end
+        user
+      end
+
       # Saves user in DB and handles validation errors.
       # @param [Models::User]
       # @return [void]

data/lib/bosh/director/jobs/export_release.rb

@@ -13,13 +13,29 @@ module Bosh::Director
       end
 
       def initialize(deployment_name, release_name, release_version, stemcell_os, stemcell_version, options = {})
-      #   DO some initilization
-        logger.info("we are in ExportRelease:initialize #{release_name}/#{release_version} #{stemcell_os}/#{stemcell_version}")
+        @deployment_name = deployment_name
+        @release_name = release_name
+        @release_version = release_version
+        @stemcell_os = stemcell_os
+        @stemcell_version = stemcell_version
       end
 
+
       # @return [void]
       def perform
-        logger.info("we are in ExportRelease:perform")
+        logger.info("Exporting release: #{@release_name}/#{@release_version} for #{@stemcell_os}/#{@stemcell_version}")
+
+        release = Bosh::Director::Models::Release.find(:name => @release_name)
+        if release.nil?
+          raise ReleaseNotFound
+        end
+
+        matching_versions = release.versions_dataset.where(:version => @release_version).all
+        if matching_versions.empty?
+          raise ReleaseVersionNotFound
+        end
+
+        logger.info "!!!RELEASE: #{release.pretty_inspect}"
       end
     end
   end

data/lib/bosh/director/version.rb

@@ -1,5 +1,5 @@
 module Bosh
   module Director
-    VERSION = '1.3000.0'
+    VERSION = '1.3001.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bosh-director
 version: !ruby/object:Gem::Version
-  version: 1.3000.0
+  version: 1.3001.0
 platform: ruby
 authors:
 - VMware
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-24 00:00:00.000000000 Z
+date: 2015-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt-ruby
@@ -30,126 +30,126 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh-director-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh_common
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh-template
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh_cpi
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh_openstack_cpi
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh_aws_cpi
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh_vsphere_cpi
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3000.0
+        version: 1.3001.0
 - !ruby/object:Gem::Dependency
   name: bosh_vcloud_cpi
   requirement: !ruby/object:Gem::Requirement
@@ -572,7 +572,7 @@ dependencies:
         version: '0'
 description: |-
   BOSH Director
-  277382
+  7cc77f
 email: support@cloudfoundry.com
 executables:
 - bosh-director