RubyGems - opennebula-oca - Versions diffs - 3.8.0 → 3.9.0.beta - Mend

opennebula-oca 3.8.0 → 3.9.0.beta

Files changed (40) hide show

data/lib/opennebula/pool.rb ADDED Viewed

@@ -0,0 +1,157 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'opennebula/xml_utils'
+module OpenNebula
+    # The Pool class represents a generic OpenNebula Pool in XML format
+    # and provides the basic functionality to handle the Pool elements
+    class Pool < XMLPool
+        include Enumerable
+    protected
+        #pool:: _String_ XML name of the root element
+        #element:: _String_ XML name of the Pool elements
+        #client::  _Client_ represents a XML-RPC connection
+        def initialize(pool,element,client)
+            super(nil)
+            @pool_name    = pool.upcase
+            @element_name = element.upcase
+            @client = client
+        end
+        # Default Factory Method for the Pools. The factory method returns an
+        # suitable PoolElement object. Each Pool MUST implement the
+        # corresponding factory method
+        # element_xml:: _XML_ XML element describing the pool element
+        # [return] a PoolElement object
+        def factory(element_xml)
+            OpenNebula::PoolElement.new(element_xml,client)
+        end
+        #######################################################################
+        # Common XML-RPC Methods for all the Pool Types
+        #######################################################################
+        #Gets the pool without any filter. Host, Group and User Pools
+        # xml_method:: _String_ the name of the XML-RPC method
+        def info(xml_method)
+            return xmlrpc_info(xml_method)
+        end
+        def info_all(xml_method, *args)
+            return xmlrpc_info(xml_method,INFO_ALL,-1,-1, *args)
+        end
+        def info_mine(xml_method, *args)
+            return xmlrpc_info(xml_method,INFO_MINE,-1,-1, *args)
+        end
+        def info_group(xml_method, *args)
+            return xmlrpc_info(xml_method,INFO_GROUP,-1,-1, *args)
+        end
+        def info_filter(xml_method, who, start_id, end_id, *args)
+            return xmlrpc_info(xml_method,who, start_id, end_id, *args)
+        end
+        # Retrieves the monitoring data for all the Objects in the pool
+        #
+        # @param [String] xml_method xml-rcp method
+        # @param [String] root_elem Root for each individual PoolElement
+        # @param [String] timestamp_elem Name of the XML element with the last
+        #   monitorization timestamp
+        # @param [Array<String>] xpath_expressions Elements to retrieve.
+        # @param args arguemnts for the xml_method call
+        #
+        # @return [Hash<String, <Hash<String, Array<Array<int>>>>>,
+        #   OpenNebula::Error] The first level hash uses the Object ID as keys,
+        #   and as value a Hash with the requested xpath expressions,
+        #   and an Array of 'timestamp, value'.
+        def monitoring(xml_method, root_elem, timestamp_elem, xpath_expressions,
+            *args)
+            rc = @client.call(xml_method, *args)
+            if ( OpenNebula.is_error?(rc) )
+                return rc
+            end
+            xmldoc = XMLElement.new
+            xmldoc.initialize_xml(rc, 'MONITORING_DATA')
+            hash = {}
+            # Get all existing Object IDs
+            ids = xmldoc.retrieve_elements("#{root_elem}/ID")
+            if ids.nil?
+                return hash
+            else
+                ids.uniq!
+            end
+            ids.each { |id|
+                hash[id] = OpenNebula.process_monitoring(
+                    xmldoc, root_elem, timestamp_elem, id, xpath_expressions)
+            }
+            return hash
+        end
+    private
+        # Calls to the corresponding info method to retreive the pool
+        # representation in XML format
+        # xml_method:: _String_ the name of the XML-RPC method
+        # args:: _Array_ with additional arguments for the info call
+        # [return] nil in case of success or an Error object
+        def xmlrpc_info(xml_method,*args)
+            rc = @client.call(xml_method,*args)
+            if !OpenNebula.is_error?(rc)
+                initialize_xml(rc,@pool_name)
+                rc   = nil
+            end
+            return rc
+        end
+    public
+        # Constants for info queries (include/RequestManagerPoolInfoFilter.h)
+        INFO_GROUP = -1
+        INFO_ALL   = -2
+        INFO_MINE  = -3
+        # Iterates over every PoolElement in the Pool and calls the block with a
+        # a PoolElement obtained calling the factory method
+        # block:: _Block_
+        def each(&block)
+            each_element(block) if @xml
+        end
+        # DO NOT USE - ONLY REXML BACKEND
+        def to_str
+            str = ""
+            REXML::Formatters::Pretty.new(1).write(@xml,str)
+            return str
+        end
+    end
+end

data/lib/{OpenNebula/Pool.rb → opennebula/pool_element.rb} RENAMED Viewed

@@ -14,146 +14,9 @@
 # limitations under the License.                                             #
 #--------------------------------------------------------------------------- #
+require 'opennebula/pool'
 module OpenNebula
-    # The Pool class represents a generic OpenNebula Pool in XML format
-    # and provides the basic functionality to handle the Pool elements
-    class Pool < XMLPool
-        include Enumerable
-    protected
-        #pool:: _String_ XML name of the root element
-        #element:: _String_ XML name of the Pool elements
-        #client::  _Client_ represents a XML-RPC connection
-        def initialize(pool,element,client)
-            super(nil)
-            @pool_name    = pool.upcase
-            @element_name = element.upcase
-            @client = client
-        end
-        # Default Factory Method for the Pools. The factory method returns an
-        # suitable PoolElement object. Each Pool MUST implement the
-        # corresponding factory method
-        # element_xml:: _XML_ XML element describing the pool element
-        # [return] a PoolElement object
-        def factory(element_xml)
-            OpenNebula::PoolElement.new(element_xml,client)
-        end
-        #######################################################################
-        # Common XML-RPC Methods for all the Pool Types
-        #######################################################################
-        #Gets the pool without any filter. Host, Group and User Pools
-        # xml_method:: _String_ the name of the XML-RPC method
-        def info(xml_method)
-            return xmlrpc_info(xml_method)
-        end
-        def info_all(xml_method, *args)
-            return xmlrpc_info(xml_method,INFO_ALL,-1,-1, *args)
-        end
-        def info_mine(xml_method, *args)
-            return xmlrpc_info(xml_method,INFO_MINE,-1,-1, *args)
-        end
-        def info_group(xml_method, *args)
-            return xmlrpc_info(xml_method,INFO_GROUP,-1,-1, *args)
-        end
-        def info_filter(xml_method, who, start_id, end_id, *args)
-            return xmlrpc_info(xml_method,who, start_id, end_id, *args)
-        end
-        # Retrieves the monitoring data for all the Objects in the pool
-        #
-        # @param [String] xml_method xml-rcp method
-        # @param [String] root_elem Root for each individual PoolElement
-        # @param [String] timestamp_elem Name of the XML element with the last
-        #   monitorization timestamp
-        # @param [Array<String>] xpath_expressions Elements to retrieve.
-        # @param args arguemnts for the xml_method call
-        #
-        # @return [Hash<String, <Hash<String, Array<Array<int>>>>>,
-        #   OpenNebula::Error] The first level hash uses the Object ID as keys,
-        #   and as value a Hash with the requested xpath expressions,
-        #   and an Array of 'timestamp, value'.
-        def monitoring(xml_method, root_elem, timestamp_elem, xpath_expressions,
-            *args)
-            rc = @client.call(xml_method, *args)
-            if ( OpenNebula.is_error?(rc) )
-                return rc
-            end
-            xmldoc = XMLElement.new
-            xmldoc.initialize_xml(rc, 'MONITORING_DATA')
-            hash = {}
-            # Get all existing Object IDs
-            ids = xmldoc.retrieve_elements("#{root_elem}/ID")
-            if ids.nil?
-                return hash
-            else
-                ids.uniq!
-            end
-            ids.each { |id|
-                hash[id] = OpenNebula.process_monitoring(
-                    xmldoc, root_elem, timestamp_elem, id, xpath_expressions)
-            }
-            return hash
-        end
-    private
-        # Calls to the corresponding info method to retreive the pool
-        # representation in XML format
-        # xml_method:: _String_ the name of the XML-RPC method
-        # args:: _Array_ with additional arguments for the info call
-        # [return] nil in case of success or an Error object
-        def xmlrpc_info(xml_method,*args)
-            rc = @client.call(xml_method,*args)
-            if !OpenNebula.is_error?(rc)
-                initialize_xml(rc,@pool_name)
-                rc   = nil
-            end
-            return rc
-        end
-    public
-        # Constants for info queries (include/RequestManagerPoolInfoFilter.h)
-        INFO_GROUP = -1
-        INFO_ALL   = -2
-        INFO_MINE  = -3
-        # Iterates over every PoolElement in the Pool and calls the block with a
-        # a PoolElement obtained calling the factory method
-        # block:: _Block_
-        def each(&block)
-            each_element(block) if @xml
-        end
-        # DO NOT USE - ONLY REXML BACKEND
-        def to_str
-            str = ""
-            REXML::Formatters::Pretty.new(1).write(@xml,str)
-            return str
-        end
-    end
     # The PoolElement Class represents a generic element of a Pool in
     # XML format
     class PoolElement < XMLElement

data/lib/opennebula/server_cipher_auth.rb ADDED Viewed

@@ -0,0 +1,148 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'openssl'
+require 'digest/sha1'
+require 'base64'
+require 'fileutils'
+module OpenNebula; end
+# Server authentication class. This method can be used by OpenNebula services
+# to let access authenticated users by other means. It is based on OpenSSL
+# symmetric ciphers
+class OpenNebula::ServerCipherAuth
+    ###########################################################################
+    #Constants with paths to relevant files and defaults
+    ###########################################################################
+    CIPHER = "aes-256-cbc"
+    ###########################################################################
+    def initialize(srv_user, srv_passwd)
+        @srv_user   = srv_user
+        @srv_passwd = srv_passwd
+        if !srv_passwd.empty?
+            @key = Digest::SHA1.hexdigest(@srv_passwd)
+        else
+            @key = ""
+        end
+        @cipher = OpenSSL::Cipher::Cipher.new(CIPHER)
+    end
+    ###########################################################################
+    # Client side
+    ###########################################################################
+    # Creates a ServerCipher for client usage
+    def self.new_client(srv_user=nil, srv_passwd=nil)
+        if ( srv_user == nil || srv_passwd == nil )
+            begin
+                if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty?
+                    one_auth = File.read(ENV["ONE_CIPHER_AUTH"])
+                else
+                    raise "ONE_CIPHER_AUTH environment variable not set"
+                end
+                one_auth.rstrip!
+                rc =  one_auth.match(/(.*?):(.*)/)
+                if rc.nil?
+                    raise "Bad format for one_auth token (<user>:<passwd>)"
+                else
+                    srv_user   = rc[1]
+                    srv_passwd = rc[2]
+                end
+            rescue => e
+                raise e.message
+            end
+        end
+        self.new(srv_user, srv_passwd)
+    end
+    # Generates a login token in the form:
+    #   - server_user:target_user:time_expires
+    # The token is then encrypted with the contents of one_auth
+    def login_token(expire, target_user=nil)
+        target_user ||= @srv_user
+        token_txt   =   "#{@srv_user}:#{target_user}:#{expire}"
+        token   = encrypt(token_txt)
+        token64 = Base64::encode64(token).strip.delete("\n")
+        return "#{@srv_user}:#{target_user}:#{token64}"
+    end
+    # Returns a valid password string to create a user using this auth driver
+    def password
+        return @srv_passwd
+    end
+    ###########################################################################
+    # Driver side
+    ###########################################################################
+    # Creates a ServerCipher for driver usage
+    def self.new_driver()
+        self.new("","")
+    end
+    # auth method for auth_mad
+    def authenticate(srv_user,srv_pass, signed_text)
+        begin
+            @key = srv_pass
+            s_user, t_user, expires = decrypt(signed_text).split(':')
+            return "User name missmatch" if s_user != srv_user
+            return "login token expired" if Time.now.to_i >= expires.to_i
+            return true
+        rescue => e
+            return e.message
+        end
+    end
+    private
+    def encrypt(data)
+        @cipher.encrypt
+        @cipher.key = @key
+        rc = @cipher.update(data)
+        rc << @cipher.final
+        return rc
+    end
+    def decrypt(data)
+        @cipher.decrypt
+        @cipher.key = @key
+        rc = @cipher.update(Base64::decode64(data))
+        rc << @cipher.final
+        return rc
+    end
+end

data/lib/opennebula/server_x509_auth.rb ADDED Viewed

@@ -0,0 +1,104 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'openssl'
+require 'base64'
+require 'fileutils'
+require 'opennebula/x509_auth'
+module OpenNebula; end
+# Server authentication class. This authmethod can be used by opennebula services
+# to let access authenticated users by other means. It is based on x509 server
+# certificates
+class OpenNebula::ServerX509Auth < OpenNebula::X509Auth
+    ###########################################################################
+    #Constants with paths to relevant files and defaults
+    ###########################################################################
+    SERVER_AUTH_CONF_PATH = ETC_LOCATION + "/auth/server_x509_auth.conf"
+    SERVER_DEFAULTS = {
+        :one_cert => ETC_LOCATION + "/auth/cert.pem",
+        :one_key  => ETC_LOCATION + "/auth/key.pem"
+    }
+    ###########################################################################
+    def initialize()
+        @options = SERVER_DEFAULTS
+        load_options(SERVER_AUTH_CONF_PATH)
+        begin
+            certs = [ File.read(@options[:one_cert]) ]
+            key   =   File.read(@options[:one_key])
+            super(:certs_pem => certs, :key_pem => key)
+        rescue
+            raise
+        end
+        if @options[:srv_user] == nil || @options[:srv_user].empty?
+           raise "User for x509 server not defined"
+        end
+    end
+    ###########################################################################
+    # Client side
+    ###########################################################################
+    # Creates a ServerCipher for client and driver sage
+    class << OpenNebula::ServerX509Auth
+        alias :new_client :new
+        alias :new_driver :new
+    end
+    # Generates a login token in the form:
+    #   - server_user:target_user:time_expires
+    def login_token(expire, target_user=nil)
+        target_user ||= @options[:srv_user]
+        token_txt   =   "#{@options[:srv_user]}:#{target_user}:#{expire}"
+        token   = encrypt(token_txt)
+        token64 = Base64::encode64(token).strip.delete("\n")
+        return "#{@options[:srv_user]}:#{target_user}:#{token64}"
+    end
+    ###########################################################################
+    # Server side
+    ###########################################################################
+    # auth method for auth_mad
+    def authenticate(server_user, server_pass, signed_text)
+        begin
+            s_user, t_user, expires = decrypt(signed_text).split(':')
+            return "Server password missmatch" if server_pass != password
+            return "User name missmatch" if ( s_user != server_user ||
+                                              s_user != @options[:srv_user] )
+            return "login token expired" if Time.now.to_i >= expires.to_i
+            return true
+        rescue => e
+            return e.message
+        end
+    end
+end

data/lib/opennebula/ssh_auth.rb ADDED Viewed

@@ -0,0 +1,139 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'pp'
+require 'openssl'
+require 'base64'
+require 'fileutils'
+module OpenNebula; end
+# SSH key authentication class. It can be used as a driver for auth_mad
+# as auth method is defined. It also holds some helper methods to be used
+# by oneauth command
+class OpenNebula::SshAuth
+    LOGIN_PATH = ENV['HOME']+'/.one/one_ssh'
+    # Initialize SshAuth object
+    #
+    # @param [Hash] default options for path
+    # @option options [String] :public_key public key for the user
+    # @option options [String] :private_key key private key for the user.
+    def initialize(options={})
+        @private_key = nil
+        @public_key  = nil
+        if options[:private_key]
+            begin
+                @private_key = File.read(options[:private_key])
+            rescue Exception => e
+                raise "Cannot read #{options[:private_key]}"
+            end
+        end
+        if options[:public_key]
+            @public_key = options[:public_key]
+        elsif @private_key != nil
+            # Init ssh keys using private key. public key is extracted in a
+            # format compatible with openssl. The public key does not contain
+            # "---- BEGIN/END RSA PUBLIC KEY ----" and is in a single line
+            key = OpenSSL::PKey::RSA.new(@private_key)
+            @public_key = key.public_key.to_pem.split("\n")
+            @public_key = @public_key.reject {|l| l.match(/RSA PUBLIC KEY/) }.join('')
+        end
+        if @private_key.nil? && @public_key.nil?
+            raise "You have to define at least one of the keys"
+        end
+    end
+    # Creates the login file for ssh authentication at ~/.one/one_ssh.
+    # By default it is valid for 1 hour but it can be changed to any number
+    # of seconds with expire parameter (in seconds)
+    def login(user, expire=3600)
+        expire ||= 3600
+        # Init proxy file path and creates ~/.one directory if needed
+        proxy_dir = File.dirname(LOGIN_PATH)
+        begin
+            FileUtils.mkdir_p(proxy_dir)
+        rescue Errno::EEXIST
+        end
+        # Generate security token
+        time = Time.now.to_i + expire.to_i
+        secret_plain   = "#{user}:#{time}"
+        secret_crypted = encrypt(secret_plain)
+        proxy = "#{user}:#{secret_crypted}"
+        file = File.open(LOGIN_PATH, "w")
+        file.write(proxy)
+        file.close
+        File.chmod(0600,LOGIN_PATH)
+        secret_crypted
+    end
+    # Returns a valid password string to create a user using this auth driver.
+    # In this case the ssh public key.
+    def password
+        @public_key
+    end
+    # Checks the proxy created with the login method
+    def authenticate(user, token)
+        begin
+            token_plain = decrypt(token)
+            _user, time = token_plain.split(':')
+            if user == _user
+                if Time.now.to_i >= time.to_i
+                    return "ssh proxy expired, login again to renew it"
+                else
+                    return true
+                end
+            else
+                return "invalid credentials"
+            end
+        rescue
+            return "error"
+        end
+    end
+    private
+    ###########################################################################
+    #                       Methods to handle ssh keys
+    ###########################################################################
+    # Encrypts data with the private key of the user and returns
+    # base 64 encoded output in a single line
+    def encrypt(data)
+        rsa=OpenSSL::PKey::RSA.new(@private_key)
+        Base64::encode64(rsa.private_encrypt(data)).gsub!(/\n/, '').strip
+    end
+    # Decrypts base 64 encoded data with pub_key (public key)
+    def decrypt(data)
+        rsa=OpenSSL::PKey::RSA.new(Base64::decode64(@public_key))
+        rsa.public_decrypt(Base64::decode64(data))
+    end
+end