RubyGems - opennebula-oca - Versions diffs - 3.8.0 → 3.9.0.beta - Mend

opennebula-oca 3.8.0 → 3.9.0.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

data/lib/opennebula/pool.rb ADDED Viewed

@@ -0,0 +1,157 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'opennebula/xml_utils'
+module OpenNebula
+    # The Pool class represents a generic OpenNebula Pool in XML format
+    # and provides the basic functionality to handle the Pool elements
+    class Pool < XMLPool
+        include Enumerable
+    protected
+        #pool:: _String_ XML name of the root element
+        #element:: _String_ XML name of the Pool elements
+        #client::  _Client_ represents a XML-RPC connection
+        def initialize(pool,element,client)
+            super(nil)
+            @pool_name    = pool.upcase
+            @element_name = element.upcase
+            @client = client
+        end
+        # Default Factory Method for the Pools. The factory method returns an
+        # suitable PoolElement object. Each Pool MUST implement the
+        # corresponding factory method
+        # element_xml:: _XML_ XML element describing the pool element
+        # [return] a PoolElement object
+        def factory(element_xml)
+            OpenNebula::PoolElement.new(element_xml,client)
+        end
+        #######################################################################
+        # Common XML-RPC Methods for all the Pool Types
+        #######################################################################
+        #Gets the pool without any filter. Host, Group and User Pools
+        # xml_method:: _String_ the name of the XML-RPC method
+        def info(xml_method)
+            return xmlrpc_info(xml_method)
+        end
+        def info_all(xml_method, *args)
+            return xmlrpc_info(xml_method,INFO_ALL,-1,-1, *args)
+        end
+        def info_mine(xml_method, *args)
+            return xmlrpc_info(xml_method,INFO_MINE,-1,-1, *args)
+        end
+        def info_group(xml_method, *args)
+            return xmlrpc_info(xml_method,INFO_GROUP,-1,-1, *args)
+        end
+        def info_filter(xml_method, who, start_id, end_id, *args)
+            return xmlrpc_info(xml_method,who, start_id, end_id, *args)
+        end
+        # Retrieves the monitoring data for all the Objects in the pool
+        #
+        # @param [String] xml_method xml-rcp method
+        # @param [String] root_elem Root for each individual PoolElement
+        # @param [String] timestamp_elem Name of the XML element with the last
+        #   monitorization timestamp
+        # @param [Array<String>] xpath_expressions Elements to retrieve.
+        # @param args arguemnts for the xml_method call
+        #
+        # @return [Hash<String, <Hash<String, Array<Array<int>>>>>,
+        #   OpenNebula::Error] The first level hash uses the Object ID as keys,
+        #   and as value a Hash with the requested xpath expressions,
+        #   and an Array of 'timestamp, value'.
+        def monitoring(xml_method, root_elem, timestamp_elem, xpath_expressions,
+            *args)
+            rc = @client.call(xml_method, *args)
+            if ( OpenNebula.is_error?(rc) )
+                return rc
+            end
+            xmldoc = XMLElement.new
+            xmldoc.initialize_xml(rc, 'MONITORING_DATA')
+            hash = {}
+            # Get all existing Object IDs
+            ids = xmldoc.retrieve_elements("#{root_elem}/ID")
+            if ids.nil?
+                return hash
+            else
+                ids.uniq!
+            end
+            ids.each { |id|
+                hash[id] = OpenNebula.process_monitoring(
+                    xmldoc, root_elem, timestamp_elem, id, xpath_expressions)
+            }
+            return hash
+        end
+    private
+        # Calls to the corresponding info method to retreive the pool
+        # representation in XML format
+        # xml_method:: _String_ the name of the XML-RPC method
+        # args:: _Array_ with additional arguments for the info call
+        # [return] nil in case of success or an Error object
+        def xmlrpc_info(xml_method,*args)
+            rc = @client.call(xml_method,*args)
+            if !OpenNebula.is_error?(rc)
+                initialize_xml(rc,@pool_name)
+                rc   = nil
+            end
+            return rc
+        end
+    public
+        # Constants for info queries (include/RequestManagerPoolInfoFilter.h)
+        INFO_GROUP = -1
+        INFO_ALL   = -2
+        INFO_MINE  = -3
+        # Iterates over every PoolElement in the Pool and calls the block with a
+        # a PoolElement obtained calling the factory method
+        # block:: _Block_
+        def each(&block)
+            each_element(block) if @xml
+        end
+        # DO NOT USE - ONLY REXML BACKEND
+        def to_str
+            str = ""
+            REXML::Formatters::Pretty.new(1).write(@xml,str)
+            return str
+        end
+    end
+end

data/lib/{OpenNebula/Pool.rb → opennebula/pool_element.rb} RENAMED Viewed

@@ -14,146 +14,9 @@
 # limitations under the License.                                             #
 #--------------------------------------------------------------------------- #
+require 'opennebula/pool'
 module OpenNebula
-    # The Pool class represents a generic OpenNebula Pool in XML format
-    # and provides the basic functionality to handle the Pool elements
-    class Pool < XMLPool
-        include Enumerable
-    protected
-        #pool:: _String_ XML name of the root element
-        #element:: _String_ XML name of the Pool elements
-        #client::  _Client_ represents a XML-RPC connection
-        def initialize(pool,element,client)
-            super(nil)
-            @pool_name    = pool.upcase
-            @element_name = element.upcase
-            @client = client
-        end
-        # Default Factory Method for the Pools. The factory method returns an
-        # suitable PoolElement object. Each Pool MUST implement the
-        # corresponding factory method
-        # element_xml:: _XML_ XML element describing the pool element
-        # [return] a PoolElement object
-        def factory(element_xml)
-            OpenNebula::PoolElement.new(element_xml,client)
-        end
-        #######################################################################
-        # Common XML-RPC Methods for all the Pool Types
-        #######################################################################
-        #Gets the pool without any filter. Host, Group and User Pools
-        # xml_method:: _String_ the name of the XML-RPC method
-        def info(xml_method)
-            return xmlrpc_info(xml_method)
-        end
-        def info_all(xml_method, *args)
-            return xmlrpc_info(xml_method,INFO_ALL,-1,-1, *args)
-        end
-        def info_mine(xml_method, *args)
-            return xmlrpc_info(xml_method,INFO_MINE,-1,-1, *args)
-        end
-        def info_group(xml_method, *args)
-            return xmlrpc_info(xml_method,INFO_GROUP,-1,-1, *args)
-        end
-        def info_filter(xml_method, who, start_id, end_id, *args)
-            return xmlrpc_info(xml_method,who, start_id, end_id, *args)
-        end
-        # Retrieves the monitoring data for all the Objects in the pool
-        #
-        # @param [String] xml_method xml-rcp method
-        # @param [String] root_elem Root for each individual PoolElement
-        # @param [String] timestamp_elem Name of the XML element with the last
-        #   monitorization timestamp
-        # @param [Array<String>] xpath_expressions Elements to retrieve.
-        # @param args arguemnts for the xml_method call
-        #
-        # @return [Hash<String, <Hash<String, Array<Array<int>>>>>,
-        #   OpenNebula::Error] The first level hash uses the Object ID as keys,
-        #   and as value a Hash with the requested xpath expressions,
-        #   and an Array of 'timestamp, value'.
-        def monitoring(xml_method, root_elem, timestamp_elem, xpath_expressions,
-            *args)
-            rc = @client.call(xml_method, *args)
-            if ( OpenNebula.is_error?(rc) )
-                return rc
-            end
-            xmldoc = XMLElement.new
-            xmldoc.initialize_xml(rc, 'MONITORING_DATA')
-            hash = {}
-            # Get all existing Object IDs
-            ids = xmldoc.retrieve_elements("#{root_elem}/ID")
-            if ids.nil?
-                return hash
-            else
-                ids.uniq!
-            end
-            ids.each { |id|
-                hash[id] = OpenNebula.process_monitoring(
-                    xmldoc, root_elem, timestamp_elem, id, xpath_expressions)
-            }
-            return hash
-        end
-    private
-        # Calls to the corresponding info method to retreive the pool
-        # representation in XML format
-        # xml_method:: _String_ the name of the XML-RPC method
-        # args:: _Array_ with additional arguments for the info call
-        # [return] nil in case of success or an Error object
-        def xmlrpc_info(xml_method,*args)
-            rc = @client.call(xml_method,*args)
-            if !OpenNebula.is_error?(rc)
-                initialize_xml(rc,@pool_name)
-                rc   = nil
-            end
-            return rc
-        end
-    public
-        # Constants for info queries (include/RequestManagerPoolInfoFilter.h)
-        INFO_GROUP = -1
-        INFO_ALL   = -2
-        INFO_MINE  = -3
-        # Iterates over every PoolElement in the Pool and calls the block with a
-        # a PoolElement obtained calling the factory method
-        # block:: _Block_
-        def each(&block)
-            each_element(block) if @xml
-        end
-        # DO NOT USE - ONLY REXML BACKEND
-        def to_str
-            str = ""
-            REXML::Formatters::Pretty.new(1).write(@xml,str)
-            return str
-        end
-    end
     # The PoolElement Class represents a generic element of a Pool in
     # XML format
     class PoolElement < XMLElement

data/lib/opennebula/server_cipher_auth.rb ADDED Viewed

@@ -0,0 +1,148 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'openssl'
+require 'digest/sha1'
+require 'base64'
+require 'fileutils'
+module OpenNebula; end
+# Server authentication class. This method can be used by OpenNebula services
+# to let access authenticated users by other means. It is based on OpenSSL
+# symmetric ciphers
+class OpenNebula::ServerCipherAuth
+    ###########################################################################
+    #Constants with paths to relevant files and defaults
+    ###########################################################################
+    CIPHER = "aes-256-cbc"
+    ###########################################################################
+    def initialize(srv_user, srv_passwd)
+        @srv_user   = srv_user
+        @srv_passwd = srv_passwd
+        if !srv_passwd.empty?
+            @key = Digest::SHA1.hexdigest(@srv_passwd)
+        else
+            @key = ""
+        end
+        @cipher = OpenSSL::Cipher::Cipher.new(CIPHER)
+    end
+    ###########################################################################
+    # Client side
+    ###########################################################################
+    # Creates a ServerCipher for client usage
+    def self.new_client(srv_user=nil, srv_passwd=nil)
+        if ( srv_user == nil || srv_passwd == nil )
+            begin
+                if ENV["ONE_CIPHER_AUTH"] and !ENV["ONE_CIPHER_AUTH"].empty?
+                    one_auth = File.read(ENV["ONE_CIPHER_AUTH"])
+                else
+                    raise "ONE_CIPHER_AUTH environment variable not set"
+                end
+                one_auth.rstrip!
+                rc =  one_auth.match(/(.*?):(.*)/)
+                if rc.nil?
+                    raise "Bad format for one_auth token (<user>:<passwd>)"
+                else
+                    srv_user   = rc[1]
+                    srv_passwd = rc[2]
+                end
+            rescue => e
+                raise e.message
+            end
+        end
+        self.new(srv_user, srv_passwd)
+    end
+    # Generates a login token in the form:
+    #   - server_user:target_user:time_expires
+    # The token is then encrypted with the contents of one_auth
+    def login_token(expire, target_user=nil)
+        target_user ||= @srv_user
+        token_txt   =   "#{@srv_user}:#{target_user}:#{expire}"
+        token   = encrypt(token_txt)
+        token64 = Base64::encode64(token).strip.delete("\n")
+        return "#{@srv_user}:#{target_user}:#{token64}"
+    end
+    # Returns a valid password string to create a user using this auth driver
+    def password
+        return @srv_passwd
+    end
+    ###########################################################################
+    # Driver side
+    ###########################################################################
+    # Creates a ServerCipher for driver usage
+    def self.new_driver()
+        self.new("","")
+    end
+    # auth method for auth_mad
+    def authenticate(srv_user,srv_pass, signed_text)
+        begin
+            @key = srv_pass
+            s_user, t_user, expires = decrypt(signed_text).split(':')
+            return "User name missmatch" if s_user != srv_user
+            return "login token expired" if Time.now.to_i >= expires.to_i
+            return true
+        rescue => e
+            return e.message
+        end
+    end
+    private
+    def encrypt(data)
+        @cipher.encrypt
+        @cipher.key = @key
+        rc = @cipher.update(data)
+        rc << @cipher.final
+        return rc
+    end
+    def decrypt(data)
+        @cipher.decrypt
+        @cipher.key = @key
+        rc = @cipher.update(Base64::decode64(data))
+        rc << @cipher.final
+        return rc
+    end
+end

data/lib/opennebula/server_x509_auth.rb ADDED Viewed

@@ -0,0 +1,104 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'openssl'
+require 'base64'
+require 'fileutils'
+require 'opennebula/x509_auth'
+module OpenNebula; end
+# Server authentication class. This authmethod can be used by opennebula services
+# to let access authenticated users by other means. It is based on x509 server
+# certificates
+class OpenNebula::ServerX509Auth < OpenNebula::X509Auth
+    ###########################################################################
+    #Constants with paths to relevant files and defaults
+    ###########################################################################
+    SERVER_AUTH_CONF_PATH = ETC_LOCATION + "/auth/server_x509_auth.conf"
+    SERVER_DEFAULTS = {
+        :one_cert => ETC_LOCATION + "/auth/cert.pem",
+        :one_key  => ETC_LOCATION + "/auth/key.pem"
+    }
+    ###########################################################################
+    def initialize()
+        @options = SERVER_DEFAULTS
+        load_options(SERVER_AUTH_CONF_PATH)
+        begin
+            certs = [ File.read(@options[:one_cert]) ]
+            key   =   File.read(@options[:one_key])
+            super(:certs_pem => certs, :key_pem => key)
+        rescue
+            raise
+        end
+        if @options[:srv_user] == nil || @options[:srv_user].empty?
+           raise "User for x509 server not defined"
+        end
+    end
+    ###########################################################################
+    # Client side
+    ###########################################################################
+    # Creates a ServerCipher for client and driver sage
+    class << OpenNebula::ServerX509Auth
+        alias :new_client :new
+        alias :new_driver :new
+    end
+    # Generates a login token in the form:
+    #   - server_user:target_user:time_expires
+    def login_token(expire, target_user=nil)
+        target_user ||= @options[:srv_user]
+        token_txt   =   "#{@options[:srv_user]}:#{target_user}:#{expire}"
+        token   = encrypt(token_txt)
+        token64 = Base64::encode64(token).strip.delete("\n")
+        return "#{@options[:srv_user]}:#{target_user}:#{token64}"
+    end
+    ###########################################################################
+    # Server side
+    ###########################################################################
+    # auth method for auth_mad
+    def authenticate(server_user, server_pass, signed_text)
+        begin
+            s_user, t_user, expires = decrypt(signed_text).split(':')
+            return "Server password missmatch" if server_pass != password
+            return "User name missmatch" if ( s_user != server_user ||
+                                              s_user != @options[:srv_user] )
+            return "login token expired" if Time.now.to_i >= expires.to_i
+            return true
+        rescue => e
+            return e.message
+        end
+    end
+end

data/lib/opennebula/ssh_auth.rb ADDED Viewed

@@ -0,0 +1,139 @@
+# -------------------------------------------------------------------------- #
+# Copyright 2002-2012, OpenNebula Project Leads (OpenNebula.org)             #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+require 'pp'
+require 'openssl'
+require 'base64'
+require 'fileutils'
+module OpenNebula; end
+# SSH key authentication class. It can be used as a driver for auth_mad
+# as auth method is defined. It also holds some helper methods to be used
+# by oneauth command
+class OpenNebula::SshAuth
+    LOGIN_PATH = ENV['HOME']+'/.one/one_ssh'
+    # Initialize SshAuth object
+    #
+    # @param [Hash] default options for path
+    # @option options [String] :public_key public key for the user
+    # @option options [String] :private_key key private key for the user.
+    def initialize(options={})
+        @private_key = nil
+        @public_key  = nil
+        if options[:private_key]
+            begin
+                @private_key = File.read(options[:private_key])
+            rescue Exception => e
+                raise "Cannot read #{options[:private_key]}"
+            end
+        end
+        if options[:public_key]
+            @public_key = options[:public_key]
+        elsif @private_key != nil
+            # Init ssh keys using private key. public key is extracted in a
+            # format compatible with openssl. The public key does not contain
+            # "---- BEGIN/END RSA PUBLIC KEY ----" and is in a single line
+            key = OpenSSL::PKey::RSA.new(@private_key)
+            @public_key = key.public_key.to_pem.split("\n")
+            @public_key = @public_key.reject {|l| l.match(/RSA PUBLIC KEY/) }.join('')
+        end
+        if @private_key.nil? && @public_key.nil?
+            raise "You have to define at least one of the keys"
+        end
+    end
+    # Creates the login file for ssh authentication at ~/.one/one_ssh.
+    # By default it is valid for 1 hour but it can be changed to any number
+    # of seconds with expire parameter (in seconds)
+    def login(user, expire=3600)
+        expire ||= 3600
+        # Init proxy file path and creates ~/.one directory if needed
+        proxy_dir = File.dirname(LOGIN_PATH)
+        begin
+            FileUtils.mkdir_p(proxy_dir)
+        rescue Errno::EEXIST
+        end
+        # Generate security token
+        time = Time.now.to_i + expire.to_i
+        secret_plain   = "#{user}:#{time}"
+        secret_crypted = encrypt(secret_plain)
+        proxy = "#{user}:#{secret_crypted}"
+        file = File.open(LOGIN_PATH, "w")
+        file.write(proxy)
+        file.close
+        File.chmod(0600,LOGIN_PATH)
+        secret_crypted
+    end
+    # Returns a valid password string to create a user using this auth driver.
+    # In this case the ssh public key.
+    def password
+        @public_key
+    end
+    # Checks the proxy created with the login method
+    def authenticate(user, token)
+        begin
+            token_plain = decrypt(token)
+            _user, time = token_plain.split(':')
+            if user == _user
+                if Time.now.to_i >= time.to_i
+                    return "ssh proxy expired, login again to renew it"
+                else
+                    return true
+                end
+            else
+                return "invalid credentials"
+            end
+        rescue
+            return "error"
+        end
+    end
+    private
+    ###########################################################################
+    #                       Methods to handle ssh keys
+    ###########################################################################
+    # Encrypts data with the private key of the user and returns
+    # base 64 encoded output in a single line
+    def encrypt(data)
+        rsa=OpenSSL::PKey::RSA.new(@private_key)
+        Base64::encode64(rsa.private_encrypt(data)).gsub!(/\n/, '').strip
+    end
+    # Decrypts base 64 encoded data with pub_key (public key)
+    def decrypt(data)
+        rsa=OpenSSL::PKey::RSA.new(Base64::decode64(@public_key))
+        rsa.public_decrypt(Base64::decode64(data))
+    end
+end