opennebula 6.4.1 → 6.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cloud/CloudClient.rb +1 -1
- data/lib/opennebula/flow/service_pool.rb +13 -6
- data/lib/opennebula/flow/service_template.rb +1 -2
- data/lib/opennebula/ldap_auth.rb +3 -1
- data/lib/opennebula/template_ext.rb +1 -3
- data/lib/opennebula/x509_auth.rb +13 -15
- data/lib/opennebula.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 155e44e21e61dbe4e8d4a1e544c2931601661adcca34995e9299e462cb79d2cd
|
|
4
|
+
data.tar.gz: 8e2717e2fb48ac625981a99ae93969ac12effa3d08fb55491191826d0b2dc43c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 23ddfef8c3134f5c0b8479f1b4f969ea0b8224636a5754307cdcf54c7aaabf6370997bfe3df4ad50caa4abf1b0cb865d542d3e7d8eddbee4de544a12a93e313f
|
|
7
|
+
data.tar.gz: dc0958c6cb6c5222d0276c42cd865af7a4c5ab07bc506ca5c49b1c56690db3dcac0dacaf58b4b17591f025bb8d8e6a79bd1b69e2258722ff9ccb14b6a081eaac
|
data/lib/cloud/CloudClient.rb
CHANGED
|
@@ -66,12 +66,16 @@ module OpenNebula
|
|
|
66
66
|
super('DOCUMENT_POOL', 'DOCUMENT', @client)
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
-
def client
|
|
69
|
+
def client(user_name = nil)
|
|
70
70
|
# If there's a client defined use it
|
|
71
71
|
return @client unless @client.nil?
|
|
72
72
|
|
|
73
73
|
# If not, get one via cloud_auth
|
|
74
|
-
|
|
74
|
+
if user_name.nil?
|
|
75
|
+
@cloud_auth.client
|
|
76
|
+
else
|
|
77
|
+
@cloud_auth.client(user_name)
|
|
78
|
+
end
|
|
75
79
|
end
|
|
76
80
|
|
|
77
81
|
def info
|
|
@@ -129,14 +133,17 @@ module OpenNebula
|
|
|
129
133
|
# The mutex will be unlocked after the block execution.
|
|
130
134
|
#
|
|
131
135
|
# @return [Service, OpenNebula::Error] The Service in case of success
|
|
132
|
-
def get(service_id,
|
|
136
|
+
def get(service_id, external_user = nil, &block)
|
|
133
137
|
service_id = service_id.to_i if service_id
|
|
134
138
|
aux_client = nil
|
|
135
139
|
|
|
136
|
-
|
|
140
|
+
# WARNING!!!
|
|
141
|
+
# No validation will be performed for external_user, the credentials
|
|
142
|
+
# for this user must be validated previously.
|
|
143
|
+
if external_user.nil?
|
|
137
144
|
aux_client = client
|
|
138
145
|
else
|
|
139
|
-
aux_client =
|
|
146
|
+
aux_client = client(external_user)
|
|
140
147
|
end
|
|
141
148
|
|
|
142
149
|
service = Service.new_with_id(service_id, aux_client)
|
|
@@ -172,7 +179,7 @@ module OpenNebula
|
|
|
172
179
|
return rc
|
|
173
180
|
end
|
|
174
181
|
|
|
175
|
-
block.call(service)
|
|
182
|
+
block.call(service, client)
|
|
176
183
|
end
|
|
177
184
|
|
|
178
185
|
@@mutex.synchronize do
|
|
@@ -549,8 +549,7 @@ module OpenNebula
|
|
|
549
549
|
end
|
|
550
550
|
|
|
551
551
|
if role['elasticity_policies']
|
|
552
|
-
role['elasticity_policies'].each_with_index do |policy,
|
|
553
|
-
index|
|
|
552
|
+
role['elasticity_policies'].each_with_index do |policy, index|
|
|
554
553
|
exp = policy['expression']
|
|
555
554
|
|
|
556
555
|
if exp.empty?
|
data/lib/opennebula/ldap_auth.rb
CHANGED
|
@@ -213,7 +213,9 @@ class OpenNebula::LdapAuth
|
|
|
213
213
|
groups = []
|
|
214
214
|
ldap_groups.each do |group|
|
|
215
215
|
if (g = in_hash_ignore_case?(@mapping, group))
|
|
216
|
-
if ldap_groups.
|
|
216
|
+
if ldap_groups.any? {
|
|
217
|
+
|s| s.casecmp(@options[:group_admin_group_dn])==0
|
|
218
|
+
}
|
|
217
219
|
groups << "*#{@mapping[g]}"
|
|
218
220
|
else
|
|
219
221
|
groups << @mapping[g]
|
|
@@ -63,9 +63,7 @@ module OpenNebula::TemplateExt
|
|
|
63
63
|
#---------------------------------------------------------------
|
|
64
64
|
logger.info 'Processing VM disks' if logger
|
|
65
65
|
|
|
66
|
-
retrieve_xmlelements('TEMPLATE/DISK').each_with_index do
|
|
67
|
-
|disk, idx|
|
|
68
|
-
|
|
66
|
+
retrieve_xmlelements('TEMPLATE/DISK').each_with_index do |disk, idx|
|
|
69
67
|
image = image_lookup(disk)
|
|
70
68
|
|
|
71
69
|
next unless image
|
data/lib/opennebula/x509_auth.rb
CHANGED
|
@@ -29,9 +29,9 @@ class OpenNebula::X509Auth
|
|
|
29
29
|
#Constants with paths to relevant files and defaults
|
|
30
30
|
###########################################################################
|
|
31
31
|
if !ENV["ONE_LOCATION"]
|
|
32
|
-
ETC_LOCATION
|
|
32
|
+
ETC_LOCATION = "/etc/one"
|
|
33
33
|
else
|
|
34
|
-
ETC_LOCATION
|
|
34
|
+
ETC_LOCATION = ENV["ONE_LOCATION"] + "/etc"
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
X509_AUTH_CONF_PATH = ETC_LOCATION + "/auth/x509_auth.conf"
|
|
@@ -173,8 +173,7 @@ private
|
|
|
173
173
|
# Check start time and end time of certificates
|
|
174
174
|
@cert_chain.each do |cert|
|
|
175
175
|
if cert.not_before > now || cert.not_after < now
|
|
176
|
-
raise
|
|
177
|
-
now.localtime.to_s + "."
|
|
176
|
+
raise "Certificate not valid. Current time is #{now.localtime}"
|
|
178
177
|
end
|
|
179
178
|
end
|
|
180
179
|
|
|
@@ -187,16 +186,16 @@ private
|
|
|
187
186
|
@cert_chain[1..-1].each do |cert|
|
|
188
187
|
if !((signee.issuer.to_s == cert.subject.to_s) &&
|
|
189
188
|
(signee.verify(cert.public_key)))
|
|
190
|
-
raise
|
|
191
|
-
|
|
192
|
-
cert.subject.to_s + "."
|
|
189
|
+
raise "#{signee.subject} with issuer #{signee.issuer} " \
|
|
190
|
+
"was not verified by #{cert.subject}"
|
|
193
191
|
end
|
|
192
|
+
|
|
194
193
|
signee = cert
|
|
195
194
|
end
|
|
196
195
|
|
|
197
196
|
# Validate the End Entity certificate
|
|
198
197
|
if !@options[:ca_dir]
|
|
199
|
-
raise
|
|
198
|
+
raise "No certifcate authority directory was specified."
|
|
200
199
|
end
|
|
201
200
|
|
|
202
201
|
begin
|
|
@@ -207,9 +206,8 @@ private
|
|
|
207
206
|
|
|
208
207
|
if !((signee.issuer.to_s == ca_cert.subject.to_s) &&
|
|
209
208
|
(signee.verify(ca_cert.public_key)))
|
|
210
|
-
raise
|
|
211
|
-
|
|
212
|
-
ca_cert.subject.to_s + "."
|
|
209
|
+
raise "#{signee.subject} with issuer #{signee.issuer} " \
|
|
210
|
+
"was not verified by #{ca_cert.subject}"
|
|
213
211
|
end
|
|
214
212
|
|
|
215
213
|
signee = ca_cert
|
|
@@ -229,7 +227,7 @@ private
|
|
|
229
227
|
|
|
230
228
|
if !File.exist?(crl_path)
|
|
231
229
|
if @options[:check_crl]
|
|
232
|
-
raise failed
|
|
230
|
+
raise "#{failed} CRL file #{crl_path} does not exist"
|
|
233
231
|
else
|
|
234
232
|
return
|
|
235
233
|
end
|
|
@@ -240,7 +238,7 @@ private
|
|
|
240
238
|
|
|
241
239
|
# First verify the CRL itself with its signer
|
|
242
240
|
unless crl_cert.verify( ca_cert.public_key ) then
|
|
243
|
-
raise failed
|
|
241
|
+
raise "#{failed} CRL is not verified by its Signer"
|
|
244
242
|
end
|
|
245
243
|
|
|
246
244
|
# Extract the list of revoked certificates from the CRL
|
|
@@ -250,8 +248,8 @@ private
|
|
|
250
248
|
# certificate
|
|
251
249
|
rc_array.each do |e|
|
|
252
250
|
if e.serial.eql?(signee.serial) then
|
|
253
|
-
raise failed
|
|
254
|
-
|
|
251
|
+
raise "#{failed} #{signee.subject} is found in the " \
|
|
252
|
+
"CRL, i.e. it is revoked"
|
|
255
253
|
end
|
|
256
254
|
end
|
|
257
255
|
end
|
data/lib/opennebula.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: opennebula
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.4.
|
|
4
|
+
version: 6.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OpenNebula
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|