opennebula 6.4.1 → 6.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/cloud/CloudClient.rb +1 -1
- data/lib/opennebula/flow/service_pool.rb +13 -6
- data/lib/opennebula/flow/service_template.rb +1 -2
- data/lib/opennebula/ldap_auth.rb +3 -1
- data/lib/opennebula/template_ext.rb +1 -3
- data/lib/opennebula/x509_auth.rb +13 -15
- data/lib/opennebula.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 155e44e21e61dbe4e8d4a1e544c2931601661adcca34995e9299e462cb79d2cd
|
|
4
|
+
data.tar.gz: 8e2717e2fb48ac625981a99ae93969ac12effa3d08fb55491191826d0b2dc43c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 23ddfef8c3134f5c0b8479f1b4f969ea0b8224636a5754307cdcf54c7aaabf6370997bfe3df4ad50caa4abf1b0cb865d542d3e7d8eddbee4de544a12a93e313f
|
|
7
|
+
data.tar.gz: dc0958c6cb6c5222d0276c42cd865af7a4c5ab07bc506ca5c49b1c56690db3dcac0dacaf58b4b17591f025bb8d8e6a79bd1b69e2258722ff9ccb14b6a081eaac
|
data/lib/cloud/CloudClient.rb
CHANGED
|
@@ -66,12 +66,16 @@ module OpenNebula
|
|
|
66
66
|
super('DOCUMENT_POOL', 'DOCUMENT', @client)
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
-
def client
|
|
69
|
+
def client(user_name = nil)
|
|
70
70
|
# If there's a client defined use it
|
|
71
71
|
return @client unless @client.nil?
|
|
72
72
|
|
|
73
73
|
# If not, get one via cloud_auth
|
|
74
|
-
|
|
74
|
+
if user_name.nil?
|
|
75
|
+
@cloud_auth.client
|
|
76
|
+
else
|
|
77
|
+
@cloud_auth.client(user_name)
|
|
78
|
+
end
|
|
75
79
|
end
|
|
76
80
|
|
|
77
81
|
def info
|
|
@@ -129,14 +133,17 @@ module OpenNebula
|
|
|
129
133
|
# The mutex will be unlocked after the block execution.
|
|
130
134
|
#
|
|
131
135
|
# @return [Service, OpenNebula::Error] The Service in case of success
|
|
132
|
-
def get(service_id,
|
|
136
|
+
def get(service_id, external_user = nil, &block)
|
|
133
137
|
service_id = service_id.to_i if service_id
|
|
134
138
|
aux_client = nil
|
|
135
139
|
|
|
136
|
-
|
|
140
|
+
# WARNING!!!
|
|
141
|
+
# No validation will be performed for external_user, the credentials
|
|
142
|
+
# for this user must be validated previously.
|
|
143
|
+
if external_user.nil?
|
|
137
144
|
aux_client = client
|
|
138
145
|
else
|
|
139
|
-
aux_client =
|
|
146
|
+
aux_client = client(external_user)
|
|
140
147
|
end
|
|
141
148
|
|
|
142
149
|
service = Service.new_with_id(service_id, aux_client)
|
|
@@ -172,7 +179,7 @@ module OpenNebula
|
|
|
172
179
|
return rc
|
|
173
180
|
end
|
|
174
181
|
|
|
175
|
-
block.call(service)
|
|
182
|
+
block.call(service, client)
|
|
176
183
|
end
|
|
177
184
|
|
|
178
185
|
@@mutex.synchronize do
|
|
@@ -549,8 +549,7 @@ module OpenNebula
|
|
|
549
549
|
end
|
|
550
550
|
|
|
551
551
|
if role['elasticity_policies']
|
|
552
|
-
role['elasticity_policies'].each_with_index do |policy,
|
|
553
|
-
index|
|
|
552
|
+
role['elasticity_policies'].each_with_index do |policy, index|
|
|
554
553
|
exp = policy['expression']
|
|
555
554
|
|
|
556
555
|
if exp.empty?
|
data/lib/opennebula/ldap_auth.rb
CHANGED
|
@@ -213,7 +213,9 @@ class OpenNebula::LdapAuth
|
|
|
213
213
|
groups = []
|
|
214
214
|
ldap_groups.each do |group|
|
|
215
215
|
if (g = in_hash_ignore_case?(@mapping, group))
|
|
216
|
-
if ldap_groups.
|
|
216
|
+
if ldap_groups.any? {
|
|
217
|
+
|s| s.casecmp(@options[:group_admin_group_dn])==0
|
|
218
|
+
}
|
|
217
219
|
groups << "*#{@mapping[g]}"
|
|
218
220
|
else
|
|
219
221
|
groups << @mapping[g]
|
|
@@ -63,9 +63,7 @@ module OpenNebula::TemplateExt
|
|
|
63
63
|
#---------------------------------------------------------------
|
|
64
64
|
logger.info 'Processing VM disks' if logger
|
|
65
65
|
|
|
66
|
-
retrieve_xmlelements('TEMPLATE/DISK').each_with_index do
|
|
67
|
-
|disk, idx|
|
|
68
|
-
|
|
66
|
+
retrieve_xmlelements('TEMPLATE/DISK').each_with_index do |disk, idx|
|
|
69
67
|
image = image_lookup(disk)
|
|
70
68
|
|
|
71
69
|
next unless image
|
data/lib/opennebula/x509_auth.rb
CHANGED
|
@@ -29,9 +29,9 @@ class OpenNebula::X509Auth
|
|
|
29
29
|
#Constants with paths to relevant files and defaults
|
|
30
30
|
###########################################################################
|
|
31
31
|
if !ENV["ONE_LOCATION"]
|
|
32
|
-
ETC_LOCATION
|
|
32
|
+
ETC_LOCATION = "/etc/one"
|
|
33
33
|
else
|
|
34
|
-
ETC_LOCATION
|
|
34
|
+
ETC_LOCATION = ENV["ONE_LOCATION"] + "/etc"
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
X509_AUTH_CONF_PATH = ETC_LOCATION + "/auth/x509_auth.conf"
|
|
@@ -173,8 +173,7 @@ private
|
|
|
173
173
|
# Check start time and end time of certificates
|
|
174
174
|
@cert_chain.each do |cert|
|
|
175
175
|
if cert.not_before > now || cert.not_after < now
|
|
176
|
-
raise
|
|
177
|
-
now.localtime.to_s + "."
|
|
176
|
+
raise "Certificate not valid. Current time is #{now.localtime}"
|
|
178
177
|
end
|
|
179
178
|
end
|
|
180
179
|
|
|
@@ -187,16 +186,16 @@ private
|
|
|
187
186
|
@cert_chain[1..-1].each do |cert|
|
|
188
187
|
if !((signee.issuer.to_s == cert.subject.to_s) &&
|
|
189
188
|
(signee.verify(cert.public_key)))
|
|
190
|
-
raise
|
|
191
|
-
|
|
192
|
-
cert.subject.to_s + "."
|
|
189
|
+
raise "#{signee.subject} with issuer #{signee.issuer} " \
|
|
190
|
+
"was not verified by #{cert.subject}"
|
|
193
191
|
end
|
|
192
|
+
|
|
194
193
|
signee = cert
|
|
195
194
|
end
|
|
196
195
|
|
|
197
196
|
# Validate the End Entity certificate
|
|
198
197
|
if !@options[:ca_dir]
|
|
199
|
-
raise
|
|
198
|
+
raise "No certifcate authority directory was specified."
|
|
200
199
|
end
|
|
201
200
|
|
|
202
201
|
begin
|
|
@@ -207,9 +206,8 @@ private
|
|
|
207
206
|
|
|
208
207
|
if !((signee.issuer.to_s == ca_cert.subject.to_s) &&
|
|
209
208
|
(signee.verify(ca_cert.public_key)))
|
|
210
|
-
raise
|
|
211
|
-
|
|
212
|
-
ca_cert.subject.to_s + "."
|
|
209
|
+
raise "#{signee.subject} with issuer #{signee.issuer} " \
|
|
210
|
+
"was not verified by #{ca_cert.subject}"
|
|
213
211
|
end
|
|
214
212
|
|
|
215
213
|
signee = ca_cert
|
|
@@ -229,7 +227,7 @@ private
|
|
|
229
227
|
|
|
230
228
|
if !File.exist?(crl_path)
|
|
231
229
|
if @options[:check_crl]
|
|
232
|
-
raise failed
|
|
230
|
+
raise "#{failed} CRL file #{crl_path} does not exist"
|
|
233
231
|
else
|
|
234
232
|
return
|
|
235
233
|
end
|
|
@@ -240,7 +238,7 @@ private
|
|
|
240
238
|
|
|
241
239
|
# First verify the CRL itself with its signer
|
|
242
240
|
unless crl_cert.verify( ca_cert.public_key ) then
|
|
243
|
-
raise failed
|
|
241
|
+
raise "#{failed} CRL is not verified by its Signer"
|
|
244
242
|
end
|
|
245
243
|
|
|
246
244
|
# Extract the list of revoked certificates from the CRL
|
|
@@ -250,8 +248,8 @@ private
|
|
|
250
248
|
# certificate
|
|
251
249
|
rc_array.each do |e|
|
|
252
250
|
if e.serial.eql?(signee.serial) then
|
|
253
|
-
raise failed
|
|
254
|
-
|
|
251
|
+
raise "#{failed} #{signee.subject} is found in the " \
|
|
252
|
+
"CRL, i.e. it is revoked"
|
|
255
253
|
end
|
|
256
254
|
end
|
|
257
255
|
end
|
data/lib/opennebula.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: opennebula
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.4.
|
|
4
|
+
version: 6.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- OpenNebula
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|