class Backends::Opennebula::Authn::CloudAuthClient

Constants

AUTH_CORE_MODULES

These are the authentication modules for the OpenNebula requests Each entry is an array with the filename for require and class name to instantiate the object.

AUTH_MODULES

These are the authentication methods for the user requests

EXPIRE_DELTA

Default interval for timestamps. Tokens will be generated using the same timestamp for this interval of time. THIS VALUE CANNOT BE LOWER THAN EXPIRE_MARGIN

EXPIRE_MARGIN

Tokens will be generated if time > EXPIRE_TIME - EXPIRE_MARGIN

EXPIRE_USER_CACHE

The user pool will be updated every EXPIRE_USER_CACHE seconds.

Public Class Methods

new(conf) click to toggle source

conf a hash with the configuration attributes as symbols

# File lib/backends/opennebula/authn/cloud_auth_client.rb, line 48
def initialize(conf)
  @conf   = conf
  @lock   = ::Mutex.new
  @token_expiration_time = ::Time.now.to_i + EXPIRE_DELTA
  @upool_expiration_time = 0
  @conf[:use_user_pool_cache] = true

  if AUTH_MODULES.include?(@conf[:auth])
    extend Backends::Opennebula::Authn::CloudAuth.const_get(AUTH_MODULES[@conf[:auth]])
    self.class.initialize_auth if self.class.method_defined?(:initialize_auth)
  else
    fail Backends::Errors::AuthenticationError, 'Auth module not specified'
  end

  # TODO: support other core authN methods than server_cipher
  core_auth = AUTH_CORE_MODULES[conf[:srv_auth]]
  begin
    @server_auth = Backends::Opennebula::Authn::CloudAuth.const_get(core_auth).new(@conf[:srv_user], @conf[:srv_passwd])
  rescue => e
    raise Backends::Errors::AuthenticationError, e.message
  end
end

Public Instance Methods

auth(params = {}) click to toggle source

Authenticate the request. This is a wrapper method that executes the specific do_auth module method. It updates the user cache (if needed) before calling the do_auth module.

# File lib/backends/opennebula/authn/cloud_auth_client.rb, line 94
def auth(params = {})
  update_userpool_cache if @conf[:use_user_pool_cache]
  do_auth(params)
end
client(username = nil) click to toggle source

Generate a new OpenNebula client for the target User, if the username is nil the Client is generated for the server_admin

username

String Name of the User

return

Client

# File lib/backends/opennebula/authn/cloud_auth_client.rb, line 75
def client(username = nil)
  expiration_time = @lock.synchronize do
    time_now = ::Time.now.to_i

    if time_now > @token_expiration_time - EXPIRE_MARGIN
        @token_expiration_time = time_now + EXPIRE_DELTA
    end

    @token_expiration_time
  end

  token = @server_auth.login_token(expiration_time, username)

  ::OpenNebula::Client.new(token, @conf[:one_xmlrpc])
end

Protected Instance Methods

get_password(username, driver = nil) click to toggle source

Gets the password associated with a username

username

String the username

driver

String list of valid drivers for the user, | separated

return

Hash with the username

# File lib/backends/opennebula/authn/cloud_auth_client.rb, line 105
def get_password(username, driver = nil)
  begin
    username = username.encode(xml: :text)
  rescue
    return nil
  end

  xpath = "USER[NAME=\"#{username}\""
  if driver
    xpath << " and (AUTH_DRIVER=\""
    xpath << driver.split('|').join("\" or AUTH_DRIVER=\"") << '")'
  end
  xpath << ']/PASSWORD'

  retrieve_from_userpool(xpath)
end
get_username(password) click to toggle source

Gets the username associated with a password

password

String the password

return

Hash with the username

# File lib/backends/opennebula/authn/cloud_auth_client.rb, line 125
def get_username(password)
  # Trying to match password with each
  # of the pipe-separated DNs stored in USER/PASSWORD
  @lock.synchronize do
    @user_pool.each_with_xpath("USER[contains(PASSWORD, \"#{password}\")]") do |user|
      return user['NAME'] if user['AUTH_DRIVER'] == 'x509' && user['PASSWORD'].split('|').include?(password)
    end
  end

  nil
end