Class: Backends::Opennebula::Authn::CloudAuthClient

Inherits:
Object
  • Object
show all
Defined in:
lib/backends/opennebula/authn/cloud_auth_client.rb

Constant Summary collapse

AUTH_MODULES =

These are the authentication methods for the user requests

{
    'basic'   => 'BasicCloudAuth',
    'digest'  => 'BasicCloudAuth',
    'x509'    => 'X509CloudAuth',
    'voms'    => 'VomsCloudAuth'
}
AUTH_CORE_MODULES =

These are the authentication modules for the OpenNebula requests Each entry is an array with the filename for require and class name to instantiate the object.

{
   'cipher' => 'ServerCipherAuth'
}
EXPIRE_DELTA =

Default interval for timestamps. Tokens will be generated using the same timestamp for this interval of time. THIS VALUE CANNOT BE LOWER THAN EXPIRE_MARGIN

1800
EXPIRE_MARGIN =

Tokens will be generated if time > EXPIRE_TIME - EXPIRE_MARGIN

300
EXPIRE_USER_CACHE =

The user pool will be updated every EXPIRE_USER_CACHE seconds.

60

Instance Method Summary collapse

Constructor Details

#initialize(conf) ⇒ CloudAuthClient

conf a hash with the configuration attributes as symbols


48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/backends/opennebula/authn/cloud_auth_client.rb', line 48

def initialize(conf)
  @conf   = conf
  @lock   = ::Mutex.new
  @token_expiration_time = ::Time.now.to_i + EXPIRE_DELTA
  @upool_expiration_time = 0
  @conf[:use_user_pool_cache] = true

  if AUTH_MODULES.include?(@conf[:auth])
    extend Backends::Opennebula::Authn::CloudAuth.const_get(AUTH_MODULES[@conf[:auth]])
    self.class.initialize_auth if self.class.method_defined?(:initialize_auth)
  else
    fail Backends::Errors::AuthenticationError, 'Auth module not specified'
  end

  # TODO: support other core authN methods than server_cipher
  core_auth = AUTH_CORE_MODULES[conf[:srv_auth]]
  begin
    @server_auth = Backends::Opennebula::Authn::CloudAuth.const_get(core_auth).new(@conf[:srv_user], @conf[:srv_passwd])
  rescue => e
    raise Backends::Errors::AuthenticationError, e.message
  end
end

Instance Method Details

#auth(params = {}) ⇒ Object

Authenticate the request. This is a wrapper method that executes the specific do_auth module method. It updates the user cache (if needed) before calling the do_auth module.


94
95
96
97
# File 'lib/backends/opennebula/authn/cloud_auth_client.rb', line 94

def auth(params = {})
  update_userpool_cache if @conf[:use_user_pool_cache]
  do_auth(params)
end

#client(username = nil) ⇒ Object

Generate a new OpenNebula client for the target User, if the username is nil the Client is generated for the server_admin

username

String Name of the User

return

Client


75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/backends/opennebula/authn/cloud_auth_client.rb', line 75

def client(username = nil)
  expiration_time = @lock.synchronize do
    time_now = ::Time.now.to_i

    if time_now > @token_expiration_time - EXPIRE_MARGIN
        @token_expiration_time = time_now + EXPIRE_DELTA
    end

    @token_expiration_time
  end

  token = @server_auth.(expiration_time, username)

  ::OpenNebula::Client.new(token, @conf[:one_xmlrpc])
end