[Kimchi-devel] [PATCHv5 3/4] change vm permission tag

Aline Manera alinefm at linux.vnet.ibm.com
Tue Nov 18 19:20:18 UTC 2014 

On 11/18/2014 12:26 PM, lvroyce0210 at gmail.com wrote:
> From: Royce Lv <lvroyce at linux.vnet.ibm.com>
>
> Add authorization type to vm tag, and update set/retrieve access
> tag accordingly.
> So that we can switch between different types of authentication.
>
> Signed-off-by: Royce Lv <lvroyce at linux.vnet.ibm.com>
> ---
>   src/kimchi/model/vms.py | 42 ++++++++++++++++++++++++++++++++++--------
>   1 file changed, 34 insertions(+), 8 deletions(-)
>
> diff --git a/src/kimchi/model/vms.py b/src/kimchi/model/vms.py
> index eb8c831..b375f8b 100644
> --- a/src/kimchi/model/vms.py
> +++ b/src/kimchi/model/vms.py
> @@ -31,7 +31,7 @@ import libvirt
>   from cherrypy.process.plugins import BackgroundTask
>
>   from kimchi import model, vnc
> -from kimchi.config import READONLY_POOL_TYPE
> +from kimchi.config import READONLY_POOL_TYPE, config
>   from kimchi.exception import InvalidOperation, InvalidParameter
>   from kimchi.exception import NotFoundError, OperationFailed
>   from kimchi.model.config import CapabilitiesModel
> @@ -46,6 +46,7 @@ from kimchi.utils import add_task, get_next_clone_name, import_class
>   from kimchi.utils import kimchi_log, run_setfacl_set_attr
>   from kimchi.utils import template_name_from_uri
>   from kimchi.xmlutils.utils import xpath_get_text, xml_item_update
> +from kimchi.xmlutils.utils import dictize
>
>
>   DOM_STATE_MAP = {0: 'nostate',
> @@ -568,17 +569,21 @@ class VMModel(object):
>                                                            'err': e.message})
>
>       def _build_access_elem(self, users, groups):
> -        access = E.access()
> +        auth = config.get("authentication", "method")
> +        auth_elem = E.auth(type=auth)
>           for user in users:
> -            access.append(E.user(user))
> +            auth_elem.append(E.user(user))
>
>           for group in groups:
> -            access.append(E.group(group))
> +            auth_elem.append(E.group(group))
>
> +        access = E.access()
> +        access.append(auth_elem)
>           return access
>
>       def _vm_update_access_metadata(self, dom, params):
>           users = groups = None
> +        old_users = old_groups = list()
>           if "users" in params:
>               users = params["users"]
>               for user in users:
> @@ -598,8 +603,19 @@ class VMModel(object):
>           access_xml = (get_metadata_node(dom, "access",
>                                           self.caps.metadata_support) or
>                         """<access></access>""")

> -        old_users = xpath_get_text(access_xml, "/access/user")
> -        old_groups = xpath_get_text(access_xml, "/access/group")
> +        auth = config.get("authentication", "method")
> +        access_info = dictize(access_xml)
> +        auth = config.get("authentication", "method")
> +        if ('auth' in access_info['access'] and
> +                ('type' in access_info['access']['auth'] or
> +                 len(access_info['access']['auth']) > 1)):
> +            old_users = xpath_get_text(access_xml, "/access/auth[@type='%s']/user" % auth)
> +            old_groups = xpath_get_text(access_xml, "/access/auth[@type='%s']/group" % auth)
> +        elif auth == 'pam':
> +           # Compatible to old permission tagging
> +            old_users = xpath_get_text(access_xml, "/access/user")
> +            old_groups = xpath_get_text(access_xml, "/access/group")
> +
>           users = old_users if users is None else users
>           groups = old_groups if groups is None else groups
>
> @@ -739,8 +755,18 @@ class VMModel(object):
>           access_xml = (get_metadata_node(dom, "access",
>                                           self.caps.metadata_support) or
>                         """<access></access>""")
> -        users = xpath_get_text(access_xml, "/access/user")
> -        groups = xpath_get_text(access_xml, "/access/group")
> +        access_info = dictize(access_xml)
> +        auth = config.get("authentication", "method")
> +        users = groups = list()
> +        if ('auth' in access_info['access'] and
> +               ('type' in access_info['access']['auth'] or
> +                len(access_info['access']['auth']) > 1)):
> +            users = xpath_get_text(access_xml, "/access/auth[@type='%s']/user" % auth)
> +            groups = xpath_get_text(access_xml, "/access/auth[@type='%s']/group" % auth)
> +        elif auth == 'pam':
> +           # Compatible to old permission tagging
> +            users = xpath_get_text(access_xml, "/access/user")
> +            groups = xpath_get_text(access_xml, "/access/group")

Those 2 blocks of code are equals, right? Maybe a function is better to 
have a single point for maintenance.

>           return {'name': name,
>                   'state': state,

More information about the Kimchi-devel mailing list