[Kimchi-devel] [PATCHv5 3/4] change vm permission tag

Royce Lv lvroyce at linux.vnet.ibm.com
Wed Nov 19 01:12:53 UTC 2014 

On 2014年11月19日 03:20, Aline Manera wrote:
>
> On 11/18/2014 12:26 PM, lvroyce0210 at gmail.com wrote:
>> From: Royce Lv <lvroyce at linux.vnet.ibm.com>
>>
>> Add authorization type to vm tag, and update set/retrieve access
>> tag accordingly.
>> So that we can switch between different types of authentication.
>>
>> Signed-off-by: Royce Lv <lvroyce at linux.vnet.ibm.com>
>> ---
>> src/kimchi/model/vms.py | 42 ++++++++++++++++++++++++++++++++++--------
>> 1 file changed, 34 insertions(+), 8 deletions(-)
>>
>> diff --git a/src/kimchi/model/vms.py b/src/kimchi/model/vms.py
>> index eb8c831..b375f8b 100644
>> --- a/src/kimchi/model/vms.py
>> +++ b/src/kimchi/model/vms.py
>> @@ -31,7 +31,7 @@ import libvirt
>> from cherrypy.process.plugins import BackgroundTask
>>
>> from kimchi import model, vnc
>> -from kimchi.config import READONLY_POOL_TYPE
>> +from kimchi.config import READONLY_POOL_TYPE, config
>> from kimchi.exception import InvalidOperation, InvalidParameter
>> from kimchi.exception import NotFoundError, OperationFailed
>> from kimchi.model.config import CapabilitiesModel
>> @@ -46,6 +46,7 @@ from kimchi.utils import add_task, 
>> get_next_clone_name, import_class
>> from kimchi.utils import kimchi_log, run_setfacl_set_attr
>> from kimchi.utils import template_name_from_uri
>> from kimchi.xmlutils.utils import xpath_get_text, xml_item_update
>> +from kimchi.xmlutils.utils import dictize
>>
>>
>> DOM_STATE_MAP = {0: 'nostate',
>> @@ -568,17 +569,21 @@ class VMModel(object):
>> 'err': e.message})
>>
>> def _build_access_elem(self, users, groups):
>> - access = E.access()
>> + auth = config.get("authentication", "method")
>> + auth_elem = E.auth(type=auth)
>> for user in users:
>> - access.append(E.user(user))
>> + auth_elem.append(E.user(user))
>>
>> for group in groups:
>> - access.append(E.group(group))
>> + auth_elem.append(E.group(group))
>>
>> + access = E.access()
>> + access.append(auth_elem)
>> return access
>>
>> def _vm_update_access_metadata(self, dom, params):
>> users = groups = None
>> + old_users = old_groups = list()
>> if "users" in params:
>> users = params["users"]
>> for user in users:
>> @@ -598,8 +603,19 @@ class VMModel(object):
>> access_xml = (get_metadata_node(dom, "access",
>> self.caps.metadata_support) or
>> """<access></access>""")
>
>> - old_users = xpath_get_text(access_xml, "/access/user")
>> - old_groups = xpath_get_text(access_xml, "/access/group")
>> + auth = config.get("authentication", "method")
>> + access_info = dictize(access_xml)
>> + auth = config.get("authentication", "method")
>> + if ('auth' in access_info['access'] and
>> + ('type' in access_info['access']['auth'] or
>> + len(access_info['access']['auth']) > 1)):
>> + old_users = xpath_get_text(access_xml, 
>> "/access/auth[@type='%s']/user" % auth)
>> + old_groups = xpath_get_text(access_xml, 
>> "/access/auth[@type='%s']/group" % auth)
>> + elif auth == 'pam':
>> + # Compatible to old permission tagging
>> + old_users = xpath_get_text(access_xml, "/access/user")
>> + old_groups = xpath_get_text(access_xml, "/access/group")
>> +
>> users = old_users if users is None else users
>> groups = old_groups if groups is None else groups
>>
>> @@ -739,8 +755,18 @@ class VMModel(object):
>> access_xml = (get_metadata_node(dom, "access",
>> self.caps.metadata_support) or
>> """<access></access>""")
>> - users = xpath_get_text(access_xml, "/access/user")
>> - groups = xpath_get_text(access_xml, "/access/group")
>> + access_info = dictize(access_xml)
>> + auth = config.get("authentication", "method")
>> + users = groups = list()
>> + if ('auth' in access_info['access'] and
>> + ('type' in access_info['access']['auth'] or
>> + len(access_info['access']['auth']) > 1)):
>> + users = xpath_get_text(access_xml, "/access/auth[@type='%s']/user" 
>> % auth)
>> + groups = xpath_get_text(access_xml, 
>> "/access/auth[@type='%s']/group" % auth)
>> + elif auth == 'pam':
>> + # Compatible to old permission tagging
>> + users = xpath_get_text(access_xml, "/access/user")
>> + groups = xpath_get_text(access_xml, "/access/group")
>
> Those 2 blocks of code are equals, right? Maybe a function is better 
> to have a single point for maintenance.
ACK
>
>> return {'name': name,
>> 'state': state,
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>

More information about the Kimchi-devel mailing list