[Kimchi-devel] [PATCHv2 7/7] change vm permission tag

[lvroyce0210 at gmail.com]

From: Royce Lv <lvroyce at linux.vnet.ibm.com>

Add authorization type to vm tag, and update set/retrieve access
tag accordingly.
So that we can switch between different types of authentication.

Signed-off-by: Royce Lv <lvroyce at linux.vnet.ibm.com>
---
 src/kimchi/model/vms.py | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/kimchi/model/vms.py b/src/kimchi/model/vms.py
index 777930d..728b2a7 100644
--- a/src/kimchi/model/vms.py
+++ b/src/kimchi/model/vms.py
@@ -32,7 +32,7 @@ from cherrypy.process.plugins import BackgroundTask
 
 from kimchi import vnc
 from kimchi import xmlutils
-from kimchi.config import READONLY_POOL_TYPE
+from kimchi.config import READONLY_POOL_TYPE, config
 from kimchi.exception import InvalidOperation, InvalidParameter
 from kimchi.exception import NotFoundError, OperationFailed
 from kimchi.model.config import CapabilitiesModel
@@ -253,13 +253,16 @@ class VMModel(object):
         return dom.name().decode('utf-8')
 
     def _build_access_elem(self, users, groups):
-        access = E.access()
+        auth = config.get("authentication", "method")
+        auth_elem = E.auth(type=auth)
         for user in users:
-            access.append(E.user(user))
+            auth_elem.append(E.user(user))
 
         for group in groups:
-            access.append(E.group(group))
+            auth_elem.append(E.group(group))
 
+        access = E.access()
+        access.append(auth_elem)
         return access
 
     def _vm_update_access_metadata(self, dom, params):
@@ -282,8 +285,9 @@ class VMModel(object):
 
         access_xml = (get_metadata_node(dom, "access") or
                       """<access></access>""")
-        old_users = xpath_get_text(access_xml, "/access/user")
-        old_groups = xpath_get_text(access_xml, "/access/group")
+        auth = config.get("authentication", "method")
+        old_users = xpath_get_text(access_xml, "/access/auth[@type='%s']/user" % auth)
+        old_groups = xpath_get_text(access_xml, "/access/auth[@type='%s']/group" % auth)
         users = old_users if users is None else users
         groups = old_groups if groups is None else groups
 
@@ -419,8 +423,10 @@ class VMModel(object):
 
         access_xml = (get_metadata_node(dom, "access") or
                       """<access></access>""")
-        users = xpath_get_text(access_xml, "/access/user")
-        groups = xpath_get_text(access_xml, "/access/group")
+
+        auth = config.get("authentication", "method")
+        users = xpath_get_text(access_xml, "/access/auth[@type='%s']/user" % auth)
+        groups = xpath_get_text(access_xml, "/access/auth[@type='%s']/group" % auth)
 
         return {'name': name,
                 'state': state,
-- 
1.8.3.2