Yair Zaslavsky has uploaded a new change for review.
Change subject: aaa: Change builtin authenticators and directories
initialization
......................................................................
aaa: Change builtin authenticators and directories initialization
The following patch changes the logic in which the builtin
authenticators and directories are initialized :
Properties objects are created them and passed to ExtensionManager
for loading
Change-Id: Id8513cb992c5becef7e83c04a8da8bc7f1622348
Topic: AAA
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitBackendServicesOnStartupBean.java
M
backend/manager/modules/extensions-manager/src/main/java/org/ovirt/engine/core/extensions/mgr/ExtensionManager.java
2 files changed, 95 insertions(+), 69 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/41/25741/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitBackendServicesOnStartupBean.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitBackendServicesOnStartupBean.java
index 921b420..7307a56 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitBackendServicesOnStartupBean.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitBackendServicesOnStartupBean.java
@@ -1,9 +1,7 @@
package org.ovirt.engine.core.bll;
import java.util.ArrayList;
-import java.util.EnumMap;
import java.util.List;
-import java.util.Map;
import java.util.Properties;
import javax.annotation.PostConstruct;
@@ -11,17 +9,10 @@
import javax.ejb.Singleton;
import javax.ejb.Startup;
-import org.ovirt.engine.core.aaa.AuthenticationProfile;
import org.ovirt.engine.core.aaa.AuthenticationProfileRepository;
-import org.ovirt.engine.core.aaa.Authenticator;
-import org.ovirt.engine.core.aaa.Directory;
-import org.ovirt.engine.extensions.aaa.builtin.internal.InternalAuthenticator;
-import org.ovirt.engine.extensions.aaa.builtin.internal.InternalDirectory;
-import
org.ovirt.engine.extensions.aaa.builtin.kerberosldap.KerberosLdapAuthenticator;
-import
org.ovirt.engine.extensions.aaa.builtin.kerberosldap.KerberosLdapDirectory;
import org.ovirt.engine.extensions.aaa.builtin.kerberosldap.KerberosManager;
-import org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerUtils;
import
org.ovirt.engine.extensions.aaa.builtin.kerberosldap.UsersDomainsCacheManagerService;
+import org.ovirt.engine.extensions.aaa.builtin.kerberosldap.LdapBrokerUtils;
import org.ovirt.engine.core.bll.dwh.DwhHeartBeat;
import org.ovirt.engine.core.bll.gluster.GlusterJobsManager;
import org.ovirt.engine.core.bll.job.ExecutionHandler;
@@ -32,10 +23,8 @@
import org.ovirt.engine.core.bll.storage.StoragePoolStatusHandler;
import org.ovirt.engine.core.common.action.MigrateVmParameters;
import org.ovirt.engine.core.common.action.VdcActionType;
-import org.ovirt.engine.core.common.config.Config;
-import org.ovirt.engine.core.common.config.ConfigValues;
import org.ovirt.engine.core.compat.Guid;
-import org.ovirt.engine.api.extensions.Extension.ExtensionProperties;
+import org.ovirt.engine.core.extensions.mgr.ExtensionManager;
import org.ovirt.engine.core.utils.customprop.DevicePropertiesUtils;
import org.ovirt.engine.core.utils.customprop.VmPropertiesUtils;
import org.ovirt.engine.core.utils.exceptions.InitializationException;
@@ -65,55 +54,11 @@
// Create authentication profiles for all the domains that exist in
the database:
// TODO: remove this later, and rely only on the custom and built in
extensions directories configuration
- InternalAuthenticator internalAuthenticator = new
InternalAuthenticator();
- Map<ExtensionProperties, Object> internalAuthContext = new
EnumMap<>(ExtensionProperties.class);
- Properties internalAuthProps = new Properties();
- String internalProfileName = Config.<String>
getValue(ConfigValues.AdminDomain).trim();
- internalAuthProps.put("ovirt.engine.aaa.authn.profile.name",
internalProfileName);
- internalAuthContext.put(ExtensionProperties.CONFIGURATION,
internalAuthProps);
- internalAuthContext.put(ExtensionProperties.NAME, internalProfileName);
- internalAuthenticator.setContext(internalAuthContext);
- internalAuthenticator.init();
- InternalDirectory internalDirectory = new InternalDirectory();
- Map<ExtensionProperties, Object> internalDirContext = new
EnumMap<>(ExtensionProperties.class);
- Properties internalDirProps = new Properties();
- internalDirProps.put("ovirt.engine.aaa.authz.profile.name",
internalProfileName);
- internalDirContext.put(ExtensionProperties.CONFIGURATION,
internalDirProps);
- internalDirContext.put(ExtensionProperties.NAME, internalProfileName);
- internalDirectory.setContext(internalDirContext);
- internalDirectory.init();
-
- AuthenticationProfileRepository.getInstance().registerProfile(
- new AuthenticationProfile(internalAuthenticator,
- internalDirectory)
- );
- for (String domain : LdapBrokerUtils.getDomainsList(true)) {
- Map<ExtensionProperties, Object> dirContext = new
EnumMap<>(ExtensionProperties.class);
- Properties dirProps = new Properties();
- dirProps.put("ovirt.engine.aaa.authz.profile.name", domain);
- dirContext.put(ExtensionProperties.CONFIGURATION, dirProps);
- dirContext.put(ExtensionProperties.NAME, domain);
- Directory directory = new KerberosLdapDirectory();
- directory.setContext(dirContext);
- directory.init();
-
- Map<ExtensionProperties, Object> authContext = new
EnumMap<>(ExtensionProperties.class);
- Properties authProps = new Properties();
- authProps.put("ovirt.engine.aaa.authn.profile.name", domain);
- authContext.put(ExtensionProperties.CONFIGURATION, authProps);
- authContext.put(ExtensionProperties.NAME, domain);
- Authenticator authenticator = new KerberosLdapAuthenticator();
- authenticator.setContext(authContext);
- authenticator.init();
-
- AuthenticationProfile profile = new
AuthenticationProfile(authenticator, directory);
-
-
AuthenticationProfileRepository.getInstance().registerProfile(profile);
- }
-
+ List<Properties> configurations = createInternalConfigurations();
+ configurations.addAll(createKerberosLdapConfigurations());
+ ExtensionManager.getInstance().load(configurations);
AuthenticationProfileRepository.getInstance();
-
KerberosManager.getInstance();
UsersDomainsCacheManagerService.getInstance().init();
DbUserCacheManager.getInstance().init();
@@ -164,4 +109,55 @@
new DwhHeartBeat().init();
}
+ private List<Properties> createInternalConfigurations() {
+ List<Properties> results = new ArrayList<>();
+ Properties authConfig = new Properties();
+ authConfig.put(ExtensionManager.CLASS,
"org.ovirt.extensions.builtin.ldapkerberos.LdapKerberosAuthenticator");
+ authConfig.put(ExtensionManager.PROVIDES,
"org.ovirt.engine.core.authentication");
+ authConfig.put(ExtensionManager.ENABLED, true);
+ authConfig.put(ExtensionManager.MODULE,
"org.ovirt.engine.extensions.builtin");
+ authConfig.put(ExtensionManager.NAME, "builtin-authn-internal");
+ authConfig.put("org.ovirt.engine.aaa.authn.profile.name", "internal");
+ authConfig.put("ovirt.engine.aaa.authn.authz.plugin",
"builitin-authz-internal");
+ results.add(authConfig);
+
+ Properties dirConfig = new Properties();
+ dirConfig.put(ExtensionManager.CLASS,
"org.ovirt.extensions.builtin.ldapkerberos.LdapKerberosDirectory");
+ dirConfig.put(ExtensionManager.PROVIDES,
"org.ovirt.engine.core.authorization");
+ dirConfig.put(ExtensionManager.ENABLED, true);
+ dirConfig.put(ExtensionManager.MODULE,
"org.ovirt.engine.extensions.builtin");
+ dirConfig.put(ExtensionManager.NAME, "builtin-authz-internal");
+ dirConfig.put("org.ovirt.engine.aaa.authz.profile.name", "internal");
+ results.add(authConfig);
+ return results;
+
+ }
+
+ private List<Properties> createKerberosLdapConfigurations() {
+
+ List<Properties> results = new ArrayList<>();
+ for (String domain : LdapBrokerUtils.getDomainsList(true)) {
+ Properties authConfig = new Properties();
+ authConfig.put(ExtensionManager.CLASS,
"org.ovirt.extensions.builtin.ldapkerberos.LdapKerberosAuthenticator");
+ authConfig.put(ExtensionManager.PROVIDES,
"org.ovirt.engine.core.authentication");
+ authConfig.put(ExtensionManager.ENABLED, true);
+ authConfig.put(ExtensionManager.MODULE,
"org.ovirt.engine.extensions.builtin");
+ authConfig.put(ExtensionManager.NAME,
String.format("builtin-authn-%1$s", domain));
+ authConfig.put("org.ovirt.engine.aaa.authn.profile.name", domain);
+ authConfig.put("ovirt.engine.aaa.authn.authz.plugin",
String.format("builitin-authz-%1$s", domain));
+ results.add(authConfig);
+
+ Properties dirConfig = new Properties();
+ dirConfig.put(ExtensionManager.CLASS,
"org.ovirt.extensions.builtin.ldapkerberos.LdapKerberosDirectory");
+ dirConfig.put(ExtensionManager.PROVIDES,
"org.ovirt.engine.core.authorization");
+ dirConfig.put(ExtensionManager.ENABLED, true);
+ dirConfig.put(ExtensionManager.MODULE,
"org.ovirt.engine.extensions.builtin");
+ dirConfig.put(ExtensionManager.NAME,
String.format("builtin-authz-%1$s", domain));
+ dirConfig.put("org.ovirt.engine.aaa.authz.profile.name", domain);
+ results.add(authConfig);
+ }
+ return results;
+
+ }
+
}
diff --git
a/backend/manager/modules/extensions-manager/src/main/java/org/ovirt/engine/core/extensions/mgr/ExtensionManager.java
b/backend/manager/modules/extensions-manager/src/main/java/org/ovirt/engine/core/extensions/mgr/ExtensionManager.java
index 247fb04..b36ac2b 100644
---
a/backend/manager/modules/extensions-manager/src/main/java/org/ovirt/engine/core/extensions/mgr/ExtensionManager.java
+++
b/backend/manager/modules/extensions-manager/src/main/java/org/ovirt/engine/core/extensions/mgr/ExtensionManager.java
@@ -5,6 +5,7 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
+import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
@@ -30,11 +31,11 @@
*/
public class ExtensionManager {
- private static final String NAME = "ovirt.engine.extension.name";
- private static final String PROVIDES = "ovirt.engine.extension.provides";
- private static final String ENABLED = "ovirt.engine.extension.enabled";
- private static final String MODULE = "ovirt.engine.extension.module";
- private static final String CLASS = "ovirt.engine.extension.class";
+ public static final String NAME = "ovirt.engine.extension.name";
+ public static final String PROVIDES = "ovirt.engine.extension.provides";
+ public static final String ENABLED = "ovirt.engine.extension.enabled";
+ public static final String MODULE = "ovirt.engine.extension.module";
+ public static final String CLASS = "ovirt.engine.extension.class";
private static final String ENGINE_EXTENSION_ENABLED =
"ENGINE_EXTENSION_ENABLED_";
public class ExtensionEntry {
@@ -48,14 +49,16 @@
context = new EnumMap<>(ExtensionProperties.class);
Properties props = new Properties();
try (FileInputStream inputStream = new FileInputStream(file)) {
- enabled = props.get(ENABLED) != null ?
Boolean.parseBoolean((String) props.get(ENABLED)) : true;
props.load(inputStream);
- context.put(ExtensionProperties.CONFIGURATION, props);
- context.put(ExtensionProperties.NAME, props.getProperty(NAME));
- context.put(ExtensionProperties.PROVIDES,
props.getProperty(PROVIDES));
+ load(props);
}
}
+ public ExtensionEntry(Properties props) {
+ this.file = null;
+ context = new EnumMap<>(ExtensionProperties.class);
+ load(props);
+ }
public String getName() {
return (String) context.get(ExtensionProperties.NAME);
@@ -84,6 +87,14 @@
public Properties getConfig() {
return (Properties) context.get(ExtensionProperties.CONFIGURATION);
}
+
+ private void load(Properties props) {
+ enabled = props.get(ENABLED) != null ?
Boolean.parseBoolean((String) props.get(ENABLED)) : true;
+ context.put(ExtensionProperties.CONFIGURATION, props);
+ context.put(ExtensionProperties.NAME, props.getProperty(NAME));
+ context.put(ExtensionProperties.PROVIDES,
props.getProperty(PROVIDES));
+ }
+
}
private static final Logger log =
LoggerFactory.getLogger(ExtensionManager.class);
@@ -121,6 +132,25 @@
load();
}
+ public void load(Collection<Properties> configurations) {
+ if (configurations == null) {
+ return;
+ }
+ for (Properties configuration : configurations) {
+ ExtensionEntry entry =
+ new ExtensionEntry(configuration);
+ ExtensionEntry alreadyLoaded = loadedEntries.get(entry.getName());
+ if (alreadyLoaded != null) {
+ throw new ConfigurationException(String.format("Could not load
the configuration '%1$s'. %2%s",
+ entry.getName(),
+ alreadyLoaded.file != null ? String.format("The
already loaded file %1$s contains a configuration with the same name",
+ alreadyLoaded.file.getAbsolutePath())
+ : ""));
+ }
+ loadedEntries.put(entry.getName(), entry);
+ }
+ }
+
private void load() throws ConfigurationException {
for (File directory :
EngineLocalConfig.getInstance().getExtensionsDirectories()) {
load(directory);
--
To view, visit http://gerrit.ovirt.org/25741
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id8513cb992c5becef7e83c04a8da8bc7f1622348
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
