From 8d010cacb520786fa12794801bc31eddd23b2af7 Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Thu, 22 Dec 2011 21:39:21 +0000
Subject: Implements blueprint vnc-console-cleanup

 * Creates a unified way to access vnc consoles for xenserver and libvirt
 * Now supports both java and websocket clients
 * Removes nova-vncproxy - a replacement version of this (nova-novncproxy) can be found as described in vncconsole.rst
 * Adds nova-xvpvncproxy, which supports a java vnc client
 * Adds api extension to access java and novnc access_urls
 * Fixes proxy server to close/shutdown sockets more cleanly
 * Address style feedback
 * Use new-style extension format
 * Fix setup.py
 * utils.gen_uuid must be wrapped like str(utils.gen_uuid()) or it can't be serialized

Change-Id: I5e42e2f160e8e3476269bd64b0e8aa77e66c918c
---
 nova/consoleauth/__init__.py | 26 ++++++++++++++++
 nova/consoleauth/manager.py  | 74 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)
 create mode 100644 nova/consoleauth/__init__.py
 create mode 100644 nova/consoleauth/manager.py

(limited to 'nova/consoleauth')

diff --git a/nova/consoleauth/__init__.py b/nova/consoleauth/__init__.py
new file mode 100644
index 000000000..9d578b77a
--- /dev/null
+++ b/nova/consoleauth/__init__.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 Openstack, LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+"""Module to authenticate Consoles."""
+
+from nova import flags
+
+
+FLAGS = flags.FLAGS
+flags.DEFINE_string('consoleauth_topic', 'consoleauth',
+                   'the topic console auth proxy nodes listen on')
diff --git a/nova/consoleauth/manager.py b/nova/consoleauth/manager.py
new file mode 100644
index 000000000..8f86b4b8c
--- /dev/null
+++ b/nova/consoleauth/manager.py
@@ -0,0 +1,74 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 Openstack, LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+"""Auth Components for Consoles."""
+
+import os
+import sys
+import time
+
+from nova import flags
+from nova import log as logging
+from nova import manager
+from nova import utils
+
+
+LOG = logging.getLogger('nova.consoleauth')
+FLAGS = flags.FLAGS
+flags.DEFINE_integer('console_token_ttl', 600,
+                     'How many seconds before deleting tokens')
+flags.DEFINE_string('consoleauth_manager',
+                    'nova.consoleauth.manager.ConsoleAuthManager',
+                    'Manager for console auth')
+
+
+class ConsoleAuthManager(manager.Manager):
+    """Manages token based authentication."""
+
+    def __init__(self, scheduler_driver=None, *args, **kwargs):
+        super(ConsoleAuthManager, self).__init__(*args, **kwargs)
+        self.tokens = {}
+        utils.LoopingCall(self._delete_expired_tokens).start(1)
+
+    def _delete_expired_tokens(self):
+        now = time.time()
+        to_delete = []
+        for k, v in self.tokens.items():
+            if now - v['last_activity_at'] > FLAGS.console_token_ttl:
+                to_delete.append(k)
+
+        for k in to_delete:
+            LOG.audit(_("Deleting Expired Token: (%s)"), k)
+            del self.tokens[k]
+
+    def authorize_console(self, context, token, console_type, host, port,
+                          internal_access_path):
+        self.tokens[token] = {'token': token,
+                              'console_type': console_type,
+                              'host': host,
+                              'port': port,
+                              'internal_access_path': internal_access_path,
+                              'last_activity_at': time.time()}
+        token_dict = self.tokens[token]
+        LOG.audit(_("Received Token: %(token)s, %(token_dict)s)"), locals())
+
+    def check_token(self, context, token):
+        token_valid = token in self.tokens
+        LOG.audit(_("Checking Token: %(token)s, %(token_valid)s)"), locals())
+        if token_valid:
+            return self.tokens[token]
-- 
cgit