Vitor de Lima has uploaded a new change for review. Change subject: core, engine, userportal, webadmin: VirtIO console access key management ......................................................................
core, engine, userportal, webadmin: VirtIO console access key management This change introduces a generator of pairs of private and public keys to be used to grant the user access into a SSH-based proxy that exposes the VirtIO console of every running VM. Overall, the following was changed: - A new field was added to the DbUser entity to store the SSH public key - A new button was added in both WebAdmin and UserPortal to give the user a private key and store a public key in the database - A new command to implement the functionality of this button was implemented Change-Id: Id2364cafc687ba6dee2504322234067ff98dc00c Signed-off-by: Vitor de Lima <[email protected]> --- A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RequestSshKeysCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SyncUsers.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalListModel.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/VmListModel.java M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/ApplicationConstants.java M frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/main/view/tab/extended/SideTabExtendedVirtualMachineView.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabVirtualMachineView.java A packaging/dbscripts/upgrade/03_06_0590_add_ssh_public_key.sql M packaging/dbscripts/user_sp.sql 16 files changed, 206 insertions(+), 10 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/10/35810/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RequestSshKeysCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RequestSshKeysCommand.java new file mode 100644 index 0000000..bf30967 --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RequestSshKeysCommand.java @@ -0,0 +1,98 @@ +package org.ovirt.engine.core.bll; + +import org.apache.commons.codec.binary.Base64; +import org.ovirt.engine.core.bll.context.CommandContext; +import org.ovirt.engine.core.bll.utils.PermissionSubject; +import org.ovirt.engine.core.common.AuditLogType; +import org.ovirt.engine.core.common.VdcObjectType; +import org.ovirt.engine.core.common.action.VdcActionParametersBase; +import org.ovirt.engine.core.common.businessentities.ActionGroup; +import org.ovirt.engine.core.common.businessentities.aaa.DbUser; + +import java.io.ByteArrayOutputStream; +import java.io.DataOutputStream; +import java.io.IOException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.Collections; +import java.util.List; + +public class RequestSshKeysCommand <T extends VdcActionParametersBase> extends CommandBase<T> { + + final static private String SSH_RSA = "ssh-rsa"; + + public RequestSshKeysCommand(T parameters) { + this(parameters, null); + } + + public RequestSshKeysCommand(T parameters, CommandContext commandContext) { + super(parameters, commandContext); + } + + @Override + protected void executeCommand() { + + try { + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + + generator.initialize(2048, random); + + KeyPair pair = generator.generateKeyPair(); + + DbUser user = getDbUserDAO().get(getUserId()); + + user.setSshPublicKey(encodePublicKey((RSAPublicKey)pair.getPublic(), user.getExternalId())); + + getDbUserDAO().update(user); + + getReturnValue().setActionReturnValue(encodePrivateKey((RSAPrivateKey)pair.getPrivate())); + + setSucceeded(true); + setCommandShouldBeLogged(false); + + } catch (NoSuchAlgorithmException|IOException e) { + setSucceeded(false); + } + } + + @Override + public AuditLogType getAuditLogTypeValue() { + if (!getSucceeded()) { + return AuditLogType.USER_FAILED_TO_GENERATED_SSH_KEYS; + } else { + return AuditLogType.UNASSIGNED; + } + } + + @Override + public List<PermissionSubject> getPermissionCheckSubjects() { + return Collections.singletonList(new PermissionSubject(getUserId(), VdcObjectType.User, ActionGroup.MANIPULATE_USERS)); + } + + protected static String encodePublicKey(RSAPublicKey rsaPublicKey, String user) throws IOException { + ByteArrayOutputStream byteOs = new ByteArrayOutputStream(); + DataOutputStream dos = new DataOutputStream(byteOs); + + writeArray(dos, SSH_RSA.getBytes()); + writeArray(dos, rsaPublicKey.getPublicExponent().toByteArray()); + writeArray(dos, rsaPublicKey.getModulus().toByteArray()); + + String publicKeyEncoded = new String(Base64.encodeBase64(byteOs.toByteArray())); + return SSH_RSA + " " + publicKeyEncoded + " " + user; + } + + protected static String encodePrivateKey(RSAPrivateKey rsaPrivateKey) { + return new String(Base64.encodeBase64(rsaPrivateKey.getEncoded())); + } + + private static void writeArray(DataOutputStream dos, byte[] array) throws IOException { + dos.writeInt(array.length); + dos.write(array); + } +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java index 799b71f..beb43d7 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java @@ -31,8 +31,10 @@ flatGroups(principal); DbUser dbUser = DbFacade.getInstance().getDbUserDao().getByExternalId(authz, principal.<String>get(PrincipalRecord.ID)); Guid userId = dbUser != null ? dbUser.getId() : Guid.newGuid(); + String sshPublicKey = dbUser != null ? dbUser.getSshPublicKey() : ""; dbUser = new DbUser(mapPrincipalRecordToDirectoryUser(authz, principal)); dbUser.setId(userId); + dbUser.setSshPublicKey(sshPublicKey); DbGroupDAO dao = DbFacade.getInstance().getDbGroupDao(); Set<Guid> groupIds = new HashSet<Guid>(); Set<String> groupsNames = new HashSet<String>(); diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SyncUsers.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SyncUsers.java index 39261ed..e1b420a 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SyncUsers.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SyncUsers.java @@ -63,6 +63,7 @@ if (!activeUser.equals(dbUser)) { activeUser.setId(dbUser.getId()); activeUser.setAdmin(dbUser.isAdmin()); + activeUser.setSshPublicKey(dbUser.getSshPublicKey()); log.info("Principal {}::{} synchronized", activeUser.getLoginName(), activeUser.getDomain()); diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java index 04efd3c..83c761c 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java @@ -772,6 +772,7 @@ USER_ADD_SYSTEM_PERMISSION_FAILED(867, AuditLogSeverity.ERROR), USER_REMOVE_SYSTEM_PERMISSION(868), USER_REMOVE_SYSTEM_PERMISSION_FAILED(869, AuditLogSeverity.ERROR), + USER_FAILED_TO_GENERATED_SSH_KEYS(870, AuditLogSeverity.ERROR), // AD Computer Account AD_COMPUTER_ACCOUNT_SUCCEEDED(900), diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java index 48b0937..d4416b8 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java @@ -171,6 +171,7 @@ LoginAdminUser(418, ActionGroup.LOGIN, false, QuotaDependency.NONE), AddUser(419, ActionGroup.MANIPULATE_USERS, false, QuotaDependency.NONE), AddGroup(420, ActionGroup.MANIPULATE_USERS, false, QuotaDependency.NONE), + RequestSshKeys(421, ActionGroup.MANIPULATE_USERS, false, QuotaDependency.NONE), // Tags AddTag(501, false, QuotaDependency.NONE), RemoveTag(502, false, QuotaDependency.NONE), diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java index d2de0f8..6248d99 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java @@ -75,6 +75,8 @@ */ private Collection<Guid> groupIds; + private String sshPublicKey; + public DbUser() { loginName = ""; firstName = ""; @@ -84,6 +86,7 @@ groupIds = Collections.emptyList(); role = ""; note = ""; + sshPublicKey = ""; } public DbUser(DirectoryUser directoryUser) { @@ -102,6 +105,7 @@ for (DirectoryGroup directoryGroup : directoryUser.getGroups()) { groupNames.add(directoryGroup.getName()); } + sshPublicKey = ""; } public Guid getId() { @@ -236,6 +240,14 @@ return new ArrayList<Guid>(groupIds); } + public String getSshPublicKey() { + return sshPublicKey; + } + + public void setSshPublicKey(String sshPublicKey) { + this.sshPublicKey = sshPublicKey; + } + @Override public int hashCode() { final int prime = 31; @@ -253,6 +265,7 @@ result = prime * result + (active ? 1231 : 1237); result = prime * result + ((lastName == null) ? 0 : lastName.hashCode()); result = prime * result + ((loginName == null) ? 0 : loginName.hashCode()); + result = prime * result + ((sshPublicKey == null) ? 0 : sshPublicKey.hashCode()); return result; } @@ -280,7 +293,8 @@ && ObjectUtils.objectsEqual(role, other.role) && active == other.active && ObjectUtils.objectsEqual(lastName, other.lastName) - && ObjectUtils.objectsEqual(loginName, other.loginName); + && ObjectUtils.objectsEqual(loginName, other.loginName) + && ObjectUtils.objectsEqual(sshPublicKey, other.sshPublicKey); } diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java index 30bd069..e7b4707 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java @@ -42,6 +42,7 @@ entity.setGroupIds(convertToGuidList(rs.getString("group_ids"), ',')); entity.setExternalId(rs.getString("external_id")); entity.setNamespace(rs.getString("namespace")); + entity.setSshPublicKey(rs.getString("ssh_public_key")); return entity; } @@ -76,6 +77,7 @@ addValue("group_ids", StringUtils.join(user.getGroupIds(), ",")); addValue("external_id", user.getExternalId()); addValue("namespace", user.getNamespace()); + addValue("ssh_public_key", user.getSshPublicKey()); } } diff --git a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties index 932bd82..629e860 100644 --- a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties +++ b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties @@ -397,6 +397,7 @@ USER_ADD_SYSTEM_PERMISSION_FAILED=User ${UserName} failed to grant permission for Role ${RoleName} on ${VdcObjectType} to User/Group ${SubjectName}. USER_REMOVE_SYSTEM_PERMISSION=User/Group ${SubjectName} Role ${RoleName} permission was removed from ${VdcObjectType} by ${UserName} USER_REMOVE_SYSTEM_PERMISSION_FAILED=User ${UserName} failed to remove permission for Role ${RoleName} from ${VdcObjectType} to User/Group ${SubjectName} +USER_FAILED_TO_GENERATED_SSH_KEYS=Failed to generate SSH keys for user ${UserName} USER_ADD_ROLE=Role ${RoleName} granted to ${UserName} USER_ADD_ROLE_FAILED=Failed to grant role ${RoleName} (User ${UserName}) USER_REMOVE_ROLE=Role ${RoleName} removed from ${UserName} diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalListModel.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalListModel.java index 369a01f..ad2e1a0 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalListModel.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalListModel.java @@ -226,6 +226,16 @@ privateNewTemplateCommand = value; } + private UICommand privateRequestConsoleKeysCommand; + + public UICommand getRequestConsoleKeysCommand() { + return privateRequestConsoleKeysCommand; + } + + public void setRequestConsoleKeysCommand(UICommand privateRequestConsoleKeysCommand) { + this.privateRequestConsoleKeysCommand = privateRequestConsoleKeysCommand; + } + private final VmGeneralModel vmGeneralModel; private final VmSessionsModel vmSessionsModel; private final UserPortalVmSnapshotListModel vmSnapshotListModel; @@ -320,6 +330,7 @@ setRunOnceCommand(new UICommand("RunOnce", this)); //$NON-NLS-1$ setChangeCdCommand(new UICommand("ChangeCD", this)); //$NON-NLS-1$ setNewTemplateCommand(new UICommand("NewTemplate", this)); //$NON-NLS-1$ + setRequestConsoleKeysCommand(new UICommand("RequestConsoleKeys", this)); //$NON-NLS-1$ setTitle(ConstantsManager.getInstance().getConstants().virtualMachinesTitle()); updateActionAvailability(); @@ -490,6 +501,10 @@ { newTemplate(); } + else if (command == getRequestConsoleKeysCommand()) + { + requestConsoleKeys(); + } else if ("OnRemove".equals(command.getName())) //$NON-NLS-1$ { onRemove(); @@ -528,6 +543,17 @@ } } + private void requestConsoleKeys() { + Frontend.getInstance().runAction(VdcActionType.RequestSshKeys, new VdcActionParametersBase(), new IFrontendActionAsyncCallback() { + @Override + public void executed(FrontendActionAsyncResult result) { + + ConsoleModel.makeConsoleConfigRequest("console.key", "application/octet-stream", (String)result.getReturnValue().getActionReturnValue()); //$NON-NLS-1$ $NON-NLS-2$ + + } + }, this); + } + private void cloneVm() { final UserPortalItemModel vm = (UserPortalItemModel) getSelectedItem(); if (vm == null) { diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/VmListModel.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/VmListModel.java index b06a4be..1f432c5 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/VmListModel.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/VmListModel.java @@ -378,6 +378,16 @@ this.consoleConnectCommand = consoleConnectCommand; } + private UICommand requestConsoleKeysCommand; + + public UICommand getRequestConsoleKeysCommand() { + return requestConsoleKeysCommand; + } + + public void setRequestConsoleKeysCommand(UICommand requestConsoleKeysCommand) { + this.requestConsoleKeysCommand = requestConsoleKeysCommand; + } + public ObservableCollection<ChangeCDModel> isoImages; public ObservableCollection<ChangeCDModel> getIsoImages() @@ -500,6 +510,7 @@ setAssignTagsCommand(new UICommand("AssignTags", this)); //$NON-NLS-1$ setEnableGlobalHaMaintenanceCommand(new UICommand("EnableGlobalHaMaintenance", this)); //$NON-NLS-1$ setDisableGlobalHaMaintenanceCommand(new UICommand("DisableGlobalHaMaintenance", this)); //$NON-NLS-1$ + setRequestConsoleKeysCommand(new UICommand("RequestConsoleKeys", this)); //$NON-NLS-1$ setIsoImages(new ObservableCollection<ChangeCDModel>()); ChangeCDModel tempVar = new ChangeCDModel(); @@ -1794,6 +1805,17 @@ }, model); } + private void requestConsoleKeys() { + Frontend.getInstance().runAction(VdcActionType.RequestSshKeys, new VdcActionParametersBase(), new IFrontendActionAsyncCallback() { + @Override + public void executed(FrontendActionAsyncResult result) { + + ConsoleModel.makeConsoleConfigRequest("console.key", "application/octet-stream", (String)result.getReturnValue().getActionReturnValue()); //$NON-NLS-1$ $NON-NLS-2$ + + } + }, this); + } + private void changeCD() { final VM vm = (VM) getSelectedItem(); @@ -2453,6 +2475,10 @@ { assignTags(); } + else if (command == getRequestConsoleKeysCommand()) + { + requestConsoleKeys(); + } else if ("OnAssignTags".equals(command.getName())) //$NON-NLS-1$ { onAssignTags(); diff --git a/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/ApplicationConstants.java b/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/ApplicationConstants.java index c237674..2d6ef25 100644 --- a/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/ApplicationConstants.java +++ b/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/ApplicationConstants.java @@ -184,6 +184,9 @@ @DefaultStringValue("Snapshots") String snapshotsVm(); + @DefaultStringValue("Request Text Console Key") + String requestConsoleKeys(); + // Extended resource @DefaultStringValue("Virtual Machines") String vmsExtResource(); diff --git a/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/main/view/tab/extended/SideTabExtendedVirtualMachineView.java b/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/main/view/tab/extended/SideTabExtendedVirtualMachineView.java index 31f63b1..952bfb6 100644 --- a/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/main/view/tab/extended/SideTabExtendedVirtualMachineView.java +++ b/frontend/webadmin/modules/userportal-gwtp/src/main/java/org/ovirt/engine/ui/userportal/section/main/view/tab/extended/SideTabExtendedVirtualMachineView.java @@ -255,6 +255,12 @@ return getModel().getNewTemplateCommand(); } }); + getTable().addActionButton(new UserPortalButtonDefinition<UserPortalItemModel>(constants.requestConsoleKeys()) { + @Override + protected UICommand resolveCommand() { + return getModel().getRequestConsoleKeysCommand(); + } + }); getTable().setExtraRowStyles(new RowStyles<UserPortalItemModel>() { diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java index 5a4629f..541a8af 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java @@ -1803,6 +1803,9 @@ @DefaultStringValue("Disable Global HA Maintenance") String disableGlobalHaMaintenanceVm(); + @DefaultStringValue("Request Text Console Key") + String requestConsoleKeys(); + @DefaultStringValue("Show Report") String showReportVm(); diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabVirtualMachineView.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabVirtualMachineView.java index 257b767..0774b3b 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabVirtualMachineView.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabVirtualMachineView.java @@ -378,6 +378,12 @@ return getMainModel().getDisableGlobalHaMaintenanceCommand(); } }); + getTable().addActionButton(new WebAdminButtonDefinition<VM>(constants.requestConsoleKeys()) { + @Override + protected UICommand resolveCommand() { + return getMainModel().getRequestConsoleKeysCommand(); + } + }); if (ReportInit.getInstance().isReportsEnabled()) { updateReportsAvailability(constants); diff --git a/packaging/dbscripts/upgrade/03_06_0590_add_ssh_public_key.sql b/packaging/dbscripts/upgrade/03_06_0590_add_ssh_public_key.sql new file mode 100644 index 0000000..41a7b50 --- /dev/null +++ b/packaging/dbscripts/upgrade/03_06_0590_add_ssh_public_key.sql @@ -0,0 +1 @@ +select fn_db_add_column('users', 'ssh_public_key', 'TEXT'); diff --git a/packaging/dbscripts/user_sp.sql b/packaging/dbscripts/user_sp.sql index 61064b2..2e06973 100644 --- a/packaging/dbscripts/user_sp.sql +++ b/packaging/dbscripts/user_sp.sql @@ -22,12 +22,13 @@ v_username VARCHAR(255), v_group_ids VARCHAR(2048), v_external_id TEXT, - v_namespace VARCHAR(2048)) + v_namespace VARCHAR(2048), + v_ssh_public_key TEXT) RETURNS VOID AS $procedure$ BEGIN -INSERT INTO users(department, domain, email, groups, name, note, role, active, surname, user_id, username, group_ids, external_id,namespace) - VALUES(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace); +INSERT INTO users(department, domain, email, groups, name, note, role, active, surname, user_id, username, group_ids, external_id,namespace, ssh_public_key) + VALUES(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace, v_ssh_public_key); END; $procedure$ LANGUAGE plpgsql; @@ -45,7 +46,8 @@ v_username VARCHAR(255), v_group_ids VARCHAR(2048), v_external_id TEXT, - v_namespace VARCHAR(2048)) + v_namespace VARCHAR(2048), + v_ssh_public_key TEXT) RETURNS INTEGER --The [users] table doesn't have a timestamp column. Optimistic concurrency logic cannot be generated @@ -61,6 +63,7 @@ group_ids = v_group_ids, external_id = v_external_id, namespace = v_namespace, + ssh_public_key = v_ssh_public_key, _update_date = CURRENT_TIMESTAMP WHERE external_id = v_external_id AND domain = v_domain; GET DIAGNOSTICS updated_rows = ROW_COUNT; @@ -86,13 +89,14 @@ v_last_admin_check_status BOOLEAN, v_group_ids VARCHAR(2048), v_external_id TEXT, - v_namespace VARCHAR(2048)) + v_namespace VARCHAR(2048), + v_ssh_public_key TEXT) RETURNS VOID --The [users] table doesn't have a timestamp column. Optimistic concurrency logic cannot be generated AS $procedure$ BEGIN - PERFORM UpdateUserImpl(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace); + PERFORM UpdateUserImpl(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace, v_ssh_public_key); UPDATE users SET last_admin_check_status = v_last_admin_check_status WHERE domain = v_domain AND external_id = v_external_id; @@ -113,15 +117,16 @@ v_username VARCHAR(255), v_group_ids VARCHAR(2048), v_external_id TEXT, - v_namespace VARCHAR(2048)) + v_namespace VARCHAR(2048), + v_ssh_public_key TEXT) RETURNS VOID AS $procedure$ DECLARE updated_rows INT; BEGIN - SELECT UpdateUserImpl(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace) into updated_rows; + SELECT UpdateUserImpl(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace, v_ssh_public_key) into updated_rows; if (updated_rows = 0) THEN - PERFORM InsertUser(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace); + PERFORM InsertUser(v_department, v_domain, v_email, v_groups, v_name, v_note, v_role, v_active, v_surname, v_user_id, v_username, v_group_ids, v_external_id, v_namespace, v_ssh_public_key); End If; END; $procedure$ LANGUAGE plpgsql; -- To view, visit http://gerrit.ovirt.org/35810 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id2364cafc687ba6dee2504322234067ff98dc00c Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Vitor de Lima <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
