EUCA-8666 created an account for objectstorage <--> walrus requests

eucalyptus · Feb 10, 2015 · 0ab6656 · 0ab6656
1 parent 60ee198
commit 0ab6656
Show file tree

Hide file tree

Showing 5 changed files with 141 additions and 96 deletions.
diff --git a/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthBootstrapper.java b/clc/modules/authentication/src/main/java/com/eucalyptus/auth/DatabaseAuthBootstrapper.java
@@ -113,6 +113,8 @@ public boolean start( ) throws Exception {
       this.ensureCloudFormationAccountExists();
       //EUCA-9533 - System account for pre-signed urls in download manifests
       this.ensureExecReadAccountExists();
+      //EUCA-8667 - System account for osg <--> walrus
+      this.ensureObjectStorageWalrusAccountExists();
       LdapSync.start( );
     }
     return true;
@@ -275,4 +277,18 @@ private void ensureExecReadAccountExists( ) throws Exception {
     }
   }
 
+  //EUCA-8667 - System account for osg <--> walrus
+  private void ensureObjectStorageWalrusAccountExists() throws Exception {
+    try {
+      Accounts.lookupAccountByName( Account.OBJECT_STORAGE_WALRUS_ACCOUNT );
+    } catch ( Exception e ) {
+      try {
+        Accounts.addSystemAccountWithAdmin( Account.OBJECT_STORAGE_WALRUS_ACCOUNT );
+        LOG.info("Created " + Account.OBJECT_STORAGE_WALRUS_ACCOUNT + " account");
+      } catch (Exception e1) {
+        LOG.error("Error during account creation for " + Account.OBJECT_STORAGE_WALRUS_ACCOUNT, e1);
+      }
+    }
+  }
+
 }
diff --git a/clc/modules/msgs/src/main/java/com/eucalyptus/auth/Accounts.java b/clc/modules/msgs/src/main/java/com/eucalyptus/auth/Accounts.java
@@ -261,6 +261,25 @@ public static User lookupAwsExecReadAdmin(boolean ensureActiveKey) throws AuthEx
 	return user;
   }
 
+  public static User lookupObjectStorageWalrusAccount(boolean ensureActiveKey) throws AuthException {
+    Account system = Accounts.getAccountProvider( ).lookupAccountByName( Account.OBJECT_STORAGE_WALRUS_ACCOUNT );
+    User user = system.lookupAdmin();
+    if (ensureActiveKey) {
+      boolean hasActiveKey = false;
+      for (AccessKey k:user.getKeys()) {
+        if ( k.isActive() ) {
+          hasActiveKey = true;
+          break;
+        }
+      }
+      if (!hasActiveKey) {
+        user.createKey();
+        LOG.debug("Created new user key for " + user.getName());
+      }
+    }
+    return user;
+  }
+
   public static String getFirstActiveAccessKeyId( User user ) throws AuthException {
     for ( AccessKey k : user.getKeys( ) ) {
       if ( k.isActive( ) ) {

diff --git a/clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Account.java b/clc/modules/msgs/src/main/java/com/eucalyptus/auth/principal/Account.java
@@ -111,6 +111,9 @@ public interface Account extends /*HasId,*/ BasePrincipal, RestrictedType, Seria
   //EUCA-9533 - System account for pre-signed urls in download manifests
   public static final String AWS_EXEC_READ_SYSTEM_ACCOUNT = SYSTEM_ACCOUNT_PREFIX + "aws-exec-read";
 
+  // EUCA-8667 - System account for osg <--> walrus
+  public static final String OBJECT_STORAGE_WALRUS_ACCOUNT = SYSTEM_ACCOUNT_PREFIX + "objectstorage";
+
   public void setName( String name ) throws AuthException;
 
   public List<User> getUsers( ) throws AuthException;

diff --git a/...age/src/main/java/com/eucalyptus/objectstorage/providers/walrus/WalrusProviderClient.java b/...age/src/main/java/com/eucalyptus/objectstorage/providers/walrus/WalrusProviderClient.java
@@ -152,34 +152,34 @@
 /**
  * The provider client that is used by the OSG to communicate with the Walrus backend. Because Walrus is IAM-aware, this provider does *not* perform
  * IAM policy checks itself.
- * 
+ *
  * WalrusProviderClient leverages the AWS Java SDK for the GET/PUT data operations on Walrus. All metadata operations are handled using normal
  * Eucalyptus message delivery
  *
  */
 @ObjectStorageProviders.ObjectStorageProviderClientProperty("walrus")
 public class WalrusProviderClient extends S3ProviderClient {
   private static Logger LOG = Logger.getLogger(WalrusProviderClient.class);
-  private static User systemAdmin = null;
+  private static User osgUser = null;
 
   /**
    * Class for handling the message pass-thru
    *
    */
   protected static class WalrusClient extends SynchronousClient<WalrusRequestType, WalrusBackend> {
     WalrusClient() {
-      super(systemAdmin.getUserId(), WalrusBackend.class);
+      super(osgUser.getUserId(), WalrusBackend.class);
     }
 
     public <REQ extends WalrusRequestType, RES extends WalrusResponseType> RES sendSyncA(final REQ request) throws Exception {
-      request.setUser(systemAdmin);
-      request.setUserId(systemAdmin.getUserId());
+      request.setUser(osgUser);
+      request.setUserId(osgUser.getUserId());
       return AsyncRequests.sendSync(configuration, request);
     }
 
     public <REQ extends WalrusDataRequestType, RES extends WalrusDataResponseType> RES sendSyncADataReq(final REQ request) throws Exception {
-      request.setUser(systemAdmin);
-      request.setUserId(systemAdmin.getUserId());
+      request.setUser(osgUser);
+      request.setUserId(osgUser.getUserId());
       return AsyncRequests.sendSync(configuration, request);
     }
 
@@ -199,7 +199,7 @@ protected boolean doUsePathStyle() {
   public void initialize() throws EucalyptusCloudException {
     super.initialize();
     try {
-      systemAdmin = Accounts.lookupSystemAdmin();
+      osgUser = Accounts.lookupObjectStorageWalrusAccount(true);
     } catch (AuthException e) {
       LOG.error("Failed to lookup system admin account. Cannot initialize Walrus provider client.", e);
       throw new EucalyptusCloudException(e);
@@ -216,7 +216,7 @@ public void check() throws EucalyptusCloudException {
 
   /**
    * Simply looks up the currently enabled Walrus service.
-   * 
+   *
    * @return
    */
   protected WalrusClient getEnabledWalrusClient() throws ObjectStorageException {
@@ -235,18 +235,19 @@ protected WalrusClient getEnabledWalrusClient() throws ObjectStorageException {
    */
   @Override
   protected BasicAWSCredentials mapCredentials(User requestUser) throws AuthException, IllegalArgumentException {
-    List<AccessKey> eucaAdminKeys = systemAdmin.getKeys();
+    List<AccessKey> eucaAdminKeys = osgUser.getKeys();
     if (eucaAdminKeys != null && eucaAdminKeys.size() > 0) {
       return new BasicAWSCredentials(eucaAdminKeys.get(0).getAccessKey(), eucaAdminKeys.get(0).getSecretKey());
     } else {
-      LOG.error("No key found for user " + requestUser.getUserId() + " . Cannot map credentials for call to WalrusBackend backend for data operation");
+      LOG.error(
+          "No key found for user " + requestUser.getUserId() + " . Cannot map credentials for call to WalrusBackend backend for data operation");
       throw new AuthException("No access key found for backend call to WalrusBackend for UserId: " + requestUser.getUserId());
     }
   }
 
   /**
    * Do the request proxying
-   * 
+   *
    * @param request
    * @param walrusRequestClass
    * @param walrusResponseClass