OPENBUS-2968 Reconfiguração dinâmica do barramento

Correção na permissão dos métodos de reconfiguração, apenas os métodos
getter podem ser acessados por qualquer usuário.

Melhoria na organização das funções locais para carga e descarga de
configurações: validadores, recarga dos arquivos. Correção do
espalhamento do uso das variáveis globais adminUsers e validators.
parent 7ee10bd8
......@@ -46,24 +46,28 @@ interface Configuration {
* + Número máximo de canais de comunicação do OiL.
* + Níveis de log (busservices e OiL).
*/
void reloadConfigsFile() raises (ServiceFailure);
void reloadConfigsFile()
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Atribui os privilégios de administração para um grupo de usuários.
*/
void grantAdminTo(in StrSeq users) raises (ServiceFailure);
void grantAdminTo(in StrSeq users)
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Revoga os privilégios de administração para um grupo de usuários.
*/
void revokeAdminFrom(in StrSeq users) raises (ServiceFailure);
void revokeAdminFrom(in StrSeq users)
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Retorna a lista de usuários com permissão de administração.
*
* \return Lista de administradores
*/
StrSeq getAdmins() raises (ServiceFailure);
StrSeq getAdmins()
raises (ServiceFailure);
/**
* \brief Adiciona um validador de login. Caso o validador já tiver sido
......@@ -71,7 +75,8 @@ interface Configuration {
*
* \param validator Nome do pacote Lua da implementação do validador.
*/
void addValidator(in string validator) raises (ServiceFailure);
void addValidator(in string validator)
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Remove um validador de login. Caso o validador não tenha sido
......@@ -79,50 +84,58 @@ interface Configuration {
*
* \param validator Nome do pacote Lua da implementação do validador.
*/
void delValidator(in string validator) raises (ServiceFailure);
void delValidator(in string validator)
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Retorna a lista de validadores.
*
* \return Lista dos nomes dos pacotes Lua da implementação dos validadores.
*/
StrSeq getValidators() raises (ServiceFailure);
StrSeq getValidators()
raises (ServiceFailure);
/**
* \brief Redefine o número máximo de canais de comunicação do OiL.
*/
void setMaxChannels(in long maxchannels) raises (ServiceFailure);
void setMaxChannels(in long maxchannels)
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Retorna o número máximo de canais de comunicação do OiL.
*
* \return Número máximo de canais de comunicação do OiL.
*/
long getMaxChannels() raises (ServiceFailure);
long getMaxChannels()
raises (ServiceFailure);
/**
* \brief Redefine o nível de log do barramento.
*/
void setLogLevel(in unsigned short loglevel) raises (ServiceFailure);
void setLogLevel(in unsigned short loglevel)
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Retorna o nível de log do barramento.
*
* \return Nível de log do barramento.
*/
unsigned short getLogLevel() raises (ServiceFailure);
unsigned short getLogLevel()
raises (ServiceFailure);
/**
* \brief Redefine o nível de log do OiL.
*/
void setOilLogLevel(in unsigned short oilloglevel) raises (ServiceFailure);
void setOilLogLevel(in unsigned short oilloglevel)
raises (UnauthorizedOperation, ServiceFailure);
/**
* \brief Retorna o nível de log do OiL.
*
* \return Nível de log do OiL.
*/
unsigned short getOilLogLevel() raises (ServiceFailure);
unsigned short getOilLogLevel()
raises (ServiceFailure);
};
}; // version
......
......@@ -135,49 +135,20 @@ return function(...)
end
end
local adminUsers = { [BusEntity] = true }
local function setAdminUsers()
local function resetAdminUsers(admins)
local updatedAdminUsers = {}
for _, admin in pairs(Configs.admin) do
updatedAdminUsers[admin] = true
grantAdmin(admin, adminUsers)
grantAdmin(admin, admins)
end
for admin,_ in pairs(adminUsers) do
for admin,_ in pairs(admins) do
if admin ~= BusEntity and not updatedAdminUsers[admin] then
revokeAdmin(admin, adminUsers)
revokeAdmin(admin, admins)
end
end
end
local validators = {}
local function unloadValidator(validator)
package.loaded[validator.name] = nil
validators[validator.name] = nil
local ok, errmsg = pcall(validator.finalize)
if not ok then
ServiceFailure{
message = msg.FailedPasswordValidatorTermination:tag{
validator = validator.name,
errmsg = errmsg or msg.UnspecifiedTerminationFailure,
}
}
end
return true
end
local function unloadValidators()
for _, validator in pairs(validators) do
local ok, errmsg = pcall(unloadValidator, validator)
if not ok then
log:exception(errmsg)
end
log:admin(msg.PasswordValidatorUnloaded:tag{
validator = validator.name
})
end
end
local function loadValidator(package)
local function loadValidator(package, validators)
local ok, result = pcall(require, package)
if not ok then
log:misconfig(msg.UnableToLoadPasswordValidator:tag{
......@@ -206,11 +177,11 @@ return function(...)
return true
end
local function loadValidators()
local function loadValidators(validators)
local hasValidator = false
for _, package in pairs(Configs.validator) do
if not hasValidator then hasValidator = true end
local ok, errcode, errmsg = loadValidator(package)
local ok, errcode, errmsg = loadValidator(package, validators)
if not ok then return false, errcode, errmsg end
log:config(msg.PasswordValidatorLoaded:tag{ validator = package })
end
......@@ -259,7 +230,7 @@ return function(...)
return true
end
local function loadConfigs(reload, orb)
local function loadConfigs()
local path = getenv("OPENBUS_CONFIG")
if path == nil then
path = "openbus.cfg"
......@@ -267,14 +238,7 @@ return function(...)
if file == nil then return end
file:close()
end
Configs:configs("configs", path, reload)
if (reload) then
setLogLevel("core", Configs.loglevel)
setLogLevel("oil", Configs.oilloglevel)
resetMaxChannels(orb, Configs.maxchannels)
setAdminUsers()
loadValidators()
end
Configs:configs("configs", path)
end
loadConfigs()
......@@ -473,13 +437,15 @@ Options:
end
-- load all password validators to be used
local validators = {}
do
local res, errcode = loadValidators()
local res, errcode = loadValidators(validators)
if not res then return errcode end
end
-- create a set of admin users
setAdminUsers()
local adminUsers = { [BusEntity] = true }
resetAdminUsers(adminUsers)
-- setup bus access
local orbcfg = { host=Configs.host, port=Configs.port }
......@@ -517,7 +483,6 @@ Options:
access_control = AccessControl,
offer_registry = OfferRegistry,
}
facets.Configuration = Configuration
local objkeyfmt = BusObjectKey.."/%s"
for modname, modfacets in pairs(facetmodules) do
for name, facet in pairs(modfacets) do
......@@ -526,22 +491,41 @@ Options:
facets[name] = facet
end
end
facets.Configuration = Configuration
end
function Configuration:__init(data)
self.access = data.access
self.admins = data.admins
self.validators = data.validators
local access = self.access
local admins = self.admins
access:setGrantedUsers(self.__type, "reloadConfigsFile", admins)
access:setGrantedUsers(self.__type, "grantAdminTo", admins)
access:setGrantedUsers(self.__type, "revokeAdminFrom", admins)
access:setGrantedUsers(self.__type, "addValidator", admins)
access:setGrantedUsers(self.__type, "delValidator", admins)
access:setGrantedUsers(self.__type, "setMaxChannels", admins)
access:setGrantedUsers(self.__type, "setLogLevel", admins)
access:setGrantedUsers(self.__type, "setOilLogLevel", admins)
end
function Configuration:reloadConfigsFile()
loadConfigs(reloadConfigs, orb, facets)
-- local operations
local function updateLogLevel(log, loglevel)
if not setLogLevel(log, loglevel) then
ServiceFailure{
message = msg.InvalidLogLevel:tag{value=loglevel}
}
end
end
local function updateAdmins(users, action)
local function updateAdmins(users, action, admins)
for _, admin in ipairs(users) do
if "grant" == action then
grantAdmin(admin, adminUsers)
grantAdmin(admin, admins)
else
if admin ~= BusEntity and adminUsers[admin] then
revokeAdmin(admin, adminUsers)
if admin ~= BusEntity and admins[admin] then
revokeAdmin(admin, admins)
end
end
end
......@@ -555,21 +539,70 @@ Options:
return list
end
local function unloadValidator(name, validators)
local module = validators[name]
validators[name] = nil
package.loaded[name] = nil
local ok, errmsg = pcall(module.finalize)
if not ok then
ServiceFailure{
message = msg.FailedPasswordValidatorTermination:tag{
validator = name,
errmsg = errmsg or msg.UnspecifiedTerminationFailure,
}
}
end
return true
end
local function unloadValidators(validators)
for name, validator in pairs(validators) do
local ok, errmsg = pcall(unloadValidator, name, validators)
if not ok then
log:exception(errmsg)
end
log:admin(msg.PasswordValidatorUnloaded:tag{
validator = name
})
end
end
function Configuration:shutdown()
unloadValidators(self.validators)
end
-- public operations
function Configuration:reloadConfigsFile()
local orb = self.access.orb
local admins = self.admins
local validators = self.validators
-- load configuration from file
loadConfigs()
-- reconfigure its parameter
setLogLevel("core", Configs.loglevel)
setLogLevel("oil", Configs.oilloglevel)
resetMaxChannels(orb, Configs.maxchannels)
resetAdminUsers(admins)
unloadValidators(validators)
loadValidators(validators)
end
function Configuration:grantAdminTo(users)
updateAdmins(users, "grant")
updateAdmins(users, "grant", self.admins)
end
function Configuration:revokeAdminFrom(users)
updateAdmins(users, "revoke")
updateAdmins(users, "revoke", self.admins)
end
function Configuration:getAdmins()
return getList(adminUsers)
return getList(self.admins)
end
function Configuration:addValidator(name)
local validators = self.validators
if not validators[name] then
local ok, _, errmsg = loadValidator(name)
local ok, _, errmsg = loadValidator(name, validators)
if not ok then
ServiceFailure{
message = msg.UnableToLoadPasswordValidator:tag{
......@@ -583,14 +616,15 @@ Options:
end
function Configuration:delValidator(name)
local validators = self.validators
if validators[name] then
unloadValidator(validators[name])
unloadValidator(name, validators)
log:admin(msg.PasswordValidatorUnloaded:tag{validator = name})
end
end
function Configuration:getValidators()
return getList(validators)
return getList(self.validators)
end
function Configuration:setMaxChannels(maxchannels)
......@@ -605,14 +639,6 @@ Options:
return orb.ResourceManager.inuse.maxsize
end
local function updateLogLevel(log, loglevel)
if not setLogLevel(log, loglevel) then
ServiceFailure{
message = msg.InvalidLogLevel:tag{value=loglevel}
}
end
end
function Configuration:setLogLevel(loglevel)
return updateLogLevel("core", loglevel)
end
......@@ -674,6 +700,7 @@ Options:
facets.InterfaceRegistry:__init(params)
facets.EntityRegistry:__init(params)
facets.OfferRegistry:__init(params)
facets.Configuration:__init(params)
end,
shutdown = function(self)
if iceptor:getCallerChain().caller.entity ~= BusEntity then
......@@ -682,7 +709,7 @@ Options:
self.context:deactivateComponent()
orb:shutdown()
facets.AccessControl:shutdown()
unloadValidators()
facets.Configuration:shutdown()
log:uptime(msg.CoreServicesTerminated)
end,
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment