Merge pull request #1127 from grycap/devel

Devel
grycap · Mar 1, 2021 · 9f1ea24 · 9f1ea24
2 parents 7b2ed04 + de04afc
commit 9f1ea24
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 11 deletions.
diff --git a/IM/InfrastructureManager.py b/IM/InfrastructureManager.py
@@ -1326,7 +1326,8 @@ def check_oidc_token(im_auth):
         if Config.OIDC_SCOPES and Config.OIDC_CLIENT_ID and Config.OIDC_CLIENT_SECRET:
             success, res = OpenIDClient.get_token_introspection(token,
                                                                 Config.OIDC_CLIENT_ID,
-                                                                Config.OIDC_CLIENT_SECRET)
+                                                                Config.OIDC_CLIENT_SECRET,
+                                                                Config.VERIFI_SSL)
             if not success:
                 raise InvaliddUserException("Invalid InfrastructureManager credentials. "
                                             "Invalid token or Client credentials.")
@@ -1349,7 +1350,7 @@ def check_oidc_token(im_auth):
 
         try:
             # Now try to get user info
-            success, userinfo = OpenIDClient.get_user_info_request(token)
+            success, userinfo = OpenIDClient.get_user_info_request(token, Config.VERIFI_SSL)
             if success:
                 # convert to username to use it in the rest of the IM
                 im_auth['username'] = IM.InfrastructureInfo.InfrastructureInfo.OPENID_USER_PREFIX

diff --git a/IM/connectors/OpenNebula.py b/IM/connectors/OpenNebula.py
@@ -288,7 +288,8 @@ def getSessionID(self, auth_data):
             return auth['username'] + ":" + passwd
         elif 'token' in auth:
             username, passwd = ONETTSClient.get_auth_from_tts(ConfigOpenNebula.TTS_URL,
-                                                              self.cloud.server, auth['token'])
+                                                              self.cloud.server, auth['token'],
+                                                              Config.VERIFI_SSL)
             if not username or not passwd:
                 raise Exception("Error getting ONE credentials using TTS.")
             auth["username"] = username

diff --git a/IM/openid/OpenIDClient.py b/IM/openid/OpenIDClient.py
@@ -24,33 +24,31 @@
 
 class OpenIDClient(object):
 
-    VERIFY_SSL = False
-
     @staticmethod
-    def get_user_info_request(token):
+    def get_user_info_request(token, verify_ssl=False):
         """
         Get a the user info from a token
         """
         try:
             decoded_token = JWT().get_info(token)
             headers = {'Authorization': 'Bearer %s' % token}
             url = "%s%s" % (decoded_token['iss'], "/userinfo")
-            resp = requests.request("GET", url, verify=OpenIDClient.VERIFY_SSL, headers=headers)
+            resp = requests.request("GET", url, verify=verify_ssl, headers=headers)
             if resp.status_code != 200:
                 return False, "Code: %d. Message: %s." % (resp.status_code, resp.text)
             return True, json.loads(resp.text)
         except Exception as ex:
             return False, str(ex)
 
     @staticmethod
-    def get_token_introspection(token, client_id, client_secret):
+    def get_token_introspection(token, client_id, client_secret, verify_ssl=False):
         """
         Get token introspection
         """
         try:
             decoded_token = JWT().get_info(token)
             url = "%s%s" % (decoded_token['iss'], "/introspect?token=%s&token_type_hint=access_token" % token)
-            resp = requests.request("GET", url, verify=OpenIDClient.VERIFY_SSL,
+            resp = requests.request("GET", url, verify=verify_ssl,
                                     auth=requests.auth.HTTPBasicAuth(client_id, client_secret))
             if resp.status_code != 200:
                 return False, "Code: %d. Message: %s." % (resp.status_code, resp.text)

diff --git a/IM/tts/onetts.py b/IM/tts/onetts.py
@@ -17,7 +17,7 @@ class ONETTSClient():
     """
 
     @staticmethod
-    def get_auth_from_tts(tts_url, one_server, token):
+    def get_auth_from_tts(tts_url, one_server, token, verify_ssl=False):
         """
         Get username and password from the TTS service
         """
@@ -30,7 +30,7 @@ def get_auth_from_tts(tts_url, one_server, token):
             host = parts[0]
             port = int(parts[1])
 
-        ttsc = TTSClient(token, host, port, scheme)
+        ttsc = TTSClient(token, host, port, scheme, verify_ssl)
 
         success, svc = ttsc.find_service(one_server)
         if not success:

diff --git a/doc/source/gstarted.rst b/doc/source/gstarted.rst
@@ -77,6 +77,8 @@ Cloud providers:
    * **appdb://<site_name>/<apc_name>?<vo_name>**, for FedCloud OCCI connector using AppDB info (from ver. 1.6.0).
    * **docker://<docker_image>**, for Docker images.
    * **fbw://<fns_server>/<image-id>**, for FogBow images.
+   * **lin://linode/<image-id>**, for Linode images.
+   * **ora://<region>/<image-id>**, for Orange Flexible Engine images.
 
 See full information about RADL language at :ref:`radl`. More RADL examples are available at the IM GitHub repo
 `examples folder <https://github.com/grycap/im/tree/master/examples>`_.

diff --git a/doc/source/radl.rst b/doc/source/radl.rst
@@ -314,6 +314,8 @@ machine.  The supported features are:
    * ``appdb://<site_name>/<apc_name>?<vo_name>``, for FedCloud OCCI or OpenStack connector using AppDB info (from vers. 1.6.0 and 1.8.6).
    * ``docker://<docker_image>``, for Docker images.
    * ``fbw://<fns_server>/<image-id>``, for FogBow images.
+   * ``lin://linode/<image-id>``, for Linode images.
+   * ``ora://<region>/<image-id>``, for Orange Flexible Engine images.
 
    In case of using a list of URLs, the IM will select the final image based on
    the credentials provided by the user.