diff options
| author | Vishvananda Ishaya <vishvananda@gmail.com> | 2011-03-30 13:51:21 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-03-30 13:51:21 +0000 |
| commit | 2c71deadc3ee9327cd9cd54771ef495d344aa7e9 (patch) | |
| tree | 179a399410bcbdc9757a199aae3c82ab20cd8b85 | |
| parent | 56b5bcf86f1bee60a4b727414cca1ac5e714d09a (diff) | |
| parent | 60685eabcde99140f36e1ffbd16dbbbacc87baff (diff) | |
| download | nova-2c71deadc3ee9327cd9cd54771ef495d344aa7e9.tar.gz nova-2c71deadc3ee9327cd9cd54771ef495d344aa7e9.tar.xz nova-2c71deadc3ee9327cd9cd54771ef495d344aa7e9.zip | |
Makes the image decryption code use the per-project private key to decrpyt uploaded images if use_project_ca is set. This allows the decryption code to work properly when we are using a different ca per project.
| -rw-r--r-- | nova/image/s3.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nova/image/s3.py b/nova/image/s3.py index 85a2c651c..ddec5f3aa 100644 --- a/nova/image/s3.py +++ b/nova/image/s3.py @@ -31,6 +31,7 @@ from xml.etree import ElementTree import boto.s3.connection +from nova import crypto from nova import exception from nova import flags from nova import utils @@ -210,7 +211,7 @@ class S3ImageService(service.BaseImageService): # FIXME(vish): grab key from common service so this can run on # any host. - cloud_pk = os.path.join(FLAGS.ca_path, "private/cakey.pem") + cloud_pk = crypto.key_path(context.project_id) decrypted_filename = os.path.join(image_path, 'image.tar.gz') self._decrypt_image(encrypted_filename, encrypted_key, |