merged trunk

6 files changed, 38 insertions, 21 deletions

diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index 2da53a736..b9b1e23e0 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -24,7 +24,6 @@ import logging
 import os
 import shutil
 import string
-import sys
 import tempfile
 import uuid
 import zipfile
@@ -325,8 +324,7 @@ class AuthManager(object):
     def __new__(cls, *args, **kwargs):
         """Returns the AuthManager singleton"""
         if not cls._instance:
-            cls._instance = super(AuthManager, cls).__new__(
-                    cls, *args, **kwargs)
+            cls._instance = super(AuthManager, cls).__new__(cls)
         return cls._instance
 
     def __init__(self, driver=None, *args, **kwargs):
@@ -419,6 +417,12 @@ class AuthManager(object):
                 raise exception.NotAuthorized('Signature does not match')
         return (user, project)
 
+    def get_access_key(self, user, project):
+        """Get an access key that includes user and project"""
+        if not isinstance(user, User):
+            user = self.get_user(user)
+        return "%s:%s" % (user.access, Project.safe_id(project))
+
     def is_superuser(self, user):
         """Checks for superuser status, allowing user to bypass rbac
 
diff --git a/nova/compute/libvirt.xml.template b/nova/compute/libvirt.xml.template
index a763e8a4d..307f9d03a 100644
--- a/nova/compute/libvirt.xml.template
+++ b/nova/compute/libvirt.xml.template
@@ -1,4 +1,4 @@
-<domain type='kvm'>
+<domain type='%(type)s'>
     <name>%(name)s</name>
     <os>
     <type>hvm</type>
@@ -12,7 +12,6 @@
     <memory>%(memory_kb)s</memory>
     <vcpu>%(vcpus)s</vcpu>
     <devices>
-        <emulator>/usr/bin/kvm</emulator>
         <disk type='file'>
             <source file='%(basepath)s/disk'/>
             <target dev='vda' bus='virtio'/>
diff --git a/nova/endpoint/images.py b/nova/endpoint/images.py
index 32f7cc228..fe7cb5d11 100644
--- a/nova/endpoint/images.py
+++ b/nova/endpoint/images.py
@@ -27,6 +27,7 @@ import urllib
 
 from nova import flags
 from nova import utils
+from nova.auth import manager
 
 
 FLAGS = flags.FLAGS
@@ -75,13 +76,16 @@ def deregister(context, image_id):
             query_args=qs({'image_id': image_id}))
 
 def conn(context):
-    return boto.s3.connection.S3Connection (
-        aws_access_key_id=str('%s:%s' % (context.user.access, context.project.name)),
-        aws_secret_access_key=str(context.user.secret),
-        is_secure=False,
-        calling_format=boto.s3.connection.OrdinaryCallingFormat(),
-        port=FLAGS.s3_port,
-        host=FLAGS.s3_host)
+    access = manager.AuthManager().get_access_key(context.user,
+                                                  context.project)
+    secret = str(context.user.secret)
+    calling = boto.s3.connection.OrdinaryCallingFormat()
+    return boto.s3.connection.S3Connection(aws_access_key_id=access,
+                                           aws_secret_access_key=secret,
+                                           is_secure=False,
+                                           calling_format=calling,
+                                           port=FLAGS.s3_port,
+                                           host=FLAGS.s3_host)
 
 
 def qs(params):
diff --git a/nova/utils.py b/nova/utils.py
index 0016b656e..0b23de7cd 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -41,7 +41,7 @@ def import_class(import_str):
     try:
         __import__(mod_str)
         return getattr(sys.modules[mod_str], class_str)
-    except (ImportError, AttributeError):
+    except (ImportError, ValueError, AttributeError):
         raise exception.NotFound('Class %s cannot be found' % class_str)
 
 def fetchfile(url, target):
diff --git a/nova/virt/images.py b/nova/virt/images.py
index 92210e242..872eb6d6a 100644
--- a/nova/virt/images.py
+++ b/nova/virt/images.py
@@ -27,6 +27,7 @@ import time
 from nova import flags
 from nova import process
 from nova.auth import signer
+from nova.auth import manager
 
 FLAGS = flags.FLAGS
 
@@ -34,14 +35,14 @@ flags.DEFINE_bool('use_s3', True,
                   'whether to get images from s3 or use local copy')
 
 
-def fetch(image, path, user):
+def fetch(image, path, user, project):
     if FLAGS.use_s3:
         f = _fetch_s3_image
     else:
         f = _fetch_local_image
-    return f(image, path, user)
+    return f(image, path, user, project)
 
-def _fetch_s3_image(image, path, user):
+def _fetch_s3_image(image, path, user, project):
     url = _image_url('%s/image' % image)
 
     # This should probably move somewhere else, like e.g. a download_as
@@ -51,8 +52,11 @@ def _fetch_s3_image(image, path, user):
     headers['Date'] = time.strftime("%a, %d %b %Y %H:%M:%S GMT", time.gmtime())
 
     uri = '/' + url.partition('/')[2]
-    auth = signer.Signer(user.secret.encode()).s3_authorization(headers, 'GET', uri)
-    headers['Authorization'] = 'AWS %s:%s' % (user.access, auth)
+    access = manager.AuthManager().get_access_key(user, project)
+    signature = signer.Signer(user.secret.encode()).s3_authorization(headers,
+                                                                     'GET',
+                                                                     uri)
+    headers['Authorization'] = 'AWS %s:%s' % (access, signature)
 
     cmd = ['/usr/bin/curl', '--silent', url]
     for (k,v) in headers.iteritems():
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 7b44d72b5..fd079f766 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -47,6 +47,10 @@ flags.DEFINE_string('libvirt_xml_template',
                     utils.abspath('compute/libvirt.xml.template'),
                     'Libvirt XML Template')
 
+flags.DEFINE_string('libvirt_type',
+                    'kvm',
+                    'Libvirt domain type (kvm, qemu, etc)')
+
 def get_connection(read_only):
     # These are loaded late so that there's no need to install these
     # libraries when not using libvirt.
@@ -187,12 +191,13 @@ class LibvirtConnection(object):
         f.close()
 
         user = manager.AuthManager().get_user(data['user_id'])
+        project = manager.AuthManager().get_project(data['project_id'])
         if not os.path.exists(basepath('disk')):
-           yield images.fetch(data['image_id'], basepath('disk-raw'), user)
+           yield images.fetch(data['image_id'], basepath('disk-raw'), user, project)
         if not os.path.exists(basepath('kernel')):
-           yield images.fetch(data['kernel_id'], basepath('kernel'), user)
+           yield images.fetch(data['kernel_id'], basepath('kernel'), user, project)
         if not os.path.exists(basepath('ramdisk')):
-           yield images.fetch(data['ramdisk_id'], basepath('ramdisk'), user)
+           yield images.fetch(data['ramdisk_id'], basepath('ramdisk'), user, project)
 
         execute = lambda cmd, input=None: \
                   process.simple_execute(cmd=cmd,
@@ -235,6 +240,7 @@ class LibvirtConnection(object):
 
         # TODO(termie): lazy lazy hack because xml is annoying
         xml_info['nova'] = json.dumps(instance.datamodel.copy())
+        xml_info['type'] = FLAGS.libvirt_type
         libvirt_xml = libvirt_xml % xml_info
         logging.debug("Finished the toXML method")