change pipelib to work with projects

4 files changed, 41 insertions, 47 deletions

diff --git a/bin/nova-manage b/bin/nova-manage
index 76de41308..b1e984096 100755
--- a/bin/nova-manage
+++ b/bin/nova-manage
@@ -38,37 +38,37 @@ class VpnCommands(object):
         self.pipe = pipelib.CloudPipe(cloud.CloudController())
 
     def list(self):
-        print "%-12s\t" % 'user',
+        print "%-12s\t" % 'project',
         print "%-12s\t" % 'ip:port',
         print "%s" % 'state'
-        for user in self.manager.get_users():
-            print "%-12s\t" % user.name,
-            print "%s:%s\t" % (user.vpn_ip, user.vpn_port),
+        for project in self.manager.get_projects():
+            print "%-12s\t" % project.name,
+            print "%s:%s\t" % (project.vpn_ip, project.vpn_port),
 
-            vpn = self.__vpn_for(user.name)
+            vpn = self.__vpn_for(project.id)
             if vpn:
                 print vpn['instance_id'],
                 print vpn['state']
             else:
                 print None
 
-    def __vpn_for(self, username):
+    def __vpn_for(self, project_id):
         for instance in self.instdir.all:
             if (instance.state.has_key('image_id')
                 and instance['image_id'] == FLAGS.vpn_image_id
                 and not instance['state'] in ['shutting_down', 'shutdown']
-                and instance['owner_id'] == username):
+                and instance['project_id'] == project_id):
                 return instance
 
     def spawn(self):
-        for u in reversed(self.manager.get_users()):
-             if not self.__vpn_for(u.id):
-                 print 'spawning %s' % u.id
-                 self.pipe.launch_vpn_instance(u.id)
+        for p in reversed(self.manager.get_projects()):
+             if not self.__vpn_for(p.id):
+                 print 'spawning %s' % p.id
+                 self.pipe.launch_vpn_instance(p.id)
                  time.sleep(10)
 
-    def run(self, username):
-        self.pipe.launch_vpn_instance(username)
+    def run(self, project_id):
+        self.pipe.launch_vpn_instance(project_id)
 
 
 class UserCommands(object):
diff --git a/nova/auth/users.py b/nova/auth/users.py
index 118740182..e165c3ff0 100644
--- a/nova/auth/users.py
+++ b/nova/auth/users.py
@@ -474,9 +474,6 @@ class UserManager(object):
         signed_cert = crypto.sign_csr(csr, Project.safe_id(project))
         return (private_key, signed_cert)
 
-    def sign_cert(self, csr, uid):
-        return crypto.sign_csr(csr, uid)
-
     def __cert_subject(self, uid):
         # FIXME(ja) - this should be pulled from a global configuration
         return "/C=US/ST=California/L=Mountain View/O=Anso Labs/OU=Nova Dev/CN=%s-%s" % (uid, str(datetime.datetime.utcnow().isoformat()))
diff --git a/nova/cloudpipe/api.py b/nova/cloudpipe/api.py
index 5395e9724..a8ecbd285 100644
--- a/nova/cloudpipe/api.py
+++ b/nova/cloudpipe/api.py
@@ -35,36 +35,23 @@ class CloudPipeRequestHandler(tornado.web.RequestHandler):
     def get(self, path):
         path = self.request.path
         _log.debug( "Cloudpipe path is %s" % path)
-        self.manager = users.UserManager.instance()
         if path.endswith("/getca/"):
             self.send_root_ca()
-        elif path.endswith("/getcert/"):
-            _log.debug( "Getting zip for %s" % (path[9:]))
-            try:
-                self.send_signed_zip(self.path[9:])
-            except Exception, err:
-                _log.debug('ERROR: %s\n' % str(err))
-                raise tornado.web.HTTPError(404)
         self.finish()
 
-    def get_username_from_ip(self, ip):
+    def get_project_id_from_ip(self, ip):
         cc = self.application.controllers['Cloud']
         instance = cc.get_instance_by_ip(ip)
-        return instance['owner_id']
+        instance['project_id']
 
     def send_root_ca(self):
         _log.debug( "Getting root ca")
-        username = self.get_username_from_ip(self.request.remote_ip)
+        project_id = self.get_project_id_from_ip(self.request.remote_ip)
         self.set_header("Content-Type", "text/plain")
-        self.write(crypto.fetch_ca(username))
-
-    def send_signed_zip(self, username):
-        self.set_header("Content-Type", "application/zip")
-        self.write(self.manager.get_signed_zip(username))
+        self.write(crypto.fetch_ca(project_id))
 
     def post(self, *args, **kwargs):
-        self.manager = users.UserManager.instance()
-        username = self.get_username_from_ip(self.request.remote_ip)
+        project_id = self.get_project_id_from_ip(self.request.remote_ip)
         cert = self.get_argument('cert', '')
-        self.write(self.manager.sign_cert(urllib.unquote(cert), username))
+        self.write(crypto.sign_csr(urllib.unquote(cert), project_id))
         self.finish()
diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py
index f69486f3e..47a2602a6 100644
--- a/nova/cloudpipe/pipelib.py
+++ b/nova/cloudpipe/pipelib.py
@@ -21,6 +21,7 @@ an instance with it.
 import logging
 import os
 import tempfile
+import base64
 from zipfile import ZipFile, ZIP_DEFLATED
 
 from nova import flags
@@ -39,9 +40,9 @@ class CloudPipe(object):
         self.controller = cloud_controller
         self.manager = users.UserManager.instance()
 
-    def launch_vpn_instance(self, username):
-        logging.debug( "Launching VPN for %s" % (username))
-        user = self.manager.get_user(username)
+    def launch_vpn_instance(self, project_id):
+        logging.debug( "Launching VPN for %s" % (project_id))
+        project = self.manager.get_project(project_id)
         # Make a payload.zip
         tmpfolder = tempfile.mkdtemp()
         filename = "payload.zip"
@@ -51,26 +52,35 @@ class CloudPipe(object):
         z.write(FLAGS.boot_script_template,'autorun.sh')
         z.close()
 
-        self.setup_keypair(username)
+        key_name = self.setup_keypair(project.project_manager_id, project_id)
         zippy = open(zippath, "r")
-        context = api.APIRequestContext(handler=None, user=user)
+        context = api.APIRequestContext(handler=None, user=project.project_manager, project=project)
 
         reservation = self.controller.run_instances(context,
-            user_data=zippy.read().encode("base64"),
+            # run instances expects encoded userdata, it is decoded in the get_metadata_call
+            # autorun.sh also decodes the zip file, hence the double encoding
+            user_data=zippy.read().encode("base64").encode("base64"),
             max_count=1,
             min_count=1,
             image_id=FLAGS.vpn_image_id,
-            key_name="vpn-key",
+            key_name=key_name,
             security_groups=["vpn-secgroup"])
         zippy.close()
 
-    def setup_keypair(self, username):
+    def setup_keypair(self, user_id, project_id):
+        key_name = '%s-key' % project_id
         try:
-            private_key, fingerprint = self.manager.generate_key_pair(username, "vpn-key")
-            os.mkdir("%s/%s" % (FLAGS.keys_path, username))
-            private_key.save(os.path.abspath("%s/%s" % (FLAGS.keys_path, username)))
-        except:
+            private_key, fingerprint = self.manager.generate_key_pair(user_id, key_name)
+            try:
+                key_dir = os.path.join(FLAGS.keys_path, user_id)
+                os.makedirs(key_dir)
+                with open(os.path.join(key_dir, '%s.pem' % key_name),'w') as f:
+                    f.write(private_key)
+            except:
+                pass
+        except exception.Duplicate:
             pass
+        return key_name
 
     # def setup_secgroups(self, username):
     #     conn = self.euca.connection_for(username)