Merge trunk, resolve conflicts, and rename 010_ migrate file to 011_ since another migrate file got into trunk ahead of this...

6 files changed, 228 insertions, 13 deletions

diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index b1917e9ea..cadda97db 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -562,7 +562,7 @@ class CloudController(object):
         if context.is_admin:
             v['status'] = '%s (%s, %s, %s, %s)' % (
                 volume['status'],
-                volume['user_id'],
+                volume['project_id'],
                 volume['host'],
                 instance_data,
                 volume['mountpoint'])
diff --git a/nova/api/openstack/__init__.py b/nova/api/openstack/__init__.py
index 197fcc619..ce3cff337 100644
--- a/nova/api/openstack/__init__.py
+++ b/nova/api/openstack/__init__.py
@@ -27,6 +27,7 @@ import webob.exc
 from nova import flags
 from nova import log as logging
 from nova import wsgi
+from nova.api.openstack import accounts
 from nova.api.openstack import faults
 from nova.api.openstack import backup_schedules
 from nova.api.openstack import consoles
@@ -34,6 +35,7 @@ from nova.api.openstack import flavors
 from nova.api.openstack import images
 from nova.api.openstack import servers
 from nova.api.openstack import shared_ip_groups
+from nova.api.openstack import users
 from nova.api.openstack import zones
 
 
@@ -77,8 +79,8 @@ class APIRouter(wsgi.Router):
 
             server_members['pause'] = 'POST'
             server_members['unpause'] = 'POST'
-            server_members["diagnostics"] = "GET"
-            server_members["actions"] = "GET"
+            server_members['diagnostics'] = 'GET'
+            server_members['actions'] = 'GET'
             server_members['suspend'] = 'POST'
             server_members['resume'] = 'POST'
             server_members['rescue'] = 'POST'
@@ -87,8 +89,15 @@ class APIRouter(wsgi.Router):
             server_members['inject_network_info'] = 'POST'
 
             mapper.resource("zone", "zones", controller=zones.Controller(),
+                        collection={'detail': 'GET', 'info': 'GET'}),
+
+            mapper.resource("user", "users", controller=users.Controller(),
                         collection={'detail': 'GET'})
 
+            mapper.resource("account", "accounts",
+                            controller=accounts.Controller(),
+                            collection={'detail': 'GET'})
+
         mapper.resource("server", "servers", controller=servers.Controller(),
                         collection={'detail': 'GET'},
                         member=server_members)
diff --git a/nova/api/openstack/accounts.py b/nova/api/openstack/accounts.py
new file mode 100644
index 000000000..2510ffb61
--- /dev/null
+++ b/nova/api/openstack/accounts.py
@@ -0,0 +1,85 @@
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import common
+
+from nova import exception
+from nova import flags
+from nova import log as logging
+from nova import wsgi
+
+from nova.auth import manager
+from nova.api.openstack import faults
+
+FLAGS = flags.FLAGS
+LOG = logging.getLogger('nova.api.openstack')
+
+
+def _translate_keys(account):
+    return dict(id=account.id,
+                name=account.name,
+                description=account.description,
+                manager=account.project_manager_id)
+
+
+class Controller(wsgi.Controller):
+
+    _serialization_metadata = {
+        'application/xml': {
+            "attributes": {
+                "account": ["id", "name", "description", "manager"]}}}
+
+    def __init__(self):
+        self.manager = manager.AuthManager()
+
+    def _check_admin(self, context):
+        """We cannot depend on the db layer to check for admin access
+           for the auth manager, so we do it here"""
+        if not context.is_admin:
+            raise exception.NotAuthorized(_("Not admin user."))
+
+    def index(self, req):
+        raise faults.Fault(exc.HTTPNotImplemented())
+
+    def detail(self, req):
+        raise faults.Fault(exc.HTTPNotImplemented())
+
+    def show(self, req, id):
+        """Return data about the given account id"""
+        account = self.manager.get_project(id)
+        return dict(account=_translate_keys(account))
+
+    def delete(self, req, id):
+        self._check_admin(req.environ['nova.context'])
+        self.manager.delete_project(id)
+        return {}
+
+    def create(self, req):
+        """We use update with create-or-update semantics
+           because the id comes from an external source"""
+        raise faults.Fault(exc.HTTPNotImplemented())
+
+    def update(self, req, id):
+        """This is really create or update."""
+        self._check_admin(req.environ['nova.context'])
+        env = self._deserialize(req.body, req.get_content_type())
+        description = env['account'].get('description')
+        manager = env['account'].get('manager')
+        try:
+            account = self.manager.get_project(id)
+            self.manager.modify_project(id, manager, description)
+        except exception.NotFound:
+            account = self.manager.create_project(id, manager, description)
+        return dict(account=_translate_keys(account))
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index de8905f46..4c6b58eff 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -28,11 +28,13 @@ from nova import context
 from nova import db
 from nova import exception
 from nova import flags
+from nova import log as logging
 from nova import manager
 from nova import utils
 from nova import wsgi
 from nova.api.openstack import faults
 
+LOG = logging.getLogger('nova.api.openstack')
 FLAGS = flags.FLAGS
 
 
@@ -50,14 +52,23 @@ class AuthMiddleware(wsgi.Middleware):
     def __call__(self, req):
         if not self.has_authentication(req):
             return self.authenticate(req)
-
         user = self.get_user_by_authentication(req)
-
+        accounts = self.auth.get_projects(user=user)
         if not user:
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
-        project = self.auth.get_project(FLAGS.default_project)
-        req.environ['nova.context'] = context.RequestContext(user, project)
+        if accounts:
+            #we are punting on this til auth is settled,
+            #and possibly til api v1.1 (mdragon)
+            account = accounts[0]
+        else:
+            return faults.Fault(webob.exc.HTTPUnauthorized())
+
+        if not self.auth.is_admin(user) and \
+           not self.auth.is_project_member(user, account):
+            return faults.Fault(webob.exc.HTTPUnauthorized())
+
+        req.environ['nova.context'] = context.RequestContext(user, account)
         return self.application
 
     def has_authentication(self, req):
@@ -125,14 +136,15 @@ class AuthMiddleware(wsgi.Middleware):
         """
         ctxt = context.get_admin_context()
         user = self.auth.get_user_from_access_key(key)
+
         if user and user.name == username:
             token_hash = hashlib.sha1('%s%s%f' % (username, key,
                 time.time())).hexdigest()
             token_dict = {}
             token_dict['token_hash'] = token_hash
             token_dict['cdn_management_url'] = ''
-            # Same as auth url, e.g. http://foo.org:8774/baz/v1.0
-            token_dict['server_management_url'] = req.url
+            os_url = req.url
+            token_dict['server_management_url'] = os_url
             token_dict['storage_url'] = ''
             token_dict['user_id'] = user.id
             token = self.db.auth_token_create(ctxt, token_dict)
diff --git a/nova/api/openstack/users.py b/nova/api/openstack/users.py
new file mode 100644
index 000000000..ebd0f4512
--- /dev/null
+++ b/nova/api/openstack/users.py
@@ -0,0 +1,93 @@
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import common
+
+from nova import exception
+from nova import flags
+from nova import log as logging
+from nova import wsgi
+
+from nova.auth import manager
+
+FLAGS = flags.FLAGS
+LOG = logging.getLogger('nova.api.openstack')
+
+
+def _translate_keys(user):
+    return dict(id=user.id,
+                name=user.name,
+                access=user.access,
+                secret=user.secret,
+                admin=user.admin)
+
+
+class Controller(wsgi.Controller):
+
+    _serialization_metadata = {
+        'application/xml': {
+            "attributes": {
+                "user": ["id", "name", "access", "secret", "admin"]}}}
+
+    def __init__(self):
+        self.manager = manager.AuthManager()
+
+    def _check_admin(self, context):
+        """We cannot depend on the db layer to check for admin access
+           for the auth manager, so we do it here"""
+        if not context.is_admin:
+            raise exception.NotAuthorized(_("Not admin user"))
+
+    def index(self, req):
+        """Return all users in brief"""
+        users = self.manager.get_users()
+        users = common.limited(users, req)
+        users = [_translate_keys(user) for user in users]
+        return dict(users=users)
+
+    def detail(self, req):
+        """Return all users in detail"""
+        return self.index(req)
+
+    def show(self, req, id):
+        """Return data about the given user id"""
+        user = self.manager.get_user(id)
+        return dict(user=_translate_keys(user))
+
+    def delete(self, req, id):
+        self._check_admin(req.environ['nova.context'])
+        self.manager.delete_user(id)
+        return {}
+
+    def create(self, req):
+        self._check_admin(req.environ['nova.context'])
+        env = self._deserialize(req.body, req.get_content_type())
+        is_admin = env['user'].get('admin') in ('T', 'True', True)
+        name = env['user'].get('name')
+        access = env['user'].get('access')
+        secret = env['user'].get('secret')
+        user = self.manager.create_user(name, access, secret, is_admin)
+        return dict(user=_translate_keys(user))
+
+    def update(self, req, id):
+        self._check_admin(req.environ['nova.context'])
+        env = self._deserialize(req.body, req.get_content_type())
+        is_admin = env['user'].get('admin')
+        if is_admin is not None:
+            is_admin = is_admin in ('T', 'True', True)
+        access = env['user'].get('access')
+        secret = env['user'].get('secret')
+        self.manager.modify_user(id, access, secret, is_admin)
+        return dict(user=_translate_keys(self.manager.get_user(id)))
diff --git a/nova/api/openstack/zones.py b/nova/api/openstack/zones.py
index cf6cd789f..8fe84275a 100644
--- a/nova/api/openstack/zones.py
+++ b/nova/api/openstack/zones.py
@@ -1,4 +1,4 @@
-# Copyright 2010 OpenStack LLC.
+# Copyright 2011 OpenStack LLC.
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -18,6 +18,7 @@ import common
 from nova import flags
 from nova import wsgi
 from nova import db
+from nova.scheduler import api
 
 
 FLAGS = flags.FLAGS
@@ -32,6 +33,10 @@ def _filter_keys(item, keys):
     return dict((k, v) for k, v in item.iteritems() if k in keys)
 
 
+def _exclude_keys(item, keys):
+    return dict((k, v) for k, v in item.iteritems() if k not in keys)
+
+
 def _scrub_zone(zone):
     return _filter_keys(zone, ('id', 'api_url'))
 
@@ -41,19 +46,30 @@ class Controller(wsgi.Controller):
     _serialization_metadata = {
         'application/xml': {
             "attributes": {
-                "zone": ["id", "api_url"]}}}
+                "zone": ["id", "api_url", "name", "capabilities"]}}}
 
     def index(self, req):
         """Return all zones in brief"""
-        items = db.zone_get_all(req.environ['nova.context'])
+        # Ask the ZoneManager in the Scheduler for most recent data,
+        # or fall-back to the database ...
+        items = api.API().get_zone_list(req.environ['nova.context'])
+        if not items:
+            items = db.zone_get_all(req.environ['nova.context'])
+
         items = common.limited(items, req)
-        items = [_scrub_zone(item) for item in items]
+        items = [_exclude_keys(item, ['username', 'password'])
+                      for item in items]
         return dict(zones=items)
 
     def detail(self, req):
         """Return all zones in detail"""
         return self.index(req)
 
+    def info(self, req):
+        """Return name and capabilities for this zone."""
+        return dict(zone=dict(name=FLAGS.zone_name,
+                    capabilities=FLAGS.zone_capabilities))
+
     def show(self, req, id):
         """Return data about the given zone id"""
         zone_id = int(id)