merge trunk

author: Cory Wright <cory.wright@rackspace.com> 2011-03-11 20:14:48 +0000
committer: Cory Wright <cory.wright@rackspace.com> 2011-03-11 20:14:48 +0000
commit: 9dbf8e31961c2b32945e7f91be7727d9ab0f2c33 (patch)
tree: bac581886a62679b6e6745b2daed919470655d39 /nova/api
parent: ca781f6dce32096b6c1dd597f6998ee22a81679e (diff)
parent: 34943730a339cb902e49909571c5e83675b1f00d (diff)
download: nova-9dbf8e31961c2b32945e7f91be7727d9ab0f2c33.tar.gz
nova-9dbf8e31961c2b32945e7f91be7727d9ab0f2c33.tar.xz
nova-9dbf8e31961c2b32945e7f91be7727d9ab0f2c33.zip
4 files changed, 205 insertions, 6 deletions
diff --git a/nova/api/openstack/__init__.py b/nova/api/openstack/__init__.py
index ab9dbb780..ce3cff337 100644
--- a/nova/api/openstack/__init__.py
+++ b/nova/api/openstack/__init__.py
@@ -27,6 +27,7 @@ import webob.exc
 from nova import flags
 from nova import log as logging
 from nova import wsgi
+from nova.api.openstack import accounts
 from nova.api.openstack import faults
 from nova.api.openstack import backup_schedules
 from nova.api.openstack import consoles
@@ -34,6 +35,7 @@ from nova.api.openstack import flavors
 from nova.api.openstack import images
 from nova.api.openstack import servers
 from nova.api.openstack import shared_ip_groups
+from nova.api.openstack import users
 from nova.api.openstack import zones
 
 
@@ -89,6 +91,13 @@ class APIRouter(wsgi.Router):
             mapper.resource("zone", "zones", controller=zones.Controller(),
                         collection={'detail': 'GET', 'info': 'GET'}),
 
+            mapper.resource("user", "users", controller=users.Controller(),
+                        collection={'detail': 'GET'})
+
+            mapper.resource("account", "accounts",
+                            controller=accounts.Controller(),
+                            collection={'detail': 'GET'})
+
         mapper.resource("server", "servers", controller=servers.Controller(),
                         collection={'detail': 'GET'},
                         member=server_members)
diff --git a/nova/api/openstack/accounts.py b/nova/api/openstack/accounts.py
new file mode 100644
index 000000000..2510ffb61
--- /dev/null
+++ b/nova/api/openstack/accounts.py
@@ -0,0 +1,85 @@
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import common
+
+from nova import exception
+from nova import flags
+from nova import log as logging
+from nova import wsgi
+
+from nova.auth import manager
+from nova.api.openstack import faults
+
+FLAGS = flags.FLAGS
+LOG = logging.getLogger('nova.api.openstack')
+
+
+def _translate_keys(account):
+    return dict(id=account.id,
+                name=account.name,
+                description=account.description,
+                manager=account.project_manager_id)
+
+
+class Controller(wsgi.Controller):
+
+    _serialization_metadata = {
+        'application/xml': {
+            "attributes": {
+                "account": ["id", "name", "description", "manager"]}}}
+
+    def __init__(self):
+        self.manager = manager.AuthManager()
+
+    def _check_admin(self, context):
+        """We cannot depend on the db layer to check for admin access
+           for the auth manager, so we do it here"""
+        if not context.is_admin:
+            raise exception.NotAuthorized(_("Not admin user."))
+
+    def index(self, req):
+        raise faults.Fault(exc.HTTPNotImplemented())
+
+    def detail(self, req):
+        raise faults.Fault(exc.HTTPNotImplemented())
+
+    def show(self, req, id):
+        """Return data about the given account id"""
+        account = self.manager.get_project(id)
+        return dict(account=_translate_keys(account))
+
+    def delete(self, req, id):
+        self._check_admin(req.environ['nova.context'])
+        self.manager.delete_project(id)
+        return {}
+
+    def create(self, req):
+        """We use update with create-or-update semantics
+           because the id comes from an external source"""
+        raise faults.Fault(exc.HTTPNotImplemented())
+
+    def update(self, req, id):
+        """This is really create or update."""
+        self._check_admin(req.environ['nova.context'])
+        env = self._deserialize(req.body, req.get_content_type())
+        description = env['account'].get('description')
+        manager = env['account'].get('manager')
+        try:
+            account = self.manager.get_project(id)
+            self.manager.modify_project(id, manager, description)
+        except exception.NotFound:
+            account = self.manager.create_project(id, manager, description)
+        return dict(account=_translate_keys(account))
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index de8905f46..4c6b58eff 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -28,11 +28,13 @@ from nova import context
 from nova import db
 from nova import exception
 from nova import flags
+from nova import log as logging
 from nova import manager
 from nova import utils
 from nova import wsgi
 from nova.api.openstack import faults
 
+LOG = logging.getLogger('nova.api.openstack')
 FLAGS = flags.FLAGS
 
 
@@ -50,14 +52,23 @@ class AuthMiddleware(wsgi.Middleware):
     def __call__(self, req):
         if not self.has_authentication(req):
             return self.authenticate(req)
-
         user = self.get_user_by_authentication(req)
-
+        accounts = self.auth.get_projects(user=user)
         if not user:
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
-        project = self.auth.get_project(FLAGS.default_project)
-        req.environ['nova.context'] = context.RequestContext(user, project)
+        if accounts:
+            #we are punting on this til auth is settled,
+            #and possibly til api v1.1 (mdragon)
+            account = accounts[0]
+        else:
+            return faults.Fault(webob.exc.HTTPUnauthorized())
+
+        if not self.auth.is_admin(user) and \
+           not self.auth.is_project_member(user, account):
+            return faults.Fault(webob.exc.HTTPUnauthorized())
+
+        req.environ['nova.context'] = context.RequestContext(user, account)
         return self.application
 
     def has_authentication(self, req):
@@ -125,14 +136,15 @@ class AuthMiddleware(wsgi.Middleware):
         """
         ctxt = context.get_admin_context()
         user = self.auth.get_user_from_access_key(key)
+
         if user and user.name == username:
             token_hash = hashlib.sha1('%s%s%f' % (username, key,
                 time.time())).hexdigest()
             token_dict = {}
             token_dict['token_hash'] = token_hash
             token_dict['cdn_management_url'] = ''
-            # Same as auth url, e.g. http://foo.org:8774/baz/v1.0
-            token_dict['server_management_url'] = req.url
+            os_url = req.url
+            token_dict['server_management_url'] = os_url
             token_dict['storage_url'] = ''
             token_dict['user_id'] = user.id
             token = self.db.auth_token_create(ctxt, token_dict)
diff --git a/nova/api/openstack/users.py b/nova/api/openstack/users.py
new file mode 100644
index 000000000..ebd0f4512
--- /dev/null
+++ b/nova/api/openstack/users.py
@@ -0,0 +1,93 @@
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import common
+
+from nova import exception
+from nova import flags
+from nova import log as logging
+from nova import wsgi
+
+from nova.auth import manager
+
+FLAGS = flags.FLAGS
+LOG = logging.getLogger('nova.api.openstack')
+
+
+def _translate_keys(user):
+    return dict(id=user.id,
+                name=user.name,
+                access=user.access,
+                secret=user.secret,
+                admin=user.admin)
+
+
+class Controller(wsgi.Controller):
+
+    _serialization_metadata = {
+        'application/xml': {
+            "attributes": {
+                "user": ["id", "name", "access", "secret", "admin"]}}}
+
+    def __init__(self):
+        self.manager = manager.AuthManager()
+
+    def _check_admin(self, context):
+        """We cannot depend on the db layer to check for admin access
+           for the auth manager, so we do it here"""
+        if not context.is_admin:
+            raise exception.NotAuthorized(_("Not admin user"))
+
+    def index(self, req):
+        """Return all users in brief"""
+        users = self.manager.get_users()
+        users = common.limited(users, req)
+        users = [_translate_keys(user) for user in users]
+        return dict(users=users)
+
+    def detail(self, req):
+        """Return all users in detail"""
+        return self.index(req)
+
+    def show(self, req, id):
+        """Return data about the given user id"""
+        user = self.manager.get_user(id)
+        return dict(user=_translate_keys(user))
+
+    def delete(self, req, id):
+        self._check_admin(req.environ['nova.context'])
+        self.manager.delete_user(id)
+        return {}
+
+    def create(self, req):
+        self._check_admin(req.environ['nova.context'])
+        env = self._deserialize(req.body, req.get_content_type())
+        is_admin = env['user'].get('admin') in ('T', 'True', True)
+        name = env['user'].get('name')
+        access = env['user'].get('access')
+        secret = env['user'].get('secret')
+        user = self.manager.create_user(name, access, secret, is_admin)
+        return dict(user=_translate_keys(user))
+
+    def update(self, req, id):
+        self._check_admin(req.environ['nova.context'])
+        env = self._deserialize(req.body, req.get_content_type())
+        is_admin = env['user'].get('admin')
+        if is_admin is not None:
+            is_admin = is_admin in ('T', 'True', True)
+        access = env['user'].get('access')
+        secret = env['user'].get('secret')
+        self.manager.modify_user(id, access, secret, is_admin)
+        return dict(user=_translate_keys(self.manager.get_user(id)))
author	Cory Wright <cory.wright@rackspace.com>	2011-03-11 20:14:48 +0000
committer	Cory Wright <cory.wright@rackspace.com>	2011-03-11 20:14:48 +0000
commit	9dbf8e31961c2b32945e7f91be7727d9ab0f2c33 (patch)
tree	bac581886a62679b6e6745b2daed919470655d39 /nova/api
parent	ca781f6dce32096b6c1dd597f6998ee22a81679e (diff)
parent	34943730a339cb902e49909571c5e83675b1f00d (diff)
download	nova-9dbf8e31961c2b32945e7f91be7727d9ab0f2c33.tar.gz nova-9dbf8e31961c2b32945e7f91be7727d9ab0f2c33.tar.xz nova-9dbf8e31961c2b32945e7f91be7727d9ab0f2c33.zip