Merged trunk.

9 files changed, 147 insertions, 19 deletions

diff --git a/nova/api/__init__.py b/nova/api/__init__.py
index 0fedbbfad..747015af5 100644
--- a/nova/api/__init__.py
+++ b/nova/api/__init__.py
@@ -15,5 +15,3 @@
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
-
-"""No-op __init__ for directory full of api goodies."""
diff --git a/nova/api/direct.py b/nova/api/direct.py
index f487df7c7..8ceae299c 100644
--- a/nova/api/direct.py
+++ b/nova/api/direct.py
@@ -44,14 +44,33 @@ from nova import utils
 from nova import wsgi
 
 
+# Global storage for registering modules.
 ROUTES = {}
 
 
 def register_service(path, handle):
+    """Register a service handle at a given path.
+
+    Services registered in this way will be made available to any instances of
+    nova.api.direct.Router.
+
+    :param path: `routes` path, can be a basic string like "/path"
+    :param handle: an object whose methods will be made available via the api
+
+    """
     ROUTES[path] = handle
 
 
 class Router(wsgi.Router):
+    """A simple WSGI router configured via `register_service`.
+
+    This is a quick way to attach multiple services to a given endpoint.
+    It will automatically load the routes registered in the `ROUTES` global.
+
+    TODO(termie): provide a paste-deploy version of this.
+
+    """
+
     def __init__(self, mapper=None):
         if mapper is None:
             mapper = routes.Mapper()
@@ -66,6 +85,24 @@ class Router(wsgi.Router):
 
 
 class DelegatedAuthMiddleware(wsgi.Middleware):
+    """A simple and naive authentication middleware.
+
+    Designed mostly to provide basic support for alternative authentication
+    schemes, this middleware only desires the identity of the user and will
+    generate the appropriate nova.context.RequestContext for the rest of the
+    application. This allows any middleware above it in the stack to
+    authenticate however it would like while only needing to conform to a
+    minimal interface.
+
+    Expects two headers to determine identity:
+     - X-OpenStack-User
+     - X-OpenStack-Project
+
+    This middleware is tied to identity management and will need to be kept
+    in sync with any changes to the way identity is dealt with internally.
+
+    """
+
     def process_request(self, request):
         os_user = request.headers['X-OpenStack-User']
         os_project = request.headers['X-OpenStack-Project']
@@ -74,6 +111,20 @@ class DelegatedAuthMiddleware(wsgi.Middleware):
 
 
 class JsonParamsMiddleware(wsgi.Middleware):
+    """Middleware to allow method arguments to be passed as serialized JSON.
+
+    Accepting arguments as JSON is useful for accepting data that may be more
+    complex than simple primitives.
+
+    In this case we accept it as urlencoded data under the key 'json' as in
+    json=<urlencoded_json> but this could be extended to accept raw JSON
+    in the POST body.
+
+    Filters out the parameters `self`, `context` and anything beginning with
+    an underscore.
+
+    """
+
     def process_request(self, request):
         if 'json' not in request.params:
             return
@@ -92,6 +143,13 @@ class JsonParamsMiddleware(wsgi.Middleware):
 
 
 class PostParamsMiddleware(wsgi.Middleware):
+    """Middleware to allow method arguments to be passed as POST parameters.
+
+    Filters out the parameters `self`, `context` and anything beginning with
+    an underscore.
+
+    """
+
     def process_request(self, request):
         params_parsed = request.params
         params = {}
@@ -106,12 +164,21 @@ class PostParamsMiddleware(wsgi.Middleware):
 
 
 class Reflection(object):
-    """Reflection methods to list available methods."""
+    """Reflection methods to list available methods.
+
+    This is an object that expects to be registered via register_service.
+    These methods allow the endpoint to be self-describing. They introspect
+    the exposed methods and provide call signatures and documentation for
+    them allowing quick experimentation.
+
+    """
+
     def __init__(self):
         self._methods = {}
         self._controllers = {}
 
     def _gather_methods(self):
+        """Introspect available methods and generate documentation for them."""
         methods = {}
         controllers = {}
         for route, handler in ROUTES.iteritems():
@@ -185,6 +252,16 @@ class Reflection(object):
 
 
 class ServiceWrapper(wsgi.Controller):
+    """Wrapper to dynamically povide a WSGI controller for arbitrary objects.
+
+    With lightweight introspection allows public methods on the object to
+    be accesed via simple WSGI routing and parameters and serializes the
+    return values.
+
+    Automatically used be nova.api.direct.Router to wrap registered instances.
+
+    """
+
     def __init__(self, service_handle):
         self.service_handle = service_handle
 
@@ -260,7 +337,16 @@ class Limited(object):
 
 
 class Proxy(object):
-    """Pretend a Direct API endpoint is an object."""
+    """Pretend a Direct API endpoint is an object.
+
+    This is mostly useful in testing at the moment though it should be easily
+    extendable to provide a basic API library functionality.
+
+    In testing we use this to stub out internal objects to verify that results
+    from the API are serializable.
+
+    """
+
     def __init__(self, app, prefix=None):
         self.app = app
         self.prefix = prefix
diff --git a/nova/api/ec2/apirequest.py b/nova/api/ec2/apirequest.py
index d7ad08d2f..6672e60bb 100644
--- a/nova/api/ec2/apirequest.py
+++ b/nova/api/ec2/apirequest.py
@@ -196,7 +196,7 @@ class APIRequest(object):
         elif isinstance(data, datetime.datetime):
             data_el.appendChild(
                   xml.createTextNode(_database_to_isoformat(data)))
-        elif data != None:
+        elif data is not None:
             data_el.appendChild(xml.createTextNode(str(data)))
 
         return data_el
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index 5e81878c4..bd4c9dcd4 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -442,7 +442,7 @@ class CloudController(object):
                                                        group_name)
 
         criteria = self._revoke_rule_args_to_dict(context, **kwargs)
-        if criteria == None:
+        if criteria is None:
             raise exception.ApiError(_("Not enough parameters to build a "
                                        "valid rule."))
 
@@ -664,7 +664,7 @@ class CloudController(object):
                 'volumeId': ec2utils.id_to_ec2_id(volume_id, 'vol-%08x')}
 
     def _convert_to_set(self, lst, label):
-        if lst == None or lst == []:
+        if lst is None or lst == []:
             return None
         if not isinstance(lst, list):
             lst = [lst]
@@ -908,7 +908,10 @@ class CloudController(object):
             internal_id = ec2utils.ec2_id_to_id(ec2_id)
             return self.image_service.show(context, internal_id)
         except exception.NotFound:
-            return self.image_service.show_by_name(context, ec2_id)
+            try:
+                return self.image_service.show_by_name(context, ec2_id)
+            except exception.NotFound:
+                raise exception.NotFound(_('Image %s not found') % ec2_id)
 
     def _format_image(self, image):
         """Convert from format defined by BaseImageService to S3 format."""
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index f3a9bdeca..311e6bde9 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -55,6 +55,9 @@ class AuthMiddleware(wsgi.Middleware):
         user = self.get_user_by_authentication(req)
         accounts = self.auth.get_projects(user=user)
         if not user:
+            token = req.headers["X-Auth-Token"]
+            msg = _("%(user)s could not be found with token '%(token)s'")
+            LOG.warn(msg % locals())
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
         if accounts:
@@ -66,6 +69,8 @@ class AuthMiddleware(wsgi.Middleware):
 
         if not self.auth.is_admin(user) and \
            not self.auth.is_project_member(user, account):
+            msg = _("%(user)s must be an admin or a member of %(account)s")
+            LOG.warn(msg % locals())
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
         req.environ['nova.context'] = context.RequestContext(user, account)
@@ -82,12 +87,16 @@ class AuthMiddleware(wsgi.Middleware):
         # honor it
         path_info = req.path_info
         if len(path_info) > 1:
-            return faults.Fault(webob.exc.HTTPUnauthorized())
+            msg = _("Authentication requests must be made against a version "
+                    "root (e.g. /v1.0 or /v1.1).")
+            LOG.warn(msg)
+            return faults.Fault(webob.exc.HTTPUnauthorized(explanation=msg))
 
         try:
             username = req.headers['X-Auth-User']
             key = req.headers['X-Auth-Key']
-        except KeyError:
+        except KeyError as ex:
+            LOG.warn(_("Could not find %s in request.") % ex)
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
         token, user = self._authorize_user(username, key, req)
@@ -100,6 +109,7 @@ class AuthMiddleware(wsgi.Middleware):
             res.headers['X-CDN-Management-Url'] = token.cdn_management_url
             res.content_type = 'text/plain'
             res.status = '204'
+            LOG.debug(_("Successfully authenticated '%s'") % username)
             return res
         else:
             return faults.Fault(webob.exc.HTTPUnauthorized())
@@ -139,6 +149,7 @@ class AuthMiddleware(wsgi.Middleware):
         try:
             user = self.auth.get_user_from_access_key(key)
         except exception.NotFound:
+            LOG.warn(_("User not found with provided API key."))
             user = None
 
         if user and user.name == username:
@@ -153,4 +164,9 @@ class AuthMiddleware(wsgi.Middleware):
             token_dict['user_id'] = user.id
             token = self.db.auth_token_create(ctxt, token_dict)
             return token, user
+        elif user and user.name != username:
+            msg = _("Provided API key is valid, but not for user "
+                    "'%(username)s'") % locals()
+            LOG.warn(msg)
+
         return None, None
diff --git a/nova/api/openstack/common.py b/nova/api/openstack/common.py
index 234f921ab..0b6dc944a 100644
--- a/nova/api/openstack/common.py
+++ b/nova/api/openstack/common.py
@@ -25,7 +25,7 @@ from nova import log as logging
 from nova import wsgi
 
 
-LOG = logging.getLogger('common')
+LOG = logging.getLogger('nova.api.openstack.common')
 
 
 FLAGS = flags.FLAGS
@@ -116,8 +116,14 @@ def get_image_id_from_image_hash(image_service, context, image_hash):
         items = image_service.index(context)
     for image in items:
         image_id = image['id']
-        if abs(hash(image_id)) == int(image_hash):
-            return image_id
+        try:
+            if abs(hash(image_id)) == int(image_hash):
+                return image_id
+        except ValueError:
+            msg = _("Requested image_id has wrong format: %s,"
+                    "should have numerical format") % image_id
+            LOG.error(msg)
+            raise Exception(msg)
     raise exception.NotFound(image_hash)
 
 
diff --git a/nova/api/openstack/contrib/volumes.py b/nova/api/openstack/contrib/volumes.py
index 6efacce52..18de2ec71 100644
--- a/nova/api/openstack/contrib/volumes.py
+++ b/nova/api/openstack/contrib/volumes.py
@@ -322,8 +322,7 @@ class Volumes(extensions.ExtensionDescriptor):
         # Does this matter?
         res = extensions.ResourceExtension('volumes',
                                         VolumeController(),
-                                        collection_actions={'detail': 'GET'}
-                                          )
+                                        collection_actions={'detail': 'GET'})
         resources.append(res)
 
         res = extensions.ResourceExtension('volume_attachments',
diff --git a/nova/api/openstack/server_metadata.py b/nova/api/openstack/server_metadata.py
index 01ca79eec..fd64ee4fb 100644
--- a/nova/api/openstack/server_metadata.py
+++ b/nova/api/openstack/server_metadata.py
@@ -88,7 +88,7 @@ class Controller(common.OpenstackController):
         self.compute_api.delete_instance_metadata(context, server_id, id)
 
     def _handle_quota_error(self, error):
-        """Reraise quota errors as api-specific http exceptions"""
+        """Reraise quota errors as api-specific http exceptions."""
         if error.code == "MetadataLimitExceeded":
             raise exc.HTTPBadRequest(explanation=error.message)
         raise error
diff --git a/nova/api/openstack/servers.py b/nova/api/openstack/servers.py
index 8451052a8..357a279ef 100644
--- a/nova/api/openstack/servers.py
+++ b/nova/api/openstack/servers.py
@@ -118,6 +118,8 @@ class Controller(common.OpenstackController):
 
         context = req.environ['nova.context']
 
+        password = self._get_server_admin_password(env['server'])
+
         key_name = None
         key_data = None
         key_pairs = auth_manager.AuthManager.get_key_pairs(context)
@@ -127,8 +129,13 @@ class Controller(common.OpenstackController):
             key_data = key_pair['public_key']
 
         requested_image_id = self._image_id_from_req_data(env)
-        image_id = common.get_image_id_from_image_hash(self._image_service,
-            context, requested_image_id)
+        try:
+            image_id = common.get_image_id_from_image_hash(self._image_service,
+                context, requested_image_id)
+        except:
+            msg = _("Can not find requested image")
+            return faults.Fault(exc.HTTPBadRequest(msg))
+
         kernel_id, ramdisk_id = self._get_kernel_ramdisk_from_image(
             req, image_id)
 
@@ -170,7 +177,6 @@ class Controller(common.OpenstackController):
 
         builder = self._get_view_builder(req)
         server = builder.build(inst, is_detail=True)
-        password = utils.generate_password(16)
         server['server']['adminPass'] = password
         self.compute_api.set_admin_password(context, server['server']['id'],
                                             password)
@@ -232,6 +238,10 @@ class Controller(common.OpenstackController):
         # if the original error is okay, just reraise it
         raise error
 
+    def _get_server_admin_password(self, server):
+        """ Determine the admin password for a server on creation """
+        return utils.generate_password(16)
+
     @scheduler_api.redirect_handler
     def update(self, req, id):
         """ Updates the server name or password """
@@ -723,6 +733,16 @@ class ControllerV11(Controller):
         response.empty_body = True
         return response
 
+    def _get_server_admin_password(self, server):
+        """ Determine the admin password for a server on creation """
+        password = server.get('adminPass')
+        if password is None:
+            return utils.generate_password(16)
+        if not isinstance(password, basestring) or password == '':
+            msg = _("Invalid adminPass")
+            raise exc.HTTPBadRequest(msg)
+        return password
+
     def get_default_xmlns(self, req):
         return common.XML_NS_V11