merge trunk, fix conflict

3 files changed, 66 insertions, 43 deletions

diff --git a/nova/auth/ldapdriver.py b/nova/auth/ldapdriver.py
index c8de20028..bc53e0ec6 100644
--- a/nova/auth/ldapdriver.py
+++ b/nova/auth/ldapdriver.py
@@ -119,8 +119,7 @@ class LdapDriver(object):
 
     def get_project(self, pid):
         """Retrieve project by id"""
-        dn = 'cn=%s,%s' % (pid,
-                           FLAGS.ldap_project_subtree)
+        dn = self.__project_to_dn(pid)
         attr = self.__find_object(dn, LdapDriver.project_pattern)
         return self.__to_project(attr)
 
@@ -228,7 +227,8 @@ class LdapDriver(object):
             ('description', [description]),
             (LdapDriver.project_attribute, [manager_dn]),
             ('member', members)]
-        self.conn.add_s('cn=%s,%s' % (name, FLAGS.ldap_project_subtree), attr)
+        dn = self.__project_to_dn(name, search=False)
+        self.conn.add_s(dn, attr)
         return self.__to_project(dict(attr))
 
     def modify_project(self, project_id, manager_uid=None, description=None):
@@ -246,23 +246,22 @@ class LdapDriver(object):
                          manager_dn))
         if description:
             attr.append((self.ldap.MOD_REPLACE, 'description', description))
-        self.conn.modify_s('cn=%s,%s' % (project_id,
-                                         FLAGS.ldap_project_subtree),
-                           attr)
+        dn = self.__project_to_dn(project_id)
+        self.conn.modify_s(dn, attr)
 
     def add_to_project(self, uid, project_id):
         """Add user to project"""
-        dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
+        dn = self.__project_to_dn(project_id)
         return self.__add_to_group(uid, dn)
 
     def remove_from_project(self, uid, project_id):
         """Remove user from project"""
-        dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
+        dn = self.__project_to_dn(project_id)
         return self.__remove_from_group(uid, dn)
 
     def is_in_project(self, uid, project_id):
         """Check if user is in project"""
-        dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
+        dn = self.__project_to_dn(project_id)
         return self.__is_in_group(uid, dn)
 
     def has_role(self, uid, role, project_id=None):
@@ -302,7 +301,7 @@ class LdapDriver(object):
                     roles.append(role)
             return roles
         else:
-            project_dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
+            project_dn = self.__project_to_dn(project_id)
             query = ('(&(&(objectclass=groupOfNames)(!%s))(member=%s))' %
                      (LdapDriver.project_pattern, self.__uid_to_dn(uid)))
             roles = self.__find_objects(project_dn, query)
@@ -335,7 +334,7 @@ class LdapDriver(object):
 
     def delete_project(self, project_id):
         """Delete a project"""
-        project_dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
+        project_dn = self.__project_to_dn(project_id)
         self.__delete_roles(project_dn)
         self.__delete_group(project_dn)
 
@@ -367,9 +366,10 @@ class LdapDriver(object):
 
     def __get_ldap_user(self, uid):
         """Retrieve LDAP user entry by id"""
-        attr = self.__find_object(self.__uid_to_dn(uid),
-                                  '(objectclass=novaUser)')
-        return attr
+        dn = FLAGS.ldap_user_subtree
+        query = ('(&(%s=%s)(objectclass=novaUser))' %
+                 (FLAGS.ldap_user_id_attribute, uid))
+        return self.__find_object(dn, query)
 
     def __find_object(self, dn, query=None, scope=None):
         """Find an object by dn and query"""
@@ -420,15 +420,13 @@ class LdapDriver(object):
         query = '(objectclass=groupOfNames)'
         return self.__find_object(dn, query) is not None
 
-    @staticmethod
-    def __role_to_dn(role, project_id=None):
+    def __role_to_dn(self, role, project_id=None):
         """Convert role to corresponding dn"""
         if project_id is None:
             return FLAGS.__getitem__("ldap_%s" % role).value
         else:
-            return 'cn=%s,cn=%s,%s' % (role,
-                                       project_id,
-                                       FLAGS.ldap_project_subtree)
+            project_dn = self.__project_to_dn(project_id)
+            return 'cn=%s,%s' % (role, project_dn)
 
     def __create_group(self, group_dn, name, uid,
                        description, member_uids=None):
@@ -534,6 +532,42 @@ class LdapDriver(object):
         for role_dn in self.__find_role_dns(project_dn):
             self.__delete_group(role_dn)
 
+    def __to_project(self, attr):
+        """Convert ldap attributes to Project object"""
+        if attr is None:
+            return None
+        member_dns = attr.get('member', [])
+        return {
+            'id': attr['cn'][0],
+            'name': attr['cn'][0],
+            'project_manager_id':
+                self.__dn_to_uid(attr[LdapDriver.project_attribute][0]),
+            'description': attr.get('description', [None])[0],
+            'member_ids': [self.__dn_to_uid(x) for x in member_dns]}
+
+    def __uid_to_dn(self, uid, search=True):
+        """Convert uid to dn"""
+        # By default return a generated DN
+        userdn = (FLAGS.ldap_user_id_attribute + '=%s,%s'
+                  % (uid, FLAGS.ldap_user_subtree))
+        if search:
+            query = ('%s=%s' % (FLAGS.ldap_user_id_attribute, uid))
+            user = self.__find_dns(FLAGS.ldap_user_subtree, query)
+            if len(user) > 0:
+                userdn = user[0]
+        return userdn
+
+    def __project_to_dn(self, pid, search=True):
+        """Convert pid to dn"""
+        # By default return a generated DN
+        projectdn = ('cn=%s,%s' % (pid, FLAGS.ldap_project_subtree))
+        if search:
+            query = ('(&(cn=%s)%s)' % (pid, LdapDriver.project_pattern))
+            project = self.__find_dns(FLAGS.ldap_project_subtree, query)
+            if len(project) > 0:
+                projectdn = project[0]
+        return projectdn
+
     @staticmethod
     def __to_user(attr):
         """Convert ldap attributes to User object"""
@@ -550,30 +584,11 @@ class LdapDriver(object):
         else:
             return None
 
-    def __to_project(self, attr):
-        """Convert ldap attributes to Project object"""
-        if attr is None:
-            return None
-        member_dns = attr.get('member', [])
-        return {
-            'id': attr['cn'][0],
-            'name': attr['cn'][0],
-            'project_manager_id':
-                self.__dn_to_uid(attr[LdapDriver.project_attribute][0]),
-            'description': attr.get('description', [None])[0],
-            'member_ids': [self.__dn_to_uid(x) for x in member_dns]}
-
     @staticmethod
     def __dn_to_uid(dn):
         """Convert user dn to uid"""
         return dn.split(',')[0].split('=')[1]
 
-    @staticmethod
-    def __uid_to_dn(uid):
-        """Convert uid to dn"""
-        return (FLAGS.ldap_user_id_attribute + '=%s,%s'
-                % (uid, FLAGS.ldap_user_subtree))
-
 
 class FakeLdapDriver(LdapDriver):
     """Fake Ldap Auth driver"""
diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index 5685ae5e2..89f02998d 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -684,8 +684,7 @@ class AuthManager(object):
         else:
             regions = {'nova': FLAGS.cc_host}
         for region, host in regions.iteritems():
-            rc = self.__generate_rc(user.access,
-                                    user.secret,
+            rc = self.__generate_rc(user,
                                     pid,
                                     use_dmz,
                                     host)
@@ -725,7 +724,7 @@ class AuthManager(object):
         return self.__generate_rc(user.access, user.secret, pid, use_dmz)
 
     @staticmethod
-    def __generate_rc(access, secret, pid, use_dmz=True, host=None):
+    def __generate_rc(user, pid, use_dmz=True, host=None):
         """Generate rc file for user"""
         if use_dmz:
             cc_host = FLAGS.cc_dmz
@@ -738,14 +737,19 @@ class AuthManager(object):
             s3_host = host
             cc_host = host
         rc = open(FLAGS.credentials_template).read()
-        rc = rc % {'access': access,
+        rc = rc % {'access': user.access,
                    'project': pid,
-                   'secret': secret,
+                   'secret': user.secret,
                    'ec2': '%s://%s:%s%s' % (FLAGS.ec2_prefix,
                                             cc_host,
                                             FLAGS.cc_port,
                                             FLAGS.ec2_suffix),
                    's3': 'http://%s:%s' % (s3_host, FLAGS.s3_port),
+                   'os': '%s://%s:%s%s' % (FLAGS.os_prefix,
+                                            cc_host,
+                                            FLAGS.cc_port,
+                                            FLAGS.os_suffix),
+                   'user': user.name,
                    'nova': FLAGS.ca_file,
                    'cert': FLAGS.credential_cert_file,
                    'key': FLAGS.credential_key_file}
diff --git a/nova/auth/novarc.template b/nova/auth/novarc.template
index 1b8ecb173..c53a4acdc 100644
--- a/nova/auth/novarc.template
+++ b/nova/auth/novarc.template
@@ -10,3 +10,7 @@ export NOVA_CERT=${NOVA_KEY_DIR}/%(nova)s
 export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
 alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}"
 alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
+export CLOUD_SERVERS_API_KEY="%(access)s"
+export CLOUD_SERVERS_USERNAME="%(user)s"
+export CLOUD_SERVERS_URL="%(os)s"
+