Merge from trunk

author: Michael Gundlach <michael.gundlach@rackspace.com> 2010-09-21 12:00:44 -0400
committer: Michael Gundlach <michael.gundlach@rackspace.com> 2010-09-21 12:00:44 -0400
commit: bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408 (patch)
tree: 55ab3fe832c55203bd5ff9852fc5291b1801bfb2 /nova/auth
parent: 9ea20110ae05a0bd5294774c2ee11626e9c4147f (diff)
parent: ce0a9b7b36ba816c347f10a1804aedf337ad35da (diff)
download: nova-bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408.tar.gz
nova-bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408.tar.xz
nova-bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408.zip
3 files changed, 46 insertions, 160 deletions
diff --git a/nova/auth/fakeldap.py b/nova/auth/fakeldap.py
index bfc3433c5..2791dfde6 100644
--- a/nova/auth/fakeldap.py
+++ b/nova/auth/fakeldap.py
@@ -33,6 +33,7 @@ SCOPE_ONELEVEL = 1 # not implemented
 SCOPE_SUBTREE = 2
 MOD_ADD = 0
 MOD_DELETE = 1
+MOD_REPLACE = 2
 
 
 class NO_SUCH_OBJECT(Exception): # pylint: disable-msg=C0103
@@ -175,7 +176,7 @@ class FakeLDAP(object):
         Args:
         dn -- a dn
         attrs -- a list of tuples in the following form:
-            ([MOD_ADD | MOD_DELETE], attribute, value)
+            ([MOD_ADD | MOD_DELETE | MOD_REPACE], attribute, value)
 
         """
         redis = datastore.Redis.instance()
@@ -185,6 +186,8 @@ class FakeLDAP(object):
             values = _from_json(redis.hget(key, k))
             if cmd == MOD_ADD:
                 values.append(v)
+            elif cmd == MOD_REPLACE:
+                values = [v]
             else:
                 values.remove(v)
             values = redis.hset(key, k, _to_json(values))
diff --git a/nova/auth/ldapdriver.py b/nova/auth/ldapdriver.py
index 74ba011b5..021851ebf 100644
--- a/nova/auth/ldapdriver.py
+++ b/nova/auth/ldapdriver.py
@@ -99,13 +99,6 @@ class LdapDriver(object):
         dn = FLAGS.ldap_user_subtree
         return self.__to_user(self.__find_object(dn, query))
 
-    def get_key_pair(self, uid, key_name):
-        """Retrieve key pair by uid and key name"""
-        dn = 'cn=%s,%s' % (key_name,
-                           self.__uid_to_dn(uid))
-        attr = self.__find_object(dn, '(objectclass=novaKeyPair)')
-        return self.__to_key_pair(uid, attr)
-
     def get_project(self, pid):
         """Retrieve project by id"""
         dn = 'cn=%s,%s' % (pid,
@@ -119,12 +112,6 @@ class LdapDriver(object):
                                   '(objectclass=novaUser)')
         return [self.__to_user(attr) for attr in attrs]
 
-    def get_key_pairs(self, uid):
-        """Retrieve list of key pairs"""
-        attrs = self.__find_objects(self.__uid_to_dn(uid),
-                                  '(objectclass=novaKeyPair)')
-        return [self.__to_key_pair(uid, attr) for attr in attrs]
-
     def get_projects(self, uid=None):
         """Retrieve list of projects"""
         pattern = '(objectclass=novaProject)'
@@ -154,21 +141,6 @@ class LdapDriver(object):
         self.conn.add_s(self.__uid_to_dn(name), attr)
         return self.__to_user(dict(attr))
 
-    def create_key_pair(self, uid, key_name, public_key, fingerprint):
-        """Create a key pair"""
-        # TODO(vish): possibly refactor this to store keys in their own ou
-        #   and put dn reference in the user object
-        attr = [
-            ('objectclass', ['novaKeyPair']),
-            ('cn', [key_name]),
-            ('sshPublicKey', [public_key]),
-            ('keyFingerprint', [fingerprint]),
-        ]
-        self.conn.add_s('cn=%s,%s' % (key_name,
-                                      self.__uid_to_dn(uid)),
-                                      attr)
-        return self.__to_key_pair(uid, dict(attr))
-
     def create_project(self, name, manager_uid,
                        description=None, member_uids=None):
         """Create a project"""
@@ -202,6 +174,24 @@ class LdapDriver(object):
         self.conn.add_s('cn=%s,%s' % (name, FLAGS.ldap_project_subtree), attr)
         return self.__to_project(dict(attr))
 
+    def modify_project(self, project_id, manager_uid=None, description=None):
+        """Modify an existing project"""
+        if not manager_uid and not description:
+            return
+        attr = []
+        if manager_uid:
+            if not self.__user_exists(manager_uid):
+                raise exception.NotFound("Project can't be modified because "
+                                         "manager %s doesn't exist" %
+                                         manager_uid)
+            manager_dn = self.__uid_to_dn(manager_uid)
+            attr.append((self.ldap.MOD_REPLACE, 'projectManager', manager_dn))
+        if description:
+            attr.append((self.ldap.MOD_REPLACE, 'description', description))
+        self.conn.modify_s('cn=%s,%s' % (project_id,
+                                         FLAGS.ldap_project_subtree),
+                           attr)
+
     def add_to_project(self, uid, project_id):
         """Add user to project"""
         dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
@@ -265,19 +255,10 @@ class LdapDriver(object):
         """Delete a user"""
         if not self.__user_exists(uid):
             raise exception.NotFound("User %s doesn't exist" % uid)
-        self.__delete_key_pairs(uid)
         self.__remove_from_all(uid)
         self.conn.delete_s('uid=%s,%s' % (uid,
                                           FLAGS.ldap_user_subtree))
 
-    def delete_key_pair(self, uid, key_name):
-        """Delete a key pair"""
-        if not self.__key_pair_exists(uid, key_name):
-            raise exception.NotFound("Key Pair %s doesn't exist for user %s" %
-                            (key_name, uid))
-        self.conn.delete_s('cn=%s,uid=%s,%s' % (key_name, uid,
-                                          FLAGS.ldap_user_subtree))
-
     def delete_project(self, project_id):
         """Delete a project"""
         project_dn = 'cn=%s,%s' % (project_id, FLAGS.ldap_project_subtree)
@@ -288,10 +269,6 @@ class LdapDriver(object):
         """Check if user exists"""
         return self.get_user(uid) != None
 
-    def __key_pair_exists(self, uid, key_name):
-        """Check if key pair exists"""
-        return self.get_key_pair(uid, key_name) != None
-
     def __project_exists(self, project_id):
         """Check if project exists"""
         return self.get_project(project_id) != None
@@ -341,13 +318,6 @@ class LdapDriver(object):
         """Check if group exists"""
         return self.__find_object(dn, '(objectclass=groupOfNames)') != None
 
-    def __delete_key_pairs(self, uid):
-        """Delete all key pairs for user"""
-        keys = self.get_key_pairs(uid)
-        if keys != None:
-            for key in keys:
-                self.delete_key_pair(uid, key['name'])
-
     @staticmethod
     def __role_to_dn(role, project_id=None):
         """Convert role to corresponding dn"""
@@ -472,18 +442,6 @@ class LdapDriver(object):
             'secret': attr['secretKey'][0],
             'admin': (attr['isAdmin'][0] == 'TRUE')}
 
-    @staticmethod
-    def __to_key_pair(owner, attr):
-        """Convert ldap attributes to KeyPair object"""
-        if attr == None:
-            return None
-        return {
-            'id': attr['cn'][0],
-            'name': attr['cn'][0],
-            'owner_id': owner,
-            'public_key': attr['sshPublicKey'][0],
-            'fingerprint': attr['keyFingerprint'][0]}
-
     def __to_project(self, attr):
         """Convert ldap attributes to Project object"""
         if attr == None:
diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index d5fbec7c5..bc3a8a12e 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -128,24 +128,6 @@ class User(AuthBase):
     def is_project_manager(self, project):
         return AuthManager().is_project_manager(self, project)
 
-    def generate_key_pair(self, name):
-        return AuthManager().generate_key_pair(self.id, name)
-
-    def create_key_pair(self, name, public_key, fingerprint):
-        return AuthManager().create_key_pair(self.id,
-                                             name,
-                                             public_key,
-                                             fingerprint)
-
-    def get_key_pair(self, name):
-        return AuthManager().get_key_pair(self.id, name)
-
-    def delete_key_pair(self, name):
-        return AuthManager().delete_key_pair(self.id, name)
-
-    def get_key_pairs(self):
-        return AuthManager().get_key_pairs(self.id)
-
     def __repr__(self):
         return "User('%s', '%s', '%s', '%s', %s)" % (self.id,
                                                      self.name,
@@ -154,29 +136,6 @@ class User(AuthBase):
                                                      self.admin)
 
 
-class KeyPair(AuthBase):
-    """Represents an ssh key returned from the datastore
-
-    Even though this object is named KeyPair, only the public key and
-    fingerprint is stored. The user's private key is not saved.
-    """
-
-    def __init__(self, id, name, owner_id, public_key, fingerprint):
-        AuthBase.__init__(self)
-        self.id = id
-        self.name = name
-        self.owner_id = owner_id
-        self.public_key = public_key
-        self.fingerprint = fingerprint
-
-    def __repr__(self):
-        return "KeyPair('%s', '%s', '%s', '%s', '%s')" % (self.id,
-                                                          self.name,
-                                                          self.owner_id,
-                                                          self.public_key,
-                                                          self.fingerprint)
-
-
 class Project(AuthBase):
     """Represents a Project returned from the datastore"""
 
@@ -533,6 +492,26 @@ class AuthManager(object):
                     raise
                 return project
 
+    def modify_project(self, project, manager_user=None, description=None):
+        """Modify a project
+
+        @type name: Project or project_id
+        @param project: The project to modify.
+
+        @type manager_user: User or uid
+        @param manager_user: This user will be the new project manager.
+
+        @type description: str
+        @param project: This will be the new description of the project.
+
+        """
+        if manager_user:
+            manager_user = User.safe_id(manager_user)
+        with self.driver() as drv:
+            drv.modify_project(Project.safe_id(project),
+                               manager_user,
+                               description)
+
     def add_to_project(self, user, project):
         """Add user to project"""
         with self.driver() as drv:
@@ -643,67 +622,13 @@ class AuthManager(object):
                 return User(**user_dict)
 
     def delete_user(self, user):
-        """Deletes a user"""
-        with self.driver() as drv:
-            drv.delete_user(User.safe_id(user))
-
-    def generate_key_pair(self, user, key_name):
-        """Generates a key pair for a user
-
-        Generates a public and private key, stores the public key using the
-        key_name, and returns the private key and fingerprint.
-
-        @type user: User or uid
-        @param user: User for which to create key pair.
+        """Deletes a user
 
-        @type key_name: str
-        @param key_name: Name to use for the generated KeyPair.
-
-        @rtype: tuple (private_key, fingerprint)
-        @return: A tuple containing the private_key and fingerprint.
-        """
-        # NOTE(vish): generating key pair is slow so check for legal
-        #             creation before creating keypair
+        Additionally deletes all users key_pairs"""
         uid = User.safe_id(user)
+        db.key_pair_destroy_all_by_user(None, uid)
         with self.driver() as drv:
-            if not drv.get_user(uid):
-                raise exception.NotFound("User %s doesn't exist" % user)
-            if drv.get_key_pair(uid, key_name):
-                raise exception.Duplicate("The keypair %s already exists"
-                                          % key_name)
-        private_key, public_key, fingerprint = crypto.generate_key_pair()
-        self.create_key_pair(uid, key_name, public_key, fingerprint)
-        return private_key, fingerprint
-
-    def create_key_pair(self, user, key_name, public_key, fingerprint):
-        """Creates a key pair for user"""
-        with self.driver() as drv:
-            kp_dict = drv.create_key_pair(User.safe_id(user),
-                                          key_name,
-                                          public_key,
-                                          fingerprint)
-            if kp_dict:
-                return KeyPair(**kp_dict)
-
-    def get_key_pair(self, user, key_name):
-        """Retrieves a key pair for user"""
-        with self.driver() as drv:
-            kp_dict = drv.get_key_pair(User.safe_id(user), key_name)
-            if kp_dict:
-                return KeyPair(**kp_dict)
-
-    def get_key_pairs(self, user):
-        """Retrieves all key pairs for user"""
-        with self.driver() as drv:
-            kp_list = drv.get_key_pairs(User.safe_id(user))
-            if not kp_list:
-                return []
-            return [KeyPair(**kp_dict) for kp_dict in kp_list]
-
-    def delete_key_pair(self, user, key_name):
-        """Deletes a key pair for user"""
-        with self.driver() as drv:
-            drv.delete_key_pair(User.safe_id(user), key_name)
+            drv.delete_user(uid)
 
     def get_credentials(self, user, project=None):
         """Get credential zip for user in project"""
author	Michael Gundlach <michael.gundlach@rackspace.com>	2010-09-21 12:00:44 -0400
committer	Michael Gundlach <michael.gundlach@rackspace.com>	2010-09-21 12:00:44 -0400
commit	bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408 (patch)
tree	55ab3fe832c55203bd5ff9852fc5291b1801bfb2 /nova/auth
parent	9ea20110ae05a0bd5294774c2ee11626e9c4147f (diff)
parent	ce0a9b7b36ba816c347f10a1804aedf337ad35da (diff)
download	nova-bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408.tar.gz nova-bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408.tar.xz nova-bbf17139fc7fbc9fc3acd336b3c5c5df97dcf408.zip