trunk merge and ec2 tests fixed

16 files changed, 159 insertions, 16 deletions

diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py
index 1915d007d..890d57fe7 100644
--- a/nova/api/ec2/__init__.py
+++ b/nova/api/ec2/__init__.py
@@ -242,6 +242,7 @@ class Authorizer(wsgi.Middleware):
                 'CreateKeyPair': ['all'],
                 'DeleteKeyPair': ['all'],
                 'DescribeSecurityGroups': ['all'],
+                'ImportPublicKey': ['all'],
                 'AuthorizeSecurityGroupIngress': ['netadmin'],
                 'RevokeSecurityGroupIngress': ['netadmin'],
                 'CreateSecurityGroup': ['netadmin'],
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index b49bf449b..7c3e683d6 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -49,19 +49,22 @@ class AuthMiddleware(wsgi.Middleware):
         if not self.has_authentication(req):
             return self.authenticate(req)
         user = self.get_user_by_authentication(req)
-        accounts = self.auth.get_projects(user=user)
         if not user:
             token = req.headers["X-Auth-Token"]
             msg = _("%(user)s could not be found with token '%(token)s'")
             LOG.warn(msg % locals())
             return faults.Fault(webob.exc.HTTPUnauthorized())
 
-        if accounts:
-            #we are punting on this til auth is settled,
-            #and possibly til api v1.1 (mdragon)
-            account = accounts[0]
-        else:
-            return faults.Fault(webob.exc.HTTPUnauthorized())
+        try:
+            account = req.headers["X-Auth-Project-Id"]
+        except KeyError:
+            # FIXME(usrleon): It needed only for compatibility
+            # while osapi clients don't use this header
+            accounts = self.auth.get_projects(user=user)
+            if accounts:
+                account = accounts[0]
+            else:
+                return faults.Fault(webob.exc.HTTPUnauthorized())
 
         if not self.auth.is_admin(user) and \
            not self.auth.is_project_member(user, account):
diff --git a/nova/api/openstack/versions.py b/nova/api/openstack/versions.py
index 9db160102..4c682302f 100644
--- a/nova/api/openstack/versions.py
+++ b/nova/api/openstack/versions.py
@@ -35,7 +35,7 @@ class Versions(wsgi.Resource):
             'application/xml': wsgi.XMLDictSerializer(metadata=metadata),
         }
 
-        super(Versions, self).__init__(None, serializers=serializers)
+        wsgi.Resource.__init__(self, None, serializers=serializers)
 
     def dispatch(self, request, *args):
         """Respond to a request for all OpenStack API versions."""
diff --git a/nova/auth/ldapdriver.py b/nova/auth/ldapdriver.py
index 183f7a985..e9532473d 100644
--- a/nova/auth/ldapdriver.py
+++ b/nova/auth/ldapdriver.py
@@ -139,7 +139,7 @@ class LdapDriver(object):
         self.__cache = None
         return False
 
-    def __local_cache(key_fmt):
+    def __local_cache(key_fmt):  # pylint: disable=E0213
         """Wrap function to cache it's result in self.__cache.
         Works only with functions with one fixed argument.
         """
diff --git a/nova/auth/novarc.template b/nova/auth/novarc.template
index eba3a8537..d05c099d7 100644
--- a/nova/auth/novarc.template
+++ b/nova/auth/novarc.template
@@ -14,4 +14,5 @@ alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_P
 alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
 export NOVA_API_KEY="%(access)s"
 export NOVA_USERNAME="%(user)s"
+export NOVA_PROJECT_ID="%(project)s"
 export NOVA_URL="%(os)s"
diff --git a/nova/compute/api.py b/nova/compute/api.py
index 28b92063b..09ac7a2c6 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -206,6 +206,7 @@ class API(base.Base):
 
         base_options = {
             'reservation_id': reservation_id,
+            'image_ref': image_href,
             'kernel_id': kernel_id or '',
             'ramdisk_id': ramdisk_id or '',
             'state': 0,
@@ -360,6 +361,7 @@ class API(base.Base):
         for num in range(num_instances):
             instance = self.create_db_entry_for_new_instance(context,
                                     base_options, security_groups, num=num)
+            print "*********** INSTANCE = ", instance
             instances.append(instance)
             instance_id = instance['id']
 
diff --git a/nova/compute/instance_types.py b/nova/compute/instance_types.py
index 1275a6fdd..1d246e445 100644
--- a/nova/compute/instance_types.py
+++ b/nova/compute/instance_types.py
@@ -114,7 +114,7 @@ def get_instance_type(id):
         ctxt = context.get_admin_context()
         return db.instance_type_get_by_id(ctxt, id)
     except exception.DBError:
-        raise exception.ApiError(_("Unknown instance type: %s") % name)
+        raise exception.ApiError(_("Unknown instance type: %s") % id)
 
 
 def get_instance_type_by_name(name):
diff --git a/nova/compute/monitor.py b/nova/compute/monitor.py
index 613734bef..9d8e2a25d 100644
--- a/nova/compute/monitor.py
+++ b/nova/compute/monitor.py
@@ -36,6 +36,7 @@ from twisted.application import service
 
 from nova import flags
 from nova import log as logging
+from nova import utils
 from nova.virt import connection as virt_connection
 
 
diff --git a/nova/console/vmrc.py b/nova/console/vmrc.py
index cc8b0cdf5..fa805e019 100644
--- a/nova/console/vmrc.py
+++ b/nova/console/vmrc.py
@@ -119,7 +119,7 @@ class VMRCSessionConsole(VMRCConsole):
         """
         vms = vim_session._call_method(vim_util, 'get_objects',
                     'VirtualMachine', ['name'])
-        vm_ref = NoneV
+        vm_ref = None
         for vm in vms:
             if vm.propSet[0].val == instance_name:
                 vm_ref = vm.obj
diff --git a/nova/db/sqlalchemy/migrate_repo/versions/022_set_engine_mysql_innodb.py b/nova/db/sqlalchemy/migrate_repo/versions/022_set_engine_mysql_innodb.py
new file mode 100644
index 000000000..6e590479f
--- /dev/null
+++ b/nova/db/sqlalchemy/migrate_repo/versions/022_set_engine_mysql_innodb.py
@@ -0,0 +1,65 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2011 OpenStack LLC.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from sqlalchemy import MetaData, Table
+
+meta = MetaData()
+
+
+def upgrade(migrate_engine):
+    # Upgrade operations go here. Don't create your own engine;
+    # bind migrate_engine to your metadata
+    meta.bind = migrate_engine
+    if migrate_engine.name == "mysql":
+        migrate_engine.execute("ALTER TABLE auth_tokens Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE certificates Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE compute_nodes Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE console_pools Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE consoles Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE export_devices Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE fixed_ips Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE floating_ips Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE instance_actions Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE instance_metadata Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE instance_types Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE instances Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE iscsi_targets Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE key_pairs Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE migrate_version Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE migrations Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE networks Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE projects Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE quotas Engine=InnoDB")
+        migrate_engine.execute(
+         "ALTER TABLE security_group_instance_association Engine=InnoDB")
+        migrate_engine.execute(
+         "ALTER TABLE security_group_rules Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE security_groups Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE services Engine=InnoDB")
+        migrate_engine.execute(
+         "ALTER TABLE user_project_association Engine=InnoDB")
+        migrate_engine.execute(
+         "ALTER TABLE user_project_role_association Engine=InnoDB")
+        migrate_engine.execute(
+         "ALTER TABLE user_role_association Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE users Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE volumes Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE zones Engine=InnoDB")
+        migrate_engine.execute("ALTER TABLE snapshots Engine=InnoDB")
+
+
+def downgrade(migrate_engine):
+    meta.bind = migrate_engine
diff --git a/nova/scheduler/manager.py b/nova/scheduler/manager.py
index a29703aaf..6cb75aa8d 100644
--- a/nova/scheduler/manager.py
+++ b/nova/scheduler/manager.py
@@ -89,8 +89,8 @@ class SchedulerManager(manager.Manager):
             host = getattr(self.driver, driver_method)(elevated, *args,
                                                        **kwargs)
         except AttributeError, e:
-            LOG.exception(_("Driver Method %(driver_method)s missing: %(e)s")
-                                % locals())
+            LOG.warning(_("Driver Method %(driver_method)s missing: %(e)s."
+                            "Reverting to schedule()") % locals())
             host = self.driver.schedule(elevated, topic, *args, **kwargs)
 
         if not host:
diff --git a/nova/tests/api/openstack/fakes.py b/nova/tests/api/openstack/fakes.py
index 7d632aaeb..a10fb7433 100644
--- a/nova/tests/api/openstack/fakes.py
+++ b/nova/tests/api/openstack/fakes.py
@@ -353,6 +353,11 @@ class FakeAuthManager(object):
         return user.admin
 
     def is_project_member(self, user, project):
+        if not isinstance(project, Project):
+            try:
+                project = self.get_project(project)
+            except exc.NotFound:
+                raise webob.exc.HTTPUnauthorized()
         return ((user.id in project.member_ids) or
                 (user.id == project.project_manager_id))
 
diff --git a/nova/tests/api/openstack/test_auth.py b/nova/tests/api/openstack/test_auth.py
index 8f189c744..af3478c7d 100644
--- a/nova/tests/api/openstack/test_auth.py
+++ b/nova/tests/api/openstack/test_auth.py
@@ -114,6 +114,28 @@ class Test(test.TestCase):
         self.assertEqual(result.status, '401 Unauthorized')
         self.assertEqual(self.destroy_called, True)
 
+    def test_authorize_project(self):
+        f = fakes.FakeAuthManager()
+        user = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
+        f.add_user(user)
+        f.create_project('user1_project', user)
+        f.create_project('user2_project', user)
+
+        req = webob.Request.blank('/v1.0/', {'HTTP_HOST': 'foo'})
+        req.headers['X-Auth-User'] = 'user1'
+        req.headers['X-Auth-Key'] = 'user1_key'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '204 No Content')
+
+        token = result.headers['X-Auth-Token']
+        self.stubs.Set(nova.api.openstack, 'APIRouterV10', fakes.FakeRouter)
+        req = webob.Request.blank('/v1.0/fake')
+        req.headers['X-Auth-Token'] = token
+        req.headers['X-Auth-Project-Id'] = 'user2_project'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '200 OK')
+        self.assertEqual(result.headers['X-Test-Success'], 'True')
+
     def test_bad_user_bad_key(self):
         req = webob.Request.blank('/v1.0/')
         req.headers['X-Auth-User'] = 'unknown_user'
@@ -143,6 +165,49 @@ class Test(test.TestCase):
         result = req.get_response(fakes.wsgi_app())
         self.assertEqual(result.status, '401 Unauthorized')
 
+    def test_bad_project(self):
+        f = fakes.FakeAuthManager()
+        user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
+        user2 = nova.auth.manager.User('id2', 'user2', 'user2_key', None, None)
+        f.add_user(user1)
+        f.add_user(user2)
+        f.create_project('user1_project', user1)
+        f.create_project('user2_project', user2)
+
+        req = webob.Request.blank('/v1.0/', {'HTTP_HOST': 'foo'})
+        req.headers['X-Auth-User'] = 'user1'
+        req.headers['X-Auth-Key'] = 'user1_key'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '204 No Content')
+
+        token = result.headers['X-Auth-Token']
+        self.stubs.Set(nova.api.openstack, 'APIRouterV10', fakes.FakeRouter)
+        req = webob.Request.blank('/v1.0/fake')
+        req.headers['X-Auth-Token'] = token
+        req.headers['X-Auth-Project-Id'] = 'user2_project'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '401 Unauthorized')
+
+    def test_not_existing_project(self):
+        f = fakes.FakeAuthManager()
+        user1 = nova.auth.manager.User('id1', 'user1', 'user1_key', None, None)
+        f.add_user(user1)
+        f.create_project('user1_project', user1)
+
+        req = webob.Request.blank('/v1.0/', {'HTTP_HOST': 'foo'})
+        req.headers['X-Auth-User'] = 'user1'
+        req.headers['X-Auth-Key'] = 'user1_key'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '204 No Content')
+
+        token = result.headers['X-Auth-Token']
+        self.stubs.Set(nova.api.openstack, 'APIRouterV10', fakes.FakeRouter)
+        req = webob.Request.blank('/v1.0/fake')
+        req.headers['X-Auth-Token'] = token
+        req.headers['X-Auth-Project-Id'] = 'unknown_project'
+        result = req.get_response(fakes.wsgi_app())
+        self.assertEqual(result.status, '401 Unauthorized')
+
 
 class TestFunctional(test.TestCase):
     def test_token_expiry(self):
diff --git a/nova/tests/test_vmwareapi.py b/nova/tests/test_vmwareapi.py
index e5ebd1600..eddf01e9f 100644
--- a/nova/tests/test_vmwareapi.py
+++ b/nova/tests/test_vmwareapi.py
@@ -69,7 +69,7 @@ class VMWareAPIVMTestCase(test.TestCase):
                   'instance_type': 'm1.large',

                   'mac_address': 'aa:bb:cc:dd:ee:ff',

                   }

-        self.instance = db.instance_create(values)

+        self.instance = db.instance_create(None, values)

 

     def _create_vm(self):

         """Create and spawn the VM."""

diff --git a/nova/tests/vmwareapi/db_fakes.py b/nova/tests/vmwareapi/db_fakes.py
index 764de42d8..d4eb87daf 100644
--- a/nova/tests/vmwareapi/db_fakes.py
+++ b/nova/tests/vmwareapi/db_fakes.py
@@ -52,7 +52,7 @@ def stub_out_db_instance_api(stubs):
             else:

                 raise NotImplementedError()

 

-    def fake_instance_create(values):

+    def fake_instance_create(context, values):

         """Stubs out the db.instance_create method."""

 

         type_data = INSTANCE_TYPES[values['instance_type']]

diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py
index 32dae97c2..c6d2b0936 100644
--- a/nova/virt/xenapi/vmops.py
+++ b/nova/virt/xenapi/vmops.py
@@ -101,7 +101,7 @@ class VMOps(object):
         if not vm_ref:
             vm_ref = VMHelper.lookup(self._session, instance.name)
         if vm_ref is None:
-            raise exception(_('Attempted to power on non-existent instance'
+            raise Exception(_('Attempted to power on non-existent instance'
             ' bad instance id %s') % instance.id)
         LOG.debug(_("Starting instance %s"), instance.name)
         self._session.call_xenapi('VM.start', vm_ref, False, False)