Cleanup per suggestions

Move ugly import statement to avoid try except Vpn ip and port returns none if vpn isn't allocated get_credentials returns exception if vpn isn't allocated Flag for using vpns
author: Vishvananda Ishaya <vishvananda@gmail.com> 2010-07-20 14:09:53 -0500
committer: Vishvananda Ishaya <vishvananda@gmail.com> 2010-07-20 14:09:53 -0500
commit: cb702cb1a88ec94577c5871ab0402471dac0ec7c (patch)
tree: 07b8c1b24a5e1c5a9f49489d80d721257151f638 /nova
parent: 79b5ab9a9e18fdee3d65311b6ff16cc39d7d2513 (diff)
2 files changed, 38 insertions, 31 deletions
diff --git a/nova/auth/ldapdriver.py b/nova/auth/ldapdriver.py
index d330ae729..4ba09517c 100644
--- a/nova/auth/ldapdriver.py
+++ b/nova/auth/ldapdriver.py
@@ -29,14 +29,6 @@ import logging
 from nova import exception
 from nova import flags
 
-try:
-    import ldap
-except Exception, e:
-    from nova.auth import fakeldap as ldap
-# NOTE(vish): this import is so we can use fakeldap even when real ldap
-#             is installed.
-from nova.auth import fakeldap
-
 FLAGS = flags.FLAGS
 flags.DEFINE_string('ldap_url', 'ldap://localhost',
                     'Point this at your ldap server')
@@ -73,13 +65,11 @@ class LdapDriver(object):
     def __enter__(self):
         """Creates the connection to LDAP"""
         if FLAGS.fake_users:
-            self.NO_SUCH_OBJECT = fakeldap.NO_SUCH_OBJECT
-            self.OBJECT_CLASS_VIOLATION = fakeldap.OBJECT_CLASS_VIOLATION
-            self.conn = fakeldap.initialize(FLAGS.ldap_url)
+            from nova.auth import fakeldap as ldap
         else:
-            self.NO_SUCH_OBJECT = ldap.NO_SUCH_OBJECT
-            self.OBJECT_CLASS_VIOLATION = ldap.OBJECT_CLASS_VIOLATION
-            self.conn = ldap.initialize(FLAGS.ldap_url)
+            import ldap
+        self.ldap = ldap
+        self.conn = self.ldap.initialize(FLAGS.ldap_url)
         self.conn.simple_bind_s(FLAGS.ldap_user_dn, FLAGS.ldap_password)
         return self
 
@@ -285,8 +275,8 @@ class LdapDriver(object):
     def __find_dns(self, dn, query=None):
         """Find dns by query"""
         try:
-            res = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, query)
-        except self.NO_SUCH_OBJECT:
+            res = self.conn.search_s(dn, self.ldap.SCOPE_SUBTREE, query)
+        except self.ldap.NO_SUCH_OBJECT:
             return []
         # just return the DNs
         return [dn for dn, attributes in res]
@@ -294,8 +284,8 @@ class LdapDriver(object):
     def __find_objects(self, dn, query = None):
         """Find objects by query"""
         try:
-            res = self.conn.search_s(dn, ldap.SCOPE_SUBTREE, query)
-        except self.NO_SUCH_OBJECT:
+            res = self.conn.search_s(dn, self.ldap.SCOPE_SUBTREE, query)
+        except self.ldap.NO_SUCH_OBJECT:
             return []
         # just return the attributes
         return [attributes for dn, attributes in res]
@@ -379,7 +369,7 @@ class LdapDriver(object):
             raise exception.Duplicate("User %s is already a member of "
                                       "the group %s" % (uid, group_dn))
         attr = [
-            (ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))
+            (self.ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))
         ]
         self.conn.modify_s(group_dn, attr)
 
@@ -399,10 +389,10 @@ class LdapDriver(object):
     def __safe_remove_from_group(self, uid, group_dn):
         """Remove user from group, deleting group if user is last member"""
         # FIXME(vish): what if deleted user is a project manager?
-        attr = [(ldap.MOD_DELETE, 'member', self.__uid_to_dn(uid))]
+        attr = [(self.ldap.MOD_DELETE, 'member', self.__uid_to_dn(uid))]
         try:
             self.conn.modify_s(group_dn, attr)
-        except self.OBJECT_CLASS_VIOLATION:
+        except self.ldap.OBJECT_CLASS_VIOLATION:
             logging.debug("Attempted to remove the last member of a group. "
                           "Deleting the group at %s instead." % group_dn )
             self.__delete_group(group_dn)
diff --git a/nova/auth/manager.py b/nova/auth/manager.py
index 2facffe51..3496ea161 100644
--- a/nova/auth/manager.py
+++ b/nova/auth/manager.py
@@ -41,13 +41,15 @@ FLAGS = flags.FLAGS
 # NOTE(vish): a user with one of these roles will be a superuser and
 #             have access to all api commands
 flags.DEFINE_list('superuser_roles', ['cloudadmin'],
-                  'roles that ignore rbac checking completely')
+                  'Roles that ignore rbac checking completely')
 
 # NOTE(vish): a user with one of these roles will have it for every
 #             project, even if he or she is not a member of the project
 flags.DEFINE_list('global_roles', ['cloudadmin', 'itsec'],
-                  'roles that apply to all projects')
+                  'Roles that apply to all projects')
 
+
+flags.DEFINE_bool('use_vpn', True, 'Support per-project vpns')
 flags.DEFINE_string('credentials_template',
                     utils.abspath('auth/novarc.template'),
                     'Template for creating users rc file')
@@ -189,11 +191,13 @@ class Project(AuthBase):
 
     @property
     def vpn_ip(self):
-        return AuthManager().get_project_vpn_ip(self)
+        ip, port = AuthManager().get_project_vpn_data(self)
+        return ip
 
     @property
     def vpn_port(self):
-        return AuthManager().get_project_vpn_port(self)
+        ip, port = AuthManager().get_project_vpn_data(self)
+        return port
 
     def has_manager(self, user):
         return AuthManager().is_project_manager(user, self)
@@ -551,7 +555,8 @@ class AuthManager(object):
                                                description,
                                                member_users)
             if project_dict:
-                Vpn.create(project_dict['id'])
+                if FLAGS.use_vpn:
+                    Vpn.create(project_dict['id'])
                 return Project(**project_dict)
 
     def add_to_project(self, user, project):
@@ -578,11 +583,20 @@ class AuthManager(object):
             return drv.remove_from_project(User.safe_id(user),
                                             Project.safe_id(project))
 
-    def get_project_vpn_ip(self, project):
-        return Vpn(Project.safe_id(project)).ip
+    def get_project_vpn_data(self, project):
+        """Gets vpn ip and port for project
 
-    def get_project_vpn_port(self, project):
-        return Vpn(Project.safe_id(project)).port
+        @type project: Project or project_id
+        @param project: Project from which to get associated vpn data
+
+        @rvalue: tuple of (str, str)
+        @return: A tuple containing (ip, port) or None, None if vpn has
+        not been allocated for user.
+        """
+        vpn = Vpn.lookup(Project.safe_id(project))
+        if not vpn:
+            return None, None
+        return (vpn.ip, vpn.port)
 
     def delete_project(self, project):
         """Deletes a project"""
@@ -713,7 +727,10 @@ class AuthManager(object):
         rc = self.__generate_rc(user.access, user.secret, pid)
         private_key, signed_cert = self._generate_x509_cert(user.id, pid)
 
-        vpn = Vpn(pid)
+        vpn = Vpn.lookup(pid)
+        if not vpn:
+            raise exception.Error("No vpn data allocated for project %s" %
+                                  project.name)
         configfile = open(FLAGS.vpn_client_template,"r")
         s = string.Template(configfile.read())
         configfile.close()
author	Vishvananda Ishaya <vishvananda@gmail.com>	2010-07-20 14:09:53 -0500
committer	Vishvananda Ishaya <vishvananda@gmail.com>	2010-07-20 14:09:53 -0500
commit	cb702cb1a88ec94577c5871ab0402471dac0ec7c (patch)
tree	07b8c1b24a5e1c5a9f49489d80d721257151f638 /nova
parent	79b5ab9a9e18fdee3d65311b6ff16cc39d7d2513 (diff)