diff options
| -rw-r--r-- | nova/api/openstack/compute/contrib/rescue.py | 3 | ||||
| -rw-r--r-- | nova/api/openstack/compute/servers.py | 16 | ||||
| -rw-r--r-- | nova/compute/manager.py | 5 | ||||
| -rw-r--r-- | nova/config.py | 7 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_rescue.py | 2 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/contrib/test_volumes.py | 2 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/test_server_actions.py | 2 | ||||
| -rw-r--r-- | nova/tests/api/openstack/compute/test_servers.py | 2 | ||||
| -rw-r--r-- | nova/utils.py | 20 |
9 files changed, 33 insertions, 26 deletions
diff --git a/nova/api/openstack/compute/contrib/rescue.py b/nova/api/openstack/compute/contrib/rescue.py index 8aff90c38..ce3dfaf97 100644 --- a/nova/api/openstack/compute/contrib/rescue.py +++ b/nova/api/openstack/compute/contrib/rescue.py @@ -28,7 +28,6 @@ from nova import utils CONF = cfg.CONF -CONF.import_opt('password_length', 'nova.config') LOG = logging.getLogger(__name__) authorize = exts.extension_authorizer('compute', 'rescue') @@ -55,7 +54,7 @@ class RescueController(wsgi.Controller): if body['rescue'] and 'adminPass' in body['rescue']: password = body['rescue']['adminPass'] else: - password = utils.generate_password(CONF.password_length) + password = utils.generate_password() instance = self._get_instance(context, id) try: diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py index 68c5372c3..a62740681 100644 --- a/nova/api/openstack/compute/servers.py +++ b/nova/api/openstack/compute/servers.py @@ -40,13 +40,19 @@ from nova.openstack.common import uuidutils from nova import utils -LOG = logging.getLogger(__name__) +server_opts = [ + cfg.BoolOpt('enable_instance_password', + default=True, + help='Allows use of instance password during ' + 'server creation'), +] CONF = cfg.CONF -CONF.import_opt('enable_instance_password', 'nova.config') +CONF.register_opts(server_opts) CONF.import_opt('network_api_class', 'nova.config') -CONF.import_opt('password_length', 'nova.config') CONF.import_opt('reclaim_instance_interval', 'nova.compute.manager') +LOG = logging.getLogger(__name__) + def make_fault(elem): fault = xmlutil.SubTemplateElement(elem, 'fault', selector='fault') @@ -1204,7 +1210,7 @@ class Controller(wsgi.Controller): try: password = body['adminPass'] except (KeyError, TypeError): - password = utils.generate_password(CONF.password_length) + password = utils.generate_password() context = req.environ['nova.context'] instance = self._get_server(context, req, id) @@ -1346,7 +1352,7 @@ class Controller(wsgi.Controller): password = server['adminPass'] self._validate_admin_password(password) except KeyError: - password = utils.generate_password(CONF.password_length) + password = utils.generate_password() except ValueError: raise exc.HTTPBadRequest(explanation=_("Invalid adminPass")) diff --git a/nova/compute/manager.py b/nova/compute/manager.py index e5b97c0ed..d566537eb 100644 --- a/nova/compute/manager.py +++ b/nova/compute/manager.py @@ -175,7 +175,6 @@ CONF.import_opt('console_topic', 'nova.config') CONF.import_opt('host', 'nova.config') CONF.import_opt('my_ip', 'nova.config') CONF.import_opt('network_manager', 'nova.config') -CONF.import_opt('password_length', 'nova.config') CONF.import_opt('reclaim_instance_interval', 'nova.config') CONF.import_opt('vpn_image_id', 'nova.config') CONF.import_opt('my_ip', 'nova.config') @@ -1464,7 +1463,7 @@ class ComputeManager(manager.SchedulerDependentManager): if new_pass is None: # Generate a random password - new_pass = utils.generate_password(CONF.password_length) + new_pass = utils.generate_password() max_tries = 10 @@ -1574,7 +1573,7 @@ class ComputeManager(manager.SchedulerDependentManager): LOG.audit(_('Rescuing'), context=context, instance=instance) admin_password = (rescue_password if rescue_password else - utils.generate_password(CONF.password_length)) + utils.generate_password()) network_info = self._get_instance_nw_info(context, instance) diff --git a/nova/config.py b/nova/config.py index ec5ac3ba1..7ae32165a 100644 --- a/nova/config.py +++ b/nova/config.py @@ -209,13 +209,6 @@ global_opts = [ cfg.BoolOpt('use_ipv6', default=False, help='use ipv6'), - cfg.BoolOpt('enable_instance_password', - default=True, - help='Allows use of instance password during ' - 'server creation'), - cfg.IntOpt('password_length', - default=12, - help='Length of generated instance admin passwords'), cfg.IntOpt('service_down_time', default=60, help='maximum time since last check-in for up service'), diff --git a/nova/tests/api/openstack/compute/contrib/test_rescue.py b/nova/tests/api/openstack/compute/contrib/test_rescue.py index 0d735d5ec..2719c1339 100644 --- a/nova/tests/api/openstack/compute/contrib/test_rescue.py +++ b/nova/tests/api/openstack/compute/contrib/test_rescue.py @@ -22,7 +22,7 @@ from nova import test from nova.tests.api.openstack import fakes CONF = cfg.CONF -CONF.import_opt('password_length', 'nova.config') +CONF.import_opt('password_length', 'nova.utils') def rescue(self, context, instance, rescue_password=None): diff --git a/nova/tests/api/openstack/compute/contrib/test_volumes.py b/nova/tests/api/openstack/compute/contrib/test_volumes.py index 17ac244ff..21befe5e6 100644 --- a/nova/tests/api/openstack/compute/contrib/test_volumes.py +++ b/nova/tests/api/openstack/compute/contrib/test_volumes.py @@ -32,7 +32,7 @@ from nova.volume import cinder from webob import exc CONF = cfg.CONF -CONF.import_opt('password_length', 'nova.config') +CONF.import_opt('password_length', 'nova.utils') FAKE_UUID = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' FAKE_UUID_A = '00000000-aaaa-aaaa-aaaa-000000000000' diff --git a/nova/tests/api/openstack/compute/test_server_actions.py b/nova/tests/api/openstack/compute/test_server_actions.py index dbb854c58..a0330d2cc 100644 --- a/nova/tests/api/openstack/compute/test_server_actions.py +++ b/nova/tests/api/openstack/compute/test_server_actions.py @@ -35,7 +35,7 @@ from nova.tests import matchers CONF = cfg.CONF -CONF.import_opt('password_length', 'nova.config') +CONF.import_opt('password_length', 'nova.utils') FAKE_UUID = fakes.FAKE_UUID INSTANCE_IDS = {FAKE_UUID: 1} diff --git a/nova/tests/api/openstack/compute/test_servers.py b/nova/tests/api/openstack/compute/test_servers.py index d8c388865..0afbecb22 100644 --- a/nova/tests/api/openstack/compute/test_servers.py +++ b/nova/tests/api/openstack/compute/test_servers.py @@ -54,7 +54,7 @@ from nova.tests import matchers CONF = cfg.CONF -CONF.import_opt('password_length', 'nova.config') +CONF.import_opt('password_length', 'nova.utils') CONF.import_opt('scheduler_topic', 'nova.config') FAKE_UUID = fakes.FAKE_UUID diff --git a/nova/utils.py b/nova/utils.py index 2491c5fcb..859fe5df8 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -64,12 +64,17 @@ monkey_patch_opts = [ ], help='List of modules/decorators to monkey patch'), ] -LOG = logging.getLogger(__name__) +utils_opts = [ + cfg.IntOpt('password_length', + default=12, + help='Length of generated instance admin passwords'), + cfg.BoolOpt('disable_process_locking', + default=False, + help='Whether to disable inter-process locks'), +] CONF = cfg.CONF CONF.register_opts(monkey_patch_opts) -CONF.register_opt( - cfg.BoolOpt('disable_process_locking', default=False, - help='Whether to disable inter-process locks')) +CONF.register_opts(utils_opts) CONF.import_opt('glance_host', 'nova.config') CONF.import_opt('glance_port', 'nova.config') CONF.import_opt('glance_protocol', 'nova.config') @@ -77,6 +82,8 @@ CONF.import_opt('instance_usage_audit_period', 'nova.config') CONF.import_opt('rootwrap_config', 'nova.config') CONF.import_opt('service_down_time', 'nova.config') +LOG = logging.getLogger(__name__) + # Used for looking up extensions of text # to their 'multiplied' byte amount BYTE_MULTIPLIERS = { @@ -423,7 +430,7 @@ def last_completed_audit_period(unit=None, before=None): return (begin, end) -def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): +def generate_password(length=None, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): """Generate a random password from the supplied symbol groups. At least one symbol from each group will be included. Unpredictable @@ -432,6 +439,9 @@ def generate_password(length=20, symbolgroups=DEFAULT_PASSWORD_SYMBOLS): Believed to be reasonably secure (with a reasonable password length!) """ + if length is None: + length = CONF.password_length + r = random.SystemRandom() # NOTE(jerdfelt): Some password policies require at least one character |