2 files changed, 28 insertions, 31 deletions

diff --git a/nova/cloudpipe/api.py b/nova/cloudpipe/api.py
index 5395e9724..a8ecbd285 100644
--- a/nova/cloudpipe/api.py
+++ b/nova/cloudpipe/api.py
@@ -35,36 +35,23 @@ class CloudPipeRequestHandler(tornado.web.RequestHandler):
     def get(self, path):
         path = self.request.path
         _log.debug( "Cloudpipe path is %s" % path)
-        self.manager = users.UserManager.instance()
         if path.endswith("/getca/"):
             self.send_root_ca()
-        elif path.endswith("/getcert/"):
-            _log.debug( "Getting zip for %s" % (path[9:]))
-            try:
-                self.send_signed_zip(self.path[9:])
-            except Exception, err:
-                _log.debug('ERROR: %s\n' % str(err))
-                raise tornado.web.HTTPError(404)
         self.finish()
 
-    def get_username_from_ip(self, ip):
+    def get_project_id_from_ip(self, ip):
         cc = self.application.controllers['Cloud']
         instance = cc.get_instance_by_ip(ip)
-        return instance['owner_id']
+        instance['project_id']
 
     def send_root_ca(self):
         _log.debug( "Getting root ca")
-        username = self.get_username_from_ip(self.request.remote_ip)
+        project_id = self.get_project_id_from_ip(self.request.remote_ip)
         self.set_header("Content-Type", "text/plain")
-        self.write(crypto.fetch_ca(username))
-
-    def send_signed_zip(self, username):
-        self.set_header("Content-Type", "application/zip")
-        self.write(self.manager.get_signed_zip(username))
+        self.write(crypto.fetch_ca(project_id))
 
     def post(self, *args, **kwargs):
-        self.manager = users.UserManager.instance()
-        username = self.get_username_from_ip(self.request.remote_ip)
+        project_id = self.get_project_id_from_ip(self.request.remote_ip)
         cert = self.get_argument('cert', '')
-        self.write(self.manager.sign_cert(urllib.unquote(cert), username))
+        self.write(crypto.sign_csr(urllib.unquote(cert), project_id))
         self.finish()
diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py
index f69486f3e..47a2602a6 100644
--- a/nova/cloudpipe/pipelib.py
+++ b/nova/cloudpipe/pipelib.py
@@ -21,6 +21,7 @@ an instance with it.
 import logging
 import os
 import tempfile
+import base64
 from zipfile import ZipFile, ZIP_DEFLATED
 
 from nova import flags
@@ -39,9 +40,9 @@ class CloudPipe(object):
         self.controller = cloud_controller
         self.manager = users.UserManager.instance()
 
-    def launch_vpn_instance(self, username):
-        logging.debug( "Launching VPN for %s" % (username))
-        user = self.manager.get_user(username)
+    def launch_vpn_instance(self, project_id):
+        logging.debug( "Launching VPN for %s" % (project_id))
+        project = self.manager.get_project(project_id)
         # Make a payload.zip
         tmpfolder = tempfile.mkdtemp()
         filename = "payload.zip"
@@ -51,26 +52,35 @@ class CloudPipe(object):
         z.write(FLAGS.boot_script_template,'autorun.sh')
         z.close()
 
-        self.setup_keypair(username)
+        key_name = self.setup_keypair(project.project_manager_id, project_id)
         zippy = open(zippath, "r")
-        context = api.APIRequestContext(handler=None, user=user)
+        context = api.APIRequestContext(handler=None, user=project.project_manager, project=project)
 
         reservation = self.controller.run_instances(context,
-            user_data=zippy.read().encode("base64"),
+            # run instances expects encoded userdata, it is decoded in the get_metadata_call
+            # autorun.sh also decodes the zip file, hence the double encoding
+            user_data=zippy.read().encode("base64").encode("base64"),
             max_count=1,
             min_count=1,
             image_id=FLAGS.vpn_image_id,
-            key_name="vpn-key",
+            key_name=key_name,
             security_groups=["vpn-secgroup"])
         zippy.close()
 
-    def setup_keypair(self, username):
+    def setup_keypair(self, user_id, project_id):
+        key_name = '%s-key' % project_id
         try:
-            private_key, fingerprint = self.manager.generate_key_pair(username, "vpn-key")
-            os.mkdir("%s/%s" % (FLAGS.keys_path, username))
-            private_key.save(os.path.abspath("%s/%s" % (FLAGS.keys_path, username)))
-        except:
+            private_key, fingerprint = self.manager.generate_key_pair(user_id, key_name)
+            try:
+                key_dir = os.path.join(FLAGS.keys_path, user_id)
+                os.makedirs(key_dir)
+                with open(os.path.join(key_dir, '%s.pem' % key_name),'w') as f:
+                    f.write(private_key)
+            except:
+                pass
+        except exception.Duplicate:
             pass
+        return key_name
 
     # def setup_secgroups(self, username):
     #     conn = self.euca.connection_for(username)