From 3403e773f5a38c5d415e4ab66799c6e239223a0d Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Mon, 17 Jan 2011 19:40:35 -0500
Subject: Stubbed-out code for working with provider-firewalls.

---
 nova/api/ec2/admin.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 758b612e8..b784c5a00 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -209,3 +209,11 @@ class AdminController(object):
     def describe_host(self, _context, name, **_kwargs):
         """Returns status info for single node."""
         return host_dict(db.host_get(name))
+
+    def block_external_addresses(self, context, cidr):
+        """Add provider-level firewall rules to block incoming traffic."""
+        LOG.audit(_("Blocking access to all projects incoming from %s"),
+                  cidr, context=context)
+        raise NotImplementedError(_("Awaiting implementation."))
+        # TODO(todd): implement
+        # return {'status': 'OK', 'message': 'Disabled (number) IPs'}
-- 
cgit 


From d4e7eb818c9f4ec51fd3a88a0e92d557867511d4 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Mon, 17 Jan 2011 23:18:46 -0500
Subject: Add rules to database, cast refresh message and trickle down to
 firewall driver.

---
 nova/api/ec2/admin.py | 43 +++++++++++++++++++++++++++++++++++++++----
 1 file changed, 39 insertions(+), 4 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index b784c5a00..1ae5f7094 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -21,7 +21,10 @@ Admin API controller, exposed through http via the api worker.
 """
 
 import base64
+import IPy
+import urllib
 
+from nova import compute
 from nova import db
 from nova import exception
 from nova import log as logging
@@ -70,6 +73,9 @@ class AdminController(object):
     def __str__(self):
         return 'AdminController'
 
+    def __init__(self):
+        self.compute_api = compute.API()
+
     def describe_user(self, _context, name, **_kwargs):
         """Returns user data, including access and secret keys."""
         return user_dict(manager.AuthManager().get_user(name))
@@ -210,10 +216,39 @@ class AdminController(object):
         """Returns status info for single node."""
         return host_dict(db.host_get(name))
 
+    def _provider_fw_rule_exists(context, rule):
+        for old_rule in db.provider_fw_rule_get_all(context):
+            for key in ('cidr', 'from_port', 'to_port', 'protocol'):
+                dupe = True
+                if rule[key] != old_rule[key]:
+                    dupe = False
+            if dupe:
+                return dupe
+        return False
+
+
     def block_external_addresses(self, context, cidr):
         """Add provider-level firewall rules to block incoming traffic."""
-        LOG.audit(_("Blocking access to all projects incoming from %s"),
+        LOG.audit(_("Blocking traffic to all projects incoming from %s"),
                   cidr, context=context)
-        raise NotImplementedError(_("Awaiting implementation."))
-        # TODO(todd): implement
-        # return {'status': 'OK', 'message': 'Disabled (number) IPs'}
+        rule = {'cidr': IPy.IP(urllib.unquote(cidr).decode())}
+        tcp_rule = rule.copy()
+        tcp_rule.update({"protocol": "TCP", "from_port": 1, "to_port": 65535})
+        udp_rule = rule.copy()
+        udp_rule.update({"protocol": "UDP", "from_port": 1, "to_port": 65535})
+        icmp_rule = rule.copy()
+        icmp_rule.update({"protocol": "ICMP", "from_port": -1, "to_port": -1})
+        rules_added = 0
+        if not self._provider_fw_rule_exists(context, tcp_rule):
+            db.provider_fw_rule_create(context, tcp_rule)
+            rules_added += 1
+        if not self._provider_fw_rule_exists(context, udp_rule):
+            db.provider_fw_rule_create(context, udp_rule)
+            rules_added += 1
+        if not self._provider_fw_rule_exists(context, icmp_rule):
+            db.provider_fw_rule_create(context, icmp_rule)
+            rules_added += 1
+        if rules_added == 0:
+            raise exception.ApiError(_('Duplicate rule'))
+        self.compute_api.trigger_provider_fw_rules_refresh(context)
+        return {'status': 'OK', 'message': 'Disabled (number) IPs'}
-- 
cgit 


From 46c1c554e7d98959a2b20597d6b0f2b0f648cdc9 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Wed, 19 Jan 2011 15:16:12 -0500
Subject: Whitespace (pep8) cleanups.

---
 nova/api/ec2/admin.py | 1 -
 1 file changed, 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 1ae5f7094..3a8ed39eb 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -226,7 +226,6 @@ class AdminController(object):
                 return dupe
         return False
 
-
     def block_external_addresses(self, context, cidr):
         """Add provider-level firewall rules to block incoming traffic."""
         LOG.audit(_("Blocking traffic to all projects incoming from %s"),
-- 
cgit 


From f02c9e781bdddd609601da81b97a438b6d5b9781 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Fri, 21 Jan 2011 12:30:26 -0500
Subject: Add provider_fw_rules awareness to iptables firewall driver.

---
 nova/api/ec2/admin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 3a8ed39eb..c83f84b15 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -236,7 +236,8 @@ class AdminController(object):
         udp_rule = rule.copy()
         udp_rule.update({"protocol": "UDP", "from_port": 1, "to_port": 65535})
         icmp_rule = rule.copy()
-        icmp_rule.update({"protocol": "ICMP", "from_port": -1, "to_port": -1})
+        icmp_rule.update({"protocol": "ICMP", "from_port": -1,
+                          "to_port": None})
         rules_added = 0
         if not self._provider_fw_rule_exists(context, tcp_rule):
             db.provider_fw_rule_create(context, tcp_rule)
-- 
cgit 


From 4e3524c57f6fa0f917bdb30ec15c8d4633a307e5 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Tue, 25 Jan 2011 12:52:00 -0800
Subject: Updates for provider_fw_rules in admin api.

---
 nova/api/ec2/admin.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 4a34476d3..0dabf2092 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -223,7 +223,7 @@ class AdminController(object):
         """Returns status info for single node."""
         return host_dict(db.host_get(name))
 
-    def _provider_fw_rule_exists(context, rule):
+    def _provider_fw_rule_exists(self, context, rule):
         for old_rule in db.provider_fw_rule_get_all(context):
             for key in ('cidr', 'from_port', 'to_port', 'protocol'):
                 dupe = True
@@ -237,7 +237,10 @@ class AdminController(object):
         """Add provider-level firewall rules to block incoming traffic."""
         LOG.audit(_("Blocking traffic to all projects incoming from %s"),
                   cidr, context=context)
-        rule = {'cidr': IPy.IP(urllib.unquote(cidr).decode())}
+        cidr  = urllib.unquote(cidr).decode()
+        # raise if invalid
+        IPy.IP(cidr)
+        rule = {'cidr': cidr}
         tcp_rule = rule.copy()
         tcp_rule.update({"protocol": "TCP", "from_port": 1, "to_port": 65535})
         udp_rule = rule.copy()
-- 
cgit 


From d6c6d8115b9dda07716d85fb1201cde0e907a9bd Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Wed, 26 Jan 2011 22:54:39 -0800
Subject: A couple of bugfixes.

---
 nova/api/ec2/admin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 478032ce9..b019e8e8b 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -237,9 +237,10 @@ class AdminController(object):
         return host_dict(db.host_get(name))
 
     def _provider_fw_rule_exists(self, context, rule):
+        # TODO(todd): we call this repeatedly, can we filter by protocol?
         for old_rule in db.provider_fw_rule_get_all(context):
+            dupe = True
             for key in ('cidr', 'from_port', 'to_port', 'protocol'):
-                dupe = True
                 if rule[key] != old_rule[key]:
                     dupe = False
             if dupe:
-- 
cgit 


From 2b79fa82872c55368167fc7433cb28a2369f5191 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 7 Apr 2011 01:42:49 -0400
Subject: test provider fw rules at the virt/ipteables layer. lowercase
 protocol names in admin api to match what the firewall driver expects. add
 provider fw rule chain in iptables6 as well. fix a couple of small typos and
 copy-paste errors.

---
 nova/api/ec2/admin.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 0b27854ef..c0c2bcd0d 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -356,11 +356,11 @@ class AdminController(object):
         IPy.IP(cidr)
         rule = {'cidr': cidr}
         tcp_rule = rule.copy()
-        tcp_rule.update({"protocol": "TCP", "from_port": 1, "to_port": 65535})
+        tcp_rule.update({"protocol": "tcp", "from_port": 1, "to_port": 65535})
         udp_rule = rule.copy()
-        udp_rule.update({"protocol": "UDP", "from_port": 1, "to_port": 65535})
+        udp_rule.update({"protocol": "udp", "from_port": 1, "to_port": 65535})
         icmp_rule = rule.copy()
-        icmp_rule.update({"protocol": "ICMP", "from_port": -1,
+        icmp_rule.update({"protocol": "icmp", "from_port": -1,
                           "to_port": None})
         rules_added = 0
         if not self._provider_fw_rule_exists(context, tcp_rule):
-- 
cgit 


From 0be9e06c09c1d08802a8963e34090b5fcedb19be Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 26 May 2011 11:35:58 -0400
Subject: Double quotes are ugly.

---
 nova/api/ec2/admin.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 0d08aba7a..3c7a60277 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -349,19 +349,19 @@ class AdminController(object):
 
     def block_external_addresses(self, context, cidr):
         """Add provider-level firewall rules to block incoming traffic."""
-        LOG.audit(_("Blocking traffic to all projects incoming from %s"),
+        LOG.audit(_('Blocking traffic to all projects incoming from %s'),
                   cidr, context=context)
         cidr = urllib.unquote(cidr).decode()
         # raise if invalid
         IPy.IP(cidr)
         rule = {'cidr': cidr}
         tcp_rule = rule.copy()
-        tcp_rule.update({"protocol": "tcp", "from_port": 1, "to_port": 65535})
+        tcp_rule.update({'protocol': 'tcp', 'from_port': 1, 'to_port': 65535})
         udp_rule = rule.copy()
-        udp_rule.update({"protocol": "udp", "from_port": 1, "to_port": 65535})
+        udp_rule.update({'protocol': 'udp', 'from_port': 1, 'to_port': 65535})
         icmp_rule = rule.copy()
-        icmp_rule.update({"protocol": "icmp", "from_port": -1,
-                          "to_port": None})
+        icmp_rule.update({'protocol': 'icmp', 'from_port': -1,
+                          'to_port': None})
         rules_added = 0
         if not self._provider_fw_rule_exists(context, tcp_rule):
             db.provider_fw_rule_create(context, tcp_rule)
@@ -375,4 +375,4 @@ class AdminController(object):
         if rules_added == 0:
             raise exception.ApiError(_('Duplicate rule'))
         self.compute_api.trigger_provider_fw_rules_refresh(context)
-        return {'status': 'OK', 'message': 'Disabled (number) IPs'}
+        return {'status': 'OK', 'message': 'Added %s rules' % rules_added}
-- 
cgit 


From 1fd3f5a6edf911dc84e11130bc2c590567d780c3 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 26 May 2011 17:05:55 -0400
Subject: Fixes from Ed Leafe's review suggestions.

---
 nova/api/ec2/admin.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 3c7a60277..1d4cffff3 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -339,12 +339,9 @@ class AdminController(object):
     def _provider_fw_rule_exists(self, context, rule):
         # TODO(todd): we call this repeatedly, can we filter by protocol?
         for old_rule in db.provider_fw_rule_get_all(context):
-            dupe = True
-            for key in ('cidr', 'from_port', 'to_port', 'protocol'):
-                if rule[key] != old_rule[key]:
-                    dupe = False
-            if dupe:
-                return dupe
+            if all([rule[k] == old_rule[k] for k in ('cidr', 'from_port',
+                                                     'to_port', 'protocol')]):
+                return True
         return False
 
     def block_external_addresses(self, context, cidr):
@@ -372,7 +369,7 @@ class AdminController(object):
         if not self._provider_fw_rule_exists(context, icmp_rule):
             db.provider_fw_rule_create(context, icmp_rule)
             rules_added += 1
-        if rules_added == 0:
+        if not rules_added:
             raise exception.ApiError(_('Duplicate rule'))
         self.compute_api.trigger_provider_fw_rules_refresh(context)
         return {'status': 'OK', 'message': 'Added %s rules' % rules_added}
-- 
cgit 


From 93f61c18134e6b4091114a7126f52d74e0d20df8 Mon Sep 17 00:00:00 2001
From: Chuck Short <zulcss@ubuntu.com>
Date: Mon, 6 Jun 2011 15:33:35 -0400
Subject: Remove ipy from nova/api/ec2/cloud.py and use netaddr

---
 nova/api/ec2/cloud.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index b7a9a8633..ceeaa3e48 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -23,7 +23,7 @@ datastore.
 """
 
 import base64
-import IPy
+import netaddr
 import os
 import urllib
 import tempfile
@@ -444,7 +444,7 @@ class CloudController(object):
         elif cidr_ip:
             # If this fails, it throws an exception. This is what we want.
             cidr_ip = urllib.unquote(cidr_ip).decode()
-            IPy.IP(cidr_ip)
+            netaddr.IPNetwork(cidr_ip)
             values['cidr'] = cidr_ip
         else:
             values['cidr'] = '0.0.0.0/0'
-- 
cgit 


From d1b6ebb4009e13ac2cf2309275a66a634e4f9171 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Sat, 11 Jun 2011 16:42:58 -0400
Subject: Add ability to list ip blocks.

---
 nova/api/ec2/admin.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index fcf7f674c..37ae2e648 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -369,3 +369,11 @@ class AdminController(object):
             raise exception.ApiError(_('Duplicate rule'))
         self.compute_api.trigger_provider_fw_rules_refresh(context)
         return {'status': 'OK', 'message': 'Added %s rules' % rules_added}
+
+    def describe_external_address_blocks(self, context):
+        blocks = db.provider_fw_rule_get_all(context)
+        # NOTE(todd): use a set since we have icmp/udp/tcp rules with same cidr
+        blocks = set([b.cidr for b in blocks])
+        blocks = [{'cidr': b} for b in blocks]
+        return {'externalIpBlockInfo':
+                list(sorted(blocks, key=lambda k: k['cidr']))}
-- 
cgit 


From ed3914eafa7d076fdcc03ee958f77528bcf20603 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Sat, 11 Jun 2011 18:03:45 -0400
Subject: Add a method to delete provider firewall rules.

---
 nova/api/ec2/admin.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index 37ae2e648..da982d8dc 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -377,3 +377,15 @@ class AdminController(object):
         blocks = [{'cidr': b} for b in blocks]
         return {'externalIpBlockInfo':
                 list(sorted(blocks, key=lambda k: k['cidr']))}
+
+    def remove_external_address_block(self, context, cidr):
+        LOG.audit(_('Removing ip block from %s'), cidr, context=context)
+        cidr = urllib.unquote(cidr).decode()
+        # raise if invalid
+        IPy.IP(cidr)
+        rules = db.provider_fw_rule_get_all_by_cidr(context, cidr)
+        for rule in rules:
+            db.provider_fw_rule_destroy(context, rule['id'])
+        if rules:
+            self.compute_api.trigger_provider_fw_rules_refresh(context)
+        return {'status': 'OK', 'message': 'Deleted %s rules' % len(rules)}
-- 
cgit 


From 7a2712ebf74e5565663a6723a992151f71255eff Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Tue, 14 Jun 2011 11:34:03 -0700
Subject: Move ipy commands to netaddr.

---
 nova/api/ec2/admin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index fcf7f674c..343bc61c4 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -22,7 +22,7 @@ Admin API controller, exposed through http via the api worker.
 
 import base64
 import datetime
-import IPy
+import netaddr
 import urllib
 
 from nova import compute
@@ -346,7 +346,7 @@ class AdminController(object):
                   cidr, context=context)
         cidr = urllib.unquote(cidr).decode()
         # raise if invalid
-        IPy.IP(cidr)
+        netaddr.IPNetwork(cidr)
         rule = {'cidr': cidr}
         tcp_rule = rule.copy()
         tcp_rule.update({'protocol': 'tcp', 'from_port': 1, 'to_port': 65535})
-- 
cgit 


From bfbb2b8e04d1cd4b761c67973b173d2ca6f84859 Mon Sep 17 00:00:00 2001
From: Brian Waldon <brian.waldon@rackspace.com>
Date: Fri, 17 Jun 2011 13:39:34 -0400
Subject: adding extra image service properties to compute api snapshot; adding
 instance_ref property

---
 nova/api/openstack/images.py       | 31 ++++++++++++++++++++++++++++---
 nova/api/openstack/views/images.py | 30 +++++++++++++-----------------
 2 files changed, 41 insertions(+), 20 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/images.py b/nova/api/openstack/images.py
index 5ffd8e96a..4a09060c9 100644
--- a/nova/api/openstack/images.py
+++ b/nova/api/openstack/images.py
@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import os.path
+
 import webob.exc
 
 from nova import compute
@@ -104,7 +106,10 @@ class Controller(object):
         except KeyError:
             raise webob.exc.HTTPBadRequest()
 
-        image = self._compute_service.snapshot(context, server_id, image_name)
+        props = self._get_extra_properties(req, body)
+
+        image = self._compute_service.snapshot(context, server_id,
+                                               image_name, props)
         return dict(image=self.get_builder(req).build(image, detail=True))
 
     def get_builder(self, request):
@@ -114,6 +119,9 @@ class Controller(object):
     def _server_id_from_req_data(self, data):
         raise NotImplementedError()
 
+    def _get_extra_properties(self, req, data):
+        return {}
+
 
 class ControllerV10(Controller):
     """Version 1.0 specific controller logic."""
@@ -150,7 +158,11 @@ class ControllerV10(Controller):
         return dict(images=[builder(image, detail=True) for image in images])
 
     def _server_id_from_req_data(self, data):
-        return data['image']['serverId']
+        try:
+            return data['image']['serverId']
+        except KeyError:
+            msg = _("Expected serverId attribute on server entity.")
+            raise webob.exc.HTTPBadRequest(explanation=msg)
 
 
 class ControllerV11(Controller):
@@ -190,7 +202,20 @@ class ControllerV11(Controller):
         return dict(images=[builder(image, detail=True) for image in images])
 
     def _server_id_from_req_data(self, data):
-        return data['image']['serverRef']
+        try:
+            server_ref = data['image']['serverRef']
+        except KeyError:
+            msg = _("Expected serverRef attribute on server entity.")
+            raise webob.exc.HTTPBadRequest(explanation=msg)
+
+        return os.path.split(server_ref)[1]
+
+    def _get_extra_properties(self, req, data):
+        server_ref = data['image']['serverRef']
+        if not server_ref.startswith('http'):
+            server_ref = os.path.join(req.application_url, 'servers',
+                                      server_ref)
+        return {'instance_ref': server_ref}
 
 
 def create_resource(version='1.0'):
diff --git a/nova/api/openstack/views/images.py b/nova/api/openstack/views/images.py
index 2773c9c13..d6a054102 100644
--- a/nova/api/openstack/views/images.py
+++ b/nova/api/openstack/views/images.py
@@ -46,13 +46,9 @@ class ViewBuilder(object):
         except KeyError:
             image['status'] = image['status'].upper()
 
-    def _build_server(self, image, instance_id):
+    def _build_server(self, image, image_obj):
         """Indicates that you must use a ViewBuilder subclass."""
-        raise NotImplementedError
-
-    def generate_server_ref(self, server_id):
-        """Return an href string pointing to this server."""
-        return os.path.join(self._url, "servers", str(server_id))
+        raise NotImplementedError()
 
     def generate_href(self, image_id):
         """Return an href string pointing to this object."""
@@ -60,8 +56,6 @@ class ViewBuilder(object):
 
     def build(self, image_obj, detail=False):
         """Return a standardized image structure for display by the API."""
-        properties = image_obj.get("properties", {})
-
         self._format_dates(image_obj)
 
         if "status" in image_obj:
@@ -72,11 +66,7 @@ class ViewBuilder(object):
             "name": image_obj.get("name"),
         }
 
-        if "instance_id" in properties:
-            try:
-                self._build_server(image, int(properties["instance_id"]))
-            except ValueError:
-                pass
+        self._build_server(image, image_obj)
 
         if detail:
             image.update({
@@ -94,15 +84,21 @@ class ViewBuilder(object):
 class ViewBuilderV10(ViewBuilder):
     """OpenStack API v1.0 Image Builder"""
 
-    def _build_server(self, image, instance_id):
-        image["serverId"] = instance_id
+    def _build_server(self, image, image_obj):
+        try:
+            image['serverId'] = int(image_obj['properties']['instance_id'])
+        except (KeyError, ValueError):
+            pass
 
 
 class ViewBuilderV11(ViewBuilder):
     """OpenStack API v1.1 Image Builder"""
 
-    def _build_server(self, image, instance_id):
-        image["serverRef"] = self.generate_server_ref(instance_id)
+    def _build_server(self, image, image_obj):
+        try:
+            image['serverRef'] = image_obj['properties']['instance_ref']
+        except KeyError:
+            return
 
     def build(self, image_obj, detail=False):
         """Return a standardized image structure for display by the API."""
-- 
cgit 


From 2ee267b7e463b3f0b7997f5dce91b325610795ab Mon Sep 17 00:00:00 2001
From: Brian Waldon <brian.waldon@rackspace.com>
Date: Fri, 17 Jun 2011 14:35:10 -0400
Subject: adding check for serverRef hostname matching app url

---
 nova/api/openstack/images.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/images.py b/nova/api/openstack/images.py
index 4a09060c9..d43340e10 100644
--- a/nova/api/openstack/images.py
+++ b/nova/api/openstack/images.py
@@ -101,7 +101,7 @@ class Controller(object):
             raise webob.exc.HTTPBadRequest()
 
         try:
-            server_id = self._server_id_from_req_data(body)
+            server_id = self._server_id_from_req(req, body)
             image_name = body["image"]["name"]
         except KeyError:
             raise webob.exc.HTTPBadRequest()
@@ -116,7 +116,7 @@ class Controller(object):
         """Indicates that you must use a Controller subclass."""
         raise NotImplementedError
 
-    def _server_id_from_req_data(self, data):
+    def _server_id_from_req(self, req, data):
         raise NotImplementedError()
 
     def _get_extra_properties(self, req, data):
@@ -157,7 +157,7 @@ class ControllerV10(Controller):
         builder = self.get_builder(req).build
         return dict(images=[builder(image, detail=True) for image in images])
 
-    def _server_id_from_req_data(self, data):
+    def _server_id_from_req(self, req, data):
         try:
             return data['image']['serverId']
         except KeyError:
@@ -201,14 +201,20 @@ class ControllerV11(Controller):
         builder = self.get_builder(req).build
         return dict(images=[builder(image, detail=True) for image in images])
 
-    def _server_id_from_req_data(self, data):
+    def _server_id_from_req(self, req, data):
         try:
             server_ref = data['image']['serverRef']
         except KeyError:
             msg = _("Expected serverRef attribute on server entity.")
             raise webob.exc.HTTPBadRequest(explanation=msg)
 
-        return os.path.split(server_ref)[1]
+        head, tail = os.path.split(server_ref)
+
+        if head and head != os.path.join(req.application_url, 'servers'):
+            msg = _("serverRef must match request url")
+            raise webob.exc.HTTPBadRequest(explanation=msg)
+
+        return tail
 
     def _get_extra_properties(self, req, data):
         server_ref = data['image']['serverRef']
-- 
cgit 


From 7398819cc00a078a486b4d2f11846ff32db19a88 Mon Sep 17 00:00:00 2001
From: Brian Waldon <brian.waldon@rackspace.com>
Date: Wed, 22 Jun 2011 17:07:26 -0400
Subject: moving image show/update into 'meta' container

---
 nova/api/openstack/image_metadata.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/image_metadata.py b/nova/api/openstack/image_metadata.py
index ebfe2bde9..07f0fb4fb 100644
--- a/nova/api/openstack/image_metadata.py
+++ b/nova/api/openstack/image_metadata.py
@@ -59,7 +59,7 @@ class Controller(object):
         context = req.environ['nova.context']
         metadata = self._get_metadata(context, image_id)
         if id in metadata:
-            return {id: metadata[id]}
+            return {'meta': {id: metadata[id]}}
         else:
             return faults.Fault(exc.HTTPNotFound())
 
@@ -77,15 +77,22 @@ class Controller(object):
 
     def update(self, req, image_id, id, body):
         context = req.environ['nova.context']
-        if not id in body:
+
+        try:
+            meta = body['meta']
+        except KeyError:
+            expl = _('Incorrect request body format')
+            raise exc.HTTPBadRequest(explanation=expl)
+
+        if not id in meta:
             expl = _('Request body and URI mismatch')
             raise exc.HTTPBadRequest(explanation=expl)
-        if len(body) > 1:
+        if len(meta) > 1:
             expl = _('Request body contains too many items')
             raise exc.HTTPBadRequest(explanation=expl)
         img = self.image_service.show(context, image_id)
         metadata = self._get_metadata(context, image_id, img)
-        metadata[id] = body[id]
+        metadata[id] = meta[id]
         self._check_quota_limit(context, metadata)
         img['properties'] = metadata
         self.image_service.update(context, image_id, img, None)
-- 
cgit 


From 9a6e9a1af9359fb4a9261f59f57113f252f0d6e9 Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Thu, 23 Jun 2011 14:45:37 -0400
Subject: Make firewall rules tests idempotent, move IPy=>netaddr, add deltete
 test.

---
 nova/api/ec2/admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/admin.py b/nova/api/ec2/admin.py
index b8fc8f114..df7876b9d 100644
--- a/nova/api/ec2/admin.py
+++ b/nova/api/ec2/admin.py
@@ -382,7 +382,7 @@ class AdminController(object):
         LOG.audit(_('Removing ip block from %s'), cidr, context=context)
         cidr = urllib.unquote(cidr).decode()
         # raise if invalid
-        IPy.IP(cidr)
+        netaddr.IPNetwork(cidr)
         rules = db.provider_fw_rule_get_all_by_cidr(context, cidr)
         for rule in rules:
             db.provider_fw_rule_destroy(context, rule['id'])
-- 
cgit