From 3a90ce226f886b8ec5c002cf0e6803857e45a07b Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Tue, 29 Jun 2010 08:55:27 -0700 Subject: review reformat --- nova/auth/fakeldap.py | 62 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 25 deletions(-) (limited to 'nova/auth') diff --git a/nova/auth/fakeldap.py b/nova/auth/fakeldap.py index e27ac57bb..116fcbb78 100644 --- a/nova/auth/fakeldap.py +++ b/nova/auth/fakeldap.py @@ -34,15 +34,19 @@ SCOPE_SUBTREE = 2 MOD_ADD = 0 MOD_DELETE = 1 + class NO_SUCH_OBJECT(Exception): pass + class OBJECT_CLASS_VIOLATION(Exception): pass + def initialize(uri): return FakeLDAP() + def _match_query(query, attrs): """Match an ldap query to an attribute dictionary. @@ -67,6 +71,7 @@ def _match_query(query, attrs): (k, sep, v) = inner.partition('=') return _match(k, v, attrs) + def _paren_groups(source): """Split a string into parenthesized groups.""" count = 0 @@ -83,6 +88,7 @@ def _paren_groups(source): result.append(source[start:pos+1]) return result + def _match(k, v, attrs): """Match a given key and value against an attribute list.""" if k not in attrs: @@ -96,6 +102,7 @@ def _match(k, v, attrs): return True return False + def _subs(value): """Returns a list of subclass strings. @@ -109,6 +116,32 @@ def _subs(value): return [value] + subs[value] return [value] + +def _from_json(encoded): + """Convert attribute values from json representation. + + Args: + encoded -- a json encoded string + + Returns a list of strings + + """ + return [str(x) for x in json.loads(encoded)] + + +def _to_json(unencoded): + """Convert attribute values into json representation. + + Args: + unencoded -- an unencoded string or list of strings. If it + is a single string, it will be converted into a list. + + Returns a json string + + """ + return json.dumps(list(unencoded)) + + class FakeLDAP(object): #TODO(vish): refactor this class to use a wrapper instead of accessing # redis directly @@ -125,7 +158,7 @@ class FakeLDAP(object): """Add an object with the specified attributes at dn.""" key = "%s%s" % (self.__redis_prefix, dn) - value_dict = dict([(k, self.__to_json(v)) for k, v in attr]) + value_dict = dict([(k, _to_json(v)) for k, v in attr]) datastore.Redis.instance().hmset(key, value_dict) def delete_s(self, dn): @@ -145,12 +178,12 @@ class FakeLDAP(object): key = "%s%s" % (self.__redis_prefix, dn) for cmd, k, v in attrs: - values = self.__from_json(redis.hget(key, k)) + values = _from_json(redis.hget(key, k)) if cmd == MOD_ADD: values.append(v) else: values.remove(v) - values = redis.hset(key, k, self.__to_json(values)) + values = redis.hset(key, k, _to_json(values)) def search_s(self, dn, scope, query=None, fields=None): """Search for all matching objects under dn using the query. @@ -171,7 +204,7 @@ class FakeLDAP(object): # get the attributes from redis attrs = redis.hgetall(key) # turn the values from redis into lists - attrs = dict([(k, self.__from_json(v)) + attrs = dict([(k, _from_json(v)) for k, v in attrs.iteritems()]) # filter the objects by query if not query or _match_query(query, attrs): @@ -188,25 +221,4 @@ class FakeLDAP(object): def __redis_prefix(self): return 'ldap:' - def __from_json(self, encoded): - """Convert attribute values from json representation. - - Args: - encoded -- a json encoded string - - Returns a list of strings - """ - return [str(x) for x in json.loads(encoded)] - - def __to_json(self, unencoded): - """Convert attribute values into json representation. - - Args: - unencoded -- an unencoded string or list of strings. If it - is a single string, it will be converted into a list. - - Returns a json string - - """ - return json.dumps(list(unencoded)) -- cgit From 082c228f98e1d7545a9d5d7abe10bd35691d85c9 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 7 Jul 2010 18:29:19 -0700 Subject: use a flag for cert subject --- nova/auth/users.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'nova/auth') diff --git a/nova/auth/users.py b/nova/auth/users.py index 1fc97345f..1a270733e 100644 --- a/nova/auth/users.py +++ b/nova/auth/users.py @@ -100,6 +100,10 @@ flags.DEFINE_string('credential_cert_file', 'cert.pem', 'Filename of certificate in credentials zip') flags.DEFINE_string('credential_rc_file', 'novarc', 'Filename of rc in credentials zip') +flags.DEFINE_string('credential_cert_subject', + '/C=US/ST=California/L=MountainView/O=AnsoLabs/' + 'OU=NovaDev/CN=%s-%s' + 'Subject for certificate for users') flags.DEFINE_string('vpn_ip', '127.0.0.1', 'Public IP for the cloudpipe VPN servers') @@ -516,7 +520,7 @@ class UserManager(object): def __cert_subject(self, uid): # FIXME(ja) - this should be pulled from a global configuration - return "/C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=%s-%s" % (uid, str(datetime.datetime.utcnow().isoformat())) + return FLAGS.credential_cert_subject % (uid, utils.isotime()) class LDAPWrapper(object): -- cgit From f5ce5b5750120012287d78ea0a40598ec0eefd47 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 8 Jul 2010 09:42:11 -0700 Subject: missed a comma --- nova/auth/users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova/auth') diff --git a/nova/auth/users.py b/nova/auth/users.py index 1a270733e..671fdbdbf 100644 --- a/nova/auth/users.py +++ b/nova/auth/users.py @@ -102,7 +102,7 @@ flags.DEFINE_string('credential_rc_file', 'novarc', 'Filename of rc in credentials zip') flags.DEFINE_string('credential_cert_subject', '/C=US/ST=California/L=MountainView/O=AnsoLabs/' - 'OU=NovaDev/CN=%s-%s' + 'OU=NovaDev/CN=%s-%s', 'Subject for certificate for users') flags.DEFINE_string('vpn_ip', '127.0.0.1', 'Public IP for the cloudpipe VPN servers') -- cgit From 702391e5d3f3cee5fe1d5e34d175f0fe0b5d0d7a Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 8 Jul 2010 12:19:50 -0700 Subject: fixes from code review --- nova/auth/users.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'nova/auth') diff --git a/nova/auth/users.py b/nova/auth/users.py index a45fbc1c0..29d10affd 100644 --- a/nova/auth/users.py +++ b/nova/auth/users.py @@ -335,10 +335,13 @@ class Vpn(model.BasicModel): @classmethod def find_free_port_for_ip(cls, ip): - # TODO(vish): the redis access should be refactored into a - # base class + # TODO(vish): these redis commands should be generalized and + # placed into a base class. Conceptually, it is + # similar to an association, but we are just + # storing a set of values instead of keys that + # should be turned into objects. redis = datastore.Redis.instance() - key = 'ip:%s:ports' + key = 'ip:%s:ports' % ip # TODO(vish): these ports should be allocated through an admin # command instead of a flag if (not redis.exists(key) and @@ -346,14 +349,14 @@ class Vpn(model.BasicModel): for i in range(FLAGS.vpn_start_port, FLAGS.vpn_end_port + 1): redis.sadd(key, i) - port = datastore.Redis.instance().spop(key) + port = redis.spop(key) if not port: raise NoMorePorts() return port @classmethod def num_ports_for_ip(cls, ip): - return datastore.Redis.instance().scard('ip:%s:ports') + return datastore.Redis.instance().scard('ip:%s:ports' % ip) @property def ip(self): @@ -467,7 +470,9 @@ class UserManager(object): # create and destroy a project Vpn.create(name) return conn.create_project(name, - User.safe_id(manager_user), description, member_users) + User.safe_id(manager_user), + description, + member_users) def get_projects(self): -- cgit From 732707903f65fc126c147fc0a0839a3639b8d976 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Mon, 12 Jul 2010 15:11:41 -0500 Subject: fixed bug in auth group_exists it was using the name instead of the dn --- nova/auth/users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova/auth') diff --git a/nova/auth/users.py b/nova/auth/users.py index 671fdbdbf..769983e83 100644 --- a/nova/auth/users.py +++ b/nova/auth/users.py @@ -710,7 +710,7 @@ class LDAPWrapper(object): def __create_group(self, group_dn, name, uid, description, member_uids = None): - if self.group_exists(name): + if self.group_exists(group_dn): raise exception.Duplicate("Group can't be created because " "group %s already exists" % name) members = [] -- cgit From b8306f37fc53e59b744f00637d0e74ebe8f6b0e6 Mon Sep 17 00:00:00 2001 From: Todd Willey Date: Wed, 14 Jul 2010 23:51:52 -0400 Subject: fix reference to BasicModel and imports --- nova/auth/users.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'nova/auth') diff --git a/nova/auth/users.py b/nova/auth/users.py index 2ac4bb6da..b1bc971c9 100644 --- a/nova/auth/users.py +++ b/nova/auth/users.py @@ -27,6 +27,7 @@ import datetime import logging import os import shutil +import signer import string from string import Template import tempfile @@ -39,15 +40,14 @@ except Exception, e: import fakeldap as ldap import fakeldap -from nova import datastore # TODO(termie): clean up these imports -import signer +from nova import datastore from nova import exception from nova import flags from nova import crypto from nova import utils -from nova.compute import model + from nova import objectstore # for flags @@ -314,7 +314,7 @@ class NoMorePorts(exception.Error): pass -class Vpn(model.BasicModel): +class Vpn(datastore.BasicModel): def __init__(self, project_id): self.project_id = project_id super(Vpn, self).__init__() -- cgit From 892ca58c0642db19e57a89d7a2ae5466971249cf Mon Sep 17 00:00:00 2001 From: Todd Willey Date: Thu, 15 Jul 2010 00:12:12 -0400 Subject: change default vpn ports and remove complex vpn ip iteration --- nova/auth/users.py | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) (limited to 'nova/auth') diff --git a/nova/auth/users.py b/nova/auth/users.py index b1bc971c9..9272f48ea 100644 --- a/nova/auth/users.py +++ b/nova/auth/users.py @@ -102,9 +102,9 @@ flags.DEFINE_string('credential_cert_file', 'cert.pem', flags.DEFINE_string('credential_rc_file', 'novarc', 'Filename of rc in credentials zip') -flags.DEFINE_integer('vpn_start_port', 8000, +flags.DEFINE_integer('vpn_start_port', 1000, 'Start port for the cloudpipe VPN servers') -flags.DEFINE_integer('vpn_end_port', 9999, +flags.DEFINE_integer('vpn_end_port', 2000, 'End port for the cloudpipe VPN servers') flags.DEFINE_string('credential_cert_subject', @@ -325,20 +325,15 @@ class Vpn(datastore.BasicModel): @classmethod def create(cls, project_id): - # TODO (vish): get list of vpn ips from redis - for ip in [FLAGS.vpn_ip]: - try: - port = cls.find_free_port_for_ip(ip) - vpn = cls(project_id) - # save ip for project - vpn['project'] = project_id - vpn['ip'] = ip - vpn['port'] = port - vpn.save() - return vpn - except NoMorePorts: - pass - raise NoMorePorts() + # TODO(vish): get list of vpn ips from redis + port = cls.find_free_port_for_ip(FLAGS.vpn_ip) + vpn = cls(project_id) + # save ip for project + vpn['project'] = project_id + vpn['ip'] = FLAGS.vpn_ip + vpn['port'] = port + vpn.save() + return vpn @classmethod def find_free_port_for_ip(cls, ip): -- cgit