From 248f297da74b6353b9589b2887c9ab5edad8dc22 Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Mon, 19 Jul 2010 17:07:52 -0700 Subject: Raise 401, not exception if Authorization header not passed. Also minor fixes & Python exception-handling style tweak --- nova/objectstore/handler.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'nova') diff --git a/nova/objectstore/handler.py b/nova/objectstore/handler.py index b2ed3d482..e5c97c3bc 100644 --- a/nova/objectstore/handler.py +++ b/nova/objectstore/handler.py @@ -103,13 +103,16 @@ def get_argument(request, key, default_value): def get_context(request): try: # Authorization Header format: 'AWS :' - access, sep, secret = request.getHeader('Authorization').split(' ')[1].rpartition(':') + authorization_header = request.getHeader('Authorization') + if not authorization_header: + raise exception.NotAuthorized + access, sep, secret = authorization_header.split(' ')[1].rpartition(':') um = users.UserManager.instance() print 'um %s' % um (user, project) = um.authenticate(access, secret, {}, request.method, request.host, request.uri, False) # FIXME: check signature here! return api.APIRequestContext(None, user, project) - except exception.Error, ex: + except exception.Error as ex: logging.debug("Authentication Failure: %s" % ex) raise exception.NotAuthorized @@ -131,6 +134,7 @@ class S3(Resource): render_xml(request, {"ListAllMyBucketsResult": { "Buckets": {"Bucket": [b.metadata for b in buckets]}, }}) + request.finish() return server.NOT_DONE_YET class BucketResource(Resource): @@ -165,7 +169,7 @@ class BucketResource(Resource): logging.debug("Creating bucket %s" % (self.name)) try: print 'user is %s' % request.context - except Exception, e: + except Exception as e: logging.exception(e) logging.debug("calling bucket.Bucket.create(%r, %r)" % (self.name, request.context)) bucket.Bucket.create(self.name, request.context) @@ -239,7 +243,7 @@ class ImageResource(Resource): """ returns a json listing of all images that a user has permissions to see """ - images = [i for i in image.Image.all() if i.is_authorized(self.context)] + images = [i for i in image.Image.all() if i.is_authorized(request.context)] request.write(json.dumps([i.metadata for i in images])) return server.NOT_DONE_YET -- cgit From 8625275e14d40dd82d19d2273e14f82334c6b5ac Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Mon, 19 Jul 2010 18:26:19 -0700 Subject: I put the call to request.finish() in the wrong place. :-( --- nova/objectstore/handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova') diff --git a/nova/objectstore/handler.py b/nova/objectstore/handler.py index e5c97c3bc..c670ee02f 100644 --- a/nova/objectstore/handler.py +++ b/nova/objectstore/handler.py @@ -134,7 +134,6 @@ class S3(Resource): render_xml(request, {"ListAllMyBucketsResult": { "Buckets": {"Bucket": [b.metadata for b in buckets]}, }}) - request.finish() return server.NOT_DONE_YET class BucketResource(Resource): @@ -246,6 +245,7 @@ class ImageResource(Resource): images = [i for i in image.Image.all() if i.is_authorized(request.context)] request.write(json.dumps([i.metadata for i in images])) + request.finish() return server.NOT_DONE_YET def render_PUT(self, request): -- cgit From fd25c2699867e16908aaadc3380236f84cc3cc5a Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Tue, 20 Jul 2010 17:05:02 -0500 Subject: remove spaces from export statements in scripts relating to certs --- nova/cloudpipe/bootscript.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova') diff --git a/nova/cloudpipe/bootscript.sh b/nova/cloudpipe/bootscript.sh index 43fc2ecab..82ec2012a 100755 --- a/nova/cloudpipe/bootscript.sh +++ b/nova/cloudpipe/bootscript.sh @@ -24,7 +24,7 @@ export VPN_IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 export BROADCAST=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{print $1}'` export DHCP_MASK=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{print $1}'` export GATEWAY=`netstat -r | grep default | cut -d' ' -f10` -export SUBJ=/C=US/ST=California/L=Mountain View/O=Anso Labs/OU=Nova Dev/CN=customer-vpn-$VPN_IP +export SUBJ="/C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=customer-vpn-$VPN_IP" DHCP_LOWER=`echo $BROADCAST | awk -F. '{print $1"."$2"."$3"." $4 - 10 }'` DHCP_UPPER=`echo $BROADCAST | awk -F. '{print $1"."$2"."$3"." $4 - 1 }'` -- cgit From 1b6efa80e19a60d71a762683fa1edee02645355c Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Tue, 20 Jul 2010 22:28:23 -0500 Subject: fix for describe addresses showing everyone's public ips --- nova/endpoint/cloud.py | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'nova') diff --git a/nova/endpoint/cloud.py b/nova/endpoint/cloud.py index 3b7b4804b..4fa9b5afd 100644 --- a/nova/endpoint/cloud.py +++ b/nova/endpoint/cloud.py @@ -453,21 +453,21 @@ class CloudController(object): def format_addresses(self, context): addresses = [] - # TODO(vish): move authorization checking into network.py for address in self.network.host_objs: - #logging.debug(address_record) - address_rv = { - 'public_ip': address['address'], - 'instance_id' : address.get('instance_id', 'free') - } - if context.user.is_admin(): - address_rv['instance_id'] = "%s (%s, %s)" % ( - address['instance_id'], - address['user_id'], - address['project_id'], - ) + # TODO(vish): implement a by_project iterator for addresses + if (context.user.is_admin() or + address['project_id'] == self.project.id): + address_rv = { + 'public_ip': address['address'], + 'instance_id' : address.get('instance_id', 'free') + } + if context.user.is_admin(): + address_rv['instance_id'] = "%s (%s, %s)" % ( + address['instance_id'], + address['user_id'], + address['project_id'], + ) addresses.append(address_rv) - # logging.debug(addresses) return {'addressesSet': addresses} @rbac.allow('netadmin') -- cgit From 302afc13da7a83dcdf8bde0d6370b675c9b14218 Mon Sep 17 00:00:00 2001 From: "jaypipes@gmail.com" <> Date: Wed, 21 Jul 2010 14:35:39 -0400 Subject: Fixes up Bucket to throw proper NotFound and NotEmpty exceptions in constructor and delete() method, and fixes up objectstore_unittest to properly use assertRaises() to check for proper exceptions and remove the assert_ calls. --- nova/exception.py | 3 +++ nova/objectstore/bucket.py | 4 ++-- nova/tests/objectstore_unittest.py | 35 ++++++++++++----------------------- 3 files changed, 17 insertions(+), 25 deletions(-) (limited to 'nova') diff --git a/nova/exception.py b/nova/exception.py index bda002d1e..2108123de 100644 --- a/nova/exception.py +++ b/nova/exception.py @@ -44,6 +44,9 @@ class Duplicate(Error): class NotAuthorized(Error): pass +class NotEmpty(Error): + pass + def wrap_exception(f): def _wrap(*args, **kw): try: diff --git a/nova/objectstore/bucket.py b/nova/objectstore/bucket.py index 090ef4e61..b42a96233 100644 --- a/nova/objectstore/bucket.py +++ b/nova/objectstore/bucket.py @@ -107,7 +107,7 @@ class Bucket(object): try: return context.user.is_admin() or self.owner_id == context.project.id except Exception, e: - pass + return False def list_keys(self, prefix='', marker=None, max_keys=1000, terse=False): object_names = [] @@ -161,7 +161,7 @@ class Bucket(object): def delete(self): if len(os.listdir(self.path)) > 0: - raise exception.NotAuthorized() + raise exception.NotEmpty() os.rmdir(self.path) os.remove(self.path+'.json') diff --git a/nova/tests/objectstore_unittest.py b/nova/tests/objectstore_unittest.py index f47ca7f00..c0b6e97a5 100644 --- a/nova/tests/objectstore_unittest.py +++ b/nova/tests/objectstore_unittest.py @@ -23,6 +23,7 @@ import os import shutil import tempfile +from nova.exception import NotEmpty, NotFound, NotAuthorized from nova import flags from nova import objectstore from nova import test @@ -96,49 +97,37 @@ class ObjectStoreTestCase(test.BaseTestCase): # another user is not authorized self.context.user = self.um.get_user('user2') self.context.project = self.um.get_project('proj2') - self.assert_(bucket.is_authorized(self.context) == False) + self.assertFalse(bucket.is_authorized(self.context)) # admin is authorized to use bucket self.context.user = self.um.get_user('admin_user') self.context.project = None - self.assert_(bucket.is_authorized(self.context)) + self.assertTrue(bucket.is_authorized(self.context)) # new buckets are empty - self.assert_(bucket.list_keys()['Contents'] == []) + self.assertTrue(bucket.list_keys()['Contents'] == []) # storing keys works bucket['foo'] = "bar" - self.assert_(len(bucket.list_keys()['Contents']) == 1) + self.assertEquals(len(bucket.list_keys()['Contents']), 1) - self.assert_(bucket['foo'].read() == 'bar') + self.assertEquals(bucket['foo'].read(), 'bar') # md5 of key works - self.assert_(bucket['foo'].md5 == hashlib.md5('bar').hexdigest()) - - # deleting non-empty bucket throws exception - exception = False - try: - bucket.delete() - except: - exception = True + self.assertEquals(bucket['foo'].md5, hashlib.md5('bar').hexdigest()) - self.assert_(exception) + # deleting non-empty bucket should throw a NotEmpty exception + self.assertRaises(NotEmpty, bucket.delete) # deleting key del bucket['foo'] - # deleting empty button + # deleting empty bucket bucket.delete() # accessing deleted bucket throws exception - exception = False - try: - objectstore.bucket.Bucket('new_bucket') - except: - exception = True - - self.assert_(exception) + self.assertRaises(NotFound, objectstore.bucket.Bucket, 'new_bucket') def test_images(self): self.context.user = self.um.get_user('user1') @@ -167,7 +156,7 @@ class ObjectStoreTestCase(test.BaseTestCase): # verify image permissions self.context.user = self.um.get_user('user2') self.context.project = self.um.get_project('proj2') - self.assert_(my_img.is_authorized(self.context) == False) + self.assertFalse(my_img.is_authorized(self.context)) # class ApiObjectStoreTestCase(test.BaseTestCase): # def setUp(self): -- cgit From 2c7e49ddeba2e9015c541712e5c52e0d902804b0 Mon Sep 17 00:00:00 2001 From: "jaypipes@gmail.com" <> Date: Wed, 21 Jul 2010 15:28:43 -0400 Subject: reorder import statement and remove commented-out test case that is the same as api_unittest in objectstore_unittest --- nova/tests/objectstore_unittest.py | 35 +---------------------------------- 1 file changed, 1 insertion(+), 34 deletions(-) (limited to 'nova') diff --git a/nova/tests/objectstore_unittest.py b/nova/tests/objectstore_unittest.py index c0b6e97a5..8ae1f6e78 100644 --- a/nova/tests/objectstore_unittest.py +++ b/nova/tests/objectstore_unittest.py @@ -23,11 +23,11 @@ import os import shutil import tempfile -from nova.exception import NotEmpty, NotFound, NotAuthorized from nova import flags from nova import objectstore from nova import test from nova.auth import users +from nova.exception import NotEmpty, NotFound, NotAuthorized FLAGS = flags.FLAGS @@ -157,36 +157,3 @@ class ObjectStoreTestCase(test.BaseTestCase): self.context.user = self.um.get_user('user2') self.context.project = self.um.get_project('proj2') self.assertFalse(my_img.is_authorized(self.context)) - -# class ApiObjectStoreTestCase(test.BaseTestCase): -# def setUp(self): -# super(ApiObjectStoreTestCase, self).setUp() -# FLAGS.fake_users = True -# FLAGS.buckets_path = os.path.join(tempdir, 'buckets') -# FLAGS.images_path = os.path.join(tempdir, 'images') -# FLAGS.ca_path = os.path.join(os.path.dirname(__file__), 'CA') -# -# self.users = users.UserManager.instance() -# self.app = handler.Application(self.users) -# -# self.host = '127.0.0.1' -# -# self.conn = boto.s3.connection.S3Connection( -# aws_access_key_id=user.access, -# aws_secret_access_key=user.secret, -# is_secure=False, -# calling_format=boto.s3.connection.OrdinaryCallingFormat(), -# port=FLAGS.s3_port, -# host=FLAGS.s3_host) -# -# self.mox.StubOutWithMock(self.ec2, 'new_http_connection') -# -# def tearDown(self): -# FLAGS.Reset() -# super(ApiObjectStoreTestCase, self).tearDown() -# -# def test_describe_instances(self): -# self.expect_http() -# self.mox.ReplayAll() -# -# self.assertEqual(self.ec2.get_all_instances(), []) -- cgit From 3142fec2c908689f02e4e24a5174a3dcf2260c4c Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Wed, 21 Jul 2010 18:20:04 -0700 Subject: Fixed bug 608505 - was freeing the wrong address (should have freed 'secondaddress', was freeing 'address') --- nova/tests/network_unittest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova') diff --git a/nova/tests/network_unittest.py b/nova/tests/network_unittest.py index f3a5868d1..a1d1789e2 100644 --- a/nova/tests/network_unittest.py +++ b/nova/tests/network_unittest.py @@ -137,7 +137,7 @@ class NetworkTestCase(test.TrialTestCase): self.dnsmasq.release_ip(mac3, address3, hostname, net.bridge_name) net = network.get_project_network("project0", "default") rv = network.deallocate_ip(secondaddress) - self.dnsmasq.release_ip(mac, address, hostname, net.bridge_name) + self.dnsmasq.release_ip(mac, secondaddress, hostname, net.bridge_name) def test_release_before_deallocate(self): pass -- cgit From a0c29a822aaed756728f2619e176d8c54bb1d4e9 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Fri, 23 Jul 2010 17:20:21 -0700 Subject: fixed bug where partition code was sometimes failing due to initial dd not being yielded properly --- nova/compute/disk.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nova') diff --git a/nova/compute/disk.py b/nova/compute/disk.py index 08a22556e..7e31498e5 100644 --- a/nova/compute/disk.py +++ b/nova/compute/disk.py @@ -64,8 +64,8 @@ def partition(infile, outfile, local_bytes=0, local_type='ext2', execute=None): last_sector = local_last # e # create an empty file - execute('dd if=/dev/zero of=%s count=1 seek=%d bs=%d' - % (outfile, last_sector, sector_size)) + yield execute('dd if=/dev/zero of=%s count=1 seek=%d bs=%d' + % (outfile, last_sector, sector_size)) # make mbr partition yield execute('parted --script %s mklabel msdos' % outfile) -- cgit From 87e27afec0c7b683ee35f842abdaccea954f2fba Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Sat, 24 Jul 2010 18:06:22 -0700 Subject: Updated sphinx layout to a two-dir layout like swift. Updated a doc string to get rid of a Sphinx warning. --- nova/compute/disk.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nova') diff --git a/nova/compute/disk.py b/nova/compute/disk.py index 08a22556e..5749d4c6a 100644 --- a/nova/compute/disk.py +++ b/nova/compute/disk.py @@ -40,7 +40,8 @@ def partition(infile, outfile, local_bytes=0, local_type='ext2', execute=None): formatted as ext2. In the diagram below, dashes represent drive sectors. - 0 a b c d e + +-----+------. . .-------+------. . .------+ + | 0 a| b c|d e| +-----+------. . .-------+------. . .------+ | mbr | primary partiton | local partition | +-----+------. . .-------+------. . .------+ -- cgit From fdea01a233e72551e750a5beaca0739ec8173ac3 Mon Sep 17 00:00:00 2001 From: Ewan Mellor Date: Sun, 25 Jul 2010 17:28:39 +0100 Subject: Set durable=False on TopicPublisher, so that it matches the flag on TopicConsumer. This ensures that either redeclaration of the control_exchange will use the same flag, and avoid AMQPChannelException. --- nova/rpc.py | 1 + 1 file changed, 1 insertion(+) (limited to 'nova') diff --git a/nova/rpc.py b/nova/rpc.py index ef463e84b..5a2f4b3ad 100644 --- a/nova/rpc.py +++ b/nova/rpc.py @@ -151,6 +151,7 @@ class TopicPublisher(Publisher): def __init__(self, connection=None, topic="broadcast"): self.routing_key = topic self.exchange = FLAGS.control_exchange + self.durable = False super(TopicPublisher, self).__init__(connection=connection) -- cgit From ad2250ac0080ca35b1fd2747e3f4d0ff07bc90be Mon Sep 17 00:00:00 2001 From: Ewan Mellor Date: Sun, 25 Jul 2010 17:40:41 +0100 Subject: Replace hardcoded "nova" with FLAGS.control_exchange. --- nova/rpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova') diff --git a/nova/rpc.py b/nova/rpc.py index ef463e84b..5610ea124 100644 --- a/nova/rpc.py +++ b/nova/rpc.py @@ -242,7 +242,7 @@ def send_message(topic, message, wait=True): consumer.register_callback(generic_response) publisher = messaging.Publisher(connection=Connection.instance(), - exchange="nova", + exchange=FLAGS.control_exchange, exchange_type="topic", routing_key=topic) publisher.send(message) -- cgit From a8c8aed28ce5d1d9eadcbecab03f6bc3bec8e622 Mon Sep 17 00:00:00 2001 From: Ewan Mellor Date: Sun, 25 Jul 2010 19:09:12 +0100 Subject: Fix references to get_argument, fixing internal error when calling euca-deregister. --- nova/objectstore/handler.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'nova') diff --git a/nova/objectstore/handler.py b/nova/objectstore/handler.py index c670ee02f..fd1ed848c 100644 --- a/nova/objectstore/handler.py +++ b/nova/objectstore/handler.py @@ -273,8 +273,8 @@ class ImageResource(Resource): def render_POST(self, request): """ update image attributes: public/private """ - image_id = self.get_argument('image_id', u'') - operation = self.get_argument('operation', u'') + image_id = get_argument(request, 'image_id', u'') + operation = get_argument(request, 'operation', u'') image_object = image.Image(image_id) @@ -287,7 +287,7 @@ class ImageResource(Resource): def render_DELETE(self, request): """ delete a registered image """ - image_id = self.get_argument("image_id", u"") + image_id = get_argument(request, "image_id", u"") image_object = image.Image(image_id) if not image.is_authorized(request.context): -- cgit From 0278767e0dc41444b889f904e6e49d26be5a54c4 Mon Sep 17 00:00:00 2001 From: Ewan Mellor Date: Sun, 25 Jul 2010 19:25:42 +0100 Subject: Fix references to image_object. This caused an internal error when using euca-deregister. --- nova/objectstore/handler.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'nova') diff --git a/nova/objectstore/handler.py b/nova/objectstore/handler.py index fd1ed848c..ae3ffa0eb 100644 --- a/nova/objectstore/handler.py +++ b/nova/objectstore/handler.py @@ -278,7 +278,7 @@ class ImageResource(Resource): image_object = image.Image(image_id) - if not image.is_authorized(request.context): + if not image_object.is_authorized(request.context): raise exception.NotAuthorized image_object.set_public(operation=='add') @@ -290,7 +290,7 @@ class ImageResource(Resource): image_id = get_argument(request, "image_id", u"") image_object = image.Image(image_id) - if not image.is_authorized(request.context): + if not image_object.is_authorized(request.context): raise exception.NotAuthorized image_object.delete() -- cgit