Beispiel #1
0
    def from_arn(cls, arn):
        '''
        Return a new HeatIdentifier generated by parsing the supplied ARN.
        '''
        fields = arn.split(':')
        if len(fields) < 6 or fields[0].lower() != 'arn':
            raise ValueError(_('"%s" is not a valid ARN') % arn)

        id_fragment = ':'.join(fields[5:])
        path = cls.path_re.match(id_fragment)

        if fields[1] != 'openstack' or fields[2] != 'heat' or not path:
            raise ValueError(_('"%s" is not a valid Heat ARN') % arn)

        return cls(urlutils.unquote(fields[4]),
                   urlutils.unquote(path.group(1)),
                   urlutils.unquote(path.group(2)),
                   urlutils.unquote(path.group(3)))
Beispiel #2
0
    def from_arn(cls, arn):
        '''
        Return a new HeatIdentifier generated by parsing the supplied ARN.
        '''
        fields = arn.split(':')
        if len(fields) < 6 or fields[0].lower() != 'arn':
            raise ValueError(_('"%s" is not a valid ARN') % arn)

        id_fragment = ':'.join(fields[5:])
        path = cls.path_re.match(id_fragment)

        if fields[1] != 'openstack' or fields[2] != 'heat' or not path:
            raise ValueError(_('"%s" is not a valid Heat ARN') % arn)

        return cls(urlutils.unquote(fields[4]),
                   urlutils.unquote(path.group(1)),
                   urlutils.unquote(path.group(2)),
                   urlutils.unquote(path.group(3)))
Beispiel #3
0
    def _get_signed_url(self, signal_type=SIGNAL):
        """Create properly formatted and pre-signed URL.

        This uses the created user for the credentials.

        See boto/auth.py::QuerySignatureV2AuthHandler

        :param signal_type: either WAITCONDITION or SIGNAL.
        """
        try:
            stored = db_api.resource_data_get(self, 'ec2_signed_url')
        except exception.NotFound:
            stored = None
        if stored is not None:
            return stored

        try:
            access_key = db_api.resource_data_get(self, 'access_key')
            secret_key = db_api.resource_data_get(self, 'secret_key')
        except exception.NotFound:
            logger.warning(
                _('Cannot generate signed url, '
                  'no stored access/secret key'))
            return

        waitcond_url = cfg.CONF.heat_waitcondition_server_url
        signal_url = waitcond_url.replace('/waitcondition', signal_type)
        host_url = urlutils.urlparse(signal_url)

        path = self.identifier().arn_url_path()

        # Note the WSGI spec apparently means that the webob request we end up
        # prcessing in the CFN API (ec2token.py) has an unquoted path, so we
        # need to calculate the signature with the path component unquoted, but
        # ensure the actual URL contains the quoted version...
        unquoted_path = urlutils.unquote(host_url.path + path)
        request = {
            'host': host_url.netloc.lower(),
            'verb': SIGNAL_VERB[signal_type],
            'path': unquoted_path,
            'params': {
                'SignatureMethod': 'HmacSHA256',
                'SignatureVersion': '2',
                'AWSAccessKeyId': access_key,
                'Timestamp': self.created_time.strftime("%Y-%m-%dT%H:%M:%SZ")
            }
        }
        # Sign the request
        signer = ec2_utils.Ec2Signer(secret_key)
        request['params']['Signature'] = signer.generate(request)

        qs = urlutils.urlencode(request['params'])
        url = "%s%s?%s" % (signal_url.lower(), path, qs)

        db_api.resource_data_set(self, 'ec2_signed_url', url)
        return url
    def _get_signed_url(self, signal_type=SIGNAL):
        """Create properly formatted and pre-signed URL.

        This uses the created user for the credentials.

        See boto/auth.py::QuerySignatureV2AuthHandler

        :param signal_type: either WAITCONDITION or SIGNAL.
        """
        try:
            stored = db_api.resource_data_get(self, 'ec2_signed_url')
        except exception.NotFound:
            stored = None
        if stored is not None:
            return stored

        try:
            access_key = db_api.resource_data_get(self, 'access_key')
            secret_key = db_api.resource_data_get(self, 'secret_key')
        except exception.NotFound:
            logger.warning(_('Cannot generate signed url, '
                             'no stored access/secret key'))
            return

        waitcond_url = cfg.CONF.heat_waitcondition_server_url
        signal_url = waitcond_url.replace('/waitcondition', signal_type)
        host_url = urlutils.urlparse(signal_url)

        path = self.identifier().arn_url_path()

        # Note the WSGI spec apparently means that the webob request we end up
        # prcessing in the CFN API (ec2token.py) has an unquoted path, so we
        # need to calculate the signature with the path component unquoted, but
        # ensure the actual URL contains the quoted version...
        unquoted_path = urlutils.unquote(host_url.path + path)
        request = {'host': host_url.netloc.lower(),
                   'verb': SIGNAL_VERB[signal_type],
                   'path': unquoted_path,
                   'params': {'SignatureMethod': 'HmacSHA256',
                              'SignatureVersion': '2',
                              'AWSAccessKeyId': access_key,
                              'Timestamp':
                              self.created_time.strftime("%Y-%m-%dT%H:%M:%SZ")
                              }}
        # Sign the request
        signer = ec2_utils.Ec2Signer(secret_key)
        request['params']['Signature'] = signer.generate(request)

        qs = urlutils.urlencode(request['params'])
        url = "%s%s?%s" % (signal_url.lower(),
                           path, qs)

        db_api.resource_data_set(self, 'ec2_signed_url', url)
        return url
Beispiel #5
0
    def from_arn(cls, arn):
        """
        Return a new HeatIdentifier generated by parsing the supplied ARN.
        """
        fields = arn.split(":")
        if len(fields) < 6 or fields[0].lower() != "arn":
            raise ValueError(_('"%s" is not a valid ARN') % arn)

        id_fragment = ":".join(fields[5:])
        path = cls.path_re.match(id_fragment)

        if fields[1] != "openstack" or fields[2] != "heat" or not path:
            raise ValueError(_('"%s" is not a valid Heat ARN') % arn)

        return cls(
            urlutils.unquote(fields[4]),
            urlutils.unquote(path.group(1)),
            urlutils.unquote(path.group(2)),
            urlutils.unquote(path.group(3)),
        )
Beispiel #6
0
    def from_arn_url(cls, url):
        """
        Return a new HeatIdentifier generated by parsing the supplied URL
        The URL is expected to contain a valid arn as part of the path
        """
        # Sanity check the URL
        urlp = urlutils.urlparse(url)
        if urlp.scheme not in ("http", "https") or not urlp.netloc or not urlp.path:
            raise ValueError(_('"%s" is not a valid URL') % url)

        # Remove any query-string and extract the ARN
        arn_url_prefix = "/arn%3Aopenstack%3Aheat%3A%3A"
        match = re.search(arn_url_prefix, urlp.path, re.IGNORECASE)
        if match is None:
            raise ValueError(_('"%s" is not a valid ARN URL') % url)
        # the +1 is to skip the leading /
        url_arn = urlp.path[match.start() + 1 :]
        arn = urlutils.unquote(url_arn)
        return cls.from_arn(arn)
Beispiel #7
0
    def from_arn_url(cls, url):
        '''
        Return a new HeatIdentifier generated by parsing the supplied URL
        The URL is expected to contain a valid arn as part of the path
        '''
        # Sanity check the URL
        urlp = urlutils.urlparse(url)
        if (urlp.scheme not in ('http', 'https') or not urlp.netloc
                or not urlp.path):
            raise ValueError(_('"%s" is not a valid URL') % url)

        # Remove any query-string and extract the ARN
        arn_url_prefix = '/arn%3Aopenstack%3Aheat%3A%3A'
        match = re.search(arn_url_prefix, urlp.path, re.IGNORECASE)
        if match is None:
            raise ValueError(_('"%s" is not a valid ARN URL') % url)
        # the +1 is to skip the leading /
        url_arn = urlp.path[match.start() + 1:]
        arn = urlutils.unquote(url_arn)
        return cls.from_arn(arn)