Beispiel #1
0
    def render_GET(self, request):
        "Returns the keys for the bucket resource" ""
        LOG.debug(_("List keys for bucket %s"), self.name)

        try:
            bucket_object = bucket.Bucket(self.name)
        except exception.NotFound:
            return error.NoResource(message="No such bucket").render(request)

        if not bucket_object.is_authorized(request.context):
            LOG.audit(_("Unauthorized attempt to access bucket %s"),
                      self.name,
                      context=request.context)
            raise exception.NotAuthorized()

        prefix = get_argument(request, "prefix", u"")
        marker = get_argument(request, "marker", u"")
        max_keys = int(get_argument(request, "max-keys", 1000))
        terse = int(get_argument(request, "terse", 0))

        results = bucket_object.list_keys(prefix=prefix,
                                          marker=marker,
                                          max_keys=max_keys,
                                          terse=terse)
        render_xml(request, {"ListBucketResult": results})
        return server.NOT_DONE_YET
Beispiel #2
0
    def render_PUT(self, request):  # pylint: disable=R0201
        """ create a new registered image """

        image_id = get_argument(request, 'image_id', u'')
        image_location = get_argument(request, 'image_location', u'')

        image_path = os.path.join(FLAGS.images_path, image_id)
        if ((not image_path.startswith(FLAGS.images_path))
                or os.path.exists(image_path)):
            LOG.audit(_("Not authorized to upload image: invalid directory "
                        "%s"),
                      image_path,
                      context=request.context)
            raise exception.NotAuthorized()

        bucket_object = bucket.Bucket(image_location.split("/")[0])

        if not bucket_object.is_authorized(request.context):
            LOG.audit(_("Not authorized to upload image: unauthorized "
                        "bucket %s"),
                      bucket_object.name,
                      context=request.context)
            raise exception.NotAuthorized()

        LOG.audit(_("Starting image upload: %s"),
                  image_id,
                  context=request.context)
        p = multiprocessing.Process(target=image.Image.register_aws_image,
                                    args=(image_id, image_location,
                                          request.context))
        p.start()
        return ''
Beispiel #3
0
 def getChild(self, name, request):
     """Returns the bucket resource itself, or the object resource
     the bucket contains if a name is supplied
     """
     if name == '':
         return self
     else:
         return ObjectResource(bucket.Bucket(self.name), name)
Beispiel #4
0
    def delete(self, bucket_name, object_name):
        logging.debug("Deleting object: %s / %s" % (bucket_name, object_name))
        bucket_object = bucket.Bucket(bucket_name)

        if not bucket_object.is_authorized(self.context):
            raise web.HTTPError(403)

        del bucket_object[urllib.unquote(object_name)]
        self.set_status(204)
        self.finish()
Beispiel #5
0
    def delete(self, bucket_name):
        logging.debug("Deleting bucket %s" % (bucket_name))
        bucket_object = bucket.Bucket(bucket_name)

        if not bucket_object.is_authorized(self.context):
            raise web.HTTPError(403)

        bucket_object.delete()
        self.set_status(204)
        self.finish()
Beispiel #6
0
    def put(self, bucket_name, object_name):
        logging.debug("Putting object: %s / %s" % (bucket_name, object_name))
        bucket_object = bucket.Bucket(bucket_name)

        if not bucket_object.is_authorized(self.context):
            raise web.HTTPError(403)

        key = urllib.unquote(object_name)
        bucket_object[key] = self.request.body
        self.set_header("Etag", '"' + bucket_object[key].md5 + '"')
        self.finish()
Beispiel #7
0
    def get(self, bucket_name, object_name):
        logging.debug("Getting object: %s / %s" % (bucket_name, object_name))

        bucket_object = bucket.Bucket(bucket_name)

        if not bucket_object.is_authorized(self.context):
            raise web.HTTPError(403)

        obj = bucket_object[urllib.unquote(object_name)]
        self.set_header("Content-Type", "application/unknown")
        self.set_header("Last-Modified", datetime.datetime.utcfromtimestamp(obj.mtime))
        self.set_header("Etag", '"' + obj.md5 + '"')
        self.finish(obj.read())
Beispiel #8
0
    def render_DELETE(self, request):
        """Deletes the bucket resource"""
        LOG.debug(_("Deleting bucket %s"), self.name)
        bucket_object = bucket.Bucket(self.name)

        if not bucket_object.is_authorized(request.context):
            LOG.audit(_("Unauthorized attempt to delete bucket %s"),
                      self.name,
                      context=request.context)
            raise exception.NotAuthorized()

        bucket_object.delete()
        request.setResponseCode(204)
        return ''
Beispiel #9
0
    def get(self, bucket_name):
        logging.debug("List keys for bucket %s" % (bucket_name))

        bucket_object = bucket.Bucket(bucket_name)

        if not bucket_object.is_authorized(self.context):
            raise web.HTTPError(403)

        prefix = self.get_argument("prefix", u"")
        marker = self.get_argument("marker", u"")
        max_keys = int(self.get_argument("max-keys", 1000))
        terse = int(self.get_argument("terse", 0))

        results = bucket_object.list_keys(prefix=prefix, marker=marker, max_keys=max_keys, terse=terse)
        self.render_xml({"ListBucketResult": results})
Beispiel #10
0
    def put(self):
        """ create a new registered image """

        image_id = self.get_argument('image_id', u'')
        image_location = self.get_argument('image_location', u'')

        image_path = os.path.join(FLAGS.images_path, image_id)
        if not image_path.startswith(FLAGS.images_path) or \
           os.path.exists(image_path):
            raise web.HTTPError(403)

        bucket_object = bucket.Bucket(image_location.split("/")[0])
        manifest = image_location[len(image_location.split('/')[0])+1:]

        if not bucket_object.is_authorized(self.context):
            raise web.HTTPError(403)

        p = multiprocessing.Process(target=image.Image.create,args=
            (image_id, image_location, self.context))
        p.start()
        self.finish()
Beispiel #11
0
    def register_aws_image(image_id, image_location, context):
        image_path = os.path.join(FLAGS.images_path, image_id)
        os.makedirs(image_path)

        bucket_name = image_location.split("/")[0]
        manifest_path = image_location[len(bucket_name) + 1:]
        bucket_object = bucket.Bucket(bucket_name)

        manifest = ElementTree.fromstring(bucket_object[manifest_path].read())
        image_type = 'machine'

        try:
            kernel_id = manifest.find("machine_configuration/kernel_id").text
            if kernel_id == 'true':
                image_type = 'kernel'
        except:
            kernel_id = None

        try:
            ramdisk_id = manifest.find("machine_configuration/ramdisk_id").text
            if ramdisk_id == 'true':
                image_type = 'ramdisk'
        except:
            ramdisk_id = None

        try:
            arch = manifest.find("machine_configuration/architecture").text
        except:
            arch = 'x86_64'

        info = {
            'imageId': image_id,
            'imageLocation': image_location,
            'imageOwnerId': context.project_id,
            'isPublic': False,  # FIXME: grab public from manifest
            'architecture': arch,
            'imageType': image_type
        }

        if kernel_id:
            info['kernelId'] = kernel_id

        if ramdisk_id:
            info['ramdiskId'] = ramdisk_id

        def write_state(state):
            info['imageState'] = state
            with open(os.path.join(image_path, 'info.json'), "w") as f:
                json.dump(info, f)

        write_state('pending')

        encrypted_filename = os.path.join(image_path, 'image.encrypted')
        with open(encrypted_filename, 'w') as f:
            for filename in manifest.find("image").getiterator("filename"):
                shutil.copyfileobj(bucket_object[filename.text].file, f)

        write_state('decrypting')

        # FIXME: grab kernelId and ramdiskId from bundle manifest
        hex_key = manifest.find("image/ec2_encrypted_key").text
        encrypted_key = binascii.a2b_hex(hex_key)
        hex_iv = manifest.find("image/ec2_encrypted_iv").text
        encrypted_iv = binascii.a2b_hex(hex_iv)
        cloud_private_key = os.path.join(FLAGS.ca_path, "private/cakey.pem")

        decrypted_filename = os.path.join(image_path, 'image.tar.gz')
        Image.decrypt_image(encrypted_filename, encrypted_key, encrypted_iv,
                            cloud_private_key, decrypted_filename)

        write_state('untarring')

        image_file = Image.untarzip_image(image_path, decrypted_filename)
        shutil.move(os.path.join(image_path, image_file),
                    os.path.join(image_path, 'image'))

        write_state('available')
        os.unlink(decrypted_filename)
        os.unlink(encrypted_filename)