def test_images(self): self.um.create_user('image_creator') image_user = self.um.get_user('image_creator') # create a bucket for our bundle Bucket.create('image_bucket', image_user) bucket = Bucket('image_bucket') # upload an image manifest/parts bundle_path = os.path.join(os.path.dirname(__file__), 'bundle') for path in glob.glob(bundle_path + '/*'): bucket[os.path.basename(path)] = open(path, 'rb').read() # register an image Image.create('i-testing', 'image_bucket/1mb.manifest.xml', image_user) # verify image my_img = Image('i-testing') result_image_file = os.path.join(my_img.path, 'image') self.assertEqual(os.stat(result_image_file).st_size, 1048576) sha = hashlib.sha1(open(result_image_file).read()).hexdigest() self.assertEqual(sha, '3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3') # verify image permissions new_user = self.um.get_user('new_user') self.assert_(my_img.is_authorized(new_user) == False)
def delete(self, bucket_name, object_name): logging.debug("Deleting object: %s / %s" % (bucket_name, object_name)) bucket = Bucket(bucket_name) if not bucket.is_authorized(self.user): raise web.HTTPError(403) del bucket[urllib.unquote(object_name)] self.set_status(204) self.finish()
def delete(self, bucket_name): logging.debug("Deleting bucket %s" % (bucket_name)) bucket = Bucket(bucket_name) if not bucket.is_authorized(self.user): raise web.HTTPError(403) bucket.delete() self.set_status(204) self.finish()
def put(self, bucket_name, object_name): logging.debug("Putting object: %s / %s" % (bucket_name, object_name)) bucket = Bucket(bucket_name) if not bucket.is_authorized(self.user): raise web.HTTPError(403) key = urllib.unquote(object_name) bucket[key] = self.request.body self.set_header("Etag", '"' + bucket[key].md5 + '"') self.finish()
def get(self, bucket_name, object_name): logging.debug("Getting object: %s / %s" % (bucket_name, object_name)) bucket = Bucket(bucket_name) if not bucket.is_authorized(self.user): raise web.HTTPError(403) obj = bucket[urllib.unquote(object_name)] self.set_header("Content-Type", "application/unknown") self.set_header("Last-Modified", datetime.datetime.utcfromtimestamp(obj.mtime)) self.set_header("Etag", '"' + obj.md5 + '"') self.finish(obj.read())
def get(self, bucket_name): logging.debug("List keys for bucket %s" % (bucket_name)) bucket = Bucket(bucket_name) if not bucket.is_authorized(self.user): raise web.HTTPError(403) prefix = self.get_argument("prefix", u"") marker = self.get_argument("marker", u"") max_keys = int(self.get_argument("max-keys", 1000)) terse = int(self.get_argument("terse", 0)) results = bucket.list_keys(prefix=prefix, marker=marker, max_keys=max_keys, terse=terse) self.render_xml({"ListBucketResult": results})
def put(self): """ create a new registered image """ image_id = self.get_argument('image_id', u'') image_location = self.get_argument('image_location', u'') image_path = os.path.join(FLAGS.images_path, image_id) if not image_path.startswith(FLAGS.images_path) or \ os.path.exists(image_path): raise web.HTTPError(403) bucket = Bucket(image_location.split("/")[0]) manifest = image_location[len(image_location.split('/')[0])+1:] if not bucket.is_authorized(self.user): raise web.HTTPError(403) p = multiprocessing.Process(target=Image.create,args= (image_id, image_location, self.user)) p.start() self.finish()
def create(image_id, image_location, user): image_path = os.path.join(FLAGS.images_path, image_id) os.makedirs(image_path) bucket_name = image_location.split("/")[0] manifest_path = image_location[len(bucket_name) + 1:] bucket = Bucket(bucket_name) manifest = ElementTree.fromstring(bucket[manifest_path].read()) image_type = 'machine' try: kernel_id = manifest.find("machine_configuration/kernel_id").text if kernel_id == 'true': image_type = 'kernel' except: pass try: ramdisk_id = manifest.find("machine_configuration/ramdisk_id").text if ramdisk_id == 'true': image_type = 'ramdisk' except: pass info = { 'imageId': image_id, 'imageLocation': image_location, 'imageOwnerId': user.id, 'isPublic': False, # FIXME: grab public from manifest 'architecture': 'x86_64', # FIXME: grab architecture from manifest 'type': image_type } def write_state(state): info['imageState'] = state with open(os.path.join(image_path, 'info.json'), "w") as f: json.dump(info, f) write_state('pending') encrypted_file = tempfile.NamedTemporaryFile(delete=False) encrypted_key = manifest.find("image/ec2_encrypted_key").text encrypted_iv = manifest.find("image/ec2_encrypted_iv").text # FIXME: grab kernelId and ramdiskId from bundle manifest for filename in manifest.find("image").getiterator("filename"): shutil.copyfileobj(bucket[filename.text].file, encrypted_file) encrypted_file.close() write_state('decrypting') cloud_private_key = RSA.load_key( os.path.join(FLAGS.ca_path, "private/cakey.pem")) decrypted_filename = os.path.join(image_path, 'image.tar.gz') Image.decrypt_image(encrypted_file.name, encrypted_key, encrypted_iv, cloud_private_key, decrypted_filename) write_state('untarring') image_file = Image.untarzip_image(image_path, decrypted_filename) shutil.move(os.path.join(image_path, image_file), os.path.join(image_path, 'image')) write_state('available')
def put(self, bucket_name): logging.debug("Creating bucket %s" % (bucket_name)) Bucket.create(bucket_name, self.user) self.finish()
def get(self): buckets = [b for b in Bucket.all() if b.is_authorized(self.user)] self.render_xml({"ListAllMyBucketsResult": { "Buckets": {"Bucket": [b.metadata for b in buckets]}, }})
def test_buckets(self): self.um.create_user('user1') self.um.create_user('user2') self.um.create_user('admin_user', admin=True) Bucket.create('new_bucket', self.um.get_user('user1')) bucket = Bucket('new_bucket') # creator is authorized to use bucket self.assert_(bucket.is_authorized(self.um.get_user('user1'))) # another user is not authorized self.assert_(bucket.is_authorized(self.um.get_user('user2')) == False) # admin is authorized to use bucket self.assert_(bucket.is_authorized(self.um.get_user('admin_user'))) # new buckets are empty self.assert_(bucket.list_keys()['Contents'] == []) # storing keys works bucket['foo'] = "bar" self.assert_(len(bucket.list_keys()['Contents']) == 1) self.assert_(bucket['foo'].read() == 'bar') # md5 of key works self.assert_(bucket['foo'].md5 == hashlib.md5('bar').hexdigest()) # deleting non-empty bucket throws exception exception = False try: bucket.delete() except: exception = True self.assert_(exception) # deleting key del bucket['foo'] # deleting empty button bucket.delete() # accessing deleted bucket throws exception exception = False try: s3server.Bucket('new_bucket') except: exception = True self.assert_(exception)