def list_keys(owner):
"""List owner's keys
:param owner:
:return:
"""
keys = Key.objects(owner=owner, deleted=None)
clouds = Cloud.objects(owner=owner, deleted=None)
key_objects = []
# FIXME: This must be taken care of in Keys.as_dict
for key in keys:
key_object = {}
# FIXME: Need to optimize this! It's potentially invoked per ssh probe.
# Can't we expose associations directly from Machine.key_associations?
machines = Machine.objects(cloud__in=clouds,
key_associations__keypair__exact=key)
key_object["id"] = key.id
key_object['name'] = key.name
key_object['owned_by'] = key.owned_by.id if key.owned_by else ''
key_object['created_by'] = key.created_by.id if key.created_by else ''
key_object["isDefault"] = key.default
key_object["machines"] = transform_key_machine_associations(
machines, key)
key_object['tags'] = get_tags_for_resource(owner, key)
key_objects.append(key_object)
return key_objects
def disassociate_key(request):
"""
Disassociate a key from a machine
Disassociates a key from a machine. If host is set it will also attempt to
actually remove it from the machine.
READ permission required on cloud.
DISASSOCIATE_KEY permission required on machine.
---
key:
in: path
required: true
type: string
machine:
in: path
required: true
type: string
"""
key_id = request.matchdict['key']
cloud_id = request.matchdict.get('cloud')
auth_context = auth_context_from_request(request)
if cloud_id:
# this is depracated, keep it for backwards compatibility
machine_id = request.matchdict['machine']
try:
Cloud.objects.get(owner=auth_context.owner,
id=cloud_id,
deleted=None)
except Cloud.DoesNotExist:
raise NotFoundError('Cloud does not exist')
auth_context.check_perm("cloud", "read", cloud_id)
try:
machine = Machine.objects.get(cloud=cloud_id,
machine_id=machine_id,
state__ne='terminated')
except Machine.DoesNotExist:
raise NotFoundError("Machine %s doesn't exist" % machine_id)
else:
machine_uuid = request.matchdict['machine']
try:
machine = Machine.objects.get(id=machine_uuid,
state__ne='terminated')
except Machine.DoesNotExist:
raise NotFoundError("Machine %s doesn't exist" % machine_uuid)
cloud_id = machine.cloud.id
auth_context.check_perm("cloud", "read", cloud_id)
auth_context.check_perm("machine", "disassociate_key", machine.id)
key = Key.objects.get(owner=auth_context.owner, id=key_id, deleted=None)
key.ctl.disassociate(machine)
clouds = Cloud.objects(owner=auth_context.owner, deleted=None)
machines = Machine.objects(cloud__in=clouds,
key_associations__keypair__exact=key)
assoc_machines = transform_key_machine_associations(machines, key)
return assoc_machines
def add_key(request):
"""
Tags: keys
---
Adds key.
ADD permission required on key.
---
name:
description: The key's name
required: true
type: string
priv:
description: The private key
required: true
type: string
certificate:
description: The signed public key, when using signed ssh keys
type: string
"""
params = params_from_request(request)
key_name = params.pop('name', None)
private_key = params.get('priv', None)
certificate = params.get('certificate', None)
auth_context = auth_context_from_request(request)
key_tags = auth_context.check_perm("key", "add", None)
if not key_name:
raise BadRequestError("Key name is not provided")
if not private_key:
raise RequiredParameterMissingError("Private key is not provided")
if certificate:
key = SignedSSHKey.add(auth_context.owner, key_name, **params)
else:
key = SSHKey.add(auth_context.owner, key_name, **params)
# Set ownership.
key.assign_to(auth_context.user)
if key_tags:
add_tags_to_resource(auth_context.owner, key, key_tags.items())
# since its a new key machines fields should be an empty list
clouds = Cloud.objects(owner=auth_context.owner, deleted=None)
machines = Machine.objects(cloud__in=clouds,
key_associations__keypair__exact=key)
assoc_machines = transform_key_machine_associations(machines, key)
return {
'id': key.id,
'name': key.name,
'machines': assoc_machines,
'isDefault': key.default
}
def list_keys(owner):
"""List owner's keys
:param owner:
:return:
"""
keys = Key.objects(owner=owner, deleted=None)
clouds = Cloud.objects(owner=owner, deleted=None)
key_objects = []
# FIXME: This must be taken care of in Keys.as_dict
for key in keys:
key_object = {}
machines = Machine.objects(cloud__in=clouds,
key_associations__keypair__exact=key)
key_object["id"] = key.id
key_object['name'] = key.name
key_object["isDefault"] = key.default
key_object["machines"] = transform_key_machine_associations(
machines, key)
key_object['tags'] = get_tags_for_resource(owner, key)
key_objects.append(key_object)
return key_objects
def list_keys(owner):
"""List owner's keys
:param owner:
:return:
"""
keys = Key.objects(owner=owner, deleted=None)
key_objects = []
# FIXME: This must be taken care of in Keys.as_dict
for key in keys:
key_object = {}
key_object["id"] = key.id
key_object['name'] = key.name
key_object['owned_by'] = key.owned_by.id if key.owned_by else ''
key_object['created_by'] = key.created_by.id if key.created_by else ''
key_object["isDefault"] = key.default
key_associations = KeyMachineAssociation.objects(key=key)
key_object["machines"] = transform_key_machine_associations(
key_associations)
key_object['tags'] = get_tags_for_resource(owner, key)
key_objects.append(key_object)
return key_objects
def associate_key(request):
"""
Associate a key to a machine
Associates a key with a machine. If host is set it will also attempt to
actually deploy it to the machine. To do that it requires another key
(existing_key) that can connect to the machine.
READ permission required on cloud.
READ_PRIVATE permission required on key.
ASSOCIATE_KEY permission required on machine.
---
machine:
in: path
required: true
type: string
key:
in: path
required: true
type: string
port:
default: 22
type: integer
user:
description: The ssh user
type: string
"""
key_id = request.matchdict['key']
cloud_id = request.matchdict.get('cloud')
params = params_from_request(request)
ssh_user = params.get('user', None)
try:
ssh_port = int(request.json_body.get('port', 22))
except:
ssh_port = 22
auth_context = auth_context_from_request(request)
try:
key = Key.objects.get(owner=auth_context.owner,
id=key_id,
deleted=None)
except Key.DoesNotExist:
raise NotFoundError('Key id does not exist')
auth_context.check_perm('key', 'read_private', key.id)
if cloud_id:
# this is depracated, keep it for backwards compatibility
machine_id = request.matchdict['machine_uuid']
try:
Cloud.objects.get(owner=auth_context.owner,
id=cloud_id,
deleted=None)
except Cloud.DoesNotExist:
raise NotFoundError('Cloud does not exist')
auth_context.check_perm("cloud", "read", cloud_id)
try:
machine = Machine.objects.get(cloud=cloud_id,
machine_id=machine_id,
state__ne='terminated')
# used by logging_view_decorator
request.environ['machine_uuid'] = machine.id
except Machine.DoesNotExist:
raise NotFoundError("Machine %s doesn't exist" % machine_id)
else:
machine_uuid = request.matchdict['machine_uuid']
try:
machine = Machine.objects.get(id=machine_uuid,
state__ne='terminated')
# used by logging_view_decorator
request.environ['machine_id'] = machine.machine_id
request.environ['cloud_id'] = machine.cloud.id
except Machine.DoesNotExist:
raise NotFoundError("Machine %s doesn't exist" % machine_uuid)
cloud_id = machine.cloud.id
auth_context.check_perm("cloud", "read", cloud_id)
auth_context.check_perm("machine", "associate_key", machine.id)
key.ctl.associate(machine, username=ssh_user, port=ssh_port)
clouds = Cloud.objects(owner=auth_context.owner, deleted=None)
machines = Machine.objects(cloud__in=clouds,
key_associations__keypair__exact=key)
assoc_machines = transform_key_machine_associations(machines, key)
return assoc_machines