def test_images(self):
self.um.create_user('image_creator')
image_user = self.um.get_user('image_creator')
# create a bucket for our bundle
Bucket.create('image_bucket', image_user)
bucket = Bucket('image_bucket')
# upload an image manifest/parts
bundle_path = os.path.join(os.path.dirname(__file__), 'bundle')
for path in glob.glob(bundle_path + '/*'):
bucket[os.path.basename(path)] = open(path, 'rb').read()
# register an image
Image.create('i-testing', 'image_bucket/1mb.manifest.xml', image_user)
# verify image
my_img = Image('i-testing')
result_image_file = os.path.join(my_img.path, 'image')
self.assertEqual(os.stat(result_image_file).st_size, 1048576)
sha = hashlib.sha1(open(result_image_file).read()).hexdigest()
self.assertEqual(sha, '3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3')
# verify image permissions
new_user = self.um.get_user('new_user')
self.assert_(my_img.is_authorized(new_user) == False)
def delete(self, bucket_name, object_name):
logging.debug("Deleting object: %s / %s" % (bucket_name, object_name))
bucket = Bucket(bucket_name)
if not bucket.is_authorized(self.user):
raise web.HTTPError(403)
del bucket[urllib.unquote(object_name)]
self.set_status(204)
self.finish()
def delete(self, bucket_name):
logging.debug("Deleting bucket %s" % (bucket_name))
bucket = Bucket(bucket_name)
if not bucket.is_authorized(self.user):
raise web.HTTPError(403)
bucket.delete()
self.set_status(204)
self.finish()
def put(self, bucket_name, object_name):
logging.debug("Putting object: %s / %s" % (bucket_name, object_name))
bucket = Bucket(bucket_name)
if not bucket.is_authorized(self.user):
raise web.HTTPError(403)
key = urllib.unquote(object_name)
bucket[key] = self.request.body
self.set_header("Etag", '"' + bucket[key].md5 + '"')
self.finish()
def get(self, bucket_name, object_name):
logging.debug("Getting object: %s / %s" % (bucket_name, object_name))
bucket = Bucket(bucket_name)
if not bucket.is_authorized(self.user):
raise web.HTTPError(403)
obj = bucket[urllib.unquote(object_name)]
self.set_header("Content-Type", "application/unknown")
self.set_header("Last-Modified", datetime.datetime.utcfromtimestamp(obj.mtime))
self.set_header("Etag", '"' + obj.md5 + '"')
self.finish(obj.read())
def get(self, bucket_name):
logging.debug("List keys for bucket %s" % (bucket_name))
bucket = Bucket(bucket_name)
if not bucket.is_authorized(self.user):
raise web.HTTPError(403)
prefix = self.get_argument("prefix", u"")
marker = self.get_argument("marker", u"")
max_keys = int(self.get_argument("max-keys", 1000))
terse = int(self.get_argument("terse", 0))
results = bucket.list_keys(prefix=prefix, marker=marker, max_keys=max_keys, terse=terse)
self.render_xml({"ListBucketResult": results})
def put(self):
""" create a new registered image """
image_id = self.get_argument('image_id', u'')
image_location = self.get_argument('image_location', u'')
image_path = os.path.join(FLAGS.images_path, image_id)
if not image_path.startswith(FLAGS.images_path) or \
os.path.exists(image_path):
raise web.HTTPError(403)
bucket = Bucket(image_location.split("/")[0])
manifest = image_location[len(image_location.split('/')[0])+1:]
if not bucket.is_authorized(self.user):
raise web.HTTPError(403)
p = multiprocessing.Process(target=Image.create,args=
(image_id, image_location, self.user))
p.start()
self.finish()
def create(image_id, image_location, user):
image_path = os.path.join(FLAGS.images_path, image_id)
os.makedirs(image_path)
bucket_name = image_location.split("/")[0]
manifest_path = image_location[len(bucket_name) + 1:]
bucket = Bucket(bucket_name)
manifest = ElementTree.fromstring(bucket[manifest_path].read())
image_type = 'machine'
try:
kernel_id = manifest.find("machine_configuration/kernel_id").text
if kernel_id == 'true':
image_type = 'kernel'
except:
pass
try:
ramdisk_id = manifest.find("machine_configuration/ramdisk_id").text
if ramdisk_id == 'true':
image_type = 'ramdisk'
except:
pass
info = {
'imageId': image_id,
'imageLocation': image_location,
'imageOwnerId': user.id,
'isPublic': False, # FIXME: grab public from manifest
'architecture': 'x86_64', # FIXME: grab architecture from manifest
'type': image_type
}
def write_state(state):
info['imageState'] = state
with open(os.path.join(image_path, 'info.json'), "w") as f:
json.dump(info, f)
write_state('pending')
encrypted_file = tempfile.NamedTemporaryFile(delete=False)
encrypted_key = manifest.find("image/ec2_encrypted_key").text
encrypted_iv = manifest.find("image/ec2_encrypted_iv").text
# FIXME: grab kernelId and ramdiskId from bundle manifest
for filename in manifest.find("image").getiterator("filename"):
shutil.copyfileobj(bucket[filename.text].file, encrypted_file)
encrypted_file.close()
write_state('decrypting')
cloud_private_key = RSA.load_key(
os.path.join(FLAGS.ca_path, "private/cakey.pem"))
decrypted_filename = os.path.join(image_path, 'image.tar.gz')
Image.decrypt_image(encrypted_file.name, encrypted_key, encrypted_iv,
cloud_private_key, decrypted_filename)
write_state('untarring')
image_file = Image.untarzip_image(image_path, decrypted_filename)
shutil.move(os.path.join(image_path, image_file),
os.path.join(image_path, 'image'))
write_state('available')
def put(self, bucket_name):
logging.debug("Creating bucket %s" % (bucket_name))
Bucket.create(bucket_name, self.user)
self.finish()
def get(self):
buckets = [b for b in Bucket.all() if b.is_authorized(self.user)]
self.render_xml({"ListAllMyBucketsResult": {
"Buckets": {"Bucket": [b.metadata for b in buckets]},
}})
def test_buckets(self):
self.um.create_user('user1')
self.um.create_user('user2')
self.um.create_user('admin_user', admin=True)
Bucket.create('new_bucket', self.um.get_user('user1'))
bucket = Bucket('new_bucket')
# creator is authorized to use bucket
self.assert_(bucket.is_authorized(self.um.get_user('user1')))
# another user is not authorized
self.assert_(bucket.is_authorized(self.um.get_user('user2')) == False)
# admin is authorized to use bucket
self.assert_(bucket.is_authorized(self.um.get_user('admin_user')))
# new buckets are empty
self.assert_(bucket.list_keys()['Contents'] == [])
# storing keys works
bucket['foo'] = "bar"
self.assert_(len(bucket.list_keys()['Contents']) == 1)
self.assert_(bucket['foo'].read() == 'bar')
# md5 of key works
self.assert_(bucket['foo'].md5 == hashlib.md5('bar').hexdigest())
# deleting non-empty bucket throws exception
exception = False
try:
bucket.delete()
except:
exception = True
self.assert_(exception)
# deleting key
del bucket['foo']
# deleting empty button
bucket.delete()
# accessing deleted bucket throws exception
exception = False
try:
s3server.Bucket('new_bucket')
except:
exception = True
self.assert_(exception)
