def test_handle(self):
stack_id = 'STACKABCD1234'
stack_name = 'test_stack2'
created_time = datetime.datetime(2012, 11, 29, 13, 49, 37)
self.stack = self.create_stack(stack_id=stack_id,
stack_name=stack_name)
rsrc = self.stack.resources['WaitHandle']
# clear the url
db_api.resource_data_set(rsrc, 'ec2_signed_url', None, False)
rsrc.created_time = created_time
self.assertEqual(rsrc.state, (rsrc.CREATE, rsrc.COMPLETE))
expected_url = "".join([
'http://_testnoexisthost_:8000/v1/waitcondition/',
'arn%3Aopenstack%3Aheat%3A%3Atest_tenant%3Astacks%2F',
'test_stack2%2F', stack_id, '%2Fresources%2F', 'WaitHandle?',
'Timestamp=2012-11-29T13%3A49%3A37Z&',
'SignatureMethod=HmacSHA256&', 'AWSAccessKeyId=4567&',
'SignatureVersion=2&', 'Signature=',
'dGH5JuZW9mOQ%2Fs3aun7vm5ATj0YemC7C8zCHOeG6Fbs%3D'
])
self.assertEqual(unicode(expected_url), rsrc.FnGetRefId())
self.assertRaises(resource.UpdateReplace, rsrc.handle_update, {}, {},
{})
self.m.VerifyAll()
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
if self.MEMBERS in prop_diff:
members = set(prop_diff[self.MEMBERS])
rd_members = db_api.resource_data_get_all(self)
old_members = set(rd_members.keys())
client = self.neutron()
for member in old_members - members:
member_id = rd_members[member]
try:
client.delete_member(member_id)
except NeutronClientException as ex:
if ex.status_code != 404:
raise ex
db_api.resource_data_delete(self, member)
pool = self.properties[self.POOL_ID]
nova_client = self.nova()
protocol_port = self.properties[self.PROTOCOL_PORT]
for member in members - old_members:
address = nova_utils.server_to_ipaddress(nova_client, member)
lb_member = client.create_member({
'member': {
'pool_id': pool,
'address': address,
'protocol_port': protocol_port
}
})['member']
db_api.resource_data_set(self, member, lb_member['id'])
def test_handle(self):
stack_id = 'STACKABCD1234'
stack_name = 'test_stack2'
created_time = datetime.datetime(2012, 11, 29, 13, 49, 37)
self.stack = self.create_stack(stack_id=stack_id,
stack_name=stack_name)
rsrc = self.stack['WaitHandle']
# clear the url
db_api.resource_data_set(rsrc, 'ec2_signed_url', None, False)
rsrc.created_time = created_time
self.assertEqual(rsrc.state, (rsrc.CREATE, rsrc.COMPLETE))
expected_url = "".join([
'http://server.test:8000/v1/waitcondition/',
'arn%3Aopenstack%3Aheat%3A%3Atest_tenant%3Astacks%2F',
'test_stack2%2F', stack_id, '%2Fresources%2F',
'WaitHandle?',
'Timestamp=2012-11-29T13%3A49%3A37Z&',
'SignatureMethod=HmacSHA256&',
'AWSAccessKeyId=4567&',
'SignatureVersion=2&',
'Signature=',
'fHyt3XFnHq8%2FSwYaVcHdJka1hz6jdK5mHtgbo8OOKbQ%3D'])
self.assertEqual(unicode(expected_url), rsrc.FnGetRefId())
self.assertRaises(resource.UpdateReplace,
rsrc.handle_update, {}, {}, {})
self.m.VerifyAll()
def test_handle(self):
stack_id = 'STACKABCD1234'
stack_name = 'test_stack2'
created_time = datetime.datetime(2012, 11, 29, 13, 49, 37)
self.stack = self.create_stack(stack_id=stack_id,
stack_name=stack_name)
rsrc = self.stack['WaitHandle']
# clear the url
db_api.resource_data_set(rsrc, 'ec2_signed_url', None, False)
rsrc.created_time = created_time
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
expected_url = "".join([
'http://server.test:8000/v1/waitcondition/',
'arn%3Aopenstack%3Aheat%3A%3Atest_tenant%3Astacks%2F',
'test_stack2%2F', stack_id, '%2Fresources%2F', 'WaitHandle?',
'Timestamp=2012-11-29T13%3A49%3A37Z&',
'SignatureMethod=HmacSHA256&', 'AWSAccessKeyId=4567&',
'SignatureVersion=2&', 'Signature=',
'fHyt3XFnHq8%2FSwYaVcHdJka1hz6jdK5mHtgbo8OOKbQ%3D'
])
self.assertEqual(unicode(expected_url), rsrc.FnGetRefId())
self.assertRaises(resource.UpdateReplace, rsrc.handle_update, {}, {},
{})
self.m.VerifyAll()
def test_handle(self):
stack_id = "STACKABCD1234"
stack_name = "test_stack2"
created_time = datetime.datetime(2012, 11, 29, 13, 49, 37)
self.stack = self.create_stack(stack_id=stack_id, stack_name=stack_name)
rsrc = self.stack["WaitHandle"]
# clear the url
db_api.resource_data_set(rsrc, "ec2_signed_url", None, False)
rsrc.created_time = created_time
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
expected_url = "".join(
[
"http://server.test:8000/v1/waitcondition/",
"arn%3Aopenstack%3Aheat%3A%3Atest_tenant%3Astacks%2F",
"test_stack2%2F",
stack_id,
"%2Fresources%2F",
"WaitHandle?",
"Timestamp=2012-11-29T13%3A49%3A37Z&",
"SignatureMethod=HmacSHA256&",
"AWSAccessKeyId=4567&",
"SignatureVersion=2&",
"Signature=",
"fHyt3XFnHq8%2FSwYaVcHdJka1hz6jdK5mHtgbo8OOKbQ%3D",
]
)
self.assertEqual(unicode(expected_url), rsrc.FnGetRefId())
self.assertRaises(resource.UpdateReplace, rsrc.handle_update, {}, {}, {})
self.m.VerifyAll()
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
if self.MEMBERS in prop_diff:
members = set(prop_diff[self.MEMBERS])
rd_members = db_api.resource_data_get_all(self)
old_members = set(rd_members.keys())
client = self.neutron()
for member in old_members - members:
member_id = rd_members[member]
try:
client.delete_member(member_id)
except NeutronClientException as ex:
if ex.status_code != 404:
raise ex
db_api.resource_data_delete(self, member)
pool = self.properties[self.POOL_ID]
nova_client = self.nova()
protocol_port = self.properties[self.PROTOCOL_PORT]
for member in members - old_members:
address = nova_utils.server_to_ipaddress(nova_client, member)
lb_member = client.create_member({
'member': {
'pool_id': pool,
'address': address,
'protocol_port': protocol_port}})['member']
db_api.resource_data_set(self, member, lb_member['id'])
def password(self, password):
try:
if password is None:
db_api.resource_data_delete(self, 'password')
else:
db_api.resource_data_set(self, 'password', password, True)
except exception.NotFound:
pass
def password(self, password):
try:
if password is None:
db_api.resource_data_delete(self, 'password')
else:
db_api.resource_data_set(self, 'password', password, True)
except exception.NotFound:
pass
def handle_create(self):
pub_key = self.properties[self.PUBLIC_KEY] or None
new_keypair = self.nova().keypairs.create(self.properties[self.NAME],
public_key=pub_key)
if (self.properties[self.SAVE_PRIVATE_KEY]
and hasattr(new_keypair, 'private_key')):
db_api.resource_data_set(self, 'private_key',
new_keypair.private_key, True)
self.resource_id_set(new_keypair.id)
def _get_signed_url(self, signal_type=SIGNAL):
"""Create properly formatted and pre-signed URL.
This uses the created user for the credentials.
See boto/auth.py::QuerySignatureV2AuthHandler
:param signal_type: either WAITCONDITION or SIGNAL.
"""
try:
stored = db_api.resource_data_get(self, 'ec2_signed_url')
except exception.NotFound:
stored = None
if stored is not None:
return stored
try:
access_key = db_api.resource_data_get(self, 'access_key')
secret_key = db_api.resource_data_get(self, 'secret_key')
except exception.NotFound:
logger.warning(
_('Cannot generate signed url, '
'no stored access/secret key'))
return
waitcond_url = cfg.CONF.heat_waitcondition_server_url
signal_url = waitcond_url.replace('/waitcondition', signal_type)
host_url = urlutils.urlparse(signal_url)
path = self.identifier().arn_url_path()
# Note the WSGI spec apparently means that the webob request we end up
# prcessing in the CFN API (ec2token.py) has an unquoted path, so we
# need to calculate the signature with the path component unquoted, but
# ensure the actual URL contains the quoted version...
unquoted_path = urlutils.unquote(host_url.path + path)
request = {
'host': host_url.netloc.lower(),
'verb': SIGNAL_VERB[signal_type],
'path': unquoted_path,
'params': {
'SignatureMethod': 'HmacSHA256',
'SignatureVersion': '2',
'AWSAccessKeyId': access_key,
'Timestamp': self.created_time.strftime("%Y-%m-%dT%H:%M:%SZ")
}
}
# Sign the request
signer = ec2_utils.Ec2Signer(secret_key)
request['params']['Signature'] = signer.generate(request)
qs = urlutils.urlencode(request['params'])
url = "%s%s?%s" % (signal_url.lower(), path, qs)
db_api.resource_data_set(self, 'ec2_signed_url', url)
return url
def handle_create(self):
pub_key = self.properties[self.PUBLIC_KEY] or None
new_keypair = self.nova().keypairs.create(self.properties[self.NAME],
public_key=pub_key)
if (self.properties[self.SAVE_PRIVATE_KEY] and
hasattr(new_keypair, 'private_key')):
db_api.resource_data_set(self, 'private_key',
new_keypair.private_key,
True)
self.resource_id_set(new_keypair.id)
def handle_create(self):
pub_key = self.properties['public_key'] or None
new_keypair = self.nova().keypairs.create(self.properties['name'],
public_key=pub_key)
if (self.properties['save_private_key'] and
hasattr(new_keypair, 'private_key')):
db_api.resource_data_set(self, 'private_key',
new_keypair.private_key,
True)
self.resource_id_set(new_keypair.id)
def _get_user_id(self):
try:
return db_api.resource_data_get(self, 'user_id')
except exception.NotFound:
# Assume this is a resource that was created with
# a previous version of heat and that the resource_id
# is the user_id
if self.resource_id:
db_api.resource_data_set(self, 'user_id', self.resource_id)
return self.resource_id
def _get_user_id(self):
try:
return db_api.resource_data_get(self, 'user_id')
except exception.NotFound:
# Assume this is a resource that was created with
# a previous version of heat and that the resource_id
# is the user_id
if self.resource_id:
db_api.resource_data_set(self, 'user_id', self.resource_id)
return self.resource_id
def _get_signed_url(self, signal_type=SIGNAL):
"""Create properly formatted and pre-signed URL.
This uses the created user for the credentials.
See boto/auth.py::QuerySignatureV2AuthHandler
:param signal_type: either WAITCONDITION or SIGNAL.
"""
try:
stored = db_api.resource_data_get(self, 'ec2_signed_url')
except exception.NotFound:
stored = None
if stored is not None:
return stored
try:
access_key = db_api.resource_data_get(self, 'access_key')
secret_key = db_api.resource_data_get(self, 'secret_key')
except exception.NotFound:
logger.warning(_('Cannot generate signed url, '
'no stored access/secret key'))
return
waitcond_url = cfg.CONF.heat_waitcondition_server_url
signal_url = waitcond_url.replace('/waitcondition', signal_type)
host_url = urlutils.urlparse(signal_url)
path = self.identifier().arn_url_path()
# Note the WSGI spec apparently means that the webob request we end up
# prcessing in the CFN API (ec2token.py) has an unquoted path, so we
# need to calculate the signature with the path component unquoted, but
# ensure the actual URL contains the quoted version...
unquoted_path = urlutils.unquote(host_url.path + path)
request = {'host': host_url.netloc.lower(),
'verb': SIGNAL_VERB[signal_type],
'path': unquoted_path,
'params': {'SignatureMethod': 'HmacSHA256',
'SignatureVersion': '2',
'AWSAccessKeyId': access_key,
'Timestamp':
self.created_time.strftime("%Y-%m-%dT%H:%M:%SZ")
}}
# Sign the request
signer = ec2_utils.Ec2Signer(secret_key)
request['params']['Signature'] = signer.generate(request)
qs = urlutils.urlencode(request['params'])
url = "%s%s?%s" % (signal_url.lower(),
path, qs)
db_api.resource_data_set(self, 'ec2_signed_url', url)
return url
def _get_user_id(self):
try:
return db_api.resource_data_get(self, 'user_id')
except exception.NotFound:
# FIXME(shardy): This is a legacy hack for backwards compatibility
# remove after an appropriate transitional period...
# Assume this is a resource that was created with
# a previous version of heat and that the resource_id
# is the user_id
if self.resource_id:
db_api.resource_data_set(self, 'user_id', self.resource_id)
return self.resource_id
def _get_user_id(self):
try:
return db_api.resource_data_get(self, 'user_id')
except exception.NotFound:
# FIXME(shardy): This is a legacy hack for backwards compatibility
# remove after an appropriate transitional period...
# Assume this is a resource that was created with
# a previous version of heat and that the resource_id
# is the user_id
if self.resource_id:
db_api.resource_data_set(self, 'user_id', self.resource_id)
return self.resource_id
def handle_create(self):
pool = self.properties[self.POOL_ID]
client = self.neutron()
nova_client = self.nova()
protocol_port = self.properties[self.PROTOCOL_PORT]
for member in self.properties.get(self.MEMBERS):
address = nova_utils.server_to_ipaddress(nova_client, member)
lb_member = client.create_member({
'member': {
'pool_id': pool,
'address': address,
'protocol_port': protocol_port}})['member']
db_api.resource_data_set(self, member, lb_member['id'])
def handle_create(self):
pool = self.properties[self.POOL_ID]
client = self.neutron()
nova_client = self.nova()
protocol_port = self.properties[self.PROTOCOL_PORT]
for member in self.properties.get(self.MEMBERS):
address = nova_utils.server_to_ipaddress(nova_client, member)
lb_member = client.create_member({
'member': {
'pool_id': pool,
'address': address,
'protocol_port': protocol_port}})['member']
db_api.resource_data_set(self, member, lb_member['id'])
def _create_user(self):
# Check for stack user project, create if not yet set
if not self.stack.stack_user_project_id:
project_id = self.keystone().create_stack_domain_project(
stack_name=self.stack.name)
self.stack.set_stack_user_project_id(project_id)
# Create a keystone user in the stack domain project
user_id = self.keystone().create_stack_domain_user(
username=self.physical_resource_name(),
password=self.password,
project_id=self.stack.stack_user_project_id)
# Store the ID in resource data, for compatibility with SignalResponder
db_api.resource_data_set(self, 'user_id', user_id)
def handle_create(self):
# Create a keystone user so we can create a signed URL via FnGetRefId
user_id = self.keystone().create_stack_user(
self.physical_resource_name())
self.resource_id_set(user_id)
kp = self.keystone().get_ec2_keypair(user_id)
if not kp:
raise exception.Error(_("Error creating ec2 keypair for user %s") %
user_id)
else:
db_api.resource_data_set(self, 'access_key', kp.access,
redact=True)
db_api.resource_data_set(self, 'secret_key', kp.secret,
redact=True)
def handle_create(self):
pool = self.properties['pool_id']
client = self.neutron()
nova_client = self.nova()
protocol_port = self.properties['protocol_port']
members = self.properties.get('members') or []
for member in members:
address = nova_utils.server_to_ipaddress(nova_client, member)
lb_member = client.create_member({
'member': {
'pool_id': pool,
'address': address,
'protocol_port': protocol_port}})['member']
db_api.resource_data_set(self, member, lb_member['id'])
def _create_user(self):
# Check for stack user project, create if not yet set
if not self.stack.stack_user_project_id:
project_id = self.keystone().create_stack_domain_project(
self.stack.id)
self.stack.set_stack_user_project_id(project_id)
# Create a keystone user in the stack domain project
user_id = self.keystone().create_stack_domain_user(
username=self.physical_resource_name(),
password=self.password,
project_id=self.stack.stack_user_project_id)
# Store the ID in resource data, for compatibility with SignalResponder
db_api.resource_data_set(self, 'user_id', user_id)
def handle_create(self):
user = self._get_user()
if user is None:
raise exception.NotFound(_('could not find user %s') %
self.properties[self.USER_NAME])
# The keypair is actually created and owned by the User resource
kp = user._create_keypair()
self.resource_id_set(kp.access)
self._secret = kp.secret
self._register_access_key()
# Store the secret key, encrypted, in the DB so we don't have lookup
# the user every time someone requests the SecretAccessKey attribute
db_api.resource_data_set(self, 'secret_key', kp.secret, redact=True)
db_api.resource_data_set(self, 'credential_id', kp.id, redact=True)
def handle_create(self):
user = self._get_user()
if user is None:
raise exception.NotFound(
_('could not find user %s') % self.properties[self.USER_NAME])
# The keypair is actually created and owned by the User resource
kp = user._create_keypair()
self.resource_id_set(kp.access)
self._secret = kp.secret
self._register_access_key()
# Store the secret key, encrypted, in the DB so we don't have lookup
# the user every time someone requests the SecretAccessKey attribute
db_api.resource_data_set(self, 'secret_key', kp.secret, redact=True)
db_api.resource_data_set(self, 'credential_id', kp.id, redact=True)
def handle_adopt(self, resource_data=None):
resource_id, data, metadata = self._get_resource_info(resource_data)
if not resource_id:
exc = Exception(_('Resource ID was not provided.'))
failure = exception.ResourceFailure(exc, self)
raise failure
# set resource id
self.resource_id_set(resource_id)
# save the resource data
if data and isinstance(data, dict):
for key, value in data.iteritems():
db_api.resource_data_set(self, key, value)
# save the resource metadata
self.metadata = metadata
def handle_adopt(self, resource_data=None):
resource_id, data, metadata = self._get_resource_info(resource_data)
if not resource_id:
exc = Exception(_('Resource ID was not provided.'))
failure = exception.ResourceFailure(exc, self)
raise failure
# set resource id
self.resource_id_set(resource_id)
# save the resource data
if data and isinstance(data, dict):
for key, value in data.iteritems():
db_api.resource_data_set(self, key, value)
# save the resource metadata
self.metadata = metadata
def set(cls, resource, key, value, *args, **kwargs):
db_data = db_api.resource_data_set(
resource,
key,
value,
*args,
**kwargs
)
return db_data
def set(cls, resource, key, value, *args, **kwargs):
db_data = db_api.resource_data_set(
resource,
key,
value,
*args,
**kwargs
)
return db_data
def test_delete_keypair_notfound(self):
rsrc = self._user_create(stack_name='user_testdel',
project_id='aprojectdel',
user_id='auserdel')
self.m.StubOutWithMock(fakes.FakeKeystoneClient,
'delete_stack_domain_user_keypair')
fakes.FakeKeystoneClient.delete_stack_domain_user_keypair(
user_id='auserdel', project_id='aprojectdel',
credential_id='acredential').AndReturn(None)
self.m.ReplayAll()
scheduler.TaskRunner(rsrc.create)()
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
db_api.resource_data_set(rsrc, 'credential_id', 'acredential')
rsrc._delete_keypair()
rs_data = db_api.resource_data_get_all(rsrc)
self.assertEqual({'user_id': 'auserdel'}, rs_data)
self.m.VerifyAll()
def test_delete_keypair_notfound(self):
rsrc = self._user_create(stack_name='user_testdel',
project_id='aprojectdel',
user_id='auserdel')
self.m.StubOutWithMock(fakes.FakeKeystoneClient,
'delete_stack_domain_user_keypair')
fakes.FakeKeystoneClient.delete_stack_domain_user_keypair(
user_id='auserdel', project_id='aprojectdel',
credential_id='acredential').AndReturn(None)
self.m.ReplayAll()
scheduler.TaskRunner(rsrc.create)()
self.assertEqual((rsrc.CREATE, rsrc.COMPLETE), rsrc.state)
db_api.resource_data_set(rsrc, 'credential_id', 'acredential')
rsrc._delete_keypair()
rs_data = db_api.resource_data_get_all(rsrc)
self.assertEqual({'user_id': 'auserdel'}, rs_data)
self.m.VerifyAll()
def _secret_accesskey(self):
'''
Return the user's access key, fetching it from keystone if necessary
'''
if self._secret is None:
if not self.resource_id:
logger.warn(
_('could not get secret for %(username)s '
'Error:%(msg)s') % {
'username': self.properties[self.USER_NAME],
'msg': "resource_id not yet set"
})
else:
# First try to retrieve the secret from resource_data, but
# for backwards compatibility, fall back to requesting from
# keystone
try:
self._secret = db_api.resource_data_get(self, 'secret_key')
except exception.NotFound:
try:
user_id = self._get_user().resource_id
kp = self.keystone().get_ec2_keypair(
user_id=user_id, access=self.resource_id)
self._secret = kp.secret
# Store the key in resource_data
db_api.resource_data_set(self,
'secret_key',
kp.secret,
redact=True)
# And the ID of the v3 credential
db_api.resource_data_set(self,
'credential_id',
kp.id,
redact=True)
except Exception as ex:
logger.warn(
_('could not get secret for %(username)s '
'Error:%(msg)s') % {
'username': self.properties[self.USER_NAME],
'msg': ex
})
return self._secret or '000-000-000'
def handle_create(self):
user = self._get_user()
if user is None:
raise exception.NotFound(
_('could not find user %s') % self.properties[self.USER_NAME])
kp = self.keystone().create_ec2_keypair(user.resource_id)
if not kp:
raise exception.Error(
_("Error creating ec2 keypair for user %s") % user)
self.resource_id_set(kp.access)
self._secret = kp.secret
self._register_access_key()
# Store the secret key, encrypted, in the DB so we don't have to
# re-request it from keystone every time someone requests the
# SecretAccessKey attribute
db_api.resource_data_set(self, 'secret_key', kp.secret, redact=True)
# Also store the credential ID as this should be used to manage
# the credential rather than the access key via v3/credentials
db_api.resource_data_set(self, 'credential_id', kp.id, redact=True)
def handle_create(self):
db_api.resource_data_set(self, "name", self.properties[self.NAME], redact=True)
logging.warning("ServiceInstanceAlarm handle_create called.")
si_obj = self.vnc_lib().service_instance_read(fq_name_str=self.properties[self.SERVICE_INSTANCE])
vm_alarms = []
for vms in si_obj.get_virtual_machine_back_refs() or []:
vm = self.nova().servers.get(vms["to"][0])
alarms = self.ceilometer().alarms.create(
name=vm.name + "-alarm",
meter_name=self.properties[self.METER_NAME],
threshold=self.properties[self.THRESHOLD],
comparison_operator=self.properties[self.COMPARISON_OPERATOR],
statistic=self.properties[self.STATISTICS],
period=self.properties[self.PERIOD],
evaluation_periods=self.properties[self.EVALUATION_PERIODS],
alarm_actions=self.properties[self.ALARM_ACTIONS],
ok_actions=self.properties[self.OK_ACTIONS],
matching_metadata={"resource_id": vms["to"][0]},
)
vm_alarms.append(alarms.alarm_id.encode())
vm_alarms = json.dumps(vm_alarms)
logging.warning("ServiceInstanceAlarm:handle_create vm_alarms: %s.", vm_alarms)
db_api.resource_data_set(self, "alarm_ids", vm_alarms, redact=True)
def _secret_accesskey(self):
'''
Return the user's access key, fetching it from keystone if necessary
'''
if self._secret is None:
if not self.resource_id:
logger.warn(_('could not get secret for %(username)s '
'Error:%(msg)s') % {
'username': self.properties[self.USER_NAME],
'msg': "resource_id not yet set"})
else:
# First try to retrieve the secret from resource_data, but
# for backwards compatibility, fall back to requesting from
# keystone
try:
self._secret = db_api.resource_data_get(self, 'secret_key')
except exception.NotFound:
try:
user_id = self._get_user().resource_id
kp = self.keystone().get_ec2_keypair(
user_id=user_id, access=self.resource_id)
self._secret = kp.secret
# Store the key in resource_data
db_api.resource_data_set(self, 'secret_key',
kp.secret, redact=True)
# And the ID of the v3 credential
db_api.resource_data_set(self, 'credential_id',
kp.id, redact=True)
except Exception as ex:
logger.warn(
_('could not get secret for %(username)s '
'Error:%(msg)s') % {
'username': self.properties[self.USER_NAME],
'msg': str(ex)})
return self._secret or '000-000-000'
def handle_create(self):
user = self._get_user()
if user is None:
raise exception.NotFound(_('could not find user %s') %
self.properties[self.USER_NAME])
kp = self.keystone().create_ec2_keypair(user.resource_id)
if not kp:
raise exception.Error(_("Error creating ec2 keypair for user %s") %
user)
self.resource_id_set(kp.access)
self._secret = kp.secret
self._register_access_key()
# Store the secret key, encrypted, in the DB so we don't have to
# re-request it from keystone every time someone requests the
# SecretAccessKey attribute
db_api.resource_data_set(self, 'secret_key', kp.secret,
redact=True)
# Also store the credential ID as this should be used to manage
# the credential rather than the access key via v3/credentials
db_api.resource_data_set(self, 'credential_id', kp.id,
redact=True)
def handle_create(self):
# Create a keystone user so we can create a signed URL via FnGetRefId
user_id = self.keystone().create_stack_user(
self.physical_resource_name())
db_api.resource_data_set(self, 'user_id', user_id)
kp = self.keystone().create_ec2_keypair(user_id)
if not kp:
raise exception.Error(_("Error creating ec2 keypair for user %s") %
user_id)
else:
db_api.resource_data_set(self, 'credential_id', kp.id,
redact=True)
db_api.resource_data_set(self, 'access_key', kp.access,
redact=True)
db_api.resource_data_set(self, 'secret_key', kp.secret,
redact=True)
def _create_keypair(self):
# Subclasses may optionally call this in handle_create to create
# an ec2 keypair associated with the user, the resulting keys are
# stored in resource_data
user_id = self._get_user_id()
kp = self.keystone().create_ec2_keypair(user_id)
if not kp:
raise exception.Error(_("Error creating ec2 keypair for user %s") %
user_id)
else:
db_api.resource_data_set(self, 'credential_id', kp.id,
redact=True)
db_api.resource_data_set(self, 'access_key', kp.access,
redact=True)
db_api.resource_data_set(self, 'secret_key', kp.secret,
redact=True)
def _create_keypair(self):
# Subclasses may optionally call this in handle_create to create
# an ec2 keypair associated with the user, the resulting keys are
# stored in resource_data
user_id = self._get_user_id()
kp = self.keystone().create_stack_domain_user_keypair(
user_id=user_id, project_id=self.stack.stack_user_project_id)
if not kp:
raise exception.Error(_("Error creating ec2 keypair for user %s") %
user_id)
else:
db_api.resource_data_set(self, 'credential_id', kp.id,
redact=True)
db_api.resource_data_set(self, 'access_key', kp.access,
redact=True)
db_api.resource_data_set(self, 'secret_key', kp.secret,
redact=True)
return kp
def handle_create(self):
length = self.properties.get(self.LENGTH)
sequence = self._sequences[self.properties.get(self.SEQUENCE)]
random_string = self._generate_random_string(sequence, length)
db_api.resource_data_set(self, 'value', random_string, redact=True)
self.resource_id_set(random_string)
def data_set(self, key, value, redact=False):
'''Save resource's key/value pair to database.'''
db_api.resource_data_set(self, key, value, redact)
# force fetch all resource data from the database again
self._data = None
def handle_create(self):
pub_key = self.properties["public_key"] or None
new_keypair = self.nova().keypairs.create(self.properties["name"], public_key=pub_key)
if self.properties["save_private_key"] and hasattr(new_keypair, "private_key"):
db_api.resource_data_set(self, "private_key", new_keypair.private_key, True)
self.resource_id_set(new_keypair.id)
def handle_create(self):
db_api.resource_data_set(self, "test", 'A secret value', True)
def handle_create(self):
length = self.properties.get(self.LENGTH)
sequence = self._sequences[self.properties.get(self.SEQUENCE)]
random_string = self._generate_random_string(sequence, length)
db_api.resource_data_set(self, 'value', random_string, redact=True)
def handle_create(self):
db_api.resource_data_set(self, "test", 'A secret value', True)
def _create_user(self):
user_id = self.keystone().create_stack_user(
self.physical_resource_name())
db_api.resource_data_set(self, 'user_id', user_id)
def data_set(self, key, value, redact=False):
'''Save resource's key/value pair to database.'''
db_api.resource_data_set(self, key, value, redact)
# force fetch all resource data from the database again
self._data = None
def _create_user(self):
user_id = self.keystone().create_stack_user(
self.physical_resource_name())
db_api.resource_data_set(self, 'user_id', user_id)
def handle_create(self):
dev = Device(host=self.properties[self.TARGET], user=self.properties[self.USER], password=self.properties[self.PASSWORD])
dev.open()
db_api.resource_data_set(self, 'hostname', dev.facts['hostname'], redact=True)
db_api.resource_data_set(self, 'model', dev.facts['model'], redact=True)
db_api.resource_data_set(self, 'serialnumber', dev.facts['serialnumber'], redact=True)
db_api.resource_data_set(self, 'HOME', dev.facts['HOME'], redact=True)
db_api.resource_data_set(self, 'reboot_reason', dev.facts['RE0']['last_reboot_reason'], redact=True)
db_api.resource_data_set(self, 'status', dev.facts['RE0']['status'], redact=True)
db_api.resource_data_set(self, 'up_time', dev.facts['RE0']['up_time'], redact=True)
db_api.resource_data_set(self, 'domain', dev.facts['domain'], redact=True)
db_api.resource_data_set(self, 'fqdn', dev.facts['fqdn'], redact=True)
db_api.resource_data_set(self, 'ifd_style', dev.facts['ifd_style'], redact=True)
db_api.resource_data_set(self, 'personality', dev.facts['personality'], redact=True)
db_api.resource_data_set(self, 'switch_style', dev.facts['switch_style'], redact=True)
db_api.resource_data_set(self, 'version', dev.facts['version'], redact=True)
dev.close()
def handle_create(self):
length = self.properties.get('length')
sequence = self._sequences[self.properties.get('sequence')]
random_string = self._generate_random_string(sequence, length)
db_api.resource_data_set(self, 'value', random_string, redact=True)
