def render_GET(self, request): "Returns the keys for the bucket resource" "" LOG.debug(_("List keys for bucket %s"), self.name) try: bucket_object = bucket.Bucket(self.name) except exception.NotFound: return error.NoResource(message="No such bucket").render(request) if not bucket_object.is_authorized(request.context): LOG.audit(_("Unauthorized attempt to access bucket %s"), self.name, context=request.context) raise exception.NotAuthorized() prefix = get_argument(request, "prefix", u"") marker = get_argument(request, "marker", u"") max_keys = int(get_argument(request, "max-keys", 1000)) terse = int(get_argument(request, "terse", 0)) results = bucket_object.list_keys(prefix=prefix, marker=marker, max_keys=max_keys, terse=terse) render_xml(request, {"ListBucketResult": results}) return server.NOT_DONE_YET
def render_PUT(self, request): # pylint: disable=R0201 """ create a new registered image """ image_id = get_argument(request, 'image_id', u'') image_location = get_argument(request, 'image_location', u'') image_path = os.path.join(FLAGS.images_path, image_id) if ((not image_path.startswith(FLAGS.images_path)) or os.path.exists(image_path)): LOG.audit(_("Not authorized to upload image: invalid directory " "%s"), image_path, context=request.context) raise exception.NotAuthorized() bucket_object = bucket.Bucket(image_location.split("/")[0]) if not bucket_object.is_authorized(request.context): LOG.audit(_("Not authorized to upload image: unauthorized " "bucket %s"), bucket_object.name, context=request.context) raise exception.NotAuthorized() LOG.audit(_("Starting image upload: %s"), image_id, context=request.context) p = multiprocessing.Process(target=image.Image.register_aws_image, args=(image_id, image_location, request.context)) p.start() return ''
def getChild(self, name, request): """Returns the bucket resource itself, or the object resource the bucket contains if a name is supplied """ if name == '': return self else: return ObjectResource(bucket.Bucket(self.name), name)
def delete(self, bucket_name, object_name): logging.debug("Deleting object: %s / %s" % (bucket_name, object_name)) bucket_object = bucket.Bucket(bucket_name) if not bucket_object.is_authorized(self.context): raise web.HTTPError(403) del bucket_object[urllib.unquote(object_name)] self.set_status(204) self.finish()
def delete(self, bucket_name): logging.debug("Deleting bucket %s" % (bucket_name)) bucket_object = bucket.Bucket(bucket_name) if not bucket_object.is_authorized(self.context): raise web.HTTPError(403) bucket_object.delete() self.set_status(204) self.finish()
def put(self, bucket_name, object_name): logging.debug("Putting object: %s / %s" % (bucket_name, object_name)) bucket_object = bucket.Bucket(bucket_name) if not bucket_object.is_authorized(self.context): raise web.HTTPError(403) key = urllib.unquote(object_name) bucket_object[key] = self.request.body self.set_header("Etag", '"' + bucket_object[key].md5 + '"') self.finish()
def get(self, bucket_name, object_name): logging.debug("Getting object: %s / %s" % (bucket_name, object_name)) bucket_object = bucket.Bucket(bucket_name) if not bucket_object.is_authorized(self.context): raise web.HTTPError(403) obj = bucket_object[urllib.unquote(object_name)] self.set_header("Content-Type", "application/unknown") self.set_header("Last-Modified", datetime.datetime.utcfromtimestamp(obj.mtime)) self.set_header("Etag", '"' + obj.md5 + '"') self.finish(obj.read())
def render_DELETE(self, request): """Deletes the bucket resource""" LOG.debug(_("Deleting bucket %s"), self.name) bucket_object = bucket.Bucket(self.name) if not bucket_object.is_authorized(request.context): LOG.audit(_("Unauthorized attempt to delete bucket %s"), self.name, context=request.context) raise exception.NotAuthorized() bucket_object.delete() request.setResponseCode(204) return ''
def get(self, bucket_name): logging.debug("List keys for bucket %s" % (bucket_name)) bucket_object = bucket.Bucket(bucket_name) if not bucket_object.is_authorized(self.context): raise web.HTTPError(403) prefix = self.get_argument("prefix", u"") marker = self.get_argument("marker", u"") max_keys = int(self.get_argument("max-keys", 1000)) terse = int(self.get_argument("terse", 0)) results = bucket_object.list_keys(prefix=prefix, marker=marker, max_keys=max_keys, terse=terse) self.render_xml({"ListBucketResult": results})
def put(self): """ create a new registered image """ image_id = self.get_argument('image_id', u'') image_location = self.get_argument('image_location', u'') image_path = os.path.join(FLAGS.images_path, image_id) if not image_path.startswith(FLAGS.images_path) or \ os.path.exists(image_path): raise web.HTTPError(403) bucket_object = bucket.Bucket(image_location.split("/")[0]) manifest = image_location[len(image_location.split('/')[0])+1:] if not bucket_object.is_authorized(self.context): raise web.HTTPError(403) p = multiprocessing.Process(target=image.Image.create,args= (image_id, image_location, self.context)) p.start() self.finish()
def register_aws_image(image_id, image_location, context): image_path = os.path.join(FLAGS.images_path, image_id) os.makedirs(image_path) bucket_name = image_location.split("/")[0] manifest_path = image_location[len(bucket_name) + 1:] bucket_object = bucket.Bucket(bucket_name) manifest = ElementTree.fromstring(bucket_object[manifest_path].read()) image_type = 'machine' try: kernel_id = manifest.find("machine_configuration/kernel_id").text if kernel_id == 'true': image_type = 'kernel' except: kernel_id = None try: ramdisk_id = manifest.find("machine_configuration/ramdisk_id").text if ramdisk_id == 'true': image_type = 'ramdisk' except: ramdisk_id = None try: arch = manifest.find("machine_configuration/architecture").text except: arch = 'x86_64' info = { 'imageId': image_id, 'imageLocation': image_location, 'imageOwnerId': context.project_id, 'isPublic': False, # FIXME: grab public from manifest 'architecture': arch, 'imageType': image_type } if kernel_id: info['kernelId'] = kernel_id if ramdisk_id: info['ramdiskId'] = ramdisk_id def write_state(state): info['imageState'] = state with open(os.path.join(image_path, 'info.json'), "w") as f: json.dump(info, f) write_state('pending') encrypted_filename = os.path.join(image_path, 'image.encrypted') with open(encrypted_filename, 'w') as f: for filename in manifest.find("image").getiterator("filename"): shutil.copyfileobj(bucket_object[filename.text].file, f) write_state('decrypting') # FIXME: grab kernelId and ramdiskId from bundle manifest hex_key = manifest.find("image/ec2_encrypted_key").text encrypted_key = binascii.a2b_hex(hex_key) hex_iv = manifest.find("image/ec2_encrypted_iv").text encrypted_iv = binascii.a2b_hex(hex_iv) cloud_private_key = os.path.join(FLAGS.ca_path, "private/cakey.pem") decrypted_filename = os.path.join(image_path, 'image.tar.gz') Image.decrypt_image(encrypted_filename, encrypted_key, encrypted_iv, cloud_private_key, decrypted_filename) write_state('untarring') image_file = Image.untarzip_image(image_path, decrypted_filename) shutil.move(os.path.join(image_path, image_file), os.path.join(image_path, 'image')) write_state('available') os.unlink(decrypted_filename) os.unlink(encrypted_filename)