def render_GET(self, request):
"Returns the keys for the bucket resource" ""
LOG.debug(_("List keys for bucket %s"), self.name)
try:
bucket_object = bucket.Bucket(self.name)
except exception.NotFound:
return error.NoResource(message="No such bucket").render(request)
if not bucket_object.is_authorized(request.context):
LOG.audit(_("Unauthorized attempt to access bucket %s"),
self.name,
context=request.context)
raise exception.NotAuthorized()
prefix = get_argument(request, "prefix", u"")
marker = get_argument(request, "marker", u"")
max_keys = int(get_argument(request, "max-keys", 1000))
terse = int(get_argument(request, "terse", 0))
results = bucket_object.list_keys(prefix=prefix,
marker=marker,
max_keys=max_keys,
terse=terse)
render_xml(request, {"ListBucketResult": results})
return server.NOT_DONE_YET
def render_PUT(self, request): # pylint: disable=R0201
""" create a new registered image """
image_id = get_argument(request, 'image_id', u'')
image_location = get_argument(request, 'image_location', u'')
image_path = os.path.join(FLAGS.images_path, image_id)
if ((not image_path.startswith(FLAGS.images_path))
or os.path.exists(image_path)):
LOG.audit(_("Not authorized to upload image: invalid directory "
"%s"),
image_path,
context=request.context)
raise exception.NotAuthorized()
bucket_object = bucket.Bucket(image_location.split("/")[0])
if not bucket_object.is_authorized(request.context):
LOG.audit(_("Not authorized to upload image: unauthorized "
"bucket %s"),
bucket_object.name,
context=request.context)
raise exception.NotAuthorized()
LOG.audit(_("Starting image upload: %s"),
image_id,
context=request.context)
p = multiprocessing.Process(target=image.Image.register_aws_image,
args=(image_id, image_location,
request.context))
p.start()
return ''
def getChild(self, name, request):
"""Returns the bucket resource itself, or the object resource
the bucket contains if a name is supplied
"""
if name == '':
return self
else:
return ObjectResource(bucket.Bucket(self.name), name)
def delete(self, bucket_name, object_name):
logging.debug("Deleting object: %s / %s" % (bucket_name, object_name))
bucket_object = bucket.Bucket(bucket_name)
if not bucket_object.is_authorized(self.context):
raise web.HTTPError(403)
del bucket_object[urllib.unquote(object_name)]
self.set_status(204)
self.finish()
def delete(self, bucket_name):
logging.debug("Deleting bucket %s" % (bucket_name))
bucket_object = bucket.Bucket(bucket_name)
if not bucket_object.is_authorized(self.context):
raise web.HTTPError(403)
bucket_object.delete()
self.set_status(204)
self.finish()
def put(self, bucket_name, object_name):
logging.debug("Putting object: %s / %s" % (bucket_name, object_name))
bucket_object = bucket.Bucket(bucket_name)
if not bucket_object.is_authorized(self.context):
raise web.HTTPError(403)
key = urllib.unquote(object_name)
bucket_object[key] = self.request.body
self.set_header("Etag", '"' + bucket_object[key].md5 + '"')
self.finish()
def get(self, bucket_name, object_name):
logging.debug("Getting object: %s / %s" % (bucket_name, object_name))
bucket_object = bucket.Bucket(bucket_name)
if not bucket_object.is_authorized(self.context):
raise web.HTTPError(403)
obj = bucket_object[urllib.unquote(object_name)]
self.set_header("Content-Type", "application/unknown")
self.set_header("Last-Modified", datetime.datetime.utcfromtimestamp(obj.mtime))
self.set_header("Etag", '"' + obj.md5 + '"')
self.finish(obj.read())
def render_DELETE(self, request):
"""Deletes the bucket resource"""
LOG.debug(_("Deleting bucket %s"), self.name)
bucket_object = bucket.Bucket(self.name)
if not bucket_object.is_authorized(request.context):
LOG.audit(_("Unauthorized attempt to delete bucket %s"),
self.name,
context=request.context)
raise exception.NotAuthorized()
bucket_object.delete()
request.setResponseCode(204)
return ''
def get(self, bucket_name):
logging.debug("List keys for bucket %s" % (bucket_name))
bucket_object = bucket.Bucket(bucket_name)
if not bucket_object.is_authorized(self.context):
raise web.HTTPError(403)
prefix = self.get_argument("prefix", u"")
marker = self.get_argument("marker", u"")
max_keys = int(self.get_argument("max-keys", 1000))
terse = int(self.get_argument("terse", 0))
results = bucket_object.list_keys(prefix=prefix, marker=marker, max_keys=max_keys, terse=terse)
self.render_xml({"ListBucketResult": results})
def put(self):
""" create a new registered image """
image_id = self.get_argument('image_id', u'')
image_location = self.get_argument('image_location', u'')
image_path = os.path.join(FLAGS.images_path, image_id)
if not image_path.startswith(FLAGS.images_path) or \
os.path.exists(image_path):
raise web.HTTPError(403)
bucket_object = bucket.Bucket(image_location.split("/")[0])
manifest = image_location[len(image_location.split('/')[0])+1:]
if not bucket_object.is_authorized(self.context):
raise web.HTTPError(403)
p = multiprocessing.Process(target=image.Image.create,args=
(image_id, image_location, self.context))
p.start()
self.finish()
def register_aws_image(image_id, image_location, context):
image_path = os.path.join(FLAGS.images_path, image_id)
os.makedirs(image_path)
bucket_name = image_location.split("/")[0]
manifest_path = image_location[len(bucket_name) + 1:]
bucket_object = bucket.Bucket(bucket_name)
manifest = ElementTree.fromstring(bucket_object[manifest_path].read())
image_type = 'machine'
try:
kernel_id = manifest.find("machine_configuration/kernel_id").text
if kernel_id == 'true':
image_type = 'kernel'
except:
kernel_id = None
try:
ramdisk_id = manifest.find("machine_configuration/ramdisk_id").text
if ramdisk_id == 'true':
image_type = 'ramdisk'
except:
ramdisk_id = None
try:
arch = manifest.find("machine_configuration/architecture").text
except:
arch = 'x86_64'
info = {
'imageId': image_id,
'imageLocation': image_location,
'imageOwnerId': context.project_id,
'isPublic': False, # FIXME: grab public from manifest
'architecture': arch,
'imageType': image_type
}
if kernel_id:
info['kernelId'] = kernel_id
if ramdisk_id:
info['ramdiskId'] = ramdisk_id
def write_state(state):
info['imageState'] = state
with open(os.path.join(image_path, 'info.json'), "w") as f:
json.dump(info, f)
write_state('pending')
encrypted_filename = os.path.join(image_path, 'image.encrypted')
with open(encrypted_filename, 'w') as f:
for filename in manifest.find("image").getiterator("filename"):
shutil.copyfileobj(bucket_object[filename.text].file, f)
write_state('decrypting')
# FIXME: grab kernelId and ramdiskId from bundle manifest
hex_key = manifest.find("image/ec2_encrypted_key").text
encrypted_key = binascii.a2b_hex(hex_key)
hex_iv = manifest.find("image/ec2_encrypted_iv").text
encrypted_iv = binascii.a2b_hex(hex_iv)
cloud_private_key = os.path.join(FLAGS.ca_path, "private/cakey.pem")
decrypted_filename = os.path.join(image_path, 'image.tar.gz')
Image.decrypt_image(encrypted_filename, encrypted_key, encrypted_iv,
cloud_private_key, decrypted_filename)
write_state('untarring')
image_file = Image.untarzip_image(image_path, decrypted_filename)
shutil.move(os.path.join(image_path, image_file),
os.path.join(image_path, 'image'))
write_state('available')
os.unlink(decrypted_filename)
os.unlink(encrypted_filename)
