MAAS

Merge lp:~flacoste/maas/meta-publickeys into lp:~maas-committers/maas/trunk

meta-publickeys
Merge into trunk

Proposed by Francis J. Lacoste on 2012-03-24

Status:	Merged
Approved by:	Francis J. Lacoste on 2012-03-26
Approved revision:	no longer in the source branch.
Merged at revision:	355
Proposed branch:	lp:~flacoste/maas/meta-publickeys
Merge into:	lp:~maas-committers/maas/trunk
Diff against target:	520 lines (+272/-49) 10 files modified src/maasserver/middleware.py (+0/-1) src/maasserver/migrations/0003_rename_sshkeys.py (+149/-0) src/maasserver/models.py (+22/-6) src/maasserver/testing/factory.py (+16/-0) src/maasserver/tests/test_models.py (+21/-0) src/maasserver/tests/test_views.py (+0/-24) src/maasserver/urls.py (+0/-2) src/maasserver/views.py (+0/-8) src/metadataserver/api.py (+29/-7) src/metadataserver/tests/test_api.py (+35/-1)
To merge this branch:	bzr merge lp:~flacoste/maas/meta-publickeys
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jeroen T. Vermeulen (community)		2012-03-24	Approve on 2012-03-26
Review via email: mp+99147@code.launchpad.net

This proposal supersedes a proposal from 2012-03-19.

Commit message

Export public-keys attribute over the meta-data service.

Description of the change

This branch exports the user's registered SSH keys over the metadata service. cloud-init already supports getting the keys at that location in that format.

It also rename SSHKeys to SSHKey to be more in line with our naming conventions and remove the obsolete KeystoreView.

We are now only missing the UI to upload and delete keys on the user preferences page.

Revision history for this message

Jeroen T. Vermeulen (jtv) wrote on 2012-03-26:

Download full text (3.2 KiB)

The practice deleting and re-creating a table as a means of altering it scared me a little, but it appears to be safe: someone from the future migrating back to our current schema (and therefore, our current codebase as well) would not expect any ssh keys they still had to work. I do wonder if renaming the table & adding some columns wouldn't have been easier though!

On another sidenote, it's not just our naming convention to keep class name in the singular; it's long-standing practice in database design. It does occasionally lead to awkwardness, although it works pretty well overall.

258 === modified file 'src/maasserver/tests/test_models.py'
259 --- src/maasserver/tests/test_models.py 2012-03-22 15:10:57 +0000
260 +++ src/maasserver/tests/test_models.py 2012-03-24 01:25:23 +0000

269 @@ -490,6 +491,26 @@
270 self.assertTrue(set(SYSTEM_USERS).isdisjoint(usernames))
271
272
273 +class SSHKeyManager(TestCase):
274 + """Testing for the :class `SSHKeyManager` model manager."""
275 +
276 + def test_get_keys_for_user_no_keys(self):
277 + user = factory.make_user()
278 + keys = SSHKey.objects.get_keys_for_user(user)
279 + self.assertEquals([], list(keys))

There's a specialized assertion method that obviates the listification:

self.assertItemsEqual([], keys)

This says that [] and keys contain the same numbers of the same items, regardless of order.

281 + def test_get_keys_for_user_with_keys(self):
282 + user1 = factory.make_user_with_keys(n_keys=3, username='user1')
283 + # user2
284 + factory.make_user_with_keys(n_keys=2)
285 + keys = SSHKey.objects.get_keys_for_user(user1)
286 + self.assertEquals([
287 + 'ssh-rsa KEY user1-key-0',
288 + 'ssh-rsa KEY user1-key-1',
289 + 'ssh-rsa KEY user1-key-2',
290 + ], list(keys))

There's another specialized assertion method that obviates this listification:

self.assertSequenceEqual([…], keys)

This asserts that […] and keys contain the same items, in the same order.

I assume you asked yourself the two standard question when asserting sequence equality:

1. Is this ordering really guaranteed?

2. Is checking the ordering part of the purpose of this test?

382 === modified file 'src/metadataserver/api.py'
383 --- src/metadataserver/api.py 2012-03-21 05:56:36 +0000
384 +++ src/metadataserver/api.py 2012-03-24 01:25:23 +0000

425 @@ -142,6 +150,13 @@
426 """Produce instance-id attribute."""
427 return make_text_response(node.system_id)
428
429 + def public_keys(self, node, version, item):
430 + """ Produce public-keys attribute."""
431 + keys = SSHKey.objects.get_keys_for_user(user=node.owner)
432 + if not keys:
433 + raise Http404
434 + return make_list_response(keys)

Is 404 really the right response here? Or is it acceptable for a user to have zero public keys?

If you do want to stick with 404, then I think that:

1. You should probably raise MAASAPINotFound rather than Http404.

2. Unless it's practically unthinkable for this to happen, if the user has no keys registered, the “parent” page /metadata/<ve...

The practice deleting and re-creating a table as a means of altering it scared me a little, but it appears to be safe: someone from the future migrating back to our current schema (and therefore, our current codebase as well) would not expect any ssh keys they still had to work.  I do wonder if renaming the table & adding some columns wouldn't have been easier though!

On another sidenote, it's not just our naming convention to keep class name in the singular; it's long-standing practice in database design.  It does occasionally lead to awkwardness, although it works pretty well overall.

258	=== modified file 'src/maasserver/tests/test_models.py'
259	--- src/maasserver/tests/test_models.py	2012-03-22 15:10:57 +0000
260	+++ src/maasserver/tests/test_models.py	2012-03-24 01:25:23 +0000

269	@@ -490,6 +491,26 @@
270	         self.assertTrue(set(SYSTEM_USERS).isdisjoint(usernames))
271	 
272	 
273	+class SSHKeyManager(TestCase):
274	+    """Testing for the :class `SSHKeyManager` model manager."""
275	+
276	+    def test_get_keys_for_user_no_keys(self):
277	+        user = factory.make_user()
278	+        keys = SSHKey.objects.get_keys_for_user(user)
279	+        self.assertEquals([], list(keys))

There's a specialized assertion method that obviates the listification:

self.assertItemsEqual([], keys)

This says that [] and keys contain the same numbers of the same items, regardless of order.

281	+    def test_get_keys_for_user_with_keys(self):
282	+        user1 = factory.make_user_with_keys(n_keys=3, username='user1')
283	+        # user2
284	+        factory.make_user_with_keys(n_keys=2)
285	+        keys = SSHKey.objects.get_keys_for_user(user1)
286	+        self.assertEquals([
287	+            'ssh-rsa KEY user1-key-0',
288	+            'ssh-rsa KEY user1-key-1',
289	+            'ssh-rsa KEY user1-key-2',
290	+            ], list(keys))

There's another specialized assertion method that obviates this listification:

self.assertSequenceEqual([…], keys)

This asserts that […] and keys contain the same items, in the same order.

I assume you asked yourself the two standard question when asserting sequence equality:

1. Is this ordering really guaranteed?

2. Is checking the ordering part of the purpose of this test?

382	=== modified file 'src/metadataserver/api.py'
383	--- src/metadataserver/api.py	2012-03-21 05:56:36 +0000
384	+++ src/metadataserver/api.py	2012-03-24 01:25:23 +0000

425	@@ -142,6 +150,13 @@
426	         """Produce instance-id attribute."""
427	         return make_text_response(node.system_id)
428	 
429	+    def public_keys(self, node, version, item):
430	+        """ Produce public-keys attribute."""
431	+        keys = SSHKey.objects.get_keys_for_user(user=node.owner)
432	+        if not keys:
433	+            raise Http404
434	+        return make_list_response(keys)

Is 404 really the right response here?  Or is it acceptable for a user to have zero public keys?

If you do want to stick with 404, then I think that:

1. You should probably raise MAASAPINotFound rather than Http404.

2. Unless it's practically unthinkable for this to happen, if the user has no keys registered, the “parent” page /metadata/<version>/meta-data/ should not show public-keys as one of the available attributes.

Jeroen

review: Approve

Revision history for this message

Francis J. Lacoste (flacoste) wrote on 2012-03-26:

Thanks for the review Jeroen.

I've used the more appropriate asserts (thanks for pointing these out) and I've added code to filter out public-keys/ when it's going to raise a 404. It turns out that cloud-init relies on that behaviour.

Cheers

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andres Rodriguez

Blake Rouse

Brendan Donegan

Dave Walker

Deepa

Enrique Chirivella Pérez

Francis J. Lacoste

Fumihito YOSHIDA

MAAS Committers

Mike Pontillo

james beedy

 === modified file 'src/maasserver/middleware.py'
 --- src/maasserver/middleware.py	2012-03-23 11:09:54 +0000
 +++ src/maasserver/middleware.py	2012-03-26 21:06:20 +0000
@@ -74,7 +74,6 @@
              reverse('metadata'),
              # API calls are protected by piston.
              settings.API_URL_REGEXP,
--            r'^/accounts/[\w]+/sshkeys/$',
+             ]
          self.public_urls = re.compile("|".join(public_url_roots))
          self.login_url = reverse('login')
 === added file 'src/maasserver/migrations/0003_rename_sshkeys.py'
 --- src/maasserver/migrations/0003_rename_sshkeys.py	1970-01-01 00:00:00 +0000
 +++ src/maasserver/migrations/0003_rename_sshkeys.py	2012-03-26 21:06:20 +0000
@@ -0,0 +1,149 @@
++# encoding: utf-8
++import datetime
++from south.db import db
++from south.v2 import SchemaMigration
++from django.db import models
++
++class Migration(SchemaMigration):
++
++    def forwards(self, orm):
++
++        # Deleting model 'SSHKeys'
++        db.delete_table('maasserver_sshkeys')
++
++        # Adding model 'SSHKey'
++        db.create_table('maasserver_sshkey', (
++            ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
++            ('created', self.gf('django.db.models.fields.DateField')()),
++            ('updated', self.gf('django.db.models.fields.DateTimeField')()),
++            ('user', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.User'])),
++            ('key', self.gf('django.db.models.fields.TextField')()),
++        ))
++        db.send_create_signal('maasserver', ['SSHKey'])
++
++
++    def backwards(self, orm):
++
++        # Adding model 'SSHKeys'
++        db.create_table('maasserver_sshkeys', (
++            ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
++            ('key', self.gf('django.db.models.fields.TextField')()),
++            ('user', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['maasserver.UserProfile'])),
++        ))
++        db.send_create_signal('maasserver', ['SSHKeys'])
++
++        # Deleting model 'SSHKey'
++        db.delete_table('maasserver_sshkey')
++
++
++    models = {
++        'auth.group': {
++            'Meta': {'object_name': 'Group'},
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
++            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
++        },
++        'auth.permission': {
++            'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'},
++            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
++            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
++        },
++        'auth.user': {
++            'Meta': {'object_name': 'User'},
++            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
++            'email': ('django.db.models.fields.EmailField', [], {'unique': 'True', 'max_length': '75', 'blank': 'True'}),
++            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
++            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
++            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
++            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
++            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
++            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
++            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
++            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
++            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
++        },
++        'contenttypes.contenttype': {
++            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
++            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
++            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
++        },
++        'maasserver.config': {
++            'Meta': {'object_name': 'Config'},
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'name': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
++            'value': ('maasserver.fields.JSONObjectField', [], {'null': 'True'})
++        },
++        'maasserver.filestorage': {
++            'Meta': {'object_name': 'FileStorage'},
++            'data': ('django.db.models.fields.files.FileField', [], {'max_length': '255'}),
++            'filename': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '100'}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'})
++        },
++        'maasserver.macaddress': {
++            'Meta': {'object_name': 'MACAddress'},
++            'created': ('django.db.models.fields.DateField', [], {}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'mac_address': ('maasserver.fields.MACAddressField', [], {'unique': 'True'}),
++            'node': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['maasserver.Node']"}),
++            'updated': ('django.db.models.fields.DateTimeField', [], {})
++        },
++        'maasserver.node': {
++            'Meta': {'object_name': 'Node'},
++            'after_commissioning_action': ('django.db.models.fields.IntegerField', [], {'default': '0'}),
++            'architecture': ('django.db.models.fields.CharField', [], {'default': "u'i386'", 'max_length': '10'}),
++            'created': ('django.db.models.fields.DateField', [], {}),
++            'hostname': ('django.db.models.fields.CharField', [], {'default': "u''", 'max_length': '255', 'blank': 'True'}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'owner': ('django.db.models.fields.related.ForeignKey', [], {'default': 'None', 'to': "orm['auth.User']", 'null': 'True', 'blank': 'True'}),
++            'power_type': ('django.db.models.fields.CharField', [], {'default': "u''", 'max_length': '10', 'blank': 'True'}),
++            'status': ('django.db.models.fields.IntegerField', [], {'default': '4', 'max_length': '10'}),
++            'system_id': ('django.db.models.fields.CharField', [], {'default': "u'node-0af2184e-7549-11e1-b99b-00242bbb6876'", 'unique': 'True', 'max_length': '41'}),
++            'token': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['piston.Token']", 'null': 'True'}),
++            'updated': ('django.db.models.fields.DateTimeField', [], {})
++        },
++        'maasserver.sshkey': {
++            'Meta': {'object_name': 'SSHKey'},
++            'created': ('django.db.models.fields.DateField', [], {}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'key': ('django.db.models.fields.TextField', [], {}),
++            'updated': ('django.db.models.fields.DateTimeField', [], {}),
++            'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.User']"})
++        },
++        'maasserver.userprofile': {
++            'Meta': {'object_name': 'UserProfile'},
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'user': ('django.db.models.fields.related.OneToOneField', [], {'to': "orm['auth.User']", 'unique': 'True'})
++        },
++        'piston.consumer': {
++            'Meta': {'object_name': 'Consumer'},
++            'description': ('django.db.models.fields.TextField', [], {}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'key': ('django.db.models.fields.CharField', [], {'max_length': '18'}),
++            'name': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
++            'secret': ('django.db.models.fields.CharField', [], {'max_length': '32'}),
++            'status': ('django.db.models.fields.CharField', [], {'default': "'pending'", 'max_length': '16'}),
++            'user': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'consumers'", 'null': 'True', 'to': "orm['auth.User']"})
++        },
++        'piston.token': {
++            'Meta': {'object_name': 'Token'},
++            'callback': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}),
++            'callback_confirmed': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
++            'consumer': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['piston.Consumer']"}),
++            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
++            'is_approved': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
++            'key': ('django.db.models.fields.CharField', [], {'max_length': '18'}),
++            'secret': ('django.db.models.fields.CharField', [], {'max_length': '32'}),
++            'timestamp': ('django.db.models.fields.IntegerField', [], {'default': '1332549237L'}),
++            'token_type': ('django.db.models.fields.IntegerField', [], {}),
++            'user': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'tokens'", 'null': 'True', 'to': "orm['auth.User']"}),
++            'verifier': ('django.db.models.fields.CharField', [], {'max_length': '10'})
++        }
++    }
++
++    complete_apps = ['maasserver']
 === modified file 'src/maasserver/models.py'
 --- src/maasserver/models.py	2012-03-26 05:07:12 +0000
 +++ src/maasserver/models.py	2012-03-26 21:06:20 +0000
@@ -18,6 +18,7 @@
      "NODE_STATUS",
      "Node",
      "MACAddress",
++    "SSHKey",
      "UserProfile",
+     ]
@@ -645,15 +646,30 @@
  User._meta.get_field('email')._unique = True
--class SSHKeys(models.Model):
--    """A simple SSH public keystore that can be retrieved, a user
--       can have multiple keys.
++class SSHKeyManager(models.Manager):
++    """A utility to manage the colletion of `SSHKey`s."""
++
++    def get_keys_for_user(self, user):
++        """Return the text of the ssh keys associated with a user."""
++        return SSHKey.objects.filter(user=user).values_list('key', flat=True)
++
++
++class SSHKey(CommonInfo):
++    """A `SSHKey` represents a user public SSH key.
++
++    Users will be able to access `Node`s using any of their registered keys.
      :ivar user: The user which owns the key.
      :ivar key: The ssh public key.
      """
--    user = models.ForeignKey(UserProfile)
--    key = models.TextField()
++    class Meta:
++        verbose_name_plural = "SSH keys"
++
++    objects = SSHKeyManager()
++
++    user = models.ForeignKey(User, null=False, editable=False)
++
++    key = models.TextField(null=False, editable=True)
      def __unicode__(self):
          return self.key
@@ -919,7 +935,7 @@
  admin.site.register(FileStorage)
  admin.site.register(MACAddress)
  admin.site.register(Node)
--admin.site.register(SSHKeys)
++admin.site.register(SSHKey)
  class MAASAuthorizationBackend(ModelBackend):
 === modified file 'src/maasserver/testing/factory.py'
 --- src/maasserver/testing/factory.py	2012-03-22 11:56:17 +0000
 +++ src/maasserver/testing/factory.py	2012-03-26 21:06:20 +0000
@@ -24,6 +24,7 @@
      MACAddress,
      Node,
      NODE_STATUS,
++    SSHKey,
+     )
  from maasserver.testing.enum import map_enum
  import maastesting.factory
@@ -82,6 +83,21 @@
          return User.objects.create_user(
              username=username, password=password, email=email)
++    def make_user_with_keys(self, n_keys=2, **kwargs):
++        """Create a user with n `SSHKey`.
++
++        Additional keyword arguments are passed to `make_user()`.
++
++        Keys will have a comment of the form: <username>-key-<i> where i
++        is the key index.
++        """
++        user = self.make_user(**kwargs)
++        for i in range(n_keys):
++            SSHKey(
++                user=user,
++                key='ssh-rsa KEY %s-key-%d' % (user.username, i)).save()
++        return user
++
      def make_admin(self, username=None, password=None, email=None):
          admin = self.make_user(
              username=username, password=password, email=email)
 === modified file 'src/maasserver/tests/test_models.py'
 --- src/maasserver/tests/test_models.py	2012-03-26 05:07:12 +0000
 +++ src/maasserver/tests/test_models.py	2012-03-26 21:06:20 +0000
@@ -37,6 +37,7 @@
      Node,
      NODE_STATUS,
      NODE_STATUS_CHOICES_DICT,
++    SSHKey,
      SYSTEM_USERS,
      UserProfile,
+     )
@@ -489,6 +490,26 @@
          self.assertTrue(set(SYSTEM_USERS).isdisjoint(usernames))
++class SSHKeyManagerTest(TestCase):
++    """Testing for the :class `SSHKeyManager` model manager."""
++
++    def test_get_keys_for_user_no_keys(self):
++        user = factory.make_user()
++        keys = SSHKey.objects.get_keys_for_user(user)
++        self.assertItemsEqual([], keys)
++
++    def test_get_keys_for_user_with_keys(self):
++        user1 = factory.make_user_with_keys(n_keys=3, username='user1')
++        # user2
++        factory.make_user_with_keys(n_keys=2)
++        keys = SSHKey.objects.get_keys_for_user(user1)
++        self.assertItemsEqual([
++            'ssh-rsa KEY user1-key-0',
++            'ssh-rsa KEY user1-key-1',
++            'ssh-rsa KEY user1-key-2',
++            ], keys)
++
++
  class FileStorageTest(TestCase):
      """Testing of the :class:`FileStorage` model."""
 === modified file 'src/maasserver/tests/test_views.py'
 --- src/maasserver/tests/test_views.py	2012-03-23 05:02:31 +0000
 +++ src/maasserver/tests/test_views.py	2012-03-26 21:06:20 +0000
@@ -31,7 +31,6 @@
      Config,
      NODE_AFTER_COMMISSIONING_ACTION,
      POWER_TYPE_CHOICES,
--    SSHKeys,
      UserProfile,
+     )
  from maasserver.testing import reload_object
@@ -681,26 +680,3 @@
          content_text = doc.cssselect('#content')[0].text_content()
          self.assertIn(user.username, content_text)
          self.assertIn(user.email, content_text)
--
--
--class SSHKeyServerTest(TestCase):
--
--    def setUp(self):
--        super(SSHKeyServerTest, self).setUp()
--        self.user = factory.make_user()
--        self.sshkey = SSHKeys.objects.create(
--            user=self.user.get_profile(),
--            key=("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDmQLTto0BUB2+Ayj9rwuE",
--                 "iwd/IyY9YU7qUzqgJBqRp+3FDhZYQqI6aG9sLmPccP+gka1Ia5wlJODpXeu",
--                 "cQVqPsKW9Moj/XP1spIuYh6ZrhHElyPB7aPjqoTtpX1+lx6mJU=",
--                 "maas@example")
--            )
--
--    def test_get_user_sshkey(self):
--        response = self.client.get('/accounts/%s/sshkeys/' % self.user)
--        self.assertIn(str(self.sshkey.key), response.content)
--
--    def test_get_null_sshkey(self):
--        response = self.client.get('/accounts/nulluser/sshkeys/')
--        self.assertEqual(response.status_code, 200)
--        self.assertEqual('\n'.encode('utf-8'), response.content)
 === modified file 'src/maasserver/urls.py'
 --- src/maasserver/urls.py	2012-03-23 11:18:18 +0000
 +++ src/maasserver/urls.py	2012-03-26 21:06:20 +0000
@@ -32,7 +32,6 @@
      AccountsEdit,
      AccountsView,
      combo_view,
--    KeystoreView,
      login,
      logout,
      NodeEdit,
@@ -64,7 +63,6 @@
      url(
          r'^favicon\.ico$', redirect_to, {'url': '/static/img/favicon.ico'},
          name='favicon'),
--    url(r'^accounts/(?P<userid>\w+)/sshkeys/$', KeystoreView),
+ )
  # URLs for logged-in users.
 === modified file 'src/maasserver/views.py'
 --- src/maasserver/views.py	2012-03-23 11:18:18 +0000
 +++ src/maasserver/views.py	2012-03-26 21:06:20 +0000
@@ -71,7 +71,6 @@
  from maasserver.messages import messaging
  from maasserver.models import (
      Node,
--    SSHKeys,
      UserProfile,
+     )
@@ -163,13 +162,6 @@
          return reverse('index')
--def KeystoreView(request, userid):
--    keys = SSHKeys.objects.filter(user__user__username=userid)
--    return render_to_response(
--        'maasserver/sshkeys.txt', {'keys': keys}, mimetype="text/plain",
--        context_instance=RequestContext(request))
--
--
  def process_form(request, form_class, redirect_url, prefix,
                   success_message=None, form_kwargs=None):
      """Utility method to process subforms (i.e. forms with a prefix).
 === modified file 'src/metadataserver/api.py'
 --- src/metadataserver/api.py	2012-03-21 05:56:36 +0000
 +++ src/metadataserver/api.py	2012-03-26 21:06:20 +0000
@@ -16,7 +16,10 @@
      'VersionIndexHandler',
+     ]
--from django.http import HttpResponse
++from django.http import (
++    Http404,
++    HttpResponse,
++    )
  from maasserver.api import extract_oauth_key
  from maasserver.exceptions import (
      MAASAPINotFound,
@@ -27,6 +30,10 @@
      NodeKey,
      NodeUserData,
+     )
++from maasserver.models import (
++    SSHKey,
++    )
++
  from piston.handler import BaseHandler
@@ -99,7 +106,7 @@
  class MetaDataHandler(VersionIndexHandler):
      """Meta-data listing for a given version."""
--    fields = ('instance-id', 'local-hostname',)
++    fields = ('instance-id', 'local-hostname', 'public-keys')
      def get_attribute_producer(self, item):
          """Return a callable to deliver a given metadata item.
@@ -119,18 +126,26 @@
          producers = {
              'local-hostname': self.local_hostname,
              'instance-id': self.instance_id,
++            'public-keys': self.public_keys,
+         }
          return producers[field]
      def read(self, request, version, item=None):
++        check_version(version)
++        node = get_node_for_request(request)
++
++        # Requesting the list of attributes, not any particular
++        # attribute.
          if item is None or len(item) == 0:
--            # Requesting the list of attributes, not any particular
--            # attribute.
--            return make_list_response(sorted(self.fields))
++            fields = list(self.fields)
++            # Add public-keys to the list of attributes, if the
++            # node has registered SSH keys.
++            keys = SSHKey.objects.get_keys_for_user(user=node.owner)
++            if not keys:
++                fields.remove('public-keys')
++            return make_list_response(sorted(fields))
--        check_version(version)
--        node = get_node_for_request(request)
          producer = self.get_attribute_producer(item)
          return producer(node, version, item)
@@ -142,6 +157,13 @@
          """Produce instance-id attribute."""
          return make_text_response(node.system_id)
++    def public_keys(self, node, version, item):
++        """ Produce public-keys attribute."""
++        keys = SSHKey.objects.get_keys_for_user(user=node.owner)
++        if not keys:
++            raise MAASAPINotFound("No registered public keys")
++        return make_list_response(keys)
++
  class UserDataHandler(MetadataViewHandler):
      """User-data blob for a given version."""
 === modified file 'src/metadataserver/tests/test_api.py'
 --- src/metadataserver/tests/test_api.py	2012-03-21 21:40:28 +0000
 +++ src/metadataserver/tests/test_api.py	2012-03-26 21:06:20 +0000
@@ -13,6 +13,7 @@
  from collections import namedtuple
  import httplib
++from textwrap import dedent
  from maasserver.exceptions import Unauthorized
  from maasserver.testing.factory import factory
@@ -135,7 +136,10 @@
          self.assertIn('user-data', items)
      def test_meta_data_view_lists_fields(self):
--        client = self.make_node_client()
++        # Some fields only are returned if there is data related to them.
++        user = factory.make_user_with_keys(n_keys=2, username='my-user')
++        node = factory.make_node(owner=user)
++        client = self.make_node_client(node=node)
          response = self.get('/latest/meta-data/', client)
          self.assertIn('text/plain', response['Content-Type'])
          self.assertItemsEqual(
@@ -189,3 +193,33 @@
      def test_user_data_for_node_without_user_data_returns_not_found(self):
          response = self.get('/latest/user-data', self.make_node_client())
          self.assertEqual(httplib.NOT_FOUND, response.status_code)
++
++    def test_public_keys_not_listed_for_node_without_public_keys(self):
++        response = self.get('/latest/meta-data/', self.make_node_client())
++        self.assertNotIn(
++            'public-keys', response.content.decode('ascii').split('\n'))
++
++    def test_public_keys_listed_for_node_with_public_keys(self):
++        user = factory.make_user_with_keys(n_keys=2, username='my-user')
++        node = factory.make_node(owner=user)
++        response = self.get(
++            '/latest/meta-data/', self.make_node_client(node=node))
++        self.assertIn(
++            'public-keys', response.content.decode('ascii').split('\n'))
++
++    def test_public_keys_for_node_without_public_keys_returns_not_found(self):
++        response = self.get(
++            '/latest/meta-data/public-keys', self.make_node_client())
++        self.assertEqual(httplib.NOT_FOUND, response.status_code)
++
++    def test_public_keys_for_node_returns_list_of_keys(self):
++        user = factory.make_user_with_keys(n_keys=2, username='my-user')
++        node = factory.make_node(owner=user)
++        response = self.get(
++            '/latest/meta-data/public-keys', self.make_node_client(node=node))
++        self.assertEqual(httplib.OK, response.status_code)
++        self.assertEquals(dedent("""\
++            ssh-rsa KEY my-user-key-0
++            ssh-rsa KEY my-user-key-1"""),
++            response.content.decode('ascii'))
++        self.assertIn('text/plain', response['Content-Type'])