OpenStack Compute (nova)

Merge lp:~jtran/nova/import_pubkey into lp:~hudson-openstack/nova/trunk

  1. import_pubkey
  2. Merge into trunk
Proposed by John Tran
Status: Superseded
Proposed branch: lp:~jtran/nova/import_pubkey
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 106 lines (+56/-0)
5 files modified
Authors (+1/-0)
nova/api/ec2/cloud.py (+23/-0)
nova/tests/public_key/dummy.fingerprint (+1/-0)
nova/tests/public_key/dummy.pub (+1/-0)
nova/tests/test_cloud.py (+30/-0)
To merge this branch: bzr merge lp:~jtran/nova/import_pubkey
Reviewer Review Type Date Requested Status
Thierry Carrez (community) ffe Abstain
termie (community) Approve
Jesse Andrews (community) Approve
John Dewey Pending
Devin Carlen Pending
Review via email: mp+54578@code.launchpad.net

This proposal supersedes a proposal from 2011-03-18.

This proposal has been superseded by a proposal from 2011-05-12.

Description of the change

Added an EC2 API endpoint that'll allow import of public key. Prior, api only allowed generation of new keys.

To post a comment you must log in.
Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

15 + if fingerprint:
16 + key['fingerprint'] = fingerprint

Is it useful to import a keypair with no fingerprint?

review: Needs Information
Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.

Revision history for this message
Vish Ishaya (vishvananda) wrote : Posted in a previous version of this proposal

The fingerprint can be calculated pretty easily from the public key. Take the following code from crypto.py:

110 (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
111 '%s.pub' % (keyfile))
112 fingerprint = out.split(' ')[1]

On Mar 21, 2011, at 10:06 AM, John Tran wrote:

> In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.
> --
> https://code.launchpad.net/~jtran/nova/import_pubkey/+merge/54057
> You are subscribed to branch lp:nova.

Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

Be sure to add yourself to Authors and http://wiki.openstack.org/Contributors, so if approved tarmac can pull them in.

See the prerequisites section of the How to Contribute Guide:
  http://wiki.openstack.org/HowToContribute

review: Needs Fixing
Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

I suppose I should have marked my last review as "Needs Information".

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

Thanks, I've updated the Authors file.

Revision history for this message
Jesse Andrews (anotherjesse) wrote :

lgtm - we might want to move the fingerprint generation to a more central code path when we add keypair code into openstack api.

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote :

Feature is a bit late to the party, we just hit FeatureFreeze.

If you want this into Cactus rather than wait for Diablo, could you provide a quick benefit vs. risk of regression rationale, then request a specific FFe review from me ?

Revision history for this message
Thierry Carrez (ttx) wrote :

Linking a wishlist bug would also help.

Revision history for this message
Thierry Carrez (ttx) :
review: Needs Information (ffe)
Revision history for this message
John Tran (jtran) wrote :

https://bugs.launchpad.net/nova/+bug/742602

Revision history for this message
John Tran (jtran) wrote :

This doesn't need to be in Cactus. It can wait for Diablo.

Revision history for this message
termie (termie) wrote :

linked to the bug, looks good to me, but I'll defer to Devin

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote :

OK, please set it to work in progress, you can repropose it once Diablo opens (in less than 3 weeks)

Revision history for this message
Thierry Carrez (ttx) wrote :

Merge window closed, please resubmit when Diablo opens (April 14).

review: Disapprove (ffe)
Revision history for this message
justinsb (justin-fathomdb) wrote :

I think the EC2 call is called "ImportKeyPair", so I think this the function name should be "import_key_pair" not "import_public_key". I'm also not sure how the arguments are being mapped. Is this compatible with EC2 clients?

Revision history for this message
Thierry Carrez (ttx) wrote :

The branch should be reproposed now that we are no longer frozen

review: Abstain (ffe)
lp:~jtran/nova/import_pubkey updated
796. By John Tran

merged from trunk

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Authors'
2--- Authors 2011-03-21 14:06:42 +0000
3+++ Authors 2011-03-23 18:18:14 +0000
4@@ -29,6 +29,7 @@
5 Joe Heck <heckj@mac.com>
6 Joel Moore <joelbm24@gmail.com>
7 John Dewey <john@dewey.ws>
8+John Tran <jtran@attinteractive.com>
9 Jonathan Bryce <jbryce@jbryce.com>
10 Jordan Rinke <jordan@openstack.org>
11 Josh Durgin <joshd@hq.newdream.net>
12
13=== modified file 'nova/api/ec2/cloud.py'
14--- nova/api/ec2/cloud.py 2011-03-23 05:29:32 +0000
15+++ nova/api/ec2/cloud.py 2011-03-23 18:18:14 +0000
16@@ -27,6 +27,8 @@
17 import IPy
18 import os
19 import urllib
20+import tempfile
21+import shutil
22
23 from nova import compute
24 from nova import context
25@@ -305,6 +307,27 @@
26 'keyMaterial': data['private_key']}
27 # TODO(vish): when context is no longer an object, pass it here
28
29+ def import_public_key(self, context, key_name, public_key,
30+ fingerprint=None):
31+ LOG.audit(_("Import key %s"), key_name, context=context)
32+ key = {}
33+ key['user_id'] = context.user_id
34+ key['name'] = key_name
35+ key['public_key'] = public_key
36+ if fingerprint is None:
37+ tmpdir = tempfile.mkdtemp()
38+ pubfile = os.path.join(tmpdir, 'temp.pub')
39+ fh = open(pubfile, 'w')
40+ fh.write(public_key)
41+ fh.close()
42+ (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
43+ '%s' % (pubfile))
44+ fingerprint = out.split(' ')[1]
45+ shutil.rmtree(tmpdir)
46+ key['fingerprint'] = fingerprint
47+ db.key_pair_create(context, key)
48+ return True
49+
50 def delete_key_pair(self, context, key_name, **kwargs):
51 LOG.audit(_("Delete key pair %s"), key_name, context=context)
52 try:
53
54=== added directory 'nova/tests/public_key'
55=== added file 'nova/tests/public_key/dummy.fingerprint'
56--- nova/tests/public_key/dummy.fingerprint 1970-01-01 00:00:00 +0000
57+++ nova/tests/public_key/dummy.fingerprint 2011-03-23 18:18:14 +0000
58@@ -0,0 +1,1 @@
59+1c:87:d1:d9:32:fd:62:3c:78:2b:c0:ad:c0:15:88:df
60
61=== added file 'nova/tests/public_key/dummy.pub'
62--- nova/tests/public_key/dummy.pub 1970-01-01 00:00:00 +0000
63+++ nova/tests/public_key/dummy.pub 2011-03-23 18:18:14 +0000
64@@ -0,0 +1,1 @@
65+ssh-dss AAAAB3NzaC1kc3MAAACBAMGJlY9XEIm2X234pdO5yFWMp2JuOQx8U0E815IVXhmKxYCBK9ZakgZOIQmPbXoGYyV+mziDPp6HJ0wKYLQxkwLEFr51fAZjWQvRss0SinURRuLkockDfGFtD4pYJthekr/rlqMKlBSDUSpGq8jUWW60UJ18FGooFpxR7ESqQRx/AAAAFQC96LRglaUeeP+E8U/yblEJocuiWwAAAIA3XiMR8Skiz/0aBm5K50SeQznQuMJTyzt9S9uaz5QZWiFu69hOyGSFGw8fqgxEkXFJIuHobQQpGYQubLW0NdaYRqyE/Vud3JUJUb8Texld6dz8vGemyB5d1YvtSeHIo8/BGv2msOqR3u5AZTaGCBD9DhpSGOKHEdNjTtvpPd8S8gAAAIBociGZ5jf09iHLVENhyXujJbxfGRPsyNTyARJfCOGl0oFV6hEzcQyw8U/ePwjgvjc2UizMWLl8tsb2FXKHRdc2v+ND3Us+XqKQ33X3ADP4FZ/+Oj213gMyhCmvFTP0u5FmHog9My4CB7YcIWRuUR42WlhQ2IfPvKwUoTk3R+T6Og== www-data@mk
66
67=== modified file 'nova/tests/test_cloud.py'
68--- nova/tests/test_cloud.py 2011-03-11 16:55:28 +0000
69+++ nova/tests/test_cloud.py 2011-03-23 18:18:14 +0000
70@@ -279,6 +279,36 @@
71 self.assertTrue(filter(lambda k: k['keyName'] == 'test1', keys))
72 self.assertTrue(filter(lambda k: k['keyName'] == 'test2', keys))
73
74+ def test_import_public_key(self):
75+ # test when user provides all values
76+ result1 = self.cloud.import_public_key(self.context,
77+ 'testimportkey1',
78+ 'mytestpubkey',
79+ 'mytestfprint')
80+ self.assertTrue(result1)
81+ keydata = db.key_pair_get(self.context,
82+ self.context.user.id,
83+ 'testimportkey1')
84+ self.assertEqual('mytestpubkey', keydata['public_key'])
85+ self.assertEqual('mytestfprint', keydata['fingerprint'])
86+ # test when user omits fingerprint
87+ pubkey_path = os.path.join(os.path.dirname(__file__), 'public_key')
88+ f = open(pubkey_path + '/dummy.pub', 'r')
89+ dummypub = f.readline().rstrip()
90+ f.close
91+ f = open(pubkey_path + '/dummy.fingerprint', 'r')
92+ dummyfprint = f.readline().rstrip()
93+ f.close
94+ result2 = self.cloud.import_public_key(self.context,
95+ 'testimportkey2',
96+ dummypub)
97+ self.assertTrue(result2)
98+ keydata = db.key_pair_get(self.context,
99+ self.context.user.id,
100+ 'testimportkey2')
101+ self.assertEqual(dummypub, keydata['public_key'])
102+ self.assertEqual(dummyfprint, keydata['fingerprint'])
103+
104 def test_delete_key_pair(self):
105 self._create_key('test')
106 self.cloud.delete_key_pair(self.context, 'test')