OpenStack Compute (nova)

Merge lp:~jtran/nova/import_pubkey into lp:~hudson-openstack/nova/trunk

  1. import_pubkey
  2. Merge into trunk
Proposed by John Tran
Status: Superseded
Proposed branch: lp:~jtran/nova/import_pubkey
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 106 lines (+56/-0)
5 files modified
Authors (+1/-0)
nova/api/ec2/cloud.py (+23/-0)
nova/tests/public_key/dummy.fingerprint (+1/-0)
nova/tests/public_key/dummy.pub (+1/-0)
nova/tests/test_cloud.py (+30/-0)
To merge this branch: bzr merge lp:~jtran/nova/import_pubkey
Reviewer Review Type Date Requested Status
Thierry Carrez (community) ffe Abstain
termie (community) Approve
Jesse Andrews (community) Approve
John Dewey Pending
Devin Carlen Pending
Review via email: mp+54578@code.launchpad.net

This proposal supersedes a proposal from 2011-03-18.

This proposal has been superseded by a proposal from 2011-05-12.

Description of the change

Added an EC2 API endpoint that'll allow import of public key. Prior, api only allowed generation of new keys.

To post a comment you must log in.
Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

15 + if fingerprint:
16 + key['fingerprint'] = fingerprint

Is it useful to import a keypair with no fingerprint?

review: Needs Information
Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.

Revision history for this message
Vish Ishaya (vishvananda) wrote : Posted in a previous version of this proposal

The fingerprint can be calculated pretty easily from the public key. Take the following code from crypto.py:

110 (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
111 '%s.pub' % (keyfile))
112 fingerprint = out.split(' ')[1]

On Mar 21, 2011, at 10:06 AM, John Tran wrote:

> In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.
> --
> https://code.launchpad.net/~jtran/nova/import_pubkey/+merge/54057
> You are subscribed to branch lp:nova.

Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

Be sure to add yourself to Authors and http://wiki.openstack.org/Contributors, so if approved tarmac can pull them in.

See the prerequisites section of the How to Contribute Guide:
  http://wiki.openstack.org/HowToContribute

review: Needs Fixing
Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

I suppose I should have marked my last review as "Needs Information".

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

Thanks, I've updated the Authors file.

Revision history for this message
Jesse Andrews (anotherjesse) wrote :

lgtm - we might want to move the fingerprint generation to a more central code path when we add keypair code into openstack api.

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote :

Feature is a bit late to the party, we just hit FeatureFreeze.

If you want this into Cactus rather than wait for Diablo, could you provide a quick benefit vs. risk of regression rationale, then request a specific FFe review from me ?

Revision history for this message
Thierry Carrez (ttx) wrote :

Linking a wishlist bug would also help.

Revision history for this message
Thierry Carrez (ttx) :
review: Needs Information (ffe)
Revision history for this message
John Tran (jtran) wrote :

https://bugs.launchpad.net/nova/+bug/742602

Revision history for this message
John Tran (jtran) wrote :

This doesn't need to be in Cactus. It can wait for Diablo.

Revision history for this message
termie (termie) wrote :

linked to the bug, looks good to me, but I'll defer to Devin

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote :

OK, please set it to work in progress, you can repropose it once Diablo opens (in less than 3 weeks)

Revision history for this message
Thierry Carrez (ttx) wrote :

Merge window closed, please resubmit when Diablo opens (April 14).

review: Disapprove (ffe)
Revision history for this message
justinsb (justin-fathomdb) wrote :

I think the EC2 call is called "ImportKeyPair", so I think this the function name should be "import_key_pair" not "import_public_key". I'm also not sure how the arguments are being mapped. Is this compatible with EC2 clients?

Revision history for this message
Thierry Carrez (ttx) wrote :

The branch should be reproposed now that we are no longer frozen

review: Abstain (ffe)
lp:~jtran/nova/import_pubkey updated
796. By John Tran

merged from trunk

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'Authors'
--- Authors 2011-03-21 14:06:42 +0000
+++ Authors 2011-03-23 18:18:14 +0000
@@ -29,6 +29,7 @@
29Joe Heck <heckj@mac.com>29Joe Heck <heckj@mac.com>
30Joel Moore <joelbm24@gmail.com>30Joel Moore <joelbm24@gmail.com>
31John Dewey <john@dewey.ws>31John Dewey <john@dewey.ws>
32John Tran <jtran@attinteractive.com>
32Jonathan Bryce <jbryce@jbryce.com>33Jonathan Bryce <jbryce@jbryce.com>
33Jordan Rinke <jordan@openstack.org>34Jordan Rinke <jordan@openstack.org>
34Josh Durgin <joshd@hq.newdream.net>35Josh Durgin <joshd@hq.newdream.net>
3536
=== modified file 'nova/api/ec2/cloud.py'
--- nova/api/ec2/cloud.py 2011-03-23 05:29:32 +0000
+++ nova/api/ec2/cloud.py 2011-03-23 18:18:14 +0000
@@ -27,6 +27,8 @@
27import IPy27import IPy
28import os28import os
29import urllib29import urllib
30import tempfile
31import shutil
3032
31from nova import compute33from nova import compute
32from nova import context34from nova import context
@@ -305,6 +307,27 @@
305 'keyMaterial': data['private_key']}307 'keyMaterial': data['private_key']}
306 # TODO(vish): when context is no longer an object, pass it here308 # TODO(vish): when context is no longer an object, pass it here
307309
310 def import_public_key(self, context, key_name, public_key,
311 fingerprint=None):
312 LOG.audit(_("Import key %s"), key_name, context=context)
313 key = {}
314 key['user_id'] = context.user_id
315 key['name'] = key_name
316 key['public_key'] = public_key
317 if fingerprint is None:
318 tmpdir = tempfile.mkdtemp()
319 pubfile = os.path.join(tmpdir, 'temp.pub')
320 fh = open(pubfile, 'w')
321 fh.write(public_key)
322 fh.close()
323 (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
324 '%s' % (pubfile))
325 fingerprint = out.split(' ')[1]
326 shutil.rmtree(tmpdir)
327 key['fingerprint'] = fingerprint
328 db.key_pair_create(context, key)
329 return True
330
308 def delete_key_pair(self, context, key_name, **kwargs):331 def delete_key_pair(self, context, key_name, **kwargs):
309 LOG.audit(_("Delete key pair %s"), key_name, context=context)332 LOG.audit(_("Delete key pair %s"), key_name, context=context)
310 try:333 try:
311334
=== added directory 'nova/tests/public_key'
=== added file 'nova/tests/public_key/dummy.fingerprint'
--- nova/tests/public_key/dummy.fingerprint 1970-01-01 00:00:00 +0000
+++ nova/tests/public_key/dummy.fingerprint 2011-03-23 18:18:14 +0000
@@ -0,0 +1,1 @@
11c:87:d1:d9:32:fd:62:3c:78:2b:c0:ad:c0:15:88:df
02
=== added file 'nova/tests/public_key/dummy.pub'
--- nova/tests/public_key/dummy.pub 1970-01-01 00:00:00 +0000
+++ nova/tests/public_key/dummy.pub 2011-03-23 18:18:14 +0000
@@ -0,0 +1,1 @@
1ssh-dss AAAAB3NzaC1kc3MAAACBAMGJlY9XEIm2X234pdO5yFWMp2JuOQx8U0E815IVXhmKxYCBK9ZakgZOIQmPbXoGYyV+mziDPp6HJ0wKYLQxkwLEFr51fAZjWQvRss0SinURRuLkockDfGFtD4pYJthekr/rlqMKlBSDUSpGq8jUWW60UJ18FGooFpxR7ESqQRx/AAAAFQC96LRglaUeeP+E8U/yblEJocuiWwAAAIA3XiMR8Skiz/0aBm5K50SeQznQuMJTyzt9S9uaz5QZWiFu69hOyGSFGw8fqgxEkXFJIuHobQQpGYQubLW0NdaYRqyE/Vud3JUJUb8Texld6dz8vGemyB5d1YvtSeHIo8/BGv2msOqR3u5AZTaGCBD9DhpSGOKHEdNjTtvpPd8S8gAAAIBociGZ5jf09iHLVENhyXujJbxfGRPsyNTyARJfCOGl0oFV6hEzcQyw8U/ePwjgvjc2UizMWLl8tsb2FXKHRdc2v+ND3Us+XqKQ33X3ADP4FZ/+Oj213gMyhCmvFTP0u5FmHog9My4CB7YcIWRuUR42WlhQ2IfPvKwUoTk3R+T6Og== www-data@mk
02
=== modified file 'nova/tests/test_cloud.py'
--- nova/tests/test_cloud.py 2011-03-11 16:55:28 +0000
+++ nova/tests/test_cloud.py 2011-03-23 18:18:14 +0000
@@ -279,6 +279,36 @@
279 self.assertTrue(filter(lambda k: k['keyName'] == 'test1', keys))279 self.assertTrue(filter(lambda k: k['keyName'] == 'test1', keys))
280 self.assertTrue(filter(lambda k: k['keyName'] == 'test2', keys))280 self.assertTrue(filter(lambda k: k['keyName'] == 'test2', keys))
281281
282 def test_import_public_key(self):
283 # test when user provides all values
284 result1 = self.cloud.import_public_key(self.context,
285 'testimportkey1',
286 'mytestpubkey',
287 'mytestfprint')
288 self.assertTrue(result1)
289 keydata = db.key_pair_get(self.context,
290 self.context.user.id,
291 'testimportkey1')
292 self.assertEqual('mytestpubkey', keydata['public_key'])
293 self.assertEqual('mytestfprint', keydata['fingerprint'])
294 # test when user omits fingerprint
295 pubkey_path = os.path.join(os.path.dirname(__file__), 'public_key')
296 f = open(pubkey_path + '/dummy.pub', 'r')
297 dummypub = f.readline().rstrip()
298 f.close
299 f = open(pubkey_path + '/dummy.fingerprint', 'r')
300 dummyfprint = f.readline().rstrip()
301 f.close
302 result2 = self.cloud.import_public_key(self.context,
303 'testimportkey2',
304 dummypub)
305 self.assertTrue(result2)
306 keydata = db.key_pair_get(self.context,
307 self.context.user.id,
308 'testimportkey2')
309 self.assertEqual(dummypub, keydata['public_key'])
310 self.assertEqual(dummyfprint, keydata['fingerprint'])
311
282 def test_delete_key_pair(self):312 def test_delete_key_pair(self):
283 self._create_key('test')313 self._create_key('test')
284 self.cloud.delete_key_pair(self.context, 'test')314 self.cloud.delete_key_pair(self.context, 'test')