OpenStack Compute (nova)

Merge lp:~jtran/nova/import_pubkey into lp:~hudson-openstack/nova/trunk

  1. import_pubkey
  2. Merge into trunk
Proposed by John Tran
Status: Merged
Approved by: Vish Ishaya
Approved revision: 796
Merged at revision: 1092
Proposed branch: lp:~jtran/nova/import_pubkey
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 94 lines (+55/-0)
4 files modified
nova/api/ec2/cloud.py (+23/-0)
nova/tests/public_key/dummy.fingerprint (+1/-0)
nova/tests/public_key/dummy.pub (+1/-0)
nova/tests/test_cloud.py (+30/-0)
To merge this branch: bzr merge lp:~jtran/nova/import_pubkey
Reviewer Review Type Date Requested Status
Devin Carlen (community) Approve
termie (community) Approve
Thierry Carrez (community) ffe Abstain
Jesse Andrews Pending
John Dewey Pending
Review via email: mp+61162@code.launchpad.net

This proposal supersedes a proposal from 2011-05-12.

Description of the change

Added an EC2 API endpoint that'll allow import of public key. Prior, api only allowed generation of new keys.

To post a comment you must log in.
Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

15 + if fingerprint:
16 + key['fingerprint'] = fingerprint

Is it useful to import a keypair with no fingerprint?

review: Needs Information
Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.

Revision history for this message
Vish Ishaya (vishvananda) wrote : Posted in a previous version of this proposal

The fingerprint can be calculated pretty easily from the public key. Take the following code from crypto.py:

110 (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
111 '%s.pub' % (keyfile))
112 fingerprint = out.split(' ')[1]

On Mar 21, 2011, at 10:06 AM, John Tran wrote:

> In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.
> --
> https://code.launchpad.net/~jtran/nova/import_pubkey/+merge/54057
> You are subscribed to branch lp:nova.

Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

Be sure to add yourself to Authors and http://wiki.openstack.org/Contributors, so if approved tarmac can pull them in.

See the prerequisites section of the How to Contribute Guide:
  http://wiki.openstack.org/HowToContribute

review: Needs Fixing
Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

I suppose I should have marked my last review as "Needs Information".

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

Thanks, I've updated the Authors file.

Revision history for this message
Jesse Andrews (anotherjesse) wrote : Posted in a previous version of this proposal

lgtm - we might want to move the fingerprint generation to a more central code path when we add keypair code into openstack api.

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

Feature is a bit late to the party, we just hit FeatureFreeze.

If you want this into Cactus rather than wait for Diablo, could you provide a quick benefit vs. risk of regression rationale, then request a specific FFe review from me ?

Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

Linking a wishlist bug would also help.

Revision history for this message
Thierry Carrez (ttx) : Posted in a previous version of this proposal
review: Needs Information (ffe)
Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

https://bugs.launchpad.net/nova/+bug/742602

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

This doesn't need to be in Cactus. It can wait for Diablo.

Revision history for this message
termie (termie) wrote : Posted in a previous version of this proposal

linked to the bug, looks good to me, but I'll defer to Devin

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

OK, please set it to work in progress, you can repropose it once Diablo opens (in less than 3 weeks)

Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

Merge window closed, please resubmit when Diablo opens (April 14).

review: Disapprove (ffe)
Revision history for this message
justinsb (justin-fathomdb) wrote : Posted in a previous version of this proposal

I think the EC2 call is called "ImportKeyPair", so I think this the function name should be "import_key_pair" not "import_public_key". I'm also not sure how the arguments are being mapped. Is this compatible with EC2 clients?

Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

The branch should be reproposed now that we are no longer frozen

review: Abstain (ffe)
Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

jtran - please repropose when ready.

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

> jtran - please repropose when ready.

I did that yesterday using the 'resubmit proposal' link. Was that the wrong way to do it?

Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

> > jtran - please repropose when ready.
>
> I did that yesterday using the 'resubmit proposal' link. Was that the wrong
> way to do it?

Hm, I think that should have worked. Maybe just try it again?

Revision history for this message
Thierry Carrez (ttx) wrote :

No need for FFe here.

review: Abstain (ffe)
Revision history for this message
termie (termie) wrote :

lgtm :)

review: Approve
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'nova/api/ec2/cloud.py'
2--- nova/api/ec2/cloud.py 2011-05-12 19:51:03 +0000
3+++ nova/api/ec2/cloud.py 2011-05-16 19:27:45 +0000
4@@ -27,6 +27,8 @@
5 import IPy
6 import os
7 import urllib
8+import tempfile
9+import shutil
10
11 from nova import compute
12 from nova import context
13@@ -315,6 +317,27 @@
14 'keyMaterial': data['private_key']}
15 # TODO(vish): when context is no longer an object, pass it here
16
17+ def import_public_key(self, context, key_name, public_key,
18+ fingerprint=None):
19+ LOG.audit(_("Import key %s"), key_name, context=context)
20+ key = {}
21+ key['user_id'] = context.user_id
22+ key['name'] = key_name
23+ key['public_key'] = public_key
24+ if fingerprint is None:
25+ tmpdir = tempfile.mkdtemp()
26+ pubfile = os.path.join(tmpdir, 'temp.pub')
27+ fh = open(pubfile, 'w')
28+ fh.write(public_key)
29+ fh.close()
30+ (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
31+ '%s' % (pubfile))
32+ fingerprint = out.split(' ')[1]
33+ shutil.rmtree(tmpdir)
34+ key['fingerprint'] = fingerprint
35+ db.key_pair_create(context, key)
36+ return True
37+
38 def delete_key_pair(self, context, key_name, **kwargs):
39 LOG.audit(_("Delete key pair %s"), key_name, context=context)
40 try:
41
42=== added directory 'nova/tests/public_key'
43=== added file 'nova/tests/public_key/dummy.fingerprint'
44--- nova/tests/public_key/dummy.fingerprint 1970-01-01 00:00:00 +0000
45+++ nova/tests/public_key/dummy.fingerprint 2011-05-16 19:27:45 +0000
46@@ -0,0 +1,1 @@
47+1c:87:d1:d9:32:fd:62:3c:78:2b:c0:ad:c0:15:88:df
48
49=== added file 'nova/tests/public_key/dummy.pub'
50--- nova/tests/public_key/dummy.pub 1970-01-01 00:00:00 +0000
51+++ nova/tests/public_key/dummy.pub 2011-05-16 19:27:45 +0000
52@@ -0,0 +1,1 @@
53+ssh-dss AAAAB3NzaC1kc3MAAACBAMGJlY9XEIm2X234pdO5yFWMp2JuOQx8U0E815IVXhmKxYCBK9ZakgZOIQmPbXoGYyV+mziDPp6HJ0wKYLQxkwLEFr51fAZjWQvRss0SinURRuLkockDfGFtD4pYJthekr/rlqMKlBSDUSpGq8jUWW60UJ18FGooFpxR7ESqQRx/AAAAFQC96LRglaUeeP+E8U/yblEJocuiWwAAAIA3XiMR8Skiz/0aBm5K50SeQznQuMJTyzt9S9uaz5QZWiFu69hOyGSFGw8fqgxEkXFJIuHobQQpGYQubLW0NdaYRqyE/Vud3JUJUb8Texld6dz8vGemyB5d1YvtSeHIo8/BGv2msOqR3u5AZTaGCBD9DhpSGOKHEdNjTtvpPd8S8gAAAIBociGZ5jf09iHLVENhyXujJbxfGRPsyNTyARJfCOGl0oFV6hEzcQyw8U/ePwjgvjc2UizMWLl8tsb2FXKHRdc2v+ND3Us+XqKQ33X3ADP4FZ/+Oj213gMyhCmvFTP0u5FmHog9My4CB7YcIWRuUR42WlhQ2IfPvKwUoTk3R+T6Og== www-data@mk
54
55=== modified file 'nova/tests/test_cloud.py'
56--- nova/tests/test_cloud.py 2011-05-12 19:51:03 +0000
57+++ nova/tests/test_cloud.py 2011-05-16 19:27:45 +0000
58@@ -354,6 +354,36 @@
59 self.assertTrue(filter(lambda k: k['keyName'] == 'test1', keys))
60 self.assertTrue(filter(lambda k: k['keyName'] == 'test2', keys))
61
62+ def test_import_public_key(self):
63+ # test when user provides all values
64+ result1 = self.cloud.import_public_key(self.context,
65+ 'testimportkey1',
66+ 'mytestpubkey',
67+ 'mytestfprint')
68+ self.assertTrue(result1)
69+ keydata = db.key_pair_get(self.context,
70+ self.context.user.id,
71+ 'testimportkey1')
72+ self.assertEqual('mytestpubkey', keydata['public_key'])
73+ self.assertEqual('mytestfprint', keydata['fingerprint'])
74+ # test when user omits fingerprint
75+ pubkey_path = os.path.join(os.path.dirname(__file__), 'public_key')
76+ f = open(pubkey_path + '/dummy.pub', 'r')
77+ dummypub = f.readline().rstrip()
78+ f.close
79+ f = open(pubkey_path + '/dummy.fingerprint', 'r')
80+ dummyfprint = f.readline().rstrip()
81+ f.close
82+ result2 = self.cloud.import_public_key(self.context,
83+ 'testimportkey2',
84+ dummypub)
85+ self.assertTrue(result2)
86+ keydata = db.key_pair_get(self.context,
87+ self.context.user.id,
88+ 'testimportkey2')
89+ self.assertEqual(dummypub, keydata['public_key'])
90+ self.assertEqual(dummyfprint, keydata['fingerprint'])
91+
92 def test_delete_key_pair(self):
93 self._create_key('test')
94 self.cloud.delete_key_pair(self.context, 'test')