OpenStack Compute (nova)

Merge lp:~jtran/nova/import_pubkey into lp:~hudson-openstack/nova/trunk

  1. import_pubkey
  2. Merge into trunk
Proposed by John Tran
Status: Merged
Approved by: Vish Ishaya
Approved revision: 796
Merged at revision: 1092
Proposed branch: lp:~jtran/nova/import_pubkey
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 94 lines (+55/-0)
4 files modified
nova/api/ec2/cloud.py (+23/-0)
nova/tests/public_key/dummy.fingerprint (+1/-0)
nova/tests/public_key/dummy.pub (+1/-0)
nova/tests/test_cloud.py (+30/-0)
To merge this branch: bzr merge lp:~jtran/nova/import_pubkey
Reviewer Review Type Date Requested Status
Devin Carlen (community) Approve
termie (community) Approve
Thierry Carrez (community) ffe Abstain
Jesse Andrews Pending
John Dewey Pending
Review via email: mp+61162@code.launchpad.net

This proposal supersedes a proposal from 2011-05-12.

Description of the change

Added an EC2 API endpoint that'll allow import of public key. Prior, api only allowed generation of new keys.

To post a comment you must log in.
Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

15 + if fingerprint:
16 + key['fingerprint'] = fingerprint

Is it useful to import a keypair with no fingerprint?

review: Needs Information
Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.

Revision history for this message
Vish Ishaya (vishvananda) wrote : Posted in a previous version of this proposal

The fingerprint can be calculated pretty easily from the public key. Take the following code from crypto.py:

110 (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
111 '%s.pub' % (keyfile))
112 fingerprint = out.split(' ')[1]

On Mar 21, 2011, at 10:06 AM, John Tran wrote:

> In our case, we only needed the pubkeys to be injected. We didn't need the fingerprint.
> --
> https://code.launchpad.net/~jtran/nova/import_pubkey/+merge/54057
> You are subscribed to branch lp:nova.

Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

Be sure to add yourself to Authors and http://wiki.openstack.org/Contributors, so if approved tarmac can pull them in.

See the prerequisites section of the How to Contribute Guide:
  http://wiki.openstack.org/HowToContribute

review: Needs Fixing
Revision history for this message
John Dewey (retr0h) wrote : Posted in a previous version of this proposal

I suppose I should have marked my last review as "Needs Information".

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

Thanks, I've updated the Authors file.

Revision history for this message
Jesse Andrews (anotherjesse) wrote : Posted in a previous version of this proposal

lgtm - we might want to move the fingerprint generation to a more central code path when we add keypair code into openstack api.

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

Feature is a bit late to the party, we just hit FeatureFreeze.

If you want this into Cactus rather than wait for Diablo, could you provide a quick benefit vs. risk of regression rationale, then request a specific FFe review from me ?

Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

Linking a wishlist bug would also help.

Revision history for this message
Thierry Carrez (ttx) : Posted in a previous version of this proposal
review: Needs Information (ffe)
Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

https://bugs.launchpad.net/nova/+bug/742602

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

This doesn't need to be in Cactus. It can wait for Diablo.

Revision history for this message
termie (termie) wrote : Posted in a previous version of this proposal

linked to the bug, looks good to me, but I'll defer to Devin

review: Approve
Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

OK, please set it to work in progress, you can repropose it once Diablo opens (in less than 3 weeks)

Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

Merge window closed, please resubmit when Diablo opens (April 14).

review: Disapprove (ffe)
Revision history for this message
justinsb (justin-fathomdb) wrote : Posted in a previous version of this proposal

I think the EC2 call is called "ImportKeyPair", so I think this the function name should be "import_key_pair" not "import_public_key". I'm also not sure how the arguments are being mapped. Is this compatible with EC2 clients?

Revision history for this message
Thierry Carrez (ttx) wrote : Posted in a previous version of this proposal

The branch should be reproposed now that we are no longer frozen

review: Abstain (ffe)
Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

jtran - please repropose when ready.

Revision history for this message
John Tran (jtran) wrote : Posted in a previous version of this proposal

> jtran - please repropose when ready.

I did that yesterday using the 'resubmit proposal' link. Was that the wrong way to do it?

Revision history for this message
Devin Carlen (devcamcar) wrote : Posted in a previous version of this proposal

> > jtran - please repropose when ready.
>
> I did that yesterday using the 'resubmit proposal' link. Was that the wrong
> way to do it?

Hm, I think that should have worked. Maybe just try it again?

Revision history for this message
Thierry Carrez (ttx) wrote :

No need for FFe here.

review: Abstain (ffe)
Revision history for this message
termie (termie) wrote :

lgtm :)

review: Approve
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'nova/api/ec2/cloud.py'
--- nova/api/ec2/cloud.py 2011-05-12 19:51:03 +0000
+++ nova/api/ec2/cloud.py 2011-05-16 19:27:45 +0000
@@ -27,6 +27,8 @@
27import IPy27import IPy
28import os28import os
29import urllib29import urllib
30import tempfile
31import shutil
3032
31from nova import compute33from nova import compute
32from nova import context34from nova import context
@@ -315,6 +317,27 @@
315 'keyMaterial': data['private_key']}317 'keyMaterial': data['private_key']}
316 # TODO(vish): when context is no longer an object, pass it here318 # TODO(vish): when context is no longer an object, pass it here
317319
320 def import_public_key(self, context, key_name, public_key,
321 fingerprint=None):
322 LOG.audit(_("Import key %s"), key_name, context=context)
323 key = {}
324 key['user_id'] = context.user_id
325 key['name'] = key_name
326 key['public_key'] = public_key
327 if fingerprint is None:
328 tmpdir = tempfile.mkdtemp()
329 pubfile = os.path.join(tmpdir, 'temp.pub')
330 fh = open(pubfile, 'w')
331 fh.write(public_key)
332 fh.close()
333 (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f',
334 '%s' % (pubfile))
335 fingerprint = out.split(' ')[1]
336 shutil.rmtree(tmpdir)
337 key['fingerprint'] = fingerprint
338 db.key_pair_create(context, key)
339 return True
340
318 def delete_key_pair(self, context, key_name, **kwargs):341 def delete_key_pair(self, context, key_name, **kwargs):
319 LOG.audit(_("Delete key pair %s"), key_name, context=context)342 LOG.audit(_("Delete key pair %s"), key_name, context=context)
320 try:343 try:
321344
=== added directory 'nova/tests/public_key'
=== added file 'nova/tests/public_key/dummy.fingerprint'
--- nova/tests/public_key/dummy.fingerprint 1970-01-01 00:00:00 +0000
+++ nova/tests/public_key/dummy.fingerprint 2011-05-16 19:27:45 +0000
@@ -0,0 +1,1 @@
11c:87:d1:d9:32:fd:62:3c:78:2b:c0:ad:c0:15:88:df
02
=== added file 'nova/tests/public_key/dummy.pub'
--- nova/tests/public_key/dummy.pub 1970-01-01 00:00:00 +0000
+++ nova/tests/public_key/dummy.pub 2011-05-16 19:27:45 +0000
@@ -0,0 +1,1 @@
1ssh-dss AAAAB3NzaC1kc3MAAACBAMGJlY9XEIm2X234pdO5yFWMp2JuOQx8U0E815IVXhmKxYCBK9ZakgZOIQmPbXoGYyV+mziDPp6HJ0wKYLQxkwLEFr51fAZjWQvRss0SinURRuLkockDfGFtD4pYJthekr/rlqMKlBSDUSpGq8jUWW60UJ18FGooFpxR7ESqQRx/AAAAFQC96LRglaUeeP+E8U/yblEJocuiWwAAAIA3XiMR8Skiz/0aBm5K50SeQznQuMJTyzt9S9uaz5QZWiFu69hOyGSFGw8fqgxEkXFJIuHobQQpGYQubLW0NdaYRqyE/Vud3JUJUb8Texld6dz8vGemyB5d1YvtSeHIo8/BGv2msOqR3u5AZTaGCBD9DhpSGOKHEdNjTtvpPd8S8gAAAIBociGZ5jf09iHLVENhyXujJbxfGRPsyNTyARJfCOGl0oFV6hEzcQyw8U/ePwjgvjc2UizMWLl8tsb2FXKHRdc2v+ND3Us+XqKQ33X3ADP4FZ/+Oj213gMyhCmvFTP0u5FmHog9My4CB7YcIWRuUR42WlhQ2IfPvKwUoTk3R+T6Og== www-data@mk
02
=== modified file 'nova/tests/test_cloud.py'
--- nova/tests/test_cloud.py 2011-05-12 19:51:03 +0000
+++ nova/tests/test_cloud.py 2011-05-16 19:27:45 +0000
@@ -354,6 +354,36 @@
354 self.assertTrue(filter(lambda k: k['keyName'] == 'test1', keys))354 self.assertTrue(filter(lambda k: k['keyName'] == 'test1', keys))
355 self.assertTrue(filter(lambda k: k['keyName'] == 'test2', keys))355 self.assertTrue(filter(lambda k: k['keyName'] == 'test2', keys))
356356
357 def test_import_public_key(self):
358 # test when user provides all values
359 result1 = self.cloud.import_public_key(self.context,
360 'testimportkey1',
361 'mytestpubkey',
362 'mytestfprint')
363 self.assertTrue(result1)
364 keydata = db.key_pair_get(self.context,
365 self.context.user.id,
366 'testimportkey1')
367 self.assertEqual('mytestpubkey', keydata['public_key'])
368 self.assertEqual('mytestfprint', keydata['fingerprint'])
369 # test when user omits fingerprint
370 pubkey_path = os.path.join(os.path.dirname(__file__), 'public_key')
371 f = open(pubkey_path + '/dummy.pub', 'r')
372 dummypub = f.readline().rstrip()
373 f.close
374 f = open(pubkey_path + '/dummy.fingerprint', 'r')
375 dummyfprint = f.readline().rstrip()
376 f.close
377 result2 = self.cloud.import_public_key(self.context,
378 'testimportkey2',
379 dummypub)
380 self.assertTrue(result2)
381 keydata = db.key_pair_get(self.context,
382 self.context.user.id,
383 'testimportkey2')
384 self.assertEqual(dummypub, keydata['public_key'])
385 self.assertEqual(dummyfprint, keydata['fingerprint'])
386
357 def test_delete_key_pair(self):387 def test_delete_key_pair(self):
358 self._create_key('test')388 self._create_key('test')
359 self.cloud.delete_key_pair(self.context, 'test')389 self.cloud.delete_key_pair(self.context, 'test')