← Back to branch summary

~0x44/nova/bug838466

« back to all changes in this revision

Viewing changes to nova/auth/users.py

  • Committer: Todd Willey
  • Date: 2010-07-15 04:21:17 UTC
  • mfrom: (131.1.4)
  • Revision ID: git-v1:fb2ea2cafd67fc1ef67edc969a1edf3a1d2fd7f7
fix merge errors

Show diffs side-by-side

added added

removed removed

Lines of Context:
nova/auth/users.py
27
27
import logging
28
28
import os
29
29
import shutil
 
30
import signer
30
31
import string
31
32
from string import Template
32
33
import tempfile
39
40
    import fakeldap as ldap
40
41
 
41
42
import fakeldap
 
43
 
 
44
# TODO(termie): clean up these imports
42
45
from nova import datastore
43
 
 
44
 
# TODO(termie): clean up these imports
45
 
import signer
46
46
from nova import exception
47
47
from nova import flags
48
48
from nova import crypto
49
49
from nova import utils
50
 
from nova.compute import model
 
50
 
51
51
 
52
52
from nova import objectstore # for flags
53
53
 
101
101
                    'Filename of certificate in credentials zip')
102
102
flags.DEFINE_string('credential_rc_file', 'novarc',
103
103
                    'Filename of rc in credentials zip')
104
 
flags.DEFINE_integer('vpn_start_port', 8000,
 
104
 
 
105
flags.DEFINE_integer('vpn_start_port', 1000,
105
106
                    'Start port for the cloudpipe VPN servers')
106
 
flags.DEFINE_integer('vpn_end_port', 9999,
 
107
flags.DEFINE_integer('vpn_end_port', 2000,
107
108
                    'End port for the cloudpipe VPN servers')
 
109
 
 
110
flags.DEFINE_string('credential_cert_subject',
 
111
                    '/C=US/ST=California/L=MountainView/O=AnsoLabs/'
 
112
                    'OU=NovaDev/CN=%s-%s',
 
113
                    'Subject for certificate for users')
 
114
 
108
115
flags.DEFINE_string('vpn_ip', '127.0.0.1',
109
116
                    'Public IP for the cloudpipe VPN servers')
110
117
 
306
313
    pass
307
314
 
308
315
 
309
 
class Vpn(model.BasicModel):
 
316
class Vpn(datastore.BasicModel):
310
317
    def __init__(self, project_id):
311
318
        self.project_id = project_id
312
319
        super(Vpn, self).__init__()
317
324
 
318
325
    @classmethod
319
326
    def create(cls, project_id):
320
 
        # TODO (vish): get list of vpn ips from redis
321
 
        for ip in [FLAGS.vpn_ip]:
322
 
            try:
323
 
                port = cls.find_free_port_for_ip(ip)
324
 
                vpn = cls(project_id)
325
 
                # save ip for project
326
 
                vpn['project'] = project_id
327
 
                vpn['ip'] = ip
328
 
                vpn['port'] = port
329
 
                vpn.save()
330
 
                return vpn
331
 
            except NoMorePorts:
332
 
                pass
333
 
        raise NoMorePorts()
 
327
        # TODO(vish): get list of vpn ips from redis
 
328
        port = cls.find_free_port_for_ip(FLAGS.vpn_ip)
 
329
        vpn = cls(project_id)
 
330
        # save ip for project
 
331
        vpn['project'] = project_id
 
332
        vpn['ip'] = FLAGS.vpn_ip
 
333
        vpn['port'] = port
 
334
        vpn.save()
 
335
        return vpn
334
336
 
335
337
    @classmethod
336
338
    def find_free_port_for_ip(cls, ip):
337
 
        # TODO(vish): the redis access should be refactored into a
338
 
        #             base class
 
339
        # TODO(vish): these redis commands should be generalized and
 
340
        #             placed into a base class. Conceptually, it is
 
341
        #             similar to an association, but we are just
 
342
        #             storing a set of values instead of keys that
 
343
        #             should be turned into objects.
339
344
        redis = datastore.Redis.instance()
340
 
        key = 'ip:%s:ports'
 
345
        key = 'ip:%s:ports' % ip
341
346
        # TODO(vish): these ports should be allocated through an admin
342
347
        #             command instead of a flag
343
348
        if (not redis.exists(key) and
345
350
            for i in range(FLAGS.vpn_start_port, FLAGS.vpn_end_port + 1):
346
351
                redis.sadd(key, i)
347
352
 
348
 
        port = datastore.Redis.instance().spop(key)
 
353
        port = redis.spop(key)
349
354
        if not port:
350
355
            raise NoMorePorts()
351
356
        return port
352
357
 
353
358
    @classmethod
354
359
    def num_ports_for_ip(cls, ip):
355
 
        return datastore.Redis.instance().scard('ip:%s:ports')
 
360
        return datastore.Redis.instance().scard('ip:%s:ports' % ip)
356
361
 
357
362
    @property
358
363
    def ip(self):
466
471
            #             create and destroy a project
467
472
            Vpn.create(name)
468
473
            return conn.create_project(name,
469
 
                    User.safe_id(manager_user), description, member_users)
 
474
                                       User.safe_id(manager_user),
 
475
                                       description,
 
476
                                       member_users)
470
477
 
471
478
 
472
479
    def get_projects(self):
584
591
 
585
592
    def __cert_subject(self, uid):
586
593
        # FIXME(ja) - this should be pulled from a global configuration
587
 
        return "/C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=%s-%s" % (uid, str(datetime.datetime.utcnow().isoformat()))
 
594
        return FLAGS.credential_cert_subject % (uid, utils.isotime())
588
595
 
589
596
 
590
597
class LDAPWrapper(object):
773
780
 
774
781
    def __create_group(self, group_dn, name, uid,
775
782
                       description, member_uids = None):
776
 
        if self.group_exists(name):
 
783
        if self.group_exists(group_dn):
777
784
            raise exception.Duplicate("Group can't be created because "
778
785
                                      "group %s already exists" % name)
779
786
        members = []