27
from xml.etree import ElementTree
29
28
import boto.s3.connection
30
from lxml import etree
32
from nova.api.ec2 import ec2utils
33
import nova.cert.rpcapi
33
34
from nova import exception
34
35
from nova import flags
35
36
from nova import image
36
37
from nova import log as logging
37
38
from nova.openstack.common import cfg
38
40
from nova import utils
39
from nova.api.ec2 import ec2utils
42
43
LOG = logging.getLogger(__name__)
68
69
"""Wraps an existing image service to support s3 based register."""
70
71
def __init__(self, service=None, *args, **kwargs):
72
self.cert_rpcapi = nova.cert.rpcapi.CertAPI()
71
73
self.service = service or image.get_default_image_service()
72
74
self.service.__init__(*args, **kwargs)
180
182
return local_filename
182
184
def _s3_parse_manifest(self, context, metadata, manifest):
183
manifest = ElementTree.fromstring(manifest)
185
manifest = etree.fromstring(manifest)
184
186
image_format = 'ami'
185
187
image_type = 'machine'
232
234
properties = metadata['properties']
233
235
properties['architecture'] = arch
235
if FLAGS.auth_strategy == 'deprecated':
236
properties['project_id'] = context.project_id
238
237
def _translate_dependent_image_id(image_key, image_id):
239
238
image_uuid = ec2utils.ec2_id_to_glance_id(context, image_id)
240
239
properties[image_key] = image_uuid
373
def _decrypt_image(context, encrypted_filename, encrypted_key,
371
def _decrypt_image(self, context, encrypted_filename, encrypted_key,
374
372
encrypted_iv, decrypted_filename):
375
373
elevated = context.elevated()
377
key = rpc.call(elevated, FLAGS.cert_topic,
378
{"method": "decrypt_text",
379
"args": {"project_id": context.project_id,
380
"text": base64.b64encode(encrypted_key)}})
375
key = self.cert_rpcapi.decrypt_text(elevated,
376
project_id=context.project_id,
377
text=base64.b64encode(encrypted_key))
381
378
except Exception, exc:
382
raise exception.Error(_('Failed to decrypt private key: %s')
379
msg = _('Failed to decrypt private key: %s') % exc
380
raise exception.NovaException(msg)
385
iv = rpc.call(elevated, FLAGS.cert_topic,
386
{"method": "decrypt_text",
387
"args": {"project_id": context.project_id,
388
"text": base64.b64encode(encrypted_iv)}})
382
iv = self.cert_rpcapi.decrypt_text(elevated,
383
project_id=context.project_id,
384
text=base64.b64encode(encrypted_iv))
389
385
except Exception, exc:
390
raise exception.Error(_('Failed to decrypt initialization '
386
raise exception.NovaException(_('Failed to decrypt initialization '
391
387
'vector: %s') % exc)
398
394
'-iv', '%s' % (iv,),
399
395
'-out', '%s' % (decrypted_filename,))
400
396
except exception.ProcessExecutionError, exc:
401
raise exception.Error(_('Failed to decrypt image file '
397
raise exception.NovaException(_('Failed to decrypt image file '
402
398
'%(image_file)s: %(err)s') %
403
399
{'image_file': encrypted_filename,
404
400
'err': exc.stdout})
410
406
for n in tar_file.getnames():
411
407
if not os.path.abspath(os.path.join(path, n)).startswith(path):
413
raise exception.Error(_('Unsafe filenames in image'))
409
raise exception.NovaException(_('Unsafe filenames in image'))