Add compute departed hook, ensure proper scrubbing of authorized_keys on compute depart.

2013-09-05 17:28:22 -07:00 · 2013-09-05 17:28:22 -07:00 · d76a287200
commit d76a287200
parent bdc78c53ec
5 changed files with 37 additions and 11 deletions
--- a/hooks/cloud-compute-relation-departed
+++ b/hooks/cloud-compute-relation-departed
@ -0,0 +1 @@
+nova_cc_hooks.py
--- a/hooks/misc_utils.py.moved
+++ b/hooks/misc_utils.py.moved
@ -0,0 +1,22 @@
+# This stuff can be promoted to charm-helpers.
+
+def get_host_ip():
+    # we used to have a charm-helper to do this, but its disappeared?
+    # taken from quantum-gateway
+
+    try:
+        import dns.resolver
+    except ImportError:
+        apt_install('python-dnspython')
+        import dns.resolver
+
+    hostname = unit_get('private-address')
+    try:
+        # Test to see if already an IPv4 address
+        socket.inet_aton(hostname)
+        return hostname
+    except socket.error:
+        answers = dns.resolver.query(hostname, 'A')
+        if answers:
+            return answers[0].address
+    return None
--- a/hooks/nova_cc_hooks.py
+++ b/hooks/nova_cc_hooks.py
@ -263,8 +263,9 @@ def compute_changed():
                     authorized_keys=ssh_authorized_keys_b64())


+@hooks.hook('cloud-compute-relation-departed')
 def compute_departed():
-    ssh_compute_remove()
+    ssh_compute_remove(public_key=relation_get('ssh_public_key'))


@hooks.hook('neutron-network-service-relation-joined',
--- a/hooks/nova_cc_utils.py
+++ b/hooks/nova_cc_utils.py
@ -379,17 +379,19 @@ def ssh_authorized_keys_b64():
        return b64encode(keys.read())


-def ssh_compute_remove():
+def ssh_compute_remove(public_key):
    if not (os.path.isfile(authorized_keys()) or
            os.path.isfile(known_hosts())):
        return
-    # NOTE: compute names its ssh key as ${service}-{$unit_num}.  we dont
-    #       have access to relation settings from departed hooks, so
-    #       we need to remove key based on keyname only.
-    key_name = remote_unit().replace('/', '-')
+
    with open(authorized_keys()) as _keys:
-        keys = _keys.readlines()
-    [keys.remove(key) for key in keys if key_name in key]
+        keys = [k.strip() for k in _keys.readlines()]
+
+    if public_key not in keys:
+        return
+
+    [keys.remove(key) for key in keys if key == public_key]
+
    with open(authorized_keys(), 'w') as _keys:
        _keys.write('\n'.join(keys))

--- a/unit_tests/test_nova_cc_utils.py
+++ b/unit_tests/test_nova_cc_utils.py
@ -325,8 +325,8 @@ class NovaCCUtilsTests(CharmTestCase):
    @patch('os.path.isfile')
    def test_ssh_compute_remove(self, isfile, auth_key, known_host):
        isfile.return_value = False
-        utils.ssh_compute_remove()
-        self.assertFalse(self.remote_unit.called)
+
+        removed_key = AUTHORIZED_KEYS.split('\n')[2]

        keys_removed = (
            "\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC27Us7lSjCpa7bumXAgc "
@ -340,7 +340,7 @@ class NovaCCUtilsTests(CharmTestCase):
            _file.readlines = MagicMock()
            _file.write = MagicMock()
            _file.readlines.return_value = AUTHORIZED_KEYS.split('\n')
-            utils.ssh_compute_remove()
+            utils.ssh_compute_remove(removed_key)
            _file.write.assert_called_with(keys_removed)

    def test_network_manager_untranslated(self):