openstack/glance
Code Issues Proposed changes

Add in security context information

Browse Source
This commit is contained in:
Kevin L. Mitchell 2011-07-20 22:53:44 +00:00
parent 78c9c3ad55
commit 52064a6378
8 changed files with 64 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/glance-api.conf
View File

@ -52,7 +52,7 @@ swift_store_container = glance
swift_store_create_container_on_put = False
[pipeline:glance-api]
pipeline = versionnegotiation apiv1app
pipeline = versionnegotiation context apiv1app
[pipeline:versions]
pipeline = versionsapp
@ -65,3 +65,6 @@ paste.app_factory = glance.api.v1:app_factory
[filter:versionnegotiation]
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
[filter:context]
paste.filter_factory = glance.common.context:filter_factory

8
etc/glance-registry.conf
View File

@ -29,5 +29,11 @@ sql_connection = sqlite:///glance.sqlite
# before MySQL can drop the connection.
sql_idle_timeout = 3600
[app:glance-registry]
[pipeline:glance-registry]
pipeline = context registryapp
[app:registryapp]
paste.app_factory = glance.registry.server:app_factory
[filter:context]
paste.filter_factory = glance.common.context:filter_factory

24
glance/api/v1/images.py
View File

@ -96,7 +96,8 @@ class Controller(object):
"""
params = self._get_query_params(req)
try:
images = registry.get_images_list(self.options, **params)
images = registry.get_images_list(self.options, req.context,
**params)
except exception.Invalid, e:
raise HTTPBadRequest(explanation=str(e))
@ -126,7 +127,8 @@ class Controller(object):
"""
params = self._get_query_params(req)
try:
images = registry.get_images_detail(self.options, **params)
images = registry.get_images_detail(self.options, req.context,
**params)
except exception.Invalid, e:
raise HTTPBadRequest(explanation=str(e))
return dict(images=images)
@ -226,6 +228,7 @@ class Controller(object):
try:
image_meta = registry.add_image_metadata(self.options,
req.context,
image_meta)
return image_meta
except exception.Duplicate:
@ -267,7 +270,7 @@ class Controller(object):
image_id = image_meta['id']
logger.debug("Setting image %s to status 'saving'" % image_id)
registry.update_image_metadata(self.options, image_id,
registry.update_image_metadata(self.options, req.context, image_id,
{'status': 'saving'})
try:
logger.debug("Uploading image data for image %(image_id)s "
@ -294,7 +297,8 @@ class Controller(object):
logger.debug("Updating image %(image_id)s data. "
"Checksum set to %(checksum)s, size set "
"to %(size)d" % locals())
registry.update_image_metadata(self.options, image_id,
registry.update_image_metadata(self.options, req.context,
image_id,
{'checksum': checksum,
'size': size})
@ -325,6 +329,7 @@ class Controller(object):
image_meta['location'] = location
image_meta['status'] = 'active'
return registry.update_image_metadata(self.options,
req.context,
image_id,
image_meta)
@ -336,6 +341,7 @@ class Controller(object):
:param image_id: Opaque image identifier
"""
registry.update_image_metadata(self.options,
req.context,
image_id,
{'status': 'killed'})
@ -432,8 +438,9 @@ class Controller(object):
raise HTTPConflict("Cannot upload to an unqueued image")
try:
image_meta = registry.update_image_metadata(self.options, id,
image_meta, True)
image_meta = registry.update_image_metadata(self.options,
req.context, id,
image_meta, True)
if image_data is not None:
image_meta = self._upload_and_activate(req, image_meta)
except exception.Invalid, e:
@ -471,7 +478,7 @@ class Controller(object):
"Continuing with deletion from registry."
logger.error(msg % (image['location'],))
registry.delete_image_metadata(self.options, id)
registry.delete_image_metadata(self.options, req.context, id)
def get_image_meta_or_404(self, request, id):
"""
@ -484,7 +491,8 @@ class Controller(object):
:raises HTTPNotFound if image does not exist
"""
try:
return registry.get_image_metadata(self.options, id)
return registry.get_image_metadata(self.options,
request.context, id)
except exception.NotFound:
msg = "Image with identifier %s not found" % id
logger.debug(msg)

6
glance/client.py
View File

@ -35,7 +35,8 @@ class V1Client(base_client.BaseClient):
DEFAULT_PORT = 9292
def __init__(self, host, port=None, use_ssl=False, doc_root="/v1"):
def __init__(self, host, port=None, use_ssl=False, doc_root="/v1",
auth_tok=None):
"""
Creates a new client to a Glance API service.
@ -43,10 +44,11 @@ class V1Client(base_client.BaseClient):
:param port: The port where Glance resides (defaults to 9292)
:param use_ssl: Should we use HTTPS? (defaults to False)
:param doc_root: Prefix for all URLs we request from host
:param auth_tok: The auth token to pass to the server
"""
port = port or self.DEFAULT_PORT
self.doc_root = doc_root
super(Client, self).__init__(host, port, use_ssl)
super(Client, self).__init__(host, port, use_ssl, auth_tok)
def do_request(self, method, action, body=None, headers=None, params=None):
action = "%s/%s" % (self.doc_root, action.lstrip("/"))

6
glance/common/client.py
View File

@ -41,17 +41,19 @@ class BaseClient(object):
CHUNKSIZE = 65536
def __init__(self, host, port, use_ssl):
def __init__(self, host, port, use_ssl, auth_tok):
"""
Creates a new client to some service.
:param host: The host where service resides
:param port: The port where service resides
:param use_ssl: Should we use HTTPS?
:param auth_tok: The auth token to pass to the server
"""
self.host = host
self.port = port
self.use_ssl = use_ssl
self.auth_tok = auth_tok
self.connection = None
def get_connection_type(self):
@ -99,6 +101,8 @@ class BaseClient(object):
try:
connection_type = self.get_connection_type()
headers = headers or {}
if 'x-auth-token' not in headers and self.auth_tok:
headers['x-auth-token'] = self.auth_tok
c = connection_type(self.host, self.port)
# Do a simple request or a chunked request, depending

29
glance/registry/__init__.py
View File

@ -26,33 +26,33 @@ from glance.registry import client
logger = logging.getLogger('glance.registry')
def get_registry_client(options):
def get_registry_client(options, cxt):
host = options['registry_host']
port = int(options['registry_port'])
return client.RegistryClient(host, port)
return client.RegistryClient(host, port, auth_tok=cxt.auth_tok)
def get_images_list(options, **kwargs):
c = get_registry_client(options)
def get_images_list(options, context, **kwargs):
c = get_registry_client(options, context)
return c.get_images(**kwargs)
def get_images_detail(options, **kwargs):
c = get_registry_client(options)
def get_images_detail(options, context, **kwargs):
c = get_registry_client(options, context)
return c.get_images_detailed(**kwargs)
def get_image_metadata(options, image_id):
c = get_registry_client(options)
def get_image_metadata(options, context, image_id):
c = get_registry_client(options, context)
return c.get_image(image_id)
def add_image_metadata(options, image_meta):
def add_image_metadata(options, context, image_meta):
if options['debug']:
logger.debug("Adding image metadata...")
_debug_print_metadata(image_meta)
c = get_registry_client(options)
c = get_registry_client(options, context)
new_image_meta = c.add_image(image_meta)
if options['debug']:
@ -63,12 +63,13 @@ def add_image_metadata(options, image_meta):
return new_image_meta
def update_image_metadata(options, image_id, image_meta, purge_props=False):
def update_image_metadata(options, context, image_id, image_meta,
purge_props=False):
if options['debug']:
logger.debug("Updating image metadata for image %s...", image_id)
_debug_print_metadata(image_meta)
c = get_registry_client(options)
c = get_registry_client(options, context)
new_image_meta = c.update_image(image_id, image_meta, purge_props)
if options['debug']:
@ -79,9 +80,9 @@ def update_image_metadata(options, image_id, image_meta, purge_props=False):
return new_image_meta
def delete_image_metadata(options, image_id):
def delete_image_metadata(options, context, image_id):
logger.debug("Deleting image metadata for image %s...", image_id)
c = get_registry_client(options)
c = get_registry_client(options, context)
return c.delete_image(image_id)

5
glance/registry/client.py
View File

@ -33,16 +33,17 @@ class RegistryClient(BaseClient):
DEFAULT_PORT = 9191
def __init__(self, host, port=None, use_ssl=False):
def __init__(self, host, port=None, use_ssl=False, auth_tok=None):
"""
Creates a new client to a Glance Registry service.
:param host: The host where Glance resides
:param port: The port where Glance resides (defaults to 9191)
:param use_ssl: Should we use HTTPS? (defaults to False)
:param auth_tok: The auth token to pass to the server
"""
port = port or self.DEFAULT_PORT
super(RegistryClient, self).__init__(host, port, use_ssl)
super(RegistryClient, self).__init__(host, port, use_ssl, auth_tok)
def get_images(self, **kwargs):
"""

22
glance/registry/server.py
View File

@ -61,7 +61,7 @@ class Controller(object):
Get images, wrapping in exception if necessary.
"""
try:
return db_api.image_get_all(None, **params)
return db_api.image_get_all(context, **params)
except exception.NotFound, e:
msg = "Invalid marker. Image could not be found."
raise exc.HTTPBadRequest(explanation=msg)
@ -87,7 +87,7 @@ class Controller(object):
}
"""
params = self._get_query_params(req)
images = self._get_images(None, **params)
images = self._get_images(req.context, **params)
results = []
for image in images:
@ -111,7 +111,7 @@ class Controller(object):
"""
params = self._get_query_params(req)
images = self._get_images(None, **params)
images = self._get_images(req.context, **params)
image_dicts = [make_image_dict(i) for i in images]
return dict(images=image_dicts)
@ -223,7 +223,7 @@ class Controller(object):
def show(self, req, id):
"""Return data about the given image id."""
try:
image = db_api.image_get(None, id)
image = db_api.image_get(req.context, id)
except exception.NotFound:
raise exc.HTTPNotFound()
@ -238,9 +238,8 @@ class Controller(object):
:retval Returns 200 if delete was successful, a fault if not.
"""
context = None
try:
db_api.image_destroy(context, id)
db_api.image_destroy(req.context, id)
except exception.NotFound:
return exc.HTTPNotFound()
@ -260,9 +259,8 @@ class Controller(object):
# Ensure the image has a status set
image_data.setdefault('status', 'active')
context = None
try:
image_data = db_api.image_create(context, image_data)
image_data = db_api.image_create(req.context, image_data)
return dict(image=make_image_dict(image_data))
except exception.Duplicate:
msg = ("Image with identifier %s already exists!" % id)
@ -286,15 +284,15 @@ class Controller(object):
image_data = body['image']
purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false")
context = None
try:
logger.debug("Updating image %(id)s with metadata: %(image_data)r"
% locals())
if purge_props == "true":
updated_image = db_api.image_update(context, id, image_data,
True)
updated_image = db_api.image_update(req.context, id,
image_data, True)
else:
updated_image = db_api.image_update(context, id, image_data)
updated_image = db_api.image_update(req.context, id,
image_data)
return dict(image=make_image_dict(updated_image))
except exception.Invalid, e:
msg = ("Failed to update image metadata. "