Add in security context information

This commit is contained in:
Kevin L. Mitchell 2011-07-20 22:53:44 +00:00
parent 78c9c3ad55
commit 52064a6378
8 changed files with 64 additions and 41 deletions

View File

@ -52,7 +52,7 @@ swift_store_container = glance
swift_store_create_container_on_put = False swift_store_create_container_on_put = False
[pipeline:glance-api] [pipeline:glance-api]
pipeline = versionnegotiation apiv1app pipeline = versionnegotiation context apiv1app
[pipeline:versions] [pipeline:versions]
pipeline = versionsapp pipeline = versionsapp
@ -65,3 +65,6 @@ paste.app_factory = glance.api.v1:app_factory
[filter:versionnegotiation] [filter:versionnegotiation]
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory
[filter:context]
paste.filter_factory = glance.common.context:filter_factory

View File

@ -29,5 +29,11 @@ sql_connection = sqlite:///glance.sqlite
# before MySQL can drop the connection. # before MySQL can drop the connection.
sql_idle_timeout = 3600 sql_idle_timeout = 3600
[app:glance-registry] [pipeline:glance-registry]
pipeline = context registryapp
[app:registryapp]
paste.app_factory = glance.registry.server:app_factory paste.app_factory = glance.registry.server:app_factory
[filter:context]
paste.filter_factory = glance.common.context:filter_factory

View File

@ -96,7 +96,8 @@ class Controller(object):
""" """
params = self._get_query_params(req) params = self._get_query_params(req)
try: try:
images = registry.get_images_list(self.options, **params) images = registry.get_images_list(self.options, req.context,
**params)
except exception.Invalid, e: except exception.Invalid, e:
raise HTTPBadRequest(explanation=str(e)) raise HTTPBadRequest(explanation=str(e))
@ -126,7 +127,8 @@ class Controller(object):
""" """
params = self._get_query_params(req) params = self._get_query_params(req)
try: try:
images = registry.get_images_detail(self.options, **params) images = registry.get_images_detail(self.options, req.context,
**params)
except exception.Invalid, e: except exception.Invalid, e:
raise HTTPBadRequest(explanation=str(e)) raise HTTPBadRequest(explanation=str(e))
return dict(images=images) return dict(images=images)
@ -226,6 +228,7 @@ class Controller(object):
try: try:
image_meta = registry.add_image_metadata(self.options, image_meta = registry.add_image_metadata(self.options,
req.context,
image_meta) image_meta)
return image_meta return image_meta
except exception.Duplicate: except exception.Duplicate:
@ -267,7 +270,7 @@ class Controller(object):
image_id = image_meta['id'] image_id = image_meta['id']
logger.debug("Setting image %s to status 'saving'" % image_id) logger.debug("Setting image %s to status 'saving'" % image_id)
registry.update_image_metadata(self.options, image_id, registry.update_image_metadata(self.options, req.context, image_id,
{'status': 'saving'}) {'status': 'saving'})
try: try:
logger.debug("Uploading image data for image %(image_id)s " logger.debug("Uploading image data for image %(image_id)s "
@ -294,7 +297,8 @@ class Controller(object):
logger.debug("Updating image %(image_id)s data. " logger.debug("Updating image %(image_id)s data. "
"Checksum set to %(checksum)s, size set " "Checksum set to %(checksum)s, size set "
"to %(size)d" % locals()) "to %(size)d" % locals())
registry.update_image_metadata(self.options, image_id, registry.update_image_metadata(self.options, req.context,
image_id,
{'checksum': checksum, {'checksum': checksum,
'size': size}) 'size': size})
@ -325,6 +329,7 @@ class Controller(object):
image_meta['location'] = location image_meta['location'] = location
image_meta['status'] = 'active' image_meta['status'] = 'active'
return registry.update_image_metadata(self.options, return registry.update_image_metadata(self.options,
req.context,
image_id, image_id,
image_meta) image_meta)
@ -336,6 +341,7 @@ class Controller(object):
:param image_id: Opaque image identifier :param image_id: Opaque image identifier
""" """
registry.update_image_metadata(self.options, registry.update_image_metadata(self.options,
req.context,
image_id, image_id,
{'status': 'killed'}) {'status': 'killed'})
@ -432,8 +438,9 @@ class Controller(object):
raise HTTPConflict("Cannot upload to an unqueued image") raise HTTPConflict("Cannot upload to an unqueued image")
try: try:
image_meta = registry.update_image_metadata(self.options, id, image_meta = registry.update_image_metadata(self.options,
image_meta, True) req.context, id,
image_meta, True)
if image_data is not None: if image_data is not None:
image_meta = self._upload_and_activate(req, image_meta) image_meta = self._upload_and_activate(req, image_meta)
except exception.Invalid, e: except exception.Invalid, e:
@ -471,7 +478,7 @@ class Controller(object):
"Continuing with deletion from registry." "Continuing with deletion from registry."
logger.error(msg % (image['location'],)) logger.error(msg % (image['location'],))
registry.delete_image_metadata(self.options, id) registry.delete_image_metadata(self.options, req.context, id)
def get_image_meta_or_404(self, request, id): def get_image_meta_or_404(self, request, id):
""" """
@ -484,7 +491,8 @@ class Controller(object):
:raises HTTPNotFound if image does not exist :raises HTTPNotFound if image does not exist
""" """
try: try:
return registry.get_image_metadata(self.options, id) return registry.get_image_metadata(self.options,
request.context, id)
except exception.NotFound: except exception.NotFound:
msg = "Image with identifier %s not found" % id msg = "Image with identifier %s not found" % id
logger.debug(msg) logger.debug(msg)

View File

@ -35,7 +35,8 @@ class V1Client(base_client.BaseClient):
DEFAULT_PORT = 9292 DEFAULT_PORT = 9292
def __init__(self, host, port=None, use_ssl=False, doc_root="/v1"): def __init__(self, host, port=None, use_ssl=False, doc_root="/v1",
auth_tok=None):
""" """
Creates a new client to a Glance API service. Creates a new client to a Glance API service.
@ -43,10 +44,11 @@ class V1Client(base_client.BaseClient):
:param port: The port where Glance resides (defaults to 9292) :param port: The port where Glance resides (defaults to 9292)
:param use_ssl: Should we use HTTPS? (defaults to False) :param use_ssl: Should we use HTTPS? (defaults to False)
:param doc_root: Prefix for all URLs we request from host :param doc_root: Prefix for all URLs we request from host
:param auth_tok: The auth token to pass to the server
""" """
port = port or self.DEFAULT_PORT port = port or self.DEFAULT_PORT
self.doc_root = doc_root self.doc_root = doc_root
super(Client, self).__init__(host, port, use_ssl) super(Client, self).__init__(host, port, use_ssl, auth_tok)
def do_request(self, method, action, body=None, headers=None, params=None): def do_request(self, method, action, body=None, headers=None, params=None):
action = "%s/%s" % (self.doc_root, action.lstrip("/")) action = "%s/%s" % (self.doc_root, action.lstrip("/"))

View File

@ -41,17 +41,19 @@ class BaseClient(object):
CHUNKSIZE = 65536 CHUNKSIZE = 65536
def __init__(self, host, port, use_ssl): def __init__(self, host, port, use_ssl, auth_tok):
""" """
Creates a new client to some service. Creates a new client to some service.
:param host: The host where service resides :param host: The host where service resides
:param port: The port where service resides :param port: The port where service resides
:param use_ssl: Should we use HTTPS? :param use_ssl: Should we use HTTPS?
:param auth_tok: The auth token to pass to the server
""" """
self.host = host self.host = host
self.port = port self.port = port
self.use_ssl = use_ssl self.use_ssl = use_ssl
self.auth_tok = auth_tok
self.connection = None self.connection = None
def get_connection_type(self): def get_connection_type(self):
@ -99,6 +101,8 @@ class BaseClient(object):
try: try:
connection_type = self.get_connection_type() connection_type = self.get_connection_type()
headers = headers or {} headers = headers or {}
if 'x-auth-token' not in headers and self.auth_tok:
headers['x-auth-token'] = self.auth_tok
c = connection_type(self.host, self.port) c = connection_type(self.host, self.port)
# Do a simple request or a chunked request, depending # Do a simple request or a chunked request, depending

View File

@ -26,33 +26,33 @@ from glance.registry import client
logger = logging.getLogger('glance.registry') logger = logging.getLogger('glance.registry')
def get_registry_client(options): def get_registry_client(options, cxt):
host = options['registry_host'] host = options['registry_host']
port = int(options['registry_port']) port = int(options['registry_port'])
return client.RegistryClient(host, port) return client.RegistryClient(host, port, auth_tok=cxt.auth_tok)
def get_images_list(options, **kwargs): def get_images_list(options, context, **kwargs):
c = get_registry_client(options) c = get_registry_client(options, context)
return c.get_images(**kwargs) return c.get_images(**kwargs)
def get_images_detail(options, **kwargs): def get_images_detail(options, context, **kwargs):
c = get_registry_client(options) c = get_registry_client(options, context)
return c.get_images_detailed(**kwargs) return c.get_images_detailed(**kwargs)
def get_image_metadata(options, image_id): def get_image_metadata(options, context, image_id):
c = get_registry_client(options) c = get_registry_client(options, context)
return c.get_image(image_id) return c.get_image(image_id)
def add_image_metadata(options, image_meta): def add_image_metadata(options, context, image_meta):
if options['debug']: if options['debug']:
logger.debug("Adding image metadata...") logger.debug("Adding image metadata...")
_debug_print_metadata(image_meta) _debug_print_metadata(image_meta)
c = get_registry_client(options) c = get_registry_client(options, context)
new_image_meta = c.add_image(image_meta) new_image_meta = c.add_image(image_meta)
if options['debug']: if options['debug']:
@ -63,12 +63,13 @@ def add_image_metadata(options, image_meta):
return new_image_meta return new_image_meta
def update_image_metadata(options, image_id, image_meta, purge_props=False): def update_image_metadata(options, context, image_id, image_meta,
purge_props=False):
if options['debug']: if options['debug']:
logger.debug("Updating image metadata for image %s...", image_id) logger.debug("Updating image metadata for image %s...", image_id)
_debug_print_metadata(image_meta) _debug_print_metadata(image_meta)
c = get_registry_client(options) c = get_registry_client(options, context)
new_image_meta = c.update_image(image_id, image_meta, purge_props) new_image_meta = c.update_image(image_id, image_meta, purge_props)
if options['debug']: if options['debug']:
@ -79,9 +80,9 @@ def update_image_metadata(options, image_id, image_meta, purge_props=False):
return new_image_meta return new_image_meta
def delete_image_metadata(options, image_id): def delete_image_metadata(options, context, image_id):
logger.debug("Deleting image metadata for image %s...", image_id) logger.debug("Deleting image metadata for image %s...", image_id)
c = get_registry_client(options) c = get_registry_client(options, context)
return c.delete_image(image_id) return c.delete_image(image_id)

View File

@ -33,16 +33,17 @@ class RegistryClient(BaseClient):
DEFAULT_PORT = 9191 DEFAULT_PORT = 9191
def __init__(self, host, port=None, use_ssl=False): def __init__(self, host, port=None, use_ssl=False, auth_tok=None):
""" """
Creates a new client to a Glance Registry service. Creates a new client to a Glance Registry service.
:param host: The host where Glance resides :param host: The host where Glance resides
:param port: The port where Glance resides (defaults to 9191) :param port: The port where Glance resides (defaults to 9191)
:param use_ssl: Should we use HTTPS? (defaults to False) :param use_ssl: Should we use HTTPS? (defaults to False)
:param auth_tok: The auth token to pass to the server
""" """
port = port or self.DEFAULT_PORT port = port or self.DEFAULT_PORT
super(RegistryClient, self).__init__(host, port, use_ssl) super(RegistryClient, self).__init__(host, port, use_ssl, auth_tok)
def get_images(self, **kwargs): def get_images(self, **kwargs):
""" """

View File

@ -61,7 +61,7 @@ class Controller(object):
Get images, wrapping in exception if necessary. Get images, wrapping in exception if necessary.
""" """
try: try:
return db_api.image_get_all(None, **params) return db_api.image_get_all(context, **params)
except exception.NotFound, e: except exception.NotFound, e:
msg = "Invalid marker. Image could not be found." msg = "Invalid marker. Image could not be found."
raise exc.HTTPBadRequest(explanation=msg) raise exc.HTTPBadRequest(explanation=msg)
@ -87,7 +87,7 @@ class Controller(object):
} }
""" """
params = self._get_query_params(req) params = self._get_query_params(req)
images = self._get_images(None, **params) images = self._get_images(req.context, **params)
results = [] results = []
for image in images: for image in images:
@ -111,7 +111,7 @@ class Controller(object):
""" """
params = self._get_query_params(req) params = self._get_query_params(req)
images = self._get_images(None, **params) images = self._get_images(req.context, **params)
image_dicts = [make_image_dict(i) for i in images] image_dicts = [make_image_dict(i) for i in images]
return dict(images=image_dicts) return dict(images=image_dicts)
@ -223,7 +223,7 @@ class Controller(object):
def show(self, req, id): def show(self, req, id):
"""Return data about the given image id.""" """Return data about the given image id."""
try: try:
image = db_api.image_get(None, id) image = db_api.image_get(req.context, id)
except exception.NotFound: except exception.NotFound:
raise exc.HTTPNotFound() raise exc.HTTPNotFound()
@ -238,9 +238,8 @@ class Controller(object):
:retval Returns 200 if delete was successful, a fault if not. :retval Returns 200 if delete was successful, a fault if not.
""" """
context = None
try: try:
db_api.image_destroy(context, id) db_api.image_destroy(req.context, id)
except exception.NotFound: except exception.NotFound:
return exc.HTTPNotFound() return exc.HTTPNotFound()
@ -260,9 +259,8 @@ class Controller(object):
# Ensure the image has a status set # Ensure the image has a status set
image_data.setdefault('status', 'active') image_data.setdefault('status', 'active')
context = None
try: try:
image_data = db_api.image_create(context, image_data) image_data = db_api.image_create(req.context, image_data)
return dict(image=make_image_dict(image_data)) return dict(image=make_image_dict(image_data))
except exception.Duplicate: except exception.Duplicate:
msg = ("Image with identifier %s already exists!" % id) msg = ("Image with identifier %s already exists!" % id)
@ -286,15 +284,15 @@ class Controller(object):
image_data = body['image'] image_data = body['image']
purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false") purge_props = req.headers.get("X-Glance-Registry-Purge-Props", "false")
context = None
try: try:
logger.debug("Updating image %(id)s with metadata: %(image_data)r" logger.debug("Updating image %(id)s with metadata: %(image_data)r"
% locals()) % locals())
if purge_props == "true": if purge_props == "true":
updated_image = db_api.image_update(context, id, image_data, updated_image = db_api.image_update(req.context, id,
True) image_data, True)
else: else:
updated_image = db_api.image_update(context, id, image_data) updated_image = db_api.image_update(req.context, id,
image_data)
return dict(image=make_image_dict(updated_image)) return dict(image=make_image_dict(updated_image))
except exception.Invalid, e: except exception.Invalid, e:
msg = ("Failed to update image metadata. " msg = ("Failed to update image metadata. "