Merge "Check values for EC2."

This commit is contained in:
Jenkins 2012-03-23 17:59:24 +00:00 committed by Gerrit Code Review
commit f3ce326a8c
1 changed files with 55 additions and 6 deletions

View File

@ -144,11 +144,11 @@ class Ec2Controller(wsgi.Application):
if not credentials and ec2Credentials:
credentials = ec2Credentials
creds_ref = self.ec2_api.get_credential(context,
credentials['access'])
if not creds_ref:
raise exception.Unauthorized(message='EC2 access key not found.')
if not 'access' in credentials:
raise exception.Unauthorized(message='EC2 signature not supplied.')
creds_ref = self._get_credentials(context,
credentials['access'])
self.check_signature(creds_ref, credentials)
# TODO(termie): don't create new tokens every time
@ -204,6 +204,10 @@ class Ec2Controller(wsgi.Application):
"""
if not self._is_admin(context):
self._assert_identity(context, user_id)
self._assert_valid_user_id(context, user_id)
self._assert_valid_tenant_id(context, tenant_id)
cred_ref = {'user_id': user_id,
'tenant_id': tenant_id,
'access': uuid.uuid4().hex,
@ -220,6 +224,7 @@ class Ec2Controller(wsgi.Application):
"""
if not self._is_admin(context):
self._assert_identity(context, user_id)
self._assert_valid_user_id(context, user_id)
return {'credentials': self.ec2_api.list_credentials(context, user_id)}
def get_credential(self, context, user_id, credential_id):
@ -234,8 +239,8 @@ class Ec2Controller(wsgi.Application):
"""
if not self._is_admin(context):
self._assert_identity(context, user_id)
return {'credential': self.ec2_api.get_credential(context,
credential_id)}
creds = self._get_credentials(context, credential_id)
return {'credential': creds}
def delete_credential(self, context, user_id, credential_id):
"""Delete a user's access/secret pair.
@ -250,8 +255,24 @@ class Ec2Controller(wsgi.Application):
if not self._is_admin(context):
self._assert_identity(context, user_id)
self._assert_owner(context, user_id, credential_id)
self._get_credentials(context, credential_id)
return self.ec2_api.delete_credential(context, credential_id)
def _get_credentials(self, context, credential_id):
"""Return credentials from an ID.
:param context: standard context
:param credential_id: id of credential
:raises exception.Unauthorized: when credential id is invalid
:returns: credential: dict of ec2 credential.
"""
creds = self.ec2_api.get_credential(context,
credential_id)
if not creds:
raise exception.Unauthorized(message='EC2 access key not found.')
return creds
def _assert_identity(self, context, user_id):
"""Check that the provided token belongs to the user.
@ -294,3 +315,31 @@ class Ec2Controller(wsgi.Application):
cred_ref = self.ec2_api.get_credential(context, credential_id)
if not user_id == cred_ref['user_id']:
raise exception.Forbidden()
def _assert_valid_user_id(self, context, user_id):
"""Ensure a valid user id.
:param context: standard context
:param user_id: expected credential owner
:raises exception.UserNotFound: on failure
"""
user_ref = self.identity_api.get_user(
context=context,
user_id=user_id)
if not user_ref:
raise exception.UserNotFound(user_id=user_id)
def _assert_valid_tenant_id(self, context, tenant_id):
"""Ensure a valid tenant id.
:param context: standard context
:param user_id: expected credential owner
:raises exception.UserNotFound: on failure
"""
tenant_ref = self.identity_api.get_tenant(
context=context,
tenant_id=tenant_id)
if not tenant_ref:
raise exception.TenantNotFound(tenant_id=tenant_id)