152 lines
4.7 KiB
Python
152 lines
4.7 KiB
Python
# Copyright 2014
|
|
# The Cloudscaling Group, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import base64
|
|
|
|
from cryptography.hazmat import backends
|
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
from cryptography.hazmat.primitives import serialization as crypt_serialization
|
|
from novaclient import exceptions as nova_exception
|
|
from oslo_config import cfg
|
|
from oslo_log import log as logging
|
|
|
|
from ec2api.api import common
|
|
from ec2api import clients
|
|
from ec2api import exception
|
|
from ec2api.i18n import _
|
|
|
|
|
|
CONF = cfg.CONF
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
"""Keypair-object related API implementation
|
|
"""
|
|
|
|
|
|
Validator = common.Validator
|
|
|
|
|
|
class KeyPairDescriber(common.UniversalDescriber):
|
|
|
|
KIND = 'kp'
|
|
FILTER_MAP = {'fingerprint': 'keyFingerprint',
|
|
'key-name': 'keyName'}
|
|
|
|
def format(self, _item, key_pair):
|
|
return _format_key_pair(key_pair)
|
|
|
|
def get_db_items(self):
|
|
return []
|
|
|
|
def get_os_items(self):
|
|
# Original EC2 in nova filters out vpn keys for admin user.
|
|
# We're not filtering out the vpn keys for now.
|
|
# In order to implement this we'd have to configure vpn_key_suffix
|
|
# in our config which we consider an overkill.
|
|
# suffix = CONF.vpn_key_suffix
|
|
# if context.is_admin or not key_pair['name'].endswith(suffix):
|
|
nova = clients.nova(self.context)
|
|
return nova.keypairs.list()
|
|
|
|
def auto_update_db(self, item, os_item):
|
|
pass
|
|
|
|
def get_id(self, os_item):
|
|
return ''
|
|
|
|
def get_name(self, key_pair):
|
|
return key_pair.name
|
|
|
|
|
|
def describe_key_pairs(context, key_name=None, filter=None):
|
|
formatted_key_pairs = KeyPairDescriber().describe(context, names=key_name,
|
|
filter=filter)
|
|
return {'keySet': formatted_key_pairs}
|
|
|
|
|
|
def _validate_name(name):
|
|
if len(name) > 255:
|
|
raise exception.InvalidParameterValue(
|
|
value=name,
|
|
parameter='KeyName',
|
|
reason='lenght is exceeds maximum of 255')
|
|
|
|
|
|
# We may wish to make the algorithm configurable. This would require API
|
|
# changes.
|
|
def _generate_key_pair():
|
|
key = rsa.generate_private_key(
|
|
backend=backends.default_backend(),
|
|
public_exponent=65537,
|
|
key_size=2048
|
|
)
|
|
private_key = key.private_bytes(
|
|
crypt_serialization.Encoding.PEM,
|
|
crypt_serialization.PrivateFormat.TraditionalOpenSSL,
|
|
crypt_serialization.NoEncryption(),
|
|
).decode()
|
|
public_key = key.public_key().public_bytes(
|
|
crypt_serialization.Encoding.OpenSSH,
|
|
crypt_serialization.PublicFormat.OpenSSH,
|
|
).decode()
|
|
return private_key, public_key
|
|
|
|
|
|
def create_key_pair(context, key_name):
|
|
_validate_name(key_name)
|
|
nova = clients.nova(context)
|
|
private_key, public_key = _generate_key_pair()
|
|
try:
|
|
key_pair = nova.keypairs.create(key_name, public_key)
|
|
except nova_exception.OverLimit:
|
|
raise exception.ResourceLimitExceeded(resource='keypairs')
|
|
except nova_exception.Conflict:
|
|
raise exception.InvalidKeyPairDuplicate(key_name=key_name)
|
|
formatted_key_pair = _format_key_pair(key_pair)
|
|
formatted_key_pair['keyMaterial'] = private_key
|
|
return formatted_key_pair
|
|
|
|
|
|
def import_key_pair(context, key_name, public_key_material):
|
|
_validate_name(key_name)
|
|
if not public_key_material:
|
|
raise exception.MissingParameter(
|
|
_('The request must contain the parameter PublicKeyMaterial'))
|
|
nova = clients.nova(context)
|
|
public_key = base64.b64decode(public_key_material).decode("utf-8")
|
|
try:
|
|
key_pair = nova.keypairs.create(key_name, public_key)
|
|
except nova_exception.OverLimit:
|
|
raise exception.ResourceLimitExceeded(resource='keypairs')
|
|
except nova_exception.Conflict:
|
|
raise exception.InvalidKeyPairDuplicate(key_name=key_name)
|
|
return _format_key_pair(key_pair)
|
|
|
|
|
|
def delete_key_pair(context, key_name):
|
|
nova = clients.nova(context)
|
|
try:
|
|
nova.keypairs.delete(key_name)
|
|
except nova_exception.NotFound:
|
|
# aws returns true even if the key doesn't exist
|
|
pass
|
|
return True
|
|
|
|
|
|
def _format_key_pair(key_pair):
|
|
return {'keyName': key_pair.name,
|
|
'keyFingerprint': key_pair.fingerprint
|
|
}
|