diff --git a/nova/api/openstack/compute/console_auth_tokens.py b/nova/api/openstack/compute/console_auth_tokens.py index b295ac05aa77..0e9c5608d529 100644 --- a/nova/api/openstack/compute/console_auth_tokens.py +++ b/nova/api/openstack/compute/console_auth_tokens.py @@ -49,24 +49,25 @@ class ConsoleAuthTokensController(wsgi.Controller): # with one instance, which can only be in one cell. for result in results.values(): if not nova_context.is_cell_failure_sentinel(result): - connect_info = result.to_dict() + connect_info = result break if not connect_info: raise webob.exc.HTTPNotFound(explanation=_("Token not found")) - console_type = connect_info.get('console_type') + console_type = connect_info.console_type if rdp_only and console_type != "rdp-html5": raise webob.exc.HTTPUnauthorized( explanation=_("The requested console type details are not " "accessible")) - return {'console': - {i: connect_info[i] - for i in ['instance_uuid', 'host', 'port', - 'internal_access_path'] - if i in connect_info}} + return {'console': { + 'instance_uuid': connect_info.instance_uuid, + 'host': connect_info.host, + 'port': connect_info.port, + 'internal_access_path': connect_info.internal_access_path, + }} @wsgi.Controller.api_version("2.1", "2.30") @wsgi.expected_errors((400, 401, 404)) diff --git a/nova/console/websocketproxy.py b/nova/console/websocketproxy.py index 45b409e604b2..4d79f40c7faf 100644 --- a/nova/console/websocketproxy.py +++ b/nova/console/websocketproxy.py @@ -99,13 +99,14 @@ class NovaProxyRequestHandlerBase(object): # deployments due to DNS configuration and break VNC access completely return str(self.client_address[0]) - def verify_origin_proto(self, connection_info, origin_proto): - access_url = connection_info.get('access_url') - if not access_url: - detail = _("No access_url in connection_info. " - "Cannot validate protocol") + def verify_origin_proto(self, connect_info, origin_proto): + if 'access_url_base' not in connect_info: + detail = _("No access_url_base in connect_info. " + "Cannot validate protocol") raise exception.ValidationError(detail=detail) - expected_protos = [urlparse.urlparse(access_url).scheme] + + expected_protos = [ + urlparse.urlparse(connect_info.access_url_base).scheme] # NOTE: For serial consoles the expected protocol could be ws or # wss which correspond to http and https respectively in terms of # security. @@ -133,11 +134,11 @@ class NovaProxyRequestHandlerBase(object): # NOTE(PaulMurray) ConsoleAuthToken.validate validates the token. # We call the compute manager directly to check the console port # is correct. - connect_info = objects.ConsoleAuthToken.validate(ctxt, token).to_dict() + connect_info = objects.ConsoleAuthToken.validate(ctxt, token) valid_port = self._check_console_port( - ctxt, connect_info['instance_uuid'], connect_info['port'], - connect_info['console_type']) + ctxt, connect_info.instance_uuid, connect_info.port, + connect_info.console_type) if not valid_port: raise exception.InvalidToken(token='***') @@ -220,8 +221,8 @@ class NovaProxyRequestHandlerBase(object): raise exception.ValidationError(detail=detail) self.msg(_('connect info: %s'), str(connect_info)) - host = connect_info['host'] - port = int(connect_info['port']) + host = connect_info.host + port = connect_info.port # Connect to the target self.msg(_("connecting to: %(host)s:%(port)s") % {'host': host, @@ -229,20 +230,21 @@ class NovaProxyRequestHandlerBase(object): tsock = self.socket(host, port, connect=True) # Handshake as necessary - if connect_info.get('internal_access_path'): - tsock.send(encodeutils.safe_encode( - "CONNECT %s HTTP/1.1\r\n\r\n" % - connect_info['internal_access_path'])) - end_token = "\r\n\r\n" - while True: - data = tsock.recv(4096, socket.MSG_PEEK) - token_loc = data.find(end_token) - if token_loc != -1: - if data.split("\r\n")[0].find("200") == -1: - raise exception.InvalidConnectionInfo() - # remove the response from recv buffer - tsock.recv(token_loc + len(end_token)) - break + if 'internal_access_path' in connect_info: + path = connect_info.internal_access_path + if path: + tsock.send(encodeutils.safe_encode( + 'CONNECT %s HTTP/1.1\r\n\r\n' % path)) + end_token = "\r\n\r\n" + while True: + data = tsock.recv(4096, socket.MSG_PEEK) + token_loc = data.find(end_token) + if token_loc != -1: + if data.split("\r\n")[0].find("200") == -1: + raise exception.InvalidConnectionInfo() + # remove the response from recv buffer + tsock.recv(token_loc + len(end_token)) + break if self.server.security_proxy is not None: tenant_sock = TenantSock(self) diff --git a/nova/objects/console_auth_token.py b/nova/objects/console_auth_token.py index 350f7f6769a9..8dcdb610d8b9 100644 --- a/nova/objects/console_auth_token.py +++ b/nova/objects/console_auth_token.py @@ -80,24 +80,6 @@ class ConsoleAuthToken(base.NovaTimestampObject, base.NovaObject): obj.obj_reset_changes() return obj - def to_dict(self): - """Convert to a dict representation.""" - # NOTE(PaulMurray) For compatibility while there is code that - # expects the dict representation returned by consoleauth. - # TODO(PaulMurray) Remove this function when the code no - # longer expects the consoleauth dict representation - connect_info = {} - connect_info['token'] = self.token, - connect_info['instance_uuid'] = self.instance_uuid - connect_info['console_type'] = self.console_type - connect_info['host'] = self.host - connect_info['port'] = self.port - if 'internal_access_path' in self: - connect_info['internal_access_path'] = self.internal_access_path - if 'access_url_base' in self: - connect_info['access_url'] = self.access_url - return connect_info - @base.remotable def authorize(self, ttl): """Authorise the console token and store in the database. diff --git a/nova/vnc/xvp_proxy.py b/nova/vnc/xvp_proxy.py index f8a1c8b4d0f4..ed1b0496854a 100644 --- a/nova/vnc/xvp_proxy.py +++ b/nova/vnc/xvp_proxy.py @@ -64,15 +64,15 @@ class XCPVNCProxy(object): def handshake(self, req, connect_info, sockets): """Execute hypervisor-specific vnc auth handshaking (if needed).""" - host = connect_info['host'] - port = int(connect_info['port']) + host = connect_info.host + port = connect_info.port server = eventlet.connect((host, port)) # Handshake as necessary - if connect_info.get('internal_access_path'): - server.sendall("CONNECT %s HTTP/1.1\r\n\r\n" % - connect_info['internal_access_path']) + if 'internal_access_path' in connect_info: + path = connect_info.internal_access_path + server.sendall('CONNECT %s HTTP/1.1\r\n\r\n' % path) data = "" while True: @@ -132,8 +132,7 @@ class XCPVNCProxy(object): ctxt = context.get_admin_context() try: - connect_info = objects.ConsoleAuthToken.validate( - ctxt, token).to_dict() + connect_info = objects.ConsoleAuthToken.validate(ctxt, token) except exception.InvalidToken: LOG.info("Request made with invalid token: %s", req) start_response('401 Not Authorized',