aria/multivim-plugin/nova_plugin/keypair.py - onap/so - Gitiles

 #########
 # Copyright (c) 2014 GigaSpaces Technologies Ltd. All rights reserved
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 #  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  * See the License for the specific language governing permissions and
 #  * limitations under the License.

 import os
 import errno
 from getpass import getuser

 from cloudify import ctx
 from cloudify.decorators import operation
 from cloudify.exceptions import NonRecoverableError
 from openstack_plugin_common import (
     with_nova_client,
     validate_resource,
     use_external_resource,
     transform_resource_name,
     is_external_resource,
     is_external_resource_not_conditionally_created,
     delete_runtime_properties,
     get_resource_id,
     delete_resource_and_runtime_properties,
     OPENSTACK_ID_PROPERTY,
     OPENSTACK_TYPE_PROPERTY,
     OPENSTACK_NAME_PROPERTY,
     COMMON_RUNTIME_PROPERTIES_KEYS
 )

 RUNTIME_PROPERTIES_KEYS = COMMON_RUNTIME_PROPERTIES_KEYS
 KEYPAIR_OPENSTACK_TYPE = 'keypair'

 PRIVATE_KEY_PATH_PROP = 'private_key_path'


 @operation
 @with_nova_client
 def create(nova_client, args, **kwargs):

     private_key_path = _get_private_key_path()
     pk_exists = _check_private_key_exists(private_key_path)

     if use_external_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE):
         if not pk_exists:
             delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)
             raise NonRecoverableError(
                 'Failed to use external keypair (node {0}): the public key {1}'
                 ' is available on Openstack, but the private key could not be '
                 'found at {2}'.format(ctx.node.id,
                                       ctx.node.properties['resource_id'],
                                       private_key_path))
         return

     if pk_exists:
         raise NonRecoverableError(
             "Can't create keypair - private key path already exists: {0}"
             .format(private_key_path))

     keypair = {
         'name': get_resource_id(ctx, KEYPAIR_OPENSTACK_TYPE),
     }
     keypair.update(ctx.node.properties['keypair'], **args)
     transform_resource_name(ctx, keypair)

     keypair = nova_client.keypairs.create(keypair['name'],
                                           keypair.get('public_key'))
     ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = keypair.id
     ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \
         KEYPAIR_OPENSTACK_TYPE
     ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = keypair.name

     try:
         # write private key file
         _mkdir_p(os.path.dirname(private_key_path))
         with open(private_key_path, 'w') as f:
             f.write(keypair.private_key)
         os.chmod(private_key_path, 0600)
     except Exception:
         _delete_private_key_file()
         delete_resource_and_runtime_properties(ctx, nova_client,
                                                RUNTIME_PROPERTIES_KEYS)
         raise


 @operation
 @with_nova_client
 def delete(nova_client, **kwargs):
     if not is_external_resource(ctx):
         ctx.logger.info('deleting keypair')

         _delete_private_key_file()

         nova_client.keypairs.delete(
             ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY])
     else:
         ctx.logger.info('not deleting keypair since an external keypair is '
                         'being used')

     delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)


 @operation
 @with_nova_client
 def creation_validation(nova_client, **kwargs):

     def validate_private_key_permissions(private_key_path):
         ctx.logger.debug('checking whether private key file {0} has the '
                          'correct permissions'.format(private_key_path))
         if not os.access(private_key_path, os.R_OK):
             err = 'private key file {0} is not readable'\
                 .format(private_key_path)
             ctx.logger.error('VALIDATION ERROR: ' + err)
             raise NonRecoverableError(err)
         ctx.logger.debug('OK: private key file {0} has the correct '
                          'permissions'.format(private_key_path))

     def validate_path_owner(path):
         ctx.logger.debug('checking whether directory {0} is owned by the '
                          'current user'.format(path))
         from pwd import getpwnam, getpwuid

         user = getuser()
         owner = getpwuid(os.stat(path).st_uid).pw_name
         current_user_id = str(getpwnam(user).pw_uid)
         owner_id = str(os.stat(path).st_uid)

         if not current_user_id == owner_id:
             err = '{0} is not owned by the current user (it is owned by {1})'\
                   .format(path, owner)
             ctx.logger.warning('VALIDATION WARNING: {0}'.format(err))
             return
         ctx.logger.debug('OK: {0} is owned by the current user'.format(path))

     validate_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE)

     private_key_path = _get_private_key_path()
     pk_exists = _check_private_key_exists(private_key_path)

     if is_external_resource_not_conditionally_created(ctx):
         if pk_exists:
             if os.name == 'posix':
                 validate_private_key_permissions(private_key_path)
                 validate_path_owner(private_key_path)
         else:
             err = "can't use external keypair: the public key {0} is " \
                   "available on Openstack, but the private key could not be " \
                   "found at {1}".format(ctx.node.properties['resource_id'],
                                         private_key_path)
             ctx.logger.error('VALIDATION ERROR: {0}'.format(err))
             raise NonRecoverableError(err)
     else:
         if pk_exists:
             err = 'private key path already exists: {0}'.format(
                 private_key_path)
             ctx.logger.error('VALIDATION ERROR: {0}'.format(err))
             raise NonRecoverableError(err)
         else:
             err = 'private key directory {0} is not writable'
             while private_key_path:
                 if os.path.isdir(private_key_path):
                     if not os.access(private_key_path, os.W_OK | os.X_OK):
                         raise NonRecoverableError(err.format(private_key_path))
                     else:
                         break
                 private_key_path, _ = os.path.split(private_key_path)

     ctx.logger.debug('OK: keypair configuration is valid')


 def _get_private_key_path():
     return os.path.expanduser(ctx.node.properties[PRIVATE_KEY_PATH_PROP])


 def _delete_private_key_file():
     private_key_path = _get_private_key_path()
     ctx.logger.debug('deleting private key file at {0}'.format(
         private_key_path))
     try:
         os.remove(private_key_path)
     except OSError as e:
         if e.errno == errno.ENOENT:
             # file was already deleted somehow
             pass
         raise


 def _check_private_key_exists(private_key_path):
     return os.path.isfile(private_key_path)


 def _mkdir_p(path):
     if path and not os.path.isdir(path):
         os.makedirs(path)
	#########
	# Copyright (c) 2014 GigaSpaces Technologies Ltd. All rights reserved
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# * See the License for the specific language governing permissions and
	# * limitations under the License.

	import os
	import errno
	from getpass import getuser

	from cloudify import ctx
	from cloudify.decorators import operation
	from cloudify.exceptions import NonRecoverableError
	from openstack_plugin_common import (
	with_nova_client,
	validate_resource,
	use_external_resource,
	transform_resource_name,
	is_external_resource,
	is_external_resource_not_conditionally_created,
	delete_runtime_properties,
	get_resource_id,
	delete_resource_and_runtime_properties,
	OPENSTACK_ID_PROPERTY,
	OPENSTACK_TYPE_PROPERTY,
	OPENSTACK_NAME_PROPERTY,
	COMMON_RUNTIME_PROPERTIES_KEYS
	)

	RUNTIME_PROPERTIES_KEYS = COMMON_RUNTIME_PROPERTIES_KEYS
	KEYPAIR_OPENSTACK_TYPE = 'keypair'

	PRIVATE_KEY_PATH_PROP = 'private_key_path'


	@operation
	@with_nova_client
	def create(nova_client, args, **kwargs):

	private_key_path = _get_private_key_path()
	pk_exists = _check_private_key_exists(private_key_path)

	if use_external_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE):
	if not pk_exists:
	delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)
	raise NonRecoverableError(
	'Failed to use external keypair (node {0}): the public key {1}'
	' is available on Openstack, but the private key could not be '
	'found at {2}'.format(ctx.node.id,
	ctx.node.properties['resource_id'],
	private_key_path))
	return

	if pk_exists:
	raise NonRecoverableError(
	"Can't create keypair - private key path already exists: {0}"
	.format(private_key_path))

	keypair = {
	'name': get_resource_id(ctx, KEYPAIR_OPENSTACK_TYPE),
	}
	keypair.update(ctx.node.properties['keypair'], **args)
	transform_resource_name(ctx, keypair)

	keypair = nova_client.keypairs.create(keypair['name'],
	keypair.get('public_key'))
	ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY] = keypair.id
	ctx.instance.runtime_properties[OPENSTACK_TYPE_PROPERTY] = \
	KEYPAIR_OPENSTACK_TYPE
	ctx.instance.runtime_properties[OPENSTACK_NAME_PROPERTY] = keypair.name

	try:
	# write private key file
	_mkdir_p(os.path.dirname(private_key_path))
	with open(private_key_path, 'w') as f:
	f.write(keypair.private_key)
	os.chmod(private_key_path, 0600)
	except Exception:
	_delete_private_key_file()
	delete_resource_and_runtime_properties(ctx, nova_client,
	RUNTIME_PROPERTIES_KEYS)
	raise


	@operation
	@with_nova_client
	def delete(nova_client, **kwargs):
	if not is_external_resource(ctx):
	ctx.logger.info('deleting keypair')

	_delete_private_key_file()

	nova_client.keypairs.delete(
	ctx.instance.runtime_properties[OPENSTACK_ID_PROPERTY])
	else:
	ctx.logger.info('not deleting keypair since an external keypair is '
	'being used')

	delete_runtime_properties(ctx, RUNTIME_PROPERTIES_KEYS)


	@operation
	@with_nova_client
	def creation_validation(nova_client, **kwargs):

	def validate_private_key_permissions(private_key_path):
	ctx.logger.debug('checking whether private key file {0} has the '
	'correct permissions'.format(private_key_path))
	if not os.access(private_key_path, os.R_OK):
	err = 'private key file {0} is not readable'\
	.format(private_key_path)
	ctx.logger.error('VALIDATION ERROR: ' + err)
	raise NonRecoverableError(err)
	ctx.logger.debug('OK: private key file {0} has the correct '
	'permissions'.format(private_key_path))

	def validate_path_owner(path):
	ctx.logger.debug('checking whether directory {0} is owned by the '
	'current user'.format(path))
	from pwd import getpwnam, getpwuid

	user = getuser()
	owner = getpwuid(os.stat(path).st_uid).pw_name
	current_user_id = str(getpwnam(user).pw_uid)
	owner_id = str(os.stat(path).st_uid)

	if not current_user_id == owner_id:
	err = '{0} is not owned by the current user (it is owned by {1})'\
	.format(path, owner)
	ctx.logger.warning('VALIDATION WARNING: {0}'.format(err))
	return
	ctx.logger.debug('OK: {0} is owned by the current user'.format(path))

	validate_resource(ctx, nova_client, KEYPAIR_OPENSTACK_TYPE)

	private_key_path = _get_private_key_path()
	pk_exists = _check_private_key_exists(private_key_path)

	if is_external_resource_not_conditionally_created(ctx):
	if pk_exists:
	if os.name == 'posix':
	validate_private_key_permissions(private_key_path)
	validate_path_owner(private_key_path)
	else:
	err = "can't use external keypair: the public key {0} is " \
	"available on Openstack, but the private key could not be " \
	"found at {1}".format(ctx.node.properties['resource_id'],
	private_key_path)
	ctx.logger.error('VALIDATION ERROR: {0}'.format(err))
	raise NonRecoverableError(err)
	else:
	if pk_exists:
	err = 'private key path already exists: {0}'.format(
	private_key_path)
	ctx.logger.error('VALIDATION ERROR: {0}'.format(err))
	raise NonRecoverableError(err)
	else:
	err = 'private key directory {0} is not writable'
	while private_key_path:
	if os.path.isdir(private_key_path):
	if not os.access(private_key_path, os.W_OK \| os.X_OK):
	raise NonRecoverableError(err.format(private_key_path))
	else:
	break
	private_key_path, _ = os.path.split(private_key_path)

	ctx.logger.debug('OK: keypair configuration is valid')


	def _get_private_key_path():
	return os.path.expanduser(ctx.node.properties[PRIVATE_KEY_PATH_PROP])


	def _delete_private_key_file():
	private_key_path = _get_private_key_path()
	ctx.logger.debug('deleting private key file at {0}'.format(
	private_key_path))
	try:
	os.remove(private_key_path)
	except OSError as e:
	if e.errno == errno.ENOENT:
	# file was already deleted somehow
	pass
	raise


	def _check_private_key_exists(private_key_path):
	return os.path.isfile(private_key_path)


	def _mkdir_p(path):
	if path and not os.path.isdir(path):
	os.makedirs(path)