Cleaned up EC2 keypair situation

Implemented ImportKeyPair operation. Left our nonstandard CreateKeyPair behavior, but disabled.
Closes #36

messaging/gt4.0-elastic/java/msgbridge/etc/elastic/elastic.conf

@@ -55,19 +55,19 @@ repository.idauthz=
 #
 ################################################################################
 
-# The expected behavior of create-key by elastic clients is for the service to
-# *generate* a keypair server-side and return the private key.
+# In the past, the Elastic API only supported *generating* a key pair in the
+# server side. Nimbus supported an optional avenue for uploading your own
+# private key instead. Now there is also an ImportKeyPair operation which
+# is part of the API. This should be used instead.
 #
-# By default this service does something different but it can be changed to
-# do that.
+# If you rely on the legacy behavior of CreateKeyPair, it can be enabled below:
 #
 # Instead of sending the name of the key to create, clients can send the name
 # of the key and the public key value.  Including a separation token (defined
 # below) is necessary.
 #
-# You can disable this behavior by setting "ssh.pubkey.only=false" here.
-
-ssh.pubkey.only=true
+# You can enable/disable this behavior by setting true or false here:
+ssh.pubkey.only=false
 
 
 # If "ssh.pubkey.only=true" then this "ssh.split.token" setting is in effect.

messaging/gt4.0-elastic/java/msgbridge/src/org/nimbustools/messaging/gt4_0_elastic/v2008_05_05/ServiceSecurity.java

@@ -16,20 +16,22 @@
 
 package org.nimbustools.messaging.gt4_0_elastic.v2008_05_05;
 
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.AuthorizeSecurityGroupIngressResponseType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.AuthorizeSecurityGroupIngressType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.CreateKeyPairResponseType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.CreateKeyPairType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsResponseType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteKeyPairResponseType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteKeyPairType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.CreateSecurityGroupResponseType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.CreateSecurityGroupType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteKeyPairResponseType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteKeyPairType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteSecurityGroupResponseType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteSecurityGroupType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsResponseType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeSecurityGroupsResponseType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeSecurityGroupsType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.AuthorizeSecurityGroupIngressResponseType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.AuthorizeSecurityGroupIngressType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.ImportKeyPairResponseType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.ImportKeyPairType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.RevokeSecurityGroupIngressResponseType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.RevokeSecurityGroupIngressType;
 
@@ -45,6 +47,11 @@ public CreateKeyPairResponseType createKeyPair(
                         CreateKeyPairType createKeyPairRequestMsg)
             throws RemoteException;
 
+
+    public ImportKeyPairResponseType importKeyPair(
+            ImportKeyPairType importKeyPairRequestMsg)
+            throws RemoteException;
+
     public DescribeKeyPairsResponseType describeKeyPairs(
                         DescribeKeyPairsType describeKeyPairsRequestMsg)
             throws RemoteException;

messaging/gt4.0-elastic/java/msgbridge/src/org/nimbustools/messaging/gt4_0_elastic/v2008_05_05/rm/defaults/DefaultDescribe.java

@@ -371,6 +371,8 @@ protected RunningInstancesItemType getInstanceItemType(VM vm,
         } else {
             riit.setKeyName(keyName);
         }
+        riit.setProductCodes(new ProductCodesSetType(new ProductCodesSetItemType[]{}));
+
         return riit;
     }
 

messaging/gt4.0-elastic/java/msgbridge/src/org/nimbustools/messaging/gt4_0_elastic/v2008_05_05/rm/defaults/DefaultRun.java

@@ -413,8 +413,8 @@ protected RunningInstancesItemType getOneCreatedVM(VM vm,
         riit.setKernelId("default"); // todo
 
         riit.setMonitoring(new InstanceMonitoringStateType("disabled"));
+        riit.setProductCodes(new ProductCodesSetType(new ProductCodesSetItemType[]{}));
 
-        //riit.setProductCodes();
         //riit.setRamdiskId();
         //riit.setReason();
 

messaging/gt4.0-elastic/java/msgbridge/src/org/nimbustools/messaging/gt4_0_elastic/v2008_05_05/security/ServiceSecurityImpl.java

@@ -18,19 +18,22 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.nimbustools.messaging.gt4_0_elastic.v2008_05_05.ServiceSecurity;
-import org.nimbustools.messaging.gt4_0_elastic.v2008_05_05.rm.ContainerInterface;
-import org.nimbustools.messaging.gt4_0_elastic.v2008_05_05.service.UnimplementedOperations;
+import org.globus.util.Base64;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.CreateKeyPairResponseType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.CreateKeyPairType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsResponseType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteKeyPairResponseType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DeleteKeyPairType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsInfoType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsItemType;
-import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsResponseItemType;
 import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsResponseInfoType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsResponseItemType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsResponseType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.DescribeKeyPairsType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.ImportKeyPairResponseType;
+import org.nimbustools.messaging.gt4_0_elastic.generated.v2010_08_31.ImportKeyPairType;
+import org.nimbustools.messaging.gt4_0_elastic.v2008_05_05.ServiceSecurity;
+import org.nimbustools.messaging.gt4_0_elastic.v2008_05_05.rm.ContainerInterface;
+import org.nimbustools.messaging.gt4_0_elastic.v2008_05_05.service.UnimplementedOperations;
 import org.nimbustools.messaging.gt4_0_elastic.DisabledException;
 import org.nimbustools.api.repr.Caller;
 import org.nimbustools.api.repr.CannotTranslateException;
@@ -52,7 +55,8 @@ public class ServiceSecurityImpl extends UnimplementedOperations
 
     private static final Log logger =
             LogFactory.getLog(ServiceSecurityImpl.class.getName());
-
+    private static final String FAKE_FINGERPRINT = "N0:KE:YF:IN:GE:RP:RI:NT";
+
 
     // -------------------------------------------------------------------------
     // INSTANCE VARIABLES
@@ -139,6 +143,50 @@ public CreateKeyPairResponseType createKeyPair(CreateKeyPairType req)
         return this.splitMethod(splitToken, input, ownerID);
     }
 
+    public ImportKeyPairResponseType importKeyPair(ImportKeyPairType req)
+            throws RemoteException {
+
+        // no use proceeding if these calls fail:
+        final Caller caller = this.container.getCaller();
+        final String ownerID;
+        try {
+            ownerID = this.container.getOwnerID(caller);
+        } catch (CannotTranslateException e) {
+            throw new RemoteException(e.getMessage(), e);
+        }
+
+        if (req == null) {
+            throw new RemoteException("key name is missing");
+        }
+
+        final String keyName = req.getKeyName();
+        if (keyName == null) {
+            throw new RemoteException(
+                    "createKeyPair request does not contain key name");
+        }
+
+        final String publicKeyMaterial = req.getPublicKeyMaterial();
+        if (publicKeyMaterial == null) {
+            throw new RemoteException("key material is missing");
+        }
+        if (!Base64.isBase64(publicKeyMaterial)) {
+            throw new RemoteException("key material does not appear to " +
+                    "be base64 encoded?");
+        }
+        final byte[] bytes = Base64.decode(publicKeyMaterial.getBytes());
+        final String keyMaterial = new String(bytes);
+
+        this.sshKeys.newKey(ownerID, keyName, keyMaterial, FAKE_FINGERPRINT);
+
+        final ImportKeyPairResponseType resp =
+                new ImportKeyPairResponseType(FAKE_FINGERPRINT, keyName, null);
+
+        logger.info("SSH key registered, name='" + keyName +
+                "', owner ID='" + ownerID + "'");
+
+        return resp;
+    }
+
     public DescribeKeyPairsResponseType describeKeyPairs(
                                                     DescribeKeyPairsType req)
             throws RemoteException {
@@ -251,7 +299,7 @@ protected CreateKeyPairResponseType splitMethod(String splitToken,
                     "name or value is missing)");
         }
 
-        final String fingerprint = "N0:KE:YF:IN:GE:RP:RI:NT";
+        final String fingerprint = FAKE_FINGERPRINT;
         this.sshKeys.newKey(ownerID, keyName, keyValue, fingerprint);
 
         final CreateKeyPairResponseType ckprt = new CreateKeyPairResponseType();
@@ -261,11 +309,11 @@ protected CreateKeyPairResponseType splitMethod(String splitToken,
 
         logger.info("SSH key registered, name='" + keyName +
                 "', owner ID='" + ownerID + "'");
-        
+
         return ckprt;
     }
 
-    
+
     // -------------------------------------------------------------------------
     // DESCRIBE IMPL
     // -------------------------------------------------------------------------

messaging/gt4.0-elastic/java/msgbridge/src/org/nimbustools/messaging/gt4_0_elastic/v2008_05_05/service/UnimplementedOperations.java

@@ -156,6 +156,11 @@ public CreateKeyPairResponseType createKeyPair(
         throw new RemoteException(UNIMPLEMENTED + "createKeyPair");
     }
 
+    public ImportKeyPairResponseType importKeyPair(ImportKeyPairType importKeyPairRequestMsg)
+            throws RemoteException {
+        throw new RemoteException(UNIMPLEMENTED + "importKeyPair");
+    }
+
     public DescribeKeyPairsResponseType describeKeyPairs(
                         DescribeKeyPairsType describeKeyPairsRequestMsg)
             throws RemoteException {
@@ -582,12 +587,4 @@ public DeleteTagsResponseType deleteTags(DeleteTagsType deleteTagsRequestMsg)
         throw new RemoteException(UNIMPLEMENTED + "deleteTags");
     }
 
-    public ImportKeyPairResponseType importKeyPair(ImportKeyPairType importKeyPairRequestMsg)
-            throws RemoteException {
-        throw new RemoteException(UNIMPLEMENTED + "importKeyPair");
-    }
-
-
-
-
 }

messaging/query/java/source/src/org/nimbustools/messaging/query/v2009_08_15/ElasticService.java

@@ -70,7 +70,7 @@ public ElasticService(ServiceRM serviceRM, ServiceGeneral serviceGeneral,
                 new RequestSpotInstances(serviceRM),
                 new CancelSpotInstanceRequests(serviceRM),
                 new DescribeSpotInstanceRequests(serviceRM),
-                new DescribeSpotPriceHistory(serviceRM),
+                new DescribeSpotPriceHistory(serviceRM), new ImportKeyPair(),
                 new CreateKeyPair(), new DeleteKeyPair(), new DescribeKeyPairs(),
                 new RunInstances(), new RebootInstances(), new DescribeInstances(),
                 new TerminateInstances(), new DescribeImages(),
@@ -127,6 +127,33 @@ public CreateKeyPairResponseType handlePost(@FormParam("KeyName") String keyName
         }
     }
 
+    @Path("/")
+    @Produces("text/xml")
+    public class ImportKeyPair implements ElasticAction {
+        public String getName() {
+            return "ImportKeyPair";
+        }
+
+        @GET
+        public ImportKeyPairResponseType handleGet(@QueryParam("KeyName") String keyName,
+                                                   @QueryParam("PublicKeyMaterial") String keyMaterial) {
+            assureRequiredParameter("KeyName", keyName);
+
+            final ImportKeyPairType importKeyPairType = new ImportKeyPairType(keyName, keyMaterial);
+
+            try {
+                return serviceSecurity.importKeyPair(importKeyPairType);
+            } catch (RemoteException e) {
+                throw new QueryException(QueryError.GeneralError, e);
+            }
+        }
+        @POST
+        public ImportKeyPairResponseType handlePost(@FormParam("KeyName") String keyName,
+                                                    @FormParam("PublicKeyMaterial") String keyMaterial) {
+            return handleGet(keyName, keyMaterial);
+        }
+    }
+
     @Produces("text/xml")
     public class DeleteKeyPair implements ElasticAction {
         public String getName() {

tests/ec2-boto-misc-test.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [ "X$NIMBUS_HOME" == "X" ]; then
+    echo "NIMBUS_HOME must be set to run this test"
+    exit 1
+fi
+
+PYTHON_EXE="/usr/bin/env python -Wignore::DeprecationWarning"
+
+NIMBUS_WEBDIR="$NIMBUS_HOME/web"
+
+NIMBUS_PYLIB="$NIMBUS_WEBDIR/lib/python"
+NIMBUS_PYSRC="$NIMBUS_WEBDIR/src/python"
+
+source $NIMBUS_HOME/cumulus/env.sh
+PYTHONPATH="${PYTHONPATH}:$NIMBUS_PYSRC:$NIMBUS_PYLIB:$PYTHONPATH:$NIMBUS_HOME/sbin:$NIMBUS_HOME/libexec:${PYTHONPATH}"
+export PYTHONPATH
+
+DJANGO_SETTINGS_MODULE="nimbusweb.portal.settings"
+export DJANGO_SETTINGS_MODULE
+
+source $NIMBUS_HOME/ve/bin/activate
+exec nosetests ec2_misc_tests.py

tests/ec2_misc_tests.py

@@ -0,0 +1,79 @@
+import uuid
+import base64
+import os
+from boto.ec2.connection import EC2Connection
+import unittest
+import pycb
+import pynimbusauthz
+from  pynimbusauthz.db import * 
+from  pynimbusauthz.user import * 
+import pycb.test_common
+
+def get_nimbus_home():
+    """Determines home directory of Nimbus install we are using.
+    
+    First looks for a NIMBUS_HOME enviroment variable, else assumes that
+    the home directory is the parent directory of the directory with this
+    script.
+    """
+    nimbus_home = os.getenv("NIMBUS_HOME")
+    if not nimbus_home:
+        script_dir = os.path.dirname(__file__)
+        nimbus_home = os.path.dirname(script_dir)
+    if not os.path.exists(nimbus_home):
+        raise CLIError('ENIMBUSHOME', "NIMBUS_HOME must refer to a valid path")
+    return nimbus_home
+
+PUBKEY1 = """
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6DrU6ncayShbPTMrWC8PmvnkTlifNyDSr5qwJsxK
+hWyO3lDJmEHtpYc0WfKSJTv4LzbGjjeU1SH0mox5UsdaPUu0UCZ8z7O7R9MGpbIkGIEkcv1qdhkO
+fGq03u1asoY3GUMkzQY2HfM40YQ93AQJQ96uDhALPAyEV3ZzEtI8z53++cP0pV6qVI5Wze68DmBu
+KReG5I6xCWjcxYfx7e/PXXtkOl1WYZIj8eeiS9UkHN4QhdVCMHSALfz8k4D/N8iiYHm9EBKJp8tA
+byPLiPAtZAOodlwlsMINwFY+Qcx1z4US/p8t5J6A+1EMZ9npWyxorFk2AfKDi1KIOeuUC72tfw==
+""".replace('\n','')
+
+
+class TestEC2Misc(unittest.TestCase):
+
+    def setUp(self):
+        host = 'localhost'
+        ec2port = 8444
+        self.db = DB(pycb.config.authzdb)
+        self.friendly = os.environ['NIMBUS_TEST_USER']
+        self.can_user = User.get_user_by_friendly(self.db, self.friendly)
+        s3a = self.can_user.get_alias_by_friendly(self.friendly, pynimbusauthz.alias_type_s3)
+
+        self.s3id = s3a.get_name()
+        self.s3pw = s3a.get_data()
+
+        self.ec2conn = EC2Connection(self.s3id, self.s3pw, host=host, port=ec2port)
+        self.ec2conn.host = host
+
+    def test_import_keypair(self):
+        keyname = str(uuid.uuid4())
+
+        # this is different in trunk boto, key is already encoded. til then..
+
+        keymaterial = base64.b64encode(PUBKEY1)
+        self.ec2conn.import_key_pair(keyname, keymaterial)
+        pair = self.ec2conn.get_key_pair(keyname)
+        self.assertTrue(pair)
+        self.assertEqual(pair.name, keyname)
+
+        self.ec2conn.delete_key_pair(keyname)
+        pair = self.ec2conn.get_key_pair(keyname)
+        self.assertFalse(pair)
+
+    def test_create_keypair(self):
+        keyname = str(uuid.uuid4())
+        pair = self.ec2conn.create_key_pair(keyname)
+        self.assertTrue(pair)
+        self.assertTrue(pair.material)
+        pair = self.ec2conn.get_key_pair(keyname)
+        self.assertTrue(pair)
+        self.assertEqual(pair.name, keyname)
+
+        self.ec2conn.delete_key_pair(keyname)
+        pair = self.ec2conn.get_key_pair(keyname)
+        self.assertFalse(pair)
+