Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allows an instance to post encrypted password
Exposes a new url in openstack metadata with two methods: GET 169.254.169.254/openstack/latest/password # get password POST 169.254.169.254/openstack/latest/password # post password The password can only be set once and will be stored in an instance_system_metadata value with the key 'password' Part of blueprint get-password Change-Id: I4bbee8326a09fe38d6393e9e70f009daae0c6ece
- Loading branch information
1 parent
255692f
commit a2101c4
Showing
4 changed files
with
144 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# Copyright 2012 Nebula, Inc. | ||
# All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
# not use this file except in compliance with the License. You may obtain | ||
# a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations | ||
# under the License. | ||
|
||
from webob import exc | ||
|
||
from nova import context | ||
from nova import db | ||
|
||
|
||
MAX_SIZE = 256 | ||
|
||
|
||
def handle_password(req, meta_data): | ||
ctxt = context.get_admin_context() | ||
password = meta_data.password | ||
if req.method == 'GET': | ||
return meta_data.password | ||
elif req.method == 'POST': | ||
# NOTE(vish): The conflict will only happen once the metadata cache | ||
# updates, but it isn't a huge issue if it can be set for | ||
# a short window. | ||
if meta_data.password: | ||
raise exc.HTTPConflict() | ||
if (req.content_length > MAX_SIZE or len(req.body) > MAX_SIZE): | ||
msg = _("Request is too large.") | ||
raise exc.HTTPBadRequest(explanation=msg) | ||
db.instance_system_metadata_update(ctxt, | ||
meta_data.uuid, | ||
{'password': req.body}, | ||
False) | ||
else: | ||
raise exc.HTTPBadRequest() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters