openstack/python-novaclient
Code Issues Proposed changes

Implement get password for novaclient

Browse Source 
This will download and decrypt a base64 encoded encrypted password
from the os-server-password extension. It depends on the user
having openssl installed, but if there is an error of any kind it
will print out the encoded and encrypted password instead.

It also implements clear_password which will delete the password
so it can no longer be retrieved.

Change-Id: I2c4e6c3f03b70dc98d6d339381648a6058f46e21
This commit is contained in:
Vishvananda Ishaya 2013-01-11 14:30:41 -08:00
parent 24087862c7
commit 020ff909cc
6 changed files with 128 additions and 0 deletions

37
novaclient/crypto.py Normal file

@ -0,0 +1,37 @@
# Copyright 2013 Nebula, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
import subprocess
class DecryptionFailure(Exception):
pass
def decrypt_password(private_key, password):
"""Base64 decodes password and unecrypts it with private key.
Requires openssl binary available in the path"""
unencoded = base64.b64decode(password)
cmd = ['openssl', 'rsautl', '-decrypt', '-inkey', private_key]
proc = subprocess.Popen(cmd, stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
out, err = proc.communicate(unencoded)
proc.stdin.close()
if proc.returncode:
raise DecryptionFailure(err)
return out

45
novaclient/v1_1/servers.py

@ -22,6 +22,7 @@ Server interface.
import urllib
from novaclient import base
from novaclient import crypto
from novaclient.v1_1 import base as local_base
@ -65,6 +66,21 @@ class Server(base.Resource):
"""
return self.manager.get_vnc_console(self, console_type)
def get_password(self, private_key):
"""
Get password for a Server.
:param private_key: Path to private key file for decryption
"""
return self.manager.get_password(self, private_key)
def clear_password(self):
"""
Get password for a Server.
"""
return self.manager.clear_password(self)
def add_fixed_ip(self, network_id):
"""
Add an IP address on a network.
@ -381,6 +397,35 @@ class ServerManager(local_base.BootingManagerWithFind):
return self._action('os-getVNCConsole', server,
{'type': console_type})[1]
def get_password(self, server, private_key):
"""
Get password for an instance
Requires that openssl in installed and in the path
:param server: The :class:`Server` (or its ID) to add an IP to.
:param private_key: The private key to decrypt password
"""
_resp, body = self.api.client.get("/servers/%s/os-server-password"
% base.getid(server))
if body and body.get('password'):
try:
return crypto.decrypt_password(private_key, body['password'])
except Exception as exc:
return '%sFailed to decrypt:\n%s' % (exc, body['password'])
return ''
def clear_password(self, server):
"""
Clear password for an instance
:param server: The :class:`Server` (or its ID) to add an IP to.
"""
return self._delete("/servers/%s/os-server-password"
% base.getid(server))
def stop(self, server):
"""
Stop the server.

18
novaclient/v1_1/shell.py

@ -1512,6 +1512,24 @@ def do_get_vnc_console(cs, args):
utils.print_list([VNCConsole(data['console'])], ['Type', 'Url'])
@utils.arg('server', metavar='<server>', help='Name or ID of server.')
@utils.arg('private_key',
metavar='<private-key>',
help='Private key (used locally to decrypt password).')
def do_get_password(cs, args):
"""Get password for a server."""
server = _find_server(cs, args.server)
data = server.get_password(args.private_key)
print data
@utils.arg('server', metavar='<server>', help='Name or ID of server.')
def do_clear_password(cs, args):
"""Clear password for a server."""
server = _find_server(cs, args.server)
data = server.clear_password()
def _print_floating_ip_list(floating_ips):
utils.print_list(floating_ips, ['Ip', 'Instance Id', 'Fixed Ip', 'Pool'])

10
tests/v1_1/fakes.py

@ -410,6 +410,16 @@ class FakeHTTPClient(base_client.HTTPClient):
def delete_servers_1234_ips_public_1_2_3_4(self, **kw):
return (202, {}, None)
#
# Server password
#
def get_servers_1234_os_server_password(self, **kw):
return (200, {}, {'password': ''})
def delete_servers_1234_os_server_password(self, **kw):
return (202, {}, None)
#
# Server actions
#

10
tests/v1_1/test_servers.py

@ -328,6 +328,16 @@ class ServersTest(utils.TestCase):
self.assertEqual(cs.servers.get_console_output(s, length=50), success)
cs.assert_called('POST', '/servers/1234/action')
def test_get_password(self):
s = cs.servers.get(1234)
self.assertEqual(s.get_password('/foo/id_rsa'), '')
cs.assert_called('GET', '/servers/1234/os-server-password')
def test_clear_password(self):
s = cs.servers.get(1234)
s.clear_password()
cs.assert_called('DELETE', '/servers/1234/os-server-password')
def test_get_server_actions(self):
s = cs.servers.get(1234)
actions = s.actions()

8
tests/v1_1/test_shell.py

@ -808,3 +808,11 @@ class ShellTest(utils.TestCase):
self.assert_called('POST', '/servers/1234/action',
{'evacuate': {'host': 'new_host',
'onSharedStorage': True}})
def test_get_password(self):
self.run_command('get-password sample-server /foo/id_rsa')
self.assert_called('GET', '/servers/1234/os-server-password')
def test_clear_password(self):
self.run_command('clear-password sample-server')
self.assert_called('DELETE', '/servers/1234/os-server-password')