[pkg-eucalyptus-commits] [SCM] managing cloud instances for Eucalyptus branch, master, updated. 3.0.0-alpha3-257-g1da8e3a
Garrett Holmstrom
gholms at fedoraproject.org
Sun Jun 16 02:31:16 UTC 2013
The following commit has been merged in the master branch:
commit 0f2d8484911784477a829599d402df0783ff0989
Author: Garrett Holmstrom <gholms at fedoraproject.org>
Date: Tue May 7 13:00:07 2013 -0700
Add key ID spoofing to EucaRsaV2Auth
diff --git a/euca2ools/nc/auth.py b/euca2ools/nc/auth.py
index b17342b..1fadc29 100644
--- a/euca2ools/nc/auth.py
+++ b/euca2ools/nc/auth.py
@@ -48,10 +48,15 @@ class EucaRsaV2Auth(BaseAuth):
certificate to use when signing requests'''),
Arg('--privatekey', metavar='FILE',
help='file containing the private key to sign requests with'),
+ Arg('--spoof-key-id', metavar='KEY_ID',
+ help='run this command as if signed by a specific access key'),
Arg('--euca-auth', action='store_true', help=argparse.SUPPRESS)]
def configure(self):
BaseAuth.configure(self)
+ if not self.args.get('spoof_key_id'):
+ self.args['spoof_key_id'] = os.getenv('EC2_ACCESS_KEY')
+
cert = self.args.get('cert') or os.getenv('EUCA_CERT')
privkey = self.args.get('privatekey') or os.getenv('EUCA_PRIVATE_KEY')
if not cert:
@@ -84,6 +89,10 @@ class EucaRsaV2Auth(BaseAuth):
request.headers['Date'] = now.strftime('%Y%m%dT%H%M%SZ')
if 'Authorization' in request.headers:
del request.headers['Authorization']
+ if self.args.get('spoof_key_id'):
+ request.headers['AWSAccessKeyId'] = self.args['spoof_key_id']
+ elif 'AWSAccessKeyId' in request.headers:
+ del request.headers['AWSAccessKeyId']
cert_fp = self._get_fingerprint()
self.log.debug('certificate fingerprint: %s', cert_fp)
diff --git a/euca2ools/nc/commands/bundleandupload.py b/euca2ools/nc/commands/bundleandupload.py
index b237a50..099559f 100644
--- a/euca2ools/nc/commands/bundleandupload.py
+++ b/euca2ools/nc/commands/bundleandupload.py
@@ -64,6 +64,8 @@ class BundleAndUpload(requestbuilder.command.BaseCommand):
Arg('--privatekey', metavar='FILE',
help='''file containing the private key to use when signing
requests and bundling the image'''),
+ Arg('--spoof-key-id', metavar='KEY_ID',
+ help='run this command as if signed by a specific access key'),
Arg('--ec2cert', metavar='FILE',
help="file containing the cloud's X.509 certificate"),
Arg('--user', metavar='ACCOUNT', help="the user's account ID"),
@@ -85,7 +87,8 @@ class BundleAndUpload(requestbuilder.command.BaseCommand):
walrus_auth = EucaRsaV2Auth(
config=self.config, loglevel=self.log.level,
- cert=self.args.get('cert'), privatekey=self.args.get('privatekey'))
+ cert=self.args.get('cert'), privatekey=self.args.get('privatekey'),
+ spoof_key_id=self.args.get('spoof_key_id'))
self.__walrus = NCInternalWalrus(auth=walrus_auth, config=self.config,
loglevel=self.log.level,
url=self.args.get('url'))
--
managing cloud instances for Eucalyptus
More information about the pkg-eucalyptus-commits
mailing list