Beginning PEM file support for GCE.

2026-01-13 02:50:02 -03:30 · 2014-07-18 15:54:23 -05:00 · 2014-07-18 15:54:23 -05:00 · dd79ba8de7
commit dd79ba8de7
parent ca19ddb3d5
6 changed files with 95 additions and 4 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -966,6 +966,7 @@ class InventorySourceOptionsSerializer(BaseSerializer):
        field_opts = metadata.get('source_regions', {})
        field_opts['ec2_region_choices'] = self.opts.model.get_ec2_region_choices()
        field_opts['rax_region_choices'] = self.opts.model.get_rax_region_choices()
+        field_opts['gce_region_choices'] = self.opts.model.get_gce_region_choices()
        return metadata

    def to_native(self, obj):
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -4,6 +4,8 @@
 # Django
 from django.db import models
 from django.db.models.fields.related import SingleRelatedObjectDescriptor
+from django.utils.translation import ugettext_lazy as _
+

 # South
 from south.modelsinspector import add_introspection_rules
@ -38,3 +40,57 @@ class AutoOneToOneField(models.OneToOneField):

 add_introspection_rules([([AutoOneToOneField], [], {})],
                        [r'^awx\.main\.fields\.AutoOneToOneField'])
+
+
+# Copied, flat out, from Django 1.6.
+# Vendored here because Tower is run against Django 1.5.
+#
+# Original:
+#   github.com/django/django/blob/master/django/db/models/fields/__init__.py
+#
+# Django is:
+#   Copyright (c) Django Software Foundation and individual contributors.
+#   All rights reserved.
+#
+# Used under license:
+#   github.com/django/django/blob/master/LICENSE
+class BinaryField(models.Field):
+    description = _("Raw binary data")
+    empty_values = [None, b'']
+
+    def __init__(self, *args, **kwargs):
+        kwargs['editable'] = False
+        super(BinaryField, self).__init__(*args, **kwargs)
+        if self.max_length is not None:
+            self.validators.append(validators.MaxLengthValidator(self.max_length))
+
+    def get_internal_type(self):
+        return "BinaryField"
+
+    def get_default(self):
+        if self.has_default() and not callable(self.default):
+            return self.default
+        default = super(BinaryField, self).get_default()
+        if default == '':
+            return b''
+        return default
+
+    def get_db_prep_value(self, value, connection, prepared=False):
+        value = super(BinaryField, self).get_db_prep_value(value, connection, prepared)
+        if value is not None:
+            return connection.Database.Binary(value)
+        return value
+
+    def value_to_string(self, obj):
+        """Binary data is serialized as base64"""
+        return b64encode(force_bytes(self._get_val_from_obj(obj))).decode('ascii')
+
+    def to_python(self, value):
+        # If it's a string, it should be base64-encoded data
+        if isinstance(value, six.text_type):
+            return six.memoryview(b64decode(force_bytes(value)))
+        return value
+
+
+add_introspection_rules([([BinaryField], [], {})],
+                        [r'^awx\.main\.fields\.BinaryField'])
--- a/awx/main/models/credential.py
+++ b/awx/main/models/credential.py
@ -13,12 +13,27 @@ from django.core.exceptions import ValidationError, NON_FIELD_ERRORS
 from django.core.urlresolvers import reverse

 # AWX
+from awx.main import storage
+from awx.main.fields import BinaryField
 from awx.main.utils import decrypt_field
 from awx.main.models.base import *

 __all__ = ['Credential']


+class PEM(models.Model):
+    """Model representing a PEM p12 private key created with openssl.
+
+    These are notably used as credentials for authenticating to Google
+    services, and Tower uses them for Google Compute Engine.
+    """
+    filename = models.CharField(max_length=100, unique=True)
+    contents = BinaryField()
+
+    class Meta:
+        app_label = 'main'
+
+
 class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
    '''
    A credential contains information about how to talk to a remote resource
@ -36,7 +51,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
    ]

    PASSWORD_FIELDS = ('password', 'ssh_key_data', 'ssh_key_unlock',
-                       'sudo_password', 'vault_password')
+                       'sudo_password', 'vault_password', 'pem_file')

    class Meta:
        app_label = 'main'
@ -122,6 +137,12 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
        default='',
        help_text=_('Vault password (or "ASK" to prompt the user).'),
    )
+    pem_file = models.FileField(
+        blank=True,
+        null=True,
+        upload_to='irrelevant',
+        storage=storage.DatabaseStorage(PEM),
+    )

    @property
    def needs_password(self):
@ -304,7 +325,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
        # If update_fields has been specified, add our field names to it,
        # if hit hasn't been specified, then we're just doing a normal save.
        update_fields = kwargs.get('update_fields', [])
-        cloud = self.kind in ('aws', 'rax')
+        cloud = self.kind in ('aws', 'rax', 'gce', 'vmware', 'azure')
        if self.cloud != cloud:
            self.cloud = cloud
            if 'cloud' not in update_fields:
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@ -810,6 +810,17 @@ class InventorySourceOptions(BaseModel):
        regions.insert(0, ('ALL', 'All'))
        return regions

+    @classmethod
+    def get_gce_region_choices(self):
+        """Return a complete list of regions in GCE, as a list of
+        two-tuples.
+        """
+        # It's not possible to get a list of regions from GCE without
+        # authenticating first.  Therefore, use a list from settings.
+        regions = list(getattr(settings, 'GCE_REGION_CHOICES', []))
+        regions.insert(0, ('all', 'All'))
+        return regions
+
    def clean_credential(self):
        if not self.source:
            return None
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@ -418,7 +418,7 @@ GCE_REGION_CHOICES = [
    ('us-central1-b', 'US Central (B)'),
    ('us-central1-f', 'US Central (F)'),
    ('europe-west1-a', 'Europe West (A)'),
-    ('europe-west1-b', 'Europe West (B)')
+    ('europe-west1-b', 'Europe West (B)'),
    ('asia-east1-a', 'Asia East (A)'),
    ('asia-east1-b', 'Asia East (B)'),
 ]
@ -427,7 +427,7 @@ GCE_REGIONS_BLACKLIST = []
 # Inventory variable name/value for determining whether a host is active
 # in Google Compute Engine.
 GCE_ENABLED_VAR = 'status'
-GCE_ENABLED_VALUE = '<???>'
+GCE_ENABLED_VALUE = 'running'

 # Filter for allowed group and host names when importing inventory from
 # Google Compute Engine.
--- a/awx/ui/static/js/forms/Credentials.js
+++ b/awx/ui/static/js/forms/Credentials.js
@ -101,6 +101,8 @@ angular.module('CredentialFormDefinition', [])
                        '<dd>Access keys for Amazon Web Services used for inventory management or deployment.</dd>\n' +
                        '<dt>Rackspace</dt>\n' +
                        '<dd>Access information for Rackspace Cloud used for inventory management or deployment.</dd>\n' +
+                        '<dt>Google Compute Engine</dt>\n' + 
+                        '<dd>Credentials for Google Compute Engine, used for inventory management or deployment.</dd>\n' + 
                        '<dt>VMWare</dt>\n' +
                        '<dd>Access information for VMWare vSphere used for inventory management or deployment.</dd>\n' +
                        '</dl>\n'