move auto-generated ssh keys to formation, add tests for ssh key override on formation create. fixes #17

Author: Gabriel Monroy

api/migrations/0002_auto__del_field_flavor_ssh_username__del_field_flavor_ssh_private_key_.py

@@ -116,10 +116,6 @@ class Flavor(UuidAuditedModel):
     params = fields.ParamsField()
     init = fields.CloudInitField()
 
-    ssh_username = models.CharField(max_length=64, default='ubuntu')
-    ssh_private_key = models.TextField()
-    ssh_public_key = models.TextField()
-
     class Meta:
         unique_together = (('owner', 'id'),)
 
@@ -187,6 +183,10 @@ class Formation(UuidAuditedModel):
     image = models.CharField(max_length=256, default='ubuntu')
     structure = fields.JSONField(default='{}', blank=True)
 
+    ssh_username = models.CharField(max_length=64, default='ubuntu')
+    ssh_private_key = models.TextField()
+    ssh_public_key = models.TextField()
+    
     class Meta:
         unique_together = (('owner', 'id'),)
 
@@ -506,11 +506,11 @@ def _prepare_launch_args(self):
                   'proxy', {}).setdefault('formations', [ self.formation.id ])
         # add the formation's ssh pubkey
         init.setdefault('ssh_authorized_keys', []).append(
-                                self.formation.flavor.ssh_public_key)
+                                self.formation.ssh_public_key)
         # add all of the owner's SSH keys
         init['ssh_authorized_keys'].extend([k.public for k in self.formation.owner.key_set.all() ])
-        ssh_username = self.formation.flavor.ssh_username
-        ssh_private_key = self.formation.flavor.ssh_private_key
+        ssh_username = self.formation.ssh_username
+        ssh_private_key = self.formation.ssh_private_key
         args = (self.uuid, creds, params, init, ssh_username, ssh_private_key)
         return args
 
@@ -521,9 +521,9 @@ def converge(self, *args, **kwargs):
         return tasks.converge_node.subtask(args)
 
     def _prepare_converge_args(self):
-        ssh_username = self.formation.flavor.ssh_username
+        ssh_username = self.formation.ssh_username
         fqdn = self.fqdn
-        ssh_private_key = self.formation.flavor.ssh_private_key
+        ssh_private_key = self.formation.ssh_private_key
         args = (self.uuid, ssh_username, fqdn, ssh_private_key)
         return args
 

api/models.py

@@ -128,6 +128,15 @@ class Meta:
         model = models.Formation
         read_only_fields = ('created', 'updated')
 
+    @property
+    def data(self):
+        "Custom data property that removes secure fields"
+        d = super(FormationSerializer, self).data
+        for f in ('ssh_private_key',):
+            if f in d:
+                del d[f]
+        return d
+
 
 class NodeSerializer(serializers.ModelSerializer):
 

api/serializers.py

@@ -26,7 +26,7 @@ def setUp(self):
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         url = '/api/flavors'
-        body = {'id': 'autotest', 'provider': 'autotest', 'ssh_username': 'ubuntu',
+        body = {'id': 'autotest', 'provider': 'autotest',
                 'params': json.dumps({'region': 'us-west-2', 'instance_size': 'm1.medium'})}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)

api/tests/backend.py

@@ -29,7 +29,7 @@ def setUp(self):
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         url = '/api/flavors'
-        body = {'id': 'autotest', 'provider': 'autotest', 'ssh_username': 'ubuntu',
+        body = {'id': 'autotest', 'provider': 'autotest',
                 'params': json.dumps({'region': 'us-west-2', 'instance_size': 'm1.medium'})}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)

api/tests/build.py

@@ -26,7 +26,7 @@ def setUp(self):
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         url = '/api/flavors'
-        body = {'id': 'autotest', 'provider': 'autotest', 'ssh_username': 'ubuntu',
+        body = {'id': 'autotest', 'provider': 'autotest',
                 'params': json.dumps({'region': 'us-west-2', 'instance_size': 'm1.medium'})}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)

api/tests/config.py

@@ -29,7 +29,7 @@ def setUp(self):
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         url = '/api/flavors'
-        body = {'id': 'autotest', 'provider': 'autotest', 'ssh_username': 'ubuntu',
+        body = {'id': 'autotest', 'provider': 'autotest',
                 'params': json.dumps({'region': 'us-west-2', 'instance_size': 'm1.medium'})}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)

api/tests/container.py

@@ -32,7 +32,7 @@ def test_flavor(self):
         Test that a user can create, read, update and delete a node flavor
         """
         url = '/api/flavors'
-        body = {'id': 'autotest', 'provider': 'autotest', 'ssh_username': 'ubuntu',
+        body = {'id': 'autotest', 'provider': 'autotest',
                 'params': json.dumps({'region': 'us-west-2', 'instance_size': 'm1.medium'})}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)

api/tests/flavor.py

@@ -9,6 +9,7 @@
 import json
 
 from django.test import TestCase
+from Crypto.PublicKey import RSA
 
 
 class FormationTest(TestCase):
@@ -26,7 +27,7 @@ def setUp(self):
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         url = '/api/flavors'
-        body = {'id': 'autotest', 'provider': 'autotest', 'ssh_username': 'ubuntu',
+        body = {'id': 'autotest', 'provider': 'autotest',
                 'params': json.dumps({'region': 'us-west-2', 'instance_size': 'm1.medium'})}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
@@ -62,6 +63,19 @@ def test_formation_auto_id(self):
         self.assertTrue(response.data['id'])
         return response
 
+    def test_formation_ssh_override(self):
+        key = RSA.generate(2048)
+        body = {'id': 'autotest', 'flavor': 'autotest', 'image': 'deis/autotest',
+                'ssh_private_key': key.exportKey('PEM'), 
+                'ssh_public_key': key.exportKey('OpenSSH')}
+        url = '/api/formations'
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        self.assertIn('ssh_public_key', response.data)
+        self.assertEquals(response.data['ssh_public_key'], body['ssh_public_key'])
+        # ssh private key should be hidden
+        self.assertNotIn('ssh_private_key', response.data)
+        
     def test_formation_errors(self):
         # test duplicate id
         body = {'flavor': 'autotest', 'image': 'deis/autotest'}

api/tests/formation.py

@@ -26,7 +26,7 @@ def setUp(self):
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         url = '/api/flavors'
-        body = {'id': 'autotest', 'provider': 'autotest', 'ssh_username': 'ubuntu',
+        body = {'id': 'autotest', 'provider': 'autotest',
                 'params': json.dumps({'region': 'us-west-2', 'instance_size': 'm1.medium'})}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)