cloud-init-dev team mailing list archive

Thread
Date

[Merge] lp:~harlowja/cloud-init/ec2-ssl into lp:cloud-init

To: mp+203185@xxxxxxxxxxxxxxxxxx
From: Joshua Harlow <harlowja@xxxxxxxxx>
Date: Fri, 24 Jan 2014 22:15:37 -0000
Reply-to: mp+203185@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Joshua Harlow has proposed merging lp:~harlowja/cloud-init/ec2-ssl into lp:cloud-init.

Requested reviews:
  cloud init development team (cloud-init-dev)

For more details, see:
https://code.launchpad.net/~harlowja/cloud-init/ec2-ssl/+merge/203185

  Allow ssl details to be passed through to be used while reading
  
  For those that want to provide the ec2 datasource with alternative
  urls which support ssl, make sure that we passthrough the ssl details
  that will be found in the instance directories or in the paths provided
  by the datasource when making ec2 metadata/userdata calls.
-- 
https://code.launchpad.net/~harlowja/cloud-init/ec2-ssl/+merge/203185
Your team cloud init development team is requested to review the proposed merge of lp:~harlowja/cloud-init/ec2-ssl into lp:cloud-init.

=== modified file 'cloudinit/sources/DataSourceEc2.py'
--- cloudinit/sources/DataSourceEc2.py	2013-03-20 12:30:43 +0000
+++ cloudinit/sources/DataSourceEc2.py	2014-01-24 22:14:29 +0000
@@ -48,6 +48,7 @@
         self.metadata_address = DEF_MD_URL
         self.seed_dir = os.path.join(paths.seed_dir, "ec2")
         self.api_ver = DEF_MD_VERSION
+        self.ssl_details = util.fetch_ssl_details(self.paths)
 
     def get_data(self):
         seed_ret = {}
@@ -61,10 +62,14 @@
             if not self.wait_for_metadata_service():
                 return False
             start_time = time.time()
-            self.userdata_raw = ec2.get_instance_userdata(self.api_ver,
-                self.metadata_address)
-            self.metadata = ec2.get_instance_metadata(self.api_ver,
-                                                      self.metadata_address)
+            self.userdata_raw = ec2.get_instance_userdata(
+                self.api_ver,
+                self.metadata_address,
+                ssl_details=self.ssl_details)
+            self.metadata = ec2.get_instance_metadata(
+                self.api_ver,
+                self.metadata_address,
+                ssl_details=self.ssl_details)
             LOG.debug("Crawl of metadata service took %s seconds",
                        int(time.time() - start_time))
             return True
@@ -133,7 +138,8 @@
 
         start_time = time.time()
         url = uhelp.wait_for_url(urls=urls, max_wait=max_wait,
-                                timeout=timeout, status_cb=LOG.warn)
+                                 timeout=timeout, status_cb=LOG.warn,
+                                 ssl_details=self.ssl_details)
 
         if url:
             LOG.debug("Using metadata source: '%s'", url2base[url])

=== modified file 'cloudinit/url_helper.py'
--- cloudinit/url_helper.py	2014-01-24 01:36:18 +0000
+++ cloudinit/url_helper.py	2014-01-24 22:14:29 +0000
@@ -31,6 +31,7 @@
 from cloudinit import version
 
 LOG = logging.getLogger(__name__)
+SSL_SUPPORTING_SCHEMES = frozenset(['https'])
 
 # Check if requests has ssl support (added in requests >= 0.8.8)
 SSL_ENABLED = False
@@ -101,6 +102,15 @@
             self.headers = {}
 
 
+def supports_ssl(url):
+    if not url:
+        return False
+    url_components = list(urlparse(url))
+    if url_components[0] in SSL_SUPPORTING_SCHEMES:
+        return True
+    return False
+
+
 def readurl(url, data=None, timeout=None, retries=0, sec_between=1,
             headers=None, headers_cb=None, ssl_details=None,
             check_status=True, allow_redirects=True, exception_cb=None):
@@ -108,8 +118,7 @@
     req_args = {
         'url': url,
     }
-    scheme = urlparse(url).scheme  # pylint: disable=E1101
-    if scheme == 'https' and ssl_details:
+    if supports_ssl(url) and ssl_details:
         if not SSL_ENABLED:
             LOG.warn("SSL is not enabled, cert. verification can not occur!")
         else:
@@ -208,7 +217,7 @@
 
 def wait_for_url(urls, max_wait=None, timeout=None,
                  status_cb=None, headers_cb=None, sleep_time=1,
-                 exception_cb=None):
+                 exception_cb=None, ssl_details=None):
     """
     urls:      a list of urls to try
     max_wait:  roughly the maximum time to wait before giving up
@@ -220,6 +229,7 @@
                 for request.
     exception_cb: call method with 2 arguments 'msg' (per status_cb) and
                   'exception', the exception that occurred.
+    ssl_details: any ssl details to use *only* for ssl supporting urls.
 
     the idea of this routine is to wait for the EC2 metdata service to
     come up.  On both Eucalyptus and EC2 we have seen the case where
@@ -269,7 +279,7 @@
                     headers = {}
 
                 response = readurl(url, headers=headers, timeout=timeout,
-                                   check_status=False)
+                                   check_status=False, ssl_details=ssl_details)
                 if not response.contents:
                     reason = "empty response [%s]" % (response.code)
                     e = UrlError(ValueError(reason),