Add trusted_certs object

This change adds a trusted_certs object, which stores a list of trusted
x509 certificate IDs, to the Instance object.

Change-Id: I872b50932f7611584661efc604c8e5d4324fae9b
Implements: blueprint nova-validate-certificates

1 files changed, 36 insertions, 0 deletions

diff --git a/nova/objects/trusted_certs.py b/nova/objects/trusted_certs.py
new file mode 100644
index 0000000000..e4dd7e46c2
--- /dev/null
+++ b/nova/objects/trusted_certs.py
@@ -0,0 +1,36 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from oslo_serialization import jsonutils
+
+from nova import db
+from nova.objects import base
+from nova.objects import fields
+
+
+@base.NovaObjectRegistry.register
+class TrustedCerts(base.NovaObject):
+    # Version 1.0: Initial version
+    VERSION = '1.0'
+
+    fields = {
+        'ids': fields.ListOfStringsField(nullable=False),
+    }
+
+    @base.remotable_classmethod
+    def get_by_instance_uuid(cls, context, instance_uuid):
+        db_extra = db.instance_extra_get_by_instance_uuid(
+                context, instance_uuid, columns=['trusted_certs'])
+        if not db_extra or not db_extra['trusted_certs']:
+            return None
+        return cls.obj_from_primitive(
+            jsonutils.loads(db_extra['trusted_certs']))