diff options
author | dane-fichter <dane.fichter@jhuapl.edu> | 2017-04-12 14:03:26 -0400 |
---|---|---|
committer | Jackie Truong <jacklyn.truong@jhuapl.edu> | 2018-03-29 23:00:42 -0400 |
commit | e35e8d7f3fb057dbb6ca23b186c94aca0d1d7979 (patch) | |
tree | 8a421e61700a8be0b3137a1e538d2f6f3fe72e7e /nova | |
parent | 942ed9b265b0f1fe4c237052030f2d73a3807b7a (diff) | |
download | nova-e35e8d7f3fb057dbb6ca23b186c94aca0d1d7979.tar.gz |
Add trusted_certs to instance_extra
This change adds a trusted_certs deferred-load column to
instance_extras, which stores a list of trusted x509 certificate
UUIDs for a given instance in the form of a JSON blob.
Change-Id: I3fd4e395b31ff1b69f35242d559f8caa17c05a6a
Implements: blueprint nova-validate-certificates
Diffstat (limited to 'nova')
-rw-r--r-- | nova/db/sqlalchemy/api.py | 3 | ||||
-rw-r--r-- | nova/db/sqlalchemy/migrate_repo/versions/390_add_trusted_certs.py | 32 | ||||
-rw-r--r-- | nova/db/sqlalchemy/models.py | 1 | ||||
-rw-r--r-- | nova/tests/unit/db/test_db_api.py | 10 | ||||
-rw-r--r-- | nova/tests/unit/db/test_migrations.py | 5 |
5 files changed, 48 insertions, 3 deletions
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index c676b128b2..054c299c24 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -1746,6 +1746,7 @@ def instance_create(context, values): {'numa_topology': None, 'pci_requests': None, 'vcpu_model': None, + 'trusted_certs': None, }) instance_ref['extra'].update(values.pop('extra', {})) instance_ref.update(values) @@ -2983,7 +2984,7 @@ def instance_extra_get_by_instance_uuid(context, instance_uuid, filter_by(instance_uuid=instance_uuid) if columns is None: columns = ['numa_topology', 'pci_requests', 'flavor', 'vcpu_model', - 'migration_context'] + 'trusted_certs', 'migration_context'] for column in columns: query = query.options(undefer(column)) instance_extra = query.first() diff --git a/nova/db/sqlalchemy/migrate_repo/versions/390_add_trusted_certs.py b/nova/db/sqlalchemy/migrate_repo/versions/390_add_trusted_certs.py new file mode 100644 index 0000000000..87273012a1 --- /dev/null +++ b/nova/db/sqlalchemy/migrate_repo/versions/390_add_trusted_certs.py @@ -0,0 +1,32 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +from sqlalchemy import Column +from sqlalchemy import MetaData +from sqlalchemy import Table +from sqlalchemy import Text + + +BASE_TABLE_NAME = 'instance_extra' +NEW_COLUMN_NAME = 'trusted_certs' + + +def upgrade(migrate_engine): + meta = MetaData() + meta.bind = migrate_engine + + for prefix in ('', 'shadow_'): + table = Table(prefix + BASE_TABLE_NAME, meta, autoload=True) + new_column = Column(NEW_COLUMN_NAME, Text, nullable=True) + if not hasattr(table.c, NEW_COLUMN_NAME): + table.create_column(new_column) diff --git a/nova/db/sqlalchemy/models.py b/nova/db/sqlalchemy/models.py index 4d12ff7017..acbf7d0ed6 100644 --- a/nova/db/sqlalchemy/models.py +++ b/nova/db/sqlalchemy/models.py @@ -387,6 +387,7 @@ class InstanceExtra(BASE, NovaBase, models.SoftDeleteMixin): vcpu_model = orm.deferred(Column(Text)) migration_context = orm.deferred(Column(Text)) keypairs = orm.deferred(Column(Text)) + trusted_certs = orm.deferred(Column(Text)) instance = orm.relationship(Instance, backref=orm.backref('extra', uselist=False), diff --git a/nova/tests/unit/db/test_db_api.py b/nova/tests/unit/db/test_db_api.py index e6b43665a0..d9371042c8 100644 --- a/nova/tests/unit/db/test_db_api.py +++ b/nova/tests/unit/db/test_db_api.py @@ -2987,10 +2987,15 @@ class InstanceExtraTestCase(test.TestCase): def test_instance_extra_update_by_uuid(self): db.instance_extra_update_by_uuid(self.ctxt, self.instance['uuid'], - {'numa_topology': 'changed'}) + {'numa_topology': 'changed', + 'trusted_certs': "['123', 'foo']", + }) inst_extra = db.instance_extra_get_by_instance_uuid( self.ctxt, self.instance['uuid']) self.assertEqual('changed', inst_extra.numa_topology) + # NOTE(jackie-truong): trusted_certs is stored as a Text type in + # instance_extra and read as a list of strings + self.assertEqual("['123', 'foo']", inst_extra.trusted_certs) def test_instance_extra_update_by_uuid_and_create(self): @sqlalchemy_api.pick_context_manager_writer @@ -3015,11 +3020,12 @@ class InstanceExtraTestCase(test.TestCase): def test_instance_extra_get_with_columns(self): extra = db.instance_extra_get_by_instance_uuid( self.ctxt, self.instance['uuid'], - columns=['numa_topology', 'vcpu_model']) + columns=['numa_topology', 'vcpu_model', 'trusted_certs']) self.assertRaises(SQLAlchemyError, extra.__getitem__, 'pci_requests') self.assertIn('numa_topology', extra) self.assertIn('vcpu_model', extra) + self.assertIn('trusted_certs', extra) class ServiceTestCase(test.TestCase, ModelsObjectComparatorMixin): diff --git a/nova/tests/unit/db/test_migrations.py b/nova/tests/unit/db/test_migrations.py index 77039a6dd5..a29f178b5a 100644 --- a/nova/tests/unit/db/test_migrations.py +++ b/nova/tests/unit/db/test_migrations.py @@ -1004,6 +1004,11 @@ class NovaMigrationsCheckers(test_migrations.ModelsMigrationsSync, 'aggregate_metadata_value_idx', ['value']) + def _check_390(self, engine, data): + self.assertColumnExists(engine, 'instance_extra', 'trusted_certs') + self.assertColumnExists(engine, 'shadow_instance_extra', + 'trusted_certs') + class TestNovaMigrationsSQLite(NovaMigrationsCheckers, test_base.DbTestCase, |