diff options
author | jakedahn <jake@ansolabs.com> | 2012-01-20 15:08:53 -0800 |
---|---|---|
committer | jakedahn <jake@ansolabs.com> | 2012-01-24 17:10:46 -0800 |
commit | 36be4bf5759ae1f22c6eeeff5be01cf20e068bf3 (patch) | |
tree | f7a4e6ba5f161d4167b0c077fa2eb816e405fd35 | |
parent | 25bb2a4125087ffe54aab41cdbce83a00bcb28e7 (diff) | |
download | python-novaclient-36be4bf5759ae1f22c6eeeff5be01cf20e068bf3.tar.gz |
Implementing client for new x509 support in nova.essex-3
* This depends on the approval of vishy's changes here: https://review.openstack.org/#change,3199
* Adds novaclient library code, and cli.
CLI Use:
nova x509-create-cert [private_key_filename] [cert_filename]
nova x509-get-root-cert [cert_filename]
Change-Id: If5b833b90bfb5bc16ea4636abb667717a67065d3
-rw-r--r-- | README.rst | 2 | ||||
-rw-r--r-- | novaclient/v1_1/certs.py | 48 | ||||
-rw-r--r-- | novaclient/v1_1/client.py | 2 | ||||
-rw-r--r-- | novaclient/v1_1/shell.py | 48 | ||||
-rw-r--r-- | tests/v1_1/fakes.py | 9 | ||||
-rw-r--r-- | tests/v1_1/test_certs.py | 20 | ||||
-rw-r--r-- | tests/v1_1/test_shell.py | 17 |
7 files changed, 146 insertions, 0 deletions
@@ -152,6 +152,8 @@ You'll find complete documentation on the shell by running List all the snapshots. volume-snapshot-show Show details about a snapshot. + x509-create-cert Create x509 cert for a user in tenant + x509-get-root-cert Fetches the x509 root cert. zone Show or edit a Child Zone zone-add Add a Child Zone. zone-boot Boot a server, considering Zones. diff --git a/novaclient/v1_1/certs.py b/novaclient/v1_1/certs.py new file mode 100644 index 00000000..6e3a4c71 --- /dev/null +++ b/novaclient/v1_1/certs.py @@ -0,0 +1,48 @@ +# Copyright 2010 Jacob Kaplan-Moss + +# Copyright 2011 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +Certificate interface. +""" + +from novaclient import base + + +class Certificate(base.Resource): + def __repr__(self): + return "<Certificate: private_key=[%s bytes] data=[%s bytes]>" % \ + (len(self.private_key) if self.private_key else 0, + len(self.data)) + + +class CertificateManager(base.ManagerWithFind): + """ + Manage :class:`Certificate` resources. + """ + resource_class = Certificate + + def create(self): + """ + Create a x509 certificates for a user in tenant. + """ + return self._create('/os-certificates', {}, 'certificate') + + def get(self): + """ + Get root certificate. + """ + return self._get("/os-certificates/root", 'certificate') diff --git a/novaclient/v1_1/client.py b/novaclient/v1_1/client.py index 5fac8d32..96576f9b 100644 --- a/novaclient/v1_1/client.py +++ b/novaclient/v1_1/client.py @@ -1,4 +1,5 @@ from novaclient import client +from novaclient.v1_1 import certs from novaclient.v1_1 import flavors from novaclient.v1_1 import floating_ip_dns from novaclient.v1_1 import floating_ips @@ -49,6 +50,7 @@ class Client(object): # extensions self.dns_domains = floating_ip_dns.FloatingIPDNSDomainManager(self) self.dns_entries = floating_ip_dns.FloatingIPDNSEntryManager(self) + self.certs = certs.CertificateManager(self) self.floating_ips = floating_ips.FloatingIPManager(self) self.floating_ip_pools = floating_ip_pools.FloatingIPPoolManager(self) self.volumes = volumes.VolumeManager(self) diff --git a/novaclient/v1_1/shell.py b/novaclient/v1_1/shell.py index 548e3061..b69c9e5f 100644 --- a/novaclient/v1_1/shell.py +++ b/novaclient/v1_1/shell.py @@ -1397,3 +1397,51 @@ def do_usage_list(cs, args): simplify_usage(usage) utils.print_list(usage_list, rows) + + +@utils.arg('pk_filename', + metavar='<private_key_file>', + nargs='?', + default='pk.pem', + help='Filename to write the private key to.') +@utils.arg('cert_filename', + metavar='<x509_cert>', + nargs='?', + default='cert.pem', + help='Filename to write the x509 cert.') +def do_x509_create_cert(cs, args): + """Create x509 cert for a user in tenant""" + + if os.path.exists(args.pk_filename): + raise exceptions.CommandError("Unable to write privatekey - %s exists." + % args.pk_filename) + if os.path.exists(args.cert_filename): + raise exceptions.CommandError("Unable to write x509 cert - %s exists." + % args.cert_filename) + + certs = cs.certs.create() + + with open(args.pk_filename, 'w') as private_key: + private_key.write(certs.private_key) + print "Wrote private key to %s" % args.pk_filename + + with open(args.cert_filename, 'w') as cert: + cert.write(certs.data) + print "Wrote x509 certificate to %s" % args.cert_filename + + +@utils.arg('filename', + metavar='<filename>', + nargs='?', + default='cacert.pem', + help='Filename to write the x509 root cert.') +def do_x509_get_root_cert(cs, args): + """Fetches the x509 root cert.""" + if os.path.exists(args.filename): + raise exceptions.CommandError("Unable to write x509 root cert - \ + %s exists." % args.filename) + + with open(args.filename, 'w') as cert: + cacert = cs.certs.get() + cert.write(cacert.data) + print "Wrote x509 root cert to %s" % args.filename diff --git a/tests/v1_1/fakes.py b/tests/v1_1/fakes.py index 69f564c6..1cfe4668 100644 --- a/tests/v1_1/fakes.py +++ b/tests/v1_1/fakes.py @@ -699,3 +699,12 @@ class FakeHTTPClient(base_client.HTTPClient): u'started_at': u'2012-01-20 18:06:06.479998'}], u'start': u'2011-12-25 19:48:41.750687', u'total_local_gb_usage': 0.0}}) + + # + # Certificates + # + def get_os_certificates_root(self, **kw): + return (200, {'certificate': {'private_key': None, 'data': 'foo'}}) + + def post_os_certificates(self, **kw): + return (200, {'certificate': {'private_key': 'foo', 'data': 'bar'}}) diff --git a/tests/v1_1/test_certs.py b/tests/v1_1/test_certs.py new file mode 100644 index 00000000..dc6e7678 --- /dev/null +++ b/tests/v1_1/test_certs.py @@ -0,0 +1,20 @@ +from novaclient import exceptions +from novaclient.v1_1 import certs +from tests import utils +from tests.v1_1 import fakes + + +cs = fakes.FakeClient() + + +class FlavorsTest(utils.TestCase): + + def test_create_cert(self): + cert = cs.certs.create() + cs.assert_called('POST', '/os-certificates') + self.assertTrue(isinstance(cert, certs.Certificate)) + + def test_get_root_cert(self): + cert = cs.certs.get() + cs.assert_called('GET', '/os-certificates/root') + self.assertTrue(isinstance(cert, certs.Certificate)) diff --git a/tests/v1_1/test_shell.py b/tests/v1_1/test_shell.py index fa357697..c0db8da7 100644 --- a/tests/v1_1/test_shell.py +++ b/tests/v1_1/test_shell.py @@ -1,3 +1,20 @@ +# Copyright 2010 Jacob Kaplan-Moss + +# Copyright 2011 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + import os import mock import sys |