Implementing client for new x509 support in nova.essex-3

* This depends on the approval of vishy's changes here: https://review.openstack.org/#change,3199
* Adds novaclient library code, and cli.
    CLI Use:
      nova x509-create-cert [private_key_filename] [cert_filename]
      nova x509-get-root-cert [cert_filename]

Change-Id: If5b833b90bfb5bc16ea4636abb667717a67065d3

7 files changed, 146 insertions, 0 deletions

diff --git a/README.rst b/README.rst
index 834ab7d4..860672b6 100644
--- a/README.rst
+++ b/README.rst
@@ -152,6 +152,8 @@ You'll find complete documentation on the shell by running
                             List all the snapshots.
         volume-snapshot-show
                             Show details about a snapshot.
+        x509-create-cert    Create x509 cert for a user in tenant
+        x509-get-root-cert  Fetches the x509 root cert.
         zone                Show or edit a Child Zone
         zone-add            Add a Child Zone.
         zone-boot           Boot a server, considering Zones.
diff --git a/novaclient/v1_1/certs.py b/novaclient/v1_1/certs.py
new file mode 100644
index 00000000..6e3a4c71
--- /dev/null
+++ b/novaclient/v1_1/certs.py
@@ -0,0 +1,48 @@
+# Copyright 2010 Jacob Kaplan-Moss
+
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""
+Certificate interface.
+"""
+
+from novaclient import base
+
+
+class Certificate(base.Resource):
+    def __repr__(self):
+        return "<Certificate: private_key=[%s bytes] data=[%s bytes]>" % \
+                        (len(self.private_key) if self.private_key else 0,
+                         len(self.data))
+
+
+class CertificateManager(base.ManagerWithFind):
+    """
+    Manage :class:`Certificate` resources.
+    """
+    resource_class = Certificate
+
+    def create(self):
+        """
+        Create a x509 certificates for a user in tenant.
+        """
+        return self._create('/os-certificates', {}, 'certificate')
+
+    def get(self):
+        """
+        Get root certificate.
+        """
+        return self._get("/os-certificates/root", 'certificate')
diff --git a/novaclient/v1_1/client.py b/novaclient/v1_1/client.py
index 5fac8d32..96576f9b 100644
--- a/novaclient/v1_1/client.py
+++ b/novaclient/v1_1/client.py
@@ -1,4 +1,5 @@
 from novaclient import client
+from novaclient.v1_1 import certs
 from novaclient.v1_1 import flavors
 from novaclient.v1_1 import floating_ip_dns
 from novaclient.v1_1 import floating_ips
@@ -49,6 +50,7 @@ class Client(object):
         # extensions
         self.dns_domains = floating_ip_dns.FloatingIPDNSDomainManager(self)
         self.dns_entries = floating_ip_dns.FloatingIPDNSEntryManager(self)
+        self.certs = certs.CertificateManager(self)
         self.floating_ips = floating_ips.FloatingIPManager(self)
         self.floating_ip_pools = floating_ip_pools.FloatingIPPoolManager(self)
         self.volumes = volumes.VolumeManager(self)
diff --git a/novaclient/v1_1/shell.py b/novaclient/v1_1/shell.py
index 548e3061..b69c9e5f 100644
--- a/novaclient/v1_1/shell.py
+++ b/novaclient/v1_1/shell.py
@@ -1397,3 +1397,51 @@ def do_usage_list(cs, args):
         simplify_usage(usage)
 
     utils.print_list(usage_list, rows)
+
+
+@utils.arg('pk_filename',
+           metavar='<private_key_file>',
+           nargs='?',
+           default='pk.pem',
+           help='Filename to write the private key to.')
+@utils.arg('cert_filename',
+           metavar='<x509_cert>',
+           nargs='?',
+           default='cert.pem',
+           help='Filename to write the x509 cert.')
+def do_x509_create_cert(cs, args):
+    """Create x509 cert for a user in tenant"""
+
+    if os.path.exists(args.pk_filename):
+        raise exceptions.CommandError("Unable to write privatekey - %s exists."
+                        % args.pk_filename)
+    if os.path.exists(args.cert_filename):
+        raise exceptions.CommandError("Unable to write x509 cert - %s exists."
+                        % args.cert_filename)
+
+    certs = cs.certs.create()
+
+    with open(args.pk_filename, 'w') as private_key:
+        private_key.write(certs.private_key)
+        print "Wrote private key to %s" % args.pk_filename
+
+    with open(args.cert_filename, 'w') as cert:
+        cert.write(certs.data)
+        print "Wrote x509 certificate to %s" % args.cert_filename
+
+
+@utils.arg('filename',
+           metavar='<filename>',
+           nargs='?',
+           default='cacert.pem',
+           help='Filename to write the x509 root cert.')
+def do_x509_get_root_cert(cs, args):
+    """Fetches the x509 root cert."""
+    if os.path.exists(args.filename):
+        raise exceptions.CommandError("Unable to write x509 root cert - \
+                                      %s exists." % args.filename)
+
+    with open(args.filename, 'w') as cert:
+        cacert = cs.certs.get()
+        cert.write(cacert.data)
+        print "Wrote x509 root cert to %s" % args.filename
diff --git a/tests/v1_1/fakes.py b/tests/v1_1/fakes.py
index 69f564c6..1cfe4668 100644
--- a/tests/v1_1/fakes.py
+++ b/tests/v1_1/fakes.py
@@ -699,3 +699,12 @@ class FakeHTTPClient(base_client.HTTPClient):
                 u'started_at': u'2012-01-20 18:06:06.479998'}],
             u'start': u'2011-12-25 19:48:41.750687',
             u'total_local_gb_usage': 0.0}})
+
+    #
+    # Certificates
+    #
+    def get_os_certificates_root(self, **kw):
+        return (200, {'certificate': {'private_key': None, 'data': 'foo'}})
+
+    def post_os_certificates(self, **kw):
+        return (200, {'certificate': {'private_key': 'foo', 'data': 'bar'}})
diff --git a/tests/v1_1/test_certs.py b/tests/v1_1/test_certs.py
new file mode 100644
index 00000000..dc6e7678
--- /dev/null
+++ b/tests/v1_1/test_certs.py
@@ -0,0 +1,20 @@
+from novaclient import exceptions
+from novaclient.v1_1 import certs
+from tests import utils
+from tests.v1_1 import fakes
+
+
+cs = fakes.FakeClient()
+
+
+class FlavorsTest(utils.TestCase):
+
+    def test_create_cert(self):
+        cert = cs.certs.create()
+        cs.assert_called('POST', '/os-certificates')
+        self.assertTrue(isinstance(cert, certs.Certificate))
+
+    def test_get_root_cert(self):
+        cert = cs.certs.get()
+        cs.assert_called('GET', '/os-certificates/root')
+        self.assertTrue(isinstance(cert, certs.Certificate))
diff --git a/tests/v1_1/test_shell.py b/tests/v1_1/test_shell.py
index fa357697..c0db8da7 100644
--- a/tests/v1_1/test_shell.py
+++ b/tests/v1_1/test_shell.py
@@ -1,3 +1,20 @@
+# Copyright 2010 Jacob Kaplan-Moss
+
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
 import os
 import mock
 import sys