Draft of simple client API calls.

tatuclient/__init__.py

@@ -1,4 +1,4 @@
-#   Copyright 2017 Huawei, Inc. All rights reserved.
+#   Copyright 2018 Huawei, Inc. All rights reserved.
 #
 #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 #   not use this file except in compliance with the License. You may obtain

tatuclient/v1/ca.py

@@ -1,106 +1,28 @@
-# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#   Copyright 2018 Huawei, Inc. All rights reserved.
 #
-# Author: Endre Karlson <endre.karlson@hp.com>
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
 #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
+#        http://www.apache.org/licenses/LICENSE-2.0
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-from oslo_utils import uuidutils
-import six
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
 
 from tatuclient.v1.base import V1Controller
 from tatuclient.v1 import utils as v1_utils
 
 
-class RecordSetController(V1Controller):
-    def _canonicalize_record_name(self, zone, name):
-        zone_info = None
+class CAController(V1Controller):
 
-        # If we get a zone name we'll need to get the ID of it before POST.
-        if isinstance(zone, six.string_types) and not \
-                uuidutils.is_uuid_like(zone):
-                zone_info = self.client.zones.get(zone)
-        elif isinstance(zone, dict):
-            zone_info = zone
+    def create(self, auth_id):
+        return self._post('/noauth/authorities', data={ 'auth_id': auth_id })
 
-        # We where given a name like "www" vs www.i.io., attempt to fix it on
-        # the behalf of the actor.
-        if not name.endswith("."):
-            if not isinstance(zone_info, dict):
-                zone_info = self.client.zones.get(zone)
+    def list(self):
+        return self._get('/noauth/authorities')
 
-            name = "%s.%s" % (name, zone_info["name"])
-
-        return name, zone_info
-
-    def create(self, zone, name, type_, records, description=None,
-               ttl=None):
-        name, zone_info = self._canonicalize_record_name(zone, name)
-
-        data = {
-            'name': name,
-            'type': type_,
-            'records': records
-        }
-
-        if ttl is not None:
-            data['ttl'] = ttl
-
-        if description is not None:
-            data['description'] = description
-
-        if zone_info is not None:
-            zone_id = zone_info["id"]
-        else:
-            zone_id = zone
-
-        url = '/zones/%s/recordsets' % zone_id
-        return self._post(url, data=data)
-
-    def list(self, zone, criterion=None, marker=None, limit=None):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-
-        url = self.build_url(
-            '/zones/%s/recordsets' % zone,
-            criterion, marker, limit)
-
-        return self._get(url, response_key='recordsets')
-
-    def list_all_zones(self, criterion=None, marker=None, limit=None):
-
-        url = self.build_url('/recordsets', criterion, marker, limit)
-
-        return self._get(url, response_key='recordsets')
-
-    def get(self, zone, recordset):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = self.build_url('/zones/%s/recordsets/%s' % (
-                             zone, recordset))
-
-        return self._get(url)
-
-    def update(self, zone, recordset, values):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = '/zones/%s/recordsets/%s' % (zone, recordset)
-
-        return self._put(url, data=values)
-
-    def delete(self, zone, recordset):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = '/zones/%s/recordsets/%s' % (zone, recordset)
-
-        return self._delete(url)
+    def get(self, auth_id):
+        return self._get('/noauth/authorities/%s' % auth_id)

tatuclient/v1/cli/ca.py

@@ -1,4 +1,4 @@
-#   Copyright 2017 Huawei, Inc. All rights reserved.
+#   Copyright 2018 Huawei, Inc. All rights reserved.
 #
 #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 #   not use this file except in compliance with the License. You may obtain

tatuclient/v1/cli/hostcert.py

@@ -1,4 +1,4 @@
-#   Copyright 2017 Huawei, Inc. All rights reserved.
+#   Copyright 2018 Huawei, Inc. All rights reserved.
 #
 #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 #   not use this file except in compliance with the License. You may obtain
@@ -23,22 +23,6 @@ from tatuclient.v1.utils import get_all
 
 
 LOG = logging.getLogger(__name__)
-'host_id': host.host_id,
-'fingerprint': host.fingerprint,
-'auth_id': host.auth_id,
-'cert': host.cert,
-item = {
-    'host_id': host.host_id,
-    'fingerprint': host.fingerprint,
-    'auth_id': host.auth_id,
-    'cert': host.cert,
-    'hostname': host.hostname,
-}
-if CONF.tatu.use_pat_bastions:
-    item['pat_bastions'] = ','.join(
-        '{}:{}'.format(t[1], t[0]) for t in
-        get_port_ip_tuples(host.host_id, 22))
-    item['srv_url'] = get_srv_url(host.hostname, host.auth_id)
 
 _columns = ['host_id', 'srv_url', 'pat_bastions', 'fingerprint', 'cert']
 _names = ['Instance ID', 'SRV URL', 'PAT Bastions', 'Fingerprint', 'SSH Certificate']
@@ -64,12 +48,13 @@ class ShowHostCertCommand(command.ShowOne):
 
     def get_parser(self, prog_name):
         parser = super(ShowHostCertCommand, self).get_parser(prog_name)
-        parser.add_argument('serial', help="Serial Number")
+        parser.add_argument('host_id', help="Instance ID")
+        parser.add_argument('fingerprint', help="Public Key Fingerprint")
         common.add_all_common_options(parser)
         return parser
 
     def take_action(self, parsed_args):
         client = self.app.client_manager.ssh
         common.set_all_common_headers(client, parsed_args)
-        data = client.hostcert.get(parsed_args.serial)
+        data = client.hostcert.get(parsed_args.host_id, parsed_args.fingerprint)
         return _names, utils.get_item_properties(data, _columns)

tatuclient/v1/cli/usercert.py

@@ -1,4 +1,4 @@
-#   Copyright 2017 Huawei, Inc. All rights reserved.
+#   Copyright 2018 Huawei, Inc. All rights reserved.
 #
 #   Licensed under the Apache License, Version 2.0 (the "License"); you may
 #   not use this file except in compliance with the License. You may obtain
@@ -83,11 +83,12 @@ class RevokeUserCertCommand(command.ShowOne):
     def get_parser(self, prog_name):
         parser = super(RevokeUserCertCommand, self).get_parser(prog_name)
         parser.add_argument('serial', help="Serial Number")
+        parser.add_argument('auth_id', help="Project/CA ID")
         common.add_all_common_options(parser)
         return parser
 
     def take_action(self, parsed_args):
         client = self.app.client_manager.ssh
         common.set_all_common_headers(client, parsed_args)
-        data = client.usercert.create(parsed_args.serial)
+        data = client.usercert.create(parsed_args.auth_id, parsed_args.serial)
         return _names, utils.get_item_properties(data, _columns)

tatuclient/v1/hostcert.py

@@ -1,106 +1,25 @@
-# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#   Copyright 2018 Huawei, Inc. All rights reserved.
 #
-# Author: Endre Karlson <endre.karlson@hp.com>
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
 #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
+#        http://www.apache.org/licenses/LICENSE-2.0
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-from oslo_utils import uuidutils
-import six
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
 
 from tatuclient.v1.base import V1Controller
 from tatuclient.v1 import utils as v1_utils
 
 
-class RecordSetController(V1Controller):
-    def _canonicalize_record_name(self, zone, name):
-        zone_info = None
+class HostCertController(V1Controller):
 
-        # If we get a zone name we'll need to get the ID of it before POST.
-        if isinstance(zone, six.string_types) and not \
-                uuidutils.is_uuid_like(zone):
-                zone_info = self.client.zones.get(zone)
-        elif isinstance(zone, dict):
-            zone_info = zone
+    def list(self):
+        return self._get('/noauth/hostcerts')
 
-        # We where given a name like "www" vs www.i.io., attempt to fix it on
-        # the behalf of the actor.
-        if not name.endswith("."):
-            if not isinstance(zone_info, dict):
-                zone_info = self.client.zones.get(zone)
-
-            name = "%s.%s" % (name, zone_info["name"])
-
-        return name, zone_info
-
-    def create(self, zone, name, type_, records, description=None,
-               ttl=None):
-        name, zone_info = self._canonicalize_record_name(zone, name)
-
-        data = {
-            'name': name,
-            'type': type_,
-            'records': records
-        }
-
-        if ttl is not None:
-            data['ttl'] = ttl
-
-        if description is not None:
-            data['description'] = description
-
-        if zone_info is not None:
-            zone_id = zone_info["id"]
-        else:
-            zone_id = zone
-
-        url = '/zones/%s/recordsets' % zone_id
-        return self._post(url, data=data)
-
-    def list(self, zone, criterion=None, marker=None, limit=None):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-
-        url = self.build_url(
-            '/zones/%s/recordsets' % zone,
-            criterion, marker, limit)
-
-        return self._get(url, response_key='recordsets')
-
-    def list_all_zones(self, criterion=None, marker=None, limit=None):
-
-        url = self.build_url('/recordsets', criterion, marker, limit)
-
-        return self._get(url, response_key='recordsets')
-
-    def get(self, zone, recordset):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = self.build_url('/zones/%s/recordsets/%s' % (
-                             zone, recordset))
-
-        return self._get(url)
-
-    def update(self, zone, recordset, values):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = '/zones/%s/recordsets/%s' % (zone, recordset)
-
-        return self._put(url, data=values)
-
-    def delete(self, zone, recordset):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = '/zones/%s/recordsets/%s' % (zone, recordset)
-
-        return self._delete(url)
+    def get(self, host_id, fingerprint):
+        return self._get('/noauth/hostcerts/%s/%s' % (host_id, fingerprint))

tatuclient/v1/usercert.py

@@ -1,106 +1,33 @@
-# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#   Copyright 2018 Huawei, Inc. All rights reserved.
 #
-# Author: Endre Karlson <endre.karlson@hp.com>
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
 #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
+#        http://www.apache.org/licenses/LICENSE-2.0
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-from oslo_utils import uuidutils
-import six
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
 
 from tatuclient.v1.base import V1Controller
 from tatuclient.v1 import utils as v1_utils
 
 
-class RecordSetController(V1Controller):
-    def _canonicalize_record_name(self, zone, name):
-        zone_info = None
+class UserCertController(V1Controller):
 
-        # If we get a zone name we'll need to get the ID of it before POST.
-        if isinstance(zone, six.string_types) and not \
-                uuidutils.is_uuid_like(zone):
-                zone_info = self.client.zones.get(zone)
-        elif isinstance(zone, dict):
-            zone_info = zone
+    def create(self, **kwargs):
+        return self._post('/noauth/usercerts', data=kwargs)
 
-        # We where given a name like "www" vs www.i.io., attempt to fix it on
-        # the behalf of the actor.
-        if not name.endswith("."):
-            if not isinstance(zone_info, dict):
-                zone_info = self.client.zones.get(zone)
+    def list(self):
+        return self._get('/noauth/usercerts')
 
-            name = "%s.%s" % (name, zone_info["name"])
+    def get(self, serial):
+        return self._get('/noauth/usercerts/%s' % serial)
 
-        return name, zone_info
-
-    def create(self, zone, name, type_, records, description=None,
-               ttl=None):
-        name, zone_info = self._canonicalize_record_name(zone, name)
-
-        data = {
-            'name': name,
-            'type': type_,
-            'records': records
-        }
-
-        if ttl is not None:
-            data['ttl'] = ttl
-
-        if description is not None:
-            data['description'] = description
-
-        if zone_info is not None:
-            zone_id = zone_info["id"]
-        else:
-            zone_id = zone
-
-        url = '/zones/%s/recordsets' % zone_id
+    def revoke(self, auth_id, serial):
+        url = '/noauth/revokeduserkeys/%s' % auth_id
+        data = { 'serial': serial }
         return self._post(url, data=data)
-
-    def list(self, zone, criterion=None, marker=None, limit=None):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-
-        url = self.build_url(
-            '/zones/%s/recordsets' % zone,
-            criterion, marker, limit)
-
-        return self._get(url, response_key='recordsets')
-
-    def list_all_zones(self, criterion=None, marker=None, limit=None):
-
-        url = self.build_url('/recordsets', criterion, marker, limit)
-
-        return self._get(url, response_key='recordsets')
-
-    def get(self, zone, recordset):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = self.build_url('/zones/%s/recordsets/%s' % (
-                             zone, recordset))
-
-        return self._get(url)
-
-    def update(self, zone, recordset, values):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = '/zones/%s/recordsets/%s' % (zone, recordset)
-
-        return self._put(url, data=values)
-
-    def delete(self, zone, recordset):
-        zone = v1_utils.resolve_by_name(self.client.zones.list, zone)
-        recordset = v1_utils.resolve_by_name(self.list, recordset, zone)
-
-        url = '/zones/%s/recordsets/%s' % (zone, recordset)
-
-        return self._delete(url)