Add cluster to cert commands
This patch will update the certificate api to use the term Cluster instead of Bay. Bay will still be supported, but will be deprecated and removed in a future release. Change-Id: Ie169162a743320813e636597240941b5dd59ded3 Implements: blueprint rename-bay-to-cluster
This commit is contained in:
parent
52224c5c09
commit
8aed31a6a6
|
@ -35,31 +35,35 @@ class Certificate(base.APIBase):
|
|||
certificate.
|
||||
"""
|
||||
|
||||
_bay_uuid = None
|
||||
"""uuid or logical name of bay"""
|
||||
_cluster_uuid = None
|
||||
"""uuid or logical name of cluster"""
|
||||
|
||||
_bay = None
|
||||
_cluster = None
|
||||
|
||||
def _get_bay_uuid(self):
|
||||
return self._bay_uuid
|
||||
def _get_cluster_uuid(self):
|
||||
return self._cluster_uuid
|
||||
|
||||
def _set_bay_uuid(self, value):
|
||||
if value and self._bay_uuid != value:
|
||||
def _set_cluster_uuid(self, value):
|
||||
if value and self._cluster_uuid != value:
|
||||
try:
|
||||
self._bay = api_utils.get_resource('Bay', value)
|
||||
self._bay_uuid = self._bay.uuid
|
||||
self._cluster = api_utils.get_resource('Bay', value)
|
||||
self._cluster_uuid = self._cluster.uuid
|
||||
except exception.ClusterNotFound as e:
|
||||
# Change error code because 404 (NotFound) is inappropriate
|
||||
# response for a POST request to create a Bay
|
||||
e.code = 400 # BadRequest
|
||||
raise
|
||||
elif value == wtypes.Unset:
|
||||
self._bay_uuid = wtypes.Unset
|
||||
self._cluster_uuid = wtypes.Unset
|
||||
|
||||
bay_uuid = wsme.wsproperty(wtypes.text, _get_bay_uuid,
|
||||
_set_bay_uuid, mandatory=True)
|
||||
bay_uuid = wsme.wsproperty(wtypes.text, _get_cluster_uuid,
|
||||
_set_cluster_uuid)
|
||||
"""The bay UUID or id"""
|
||||
|
||||
cluster_uuid = wsme.wsproperty(wtypes.text, _get_cluster_uuid,
|
||||
_set_cluster_uuid)
|
||||
"""The cluster UUID or id"""
|
||||
|
||||
links = wsme.wsattr([link.Link], readonly=True)
|
||||
"""A list containing a self link and associated certificate links"""
|
||||
|
||||
|
@ -80,15 +84,22 @@ class Certificate(base.APIBase):
|
|||
self.fields.append(field)
|
||||
setattr(self, field, kwargs.get(field, wtypes.Unset))
|
||||
|
||||
def get_bay(self):
|
||||
if not self._bay:
|
||||
self._bay = api_utils.get_resource('Bay', self.bay_uuid)
|
||||
return self._bay
|
||||
# set the attribute for cluster_uuid
|
||||
self.fields.append('cluster_uuid')
|
||||
if 'cluster_uuid' in kwargs.keys():
|
||||
setattr(self, 'cluster_uuid', kwargs.get('cluster_uuid',
|
||||
wtypes.Unset))
|
||||
|
||||
def get_cluster(self):
|
||||
if not self._cluster:
|
||||
self._cluster = api_utils.get_resource('Bay', self.cluster_uuid)
|
||||
return self._cluster
|
||||
|
||||
@staticmethod
|
||||
def _convert_with_links(certificate, url, expand=True):
|
||||
if not expand:
|
||||
certificate.unset_fields_except(['bay_uuid', 'csr', 'pem'])
|
||||
certificate.unset_fields_except(['bay_uuid', 'cluster_uuid',
|
||||
'csr', 'pem'])
|
||||
|
||||
certificate.links = [link.Link.make_link('self', url,
|
||||
'certificates',
|
||||
|
@ -108,6 +119,7 @@ class Certificate(base.APIBase):
|
|||
@classmethod
|
||||
def sample(cls, expand=True):
|
||||
sample = cls(bay_uuid='7ae81bb3-dec3-4289-8d6c-da80bd8001ae',
|
||||
cluster_uuid='7ae81bb3-dec3-4289-8d6c-da80bd8001ae',
|
||||
created_at=timeutils.utcnow(),
|
||||
csr='AAA....AAA')
|
||||
return cls._convert_with_links(sample, 'http://localhost:9511', expand)
|
||||
|
@ -124,17 +136,17 @@ class CertificateController(base.Controller):
|
|||
}
|
||||
|
||||
@expose.expose(Certificate, types.uuid_or_name)
|
||||
def get_one(self, bay_ident):
|
||||
"""Retrieve CA information about the given bay.
|
||||
def get_one(self, cluster_ident):
|
||||
"""Retrieve CA information about the given cluster.
|
||||
|
||||
:param bay_ident: UUID of a bay or
|
||||
logical name of the bay.
|
||||
:param cluster_ident: UUID of a cluster or
|
||||
logical name of the cluster.
|
||||
"""
|
||||
context = pecan.request.context
|
||||
bay = api_utils.get_resource('Bay', bay_ident)
|
||||
policy.enforce(context, 'certificate:get', bay,
|
||||
cluster = api_utils.get_resource('Bay', cluster_ident)
|
||||
policy.enforce(context, 'certificate:get', cluster,
|
||||
action='certificate:get')
|
||||
certificate = pecan.request.rpcapi.get_ca_certificate(bay)
|
||||
certificate = pecan.request.rpcapi.get_ca_certificate(cluster)
|
||||
return Certificate.convert_with_links(certificate)
|
||||
|
||||
@expose.expose(Certificate, body=Certificate, status_code=201)
|
||||
|
@ -144,14 +156,14 @@ class CertificateController(base.Controller):
|
|||
:param certificate: a certificate within the request body.
|
||||
"""
|
||||
context = pecan.request.context
|
||||
bay = certificate.get_bay()
|
||||
policy.enforce(context, 'certificate:create', bay,
|
||||
cluster = certificate.get_cluster()
|
||||
policy.enforce(context, 'certificate:create', cluster,
|
||||
action='certificate:create')
|
||||
certificate_dict = certificate.as_dict()
|
||||
certificate_dict['project_id'] = context.project_id
|
||||
certificate_dict['user_id'] = context.user_id
|
||||
cert_obj = objects.Certificate(context, **certificate_dict)
|
||||
|
||||
new_cert = pecan.request.rpcapi.sign_certificate(bay,
|
||||
new_cert = pecan.request.rpcapi.sign_certificate(cluster,
|
||||
cert_obj)
|
||||
return Certificate.convert_with_links(new_cert)
|
||||
|
|
|
@ -20,25 +20,25 @@ class CertClient(client.MagnumClient):
|
|||
url = "/certificates"
|
||||
|
||||
@classmethod
|
||||
def cert_uri(cls, bay_id):
|
||||
"""Construct bay uri
|
||||
def cert_uri(cls, cluster_id):
|
||||
"""Construct cluster uri
|
||||
|
||||
:param bay_id: bay uuid or name
|
||||
:param cluster_id: cluster uuid or name
|
||||
:returns: url string
|
||||
"""
|
||||
|
||||
return "{0}/{1}".format(cls.url, bay_id)
|
||||
return "{0}/{1}".format(cls.url, cluster_id)
|
||||
|
||||
def get_cert(self, bay_id, **kwargs):
|
||||
"""Makes GET /certificates/bay_id request and returns CertEntity
|
||||
def get_cert(self, cluster_id, **kwargs):
|
||||
"""Makes GET /certificates/cluster_id request and returns CertEntity
|
||||
|
||||
Abstracts REST call to return a single cert based on uuid or name
|
||||
|
||||
:param bay_id: bay uuid or name
|
||||
:returns: response object and BayCollection object
|
||||
:param cluster_id: cluster uuid or name
|
||||
:returns: response object and ClusterCollection object
|
||||
"""
|
||||
|
||||
resp, body = self.get(self.cert_uri(bay_id))
|
||||
resp, body = self.get(self.cert_uri(cluster_id))
|
||||
return self.deserialize(resp, body, cert_model.CertEntity)
|
||||
|
||||
def post_cert(self, model, **kwargs):
|
||||
|
|
|
@ -182,7 +182,7 @@ Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
|
|||
resp, cert_model = self.cert_client.post_cert(cert_data_model)
|
||||
self.LOG.debug("cert resp: %s" % resp)
|
||||
self.assertEqual(201, resp.status)
|
||||
self.assertEqual(cert_model.bay_uuid, cluster_model.uuid)
|
||||
self.assertEqual(cert_model.cluster_uuid, cluster_model.uuid)
|
||||
self.assertIsNotNone(cert_model.pem)
|
||||
self.assertIn('-----BEGIN CERTIFICATE-----', cert_model.pem)
|
||||
self.assertIn('-----END CERTIFICATE-----', cert_model.pem)
|
||||
|
|
|
@ -322,11 +322,11 @@ def bay_node_count_patch_data(node_count=2):
|
|||
return baypatch_model.BayPatchCollection.from_dict(data)
|
||||
|
||||
|
||||
def cert_data(bay_uuid, csr_data):
|
||||
def cert_data(cluster_uuid, csr_data):
|
||||
data = {
|
||||
"bay_uuid": bay_uuid,
|
||||
"csr": csr_data,
|
||||
}
|
||||
"cluster_uuid": cluster_uuid,
|
||||
"csr": csr_data}
|
||||
|
||||
model = cert_model.CertEntity.from_dict(data)
|
||||
|
||||
return model
|
||||
|
|
|
@ -25,13 +25,13 @@ class TestCertObject(base.TestCase):
|
|||
@mock.patch('magnum.api.utils.get_resource')
|
||||
def test_cert_init(self, mock_get_resource):
|
||||
cert_dict = api_utils.cert_post_data()
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.uuid = cert_dict['bay_uuid']
|
||||
mock_get_resource.return_value = mock_bay
|
||||
mock_cluster = mock.MagicMock()
|
||||
mock_cluster.uuid = cert_dict['cluster_uuid']
|
||||
mock_get_resource.return_value = mock_cluster
|
||||
|
||||
cert = api_cert.Certificate(**cert_dict)
|
||||
|
||||
self.assertEqual(cert_dict['bay_uuid'], cert.bay_uuid)
|
||||
self.assertEqual(cert_dict['cluster_uuid'], cert.cluster_uuid)
|
||||
self.assertEqual(cert_dict['csr'], cert.csr)
|
||||
self.assertEqual(cert_dict['pem'], cert.pem)
|
||||
|
||||
|
@ -40,7 +40,7 @@ class TestGetCertificate(api_base.FunctionalTest):
|
|||
|
||||
def setUp(self):
|
||||
super(TestGetCertificate, self).setUp()
|
||||
self.bay = obj_utils.create_test_bay(self.context)
|
||||
self.cluster = obj_utils.create_test_cluster(self.context)
|
||||
|
||||
conductor_api_patcher = mock.patch('magnum.conductor.api.API')
|
||||
self.conductor_api_class = conductor_api_patcher.start()
|
||||
|
@ -54,9 +54,11 @@ class TestGetCertificate(api_base.FunctionalTest):
|
|||
mock_cert.as_dict.return_value = fake_cert
|
||||
self.conductor_api.get_ca_certificate.return_value = mock_cert
|
||||
|
||||
response = self.get_json('/certificates/%s' % self.bay.uuid)
|
||||
response = self.get_json('/certificates/%s' % self.cluster.uuid)
|
||||
|
||||
self.assertEqual(self.bay.uuid, response['bay_uuid'])
|
||||
self.assertEqual(self.cluster.uuid, response['cluster_uuid'])
|
||||
# check that bay is still valid as well
|
||||
self.assertEqual(self.cluster.uuid, response['bay_uuid'])
|
||||
self.assertEqual(fake_cert['csr'], response['csr'])
|
||||
self.assertEqual(fake_cert['pem'], response['pem'])
|
||||
|
||||
|
@ -66,9 +68,11 @@ class TestGetCertificate(api_base.FunctionalTest):
|
|||
mock_cert.as_dict.return_value = fake_cert
|
||||
self.conductor_api.get_ca_certificate.return_value = mock_cert
|
||||
|
||||
response = self.get_json('/certificates/%s' % self.bay.name)
|
||||
response = self.get_json('/certificates/%s' % self.cluster.name)
|
||||
|
||||
self.assertEqual(self.bay.uuid, response['bay_uuid'])
|
||||
self.assertEqual(self.cluster.uuid, response['cluster_uuid'])
|
||||
# check that bay is still valid as well
|
||||
self.assertEqual(self.cluster.uuid, response['bay_uuid'])
|
||||
self.assertEqual(fake_cert['csr'], response['csr'])
|
||||
self.assertEqual(fake_cert['pem'], response['pem'])
|
||||
|
||||
|
@ -80,13 +84,13 @@ class TestGetCertificate(api_base.FunctionalTest):
|
|||
self.assertEqual('application/json', response.content_type)
|
||||
self.assertTrue(response.json['errors'])
|
||||
|
||||
def test_get_one_by_name_multiple_bay(self):
|
||||
obj_utils.create_test_bay(self.context, name='test_bay',
|
||||
uuid=uuidutils.generate_uuid())
|
||||
obj_utils.create_test_bay(self.context, name='test_bay',
|
||||
uuid=uuidutils.generate_uuid())
|
||||
def test_get_one_by_name_multiple_cluster(self):
|
||||
obj_utils.create_test_cluster(self.context, name='test_cluster',
|
||||
uuid=uuidutils.generate_uuid())
|
||||
obj_utils.create_test_cluster(self.context, name='test_cluster',
|
||||
uuid=uuidutils.generate_uuid())
|
||||
|
||||
response = self.get_json('/certificates/test_bay',
|
||||
response = self.get_json('/certificates/test_cluster',
|
||||
expect_errors=True)
|
||||
|
||||
self.assertEqual(409, response.status_int)
|
||||
|
@ -99,11 +103,11 @@ class TestGetCertificate(api_base.FunctionalTest):
|
|||
mock_cert.as_dict.return_value = fake_cert
|
||||
self.conductor_api.get_ca_certificate.return_value = mock_cert
|
||||
|
||||
response = self.get_json('/certificates/%s' % self.bay.uuid)
|
||||
response = self.get_json('/certificates/%s' % self.cluster.uuid)
|
||||
|
||||
self.assertIn('links', response.keys())
|
||||
self.assertEqual(2, len(response['links']))
|
||||
self.assertIn(self.bay.uuid, response['links'][0]['href'])
|
||||
self.assertIn(self.cluster.uuid, response['links'][0]['href'])
|
||||
for l in response['links']:
|
||||
bookmark = l['rel'] == 'bookmark'
|
||||
self.assertTrue(self.validate_link(l['href'], bookmark=bookmark))
|
||||
|
@ -113,7 +117,7 @@ class TestPost(api_base.FunctionalTest):
|
|||
|
||||
def setUp(self):
|
||||
super(TestPost, self).setUp()
|
||||
self.bay = obj_utils.create_test_bay(self.context)
|
||||
self.cluster = obj_utils.create_test_cluster(self.context)
|
||||
|
||||
conductor_api_patcher = mock.patch('magnum.conductor.api.API')
|
||||
self.conductor_api_class = conductor_api_patcher.start()
|
||||
|
@ -124,33 +128,51 @@ class TestPost(api_base.FunctionalTest):
|
|||
self.conductor_api.sign_certificate.side_effect = self._fake_sign
|
||||
|
||||
@staticmethod
|
||||
def _fake_sign(bay, cert):
|
||||
def _fake_sign(cluster, cert):
|
||||
cert.pem = 'fake-pem'
|
||||
return cert
|
||||
|
||||
def test_create_cert(self, ):
|
||||
new_cert = api_utils.cert_post_data(bay_uuid=self.bay.uuid)
|
||||
new_cert = api_utils.cert_post_data(cluster_uuid=self.cluster.uuid)
|
||||
del new_cert['pem']
|
||||
|
||||
response = self.post_json('/certificates', new_cert)
|
||||
self.assertEqual('application/json', response.content_type)
|
||||
self.assertEqual(201, response.status_int)
|
||||
self.assertEqual(new_cert['bay_uuid'], response.json['bay_uuid'])
|
||||
self.assertEqual(new_cert['cluster_uuid'],
|
||||
response.json['cluster_uuid'])
|
||||
# verify bay_uuid is still valid as well
|
||||
self.assertEqual(new_cert['cluster_uuid'], response.json['bay_uuid'])
|
||||
self.assertEqual('fake-pem', response.json['pem'])
|
||||
|
||||
# Test that bay_uuid is still backward compatible
|
||||
def test_create_cert_by_bay_name(self, ):
|
||||
new_cert = api_utils.cert_post_data(bay_uuid=self.bay.name)
|
||||
new_cert = api_utils.cert_post_data(cluster_uuid=self.cluster.uuid)
|
||||
del new_cert['pem']
|
||||
new_cert['bay_uuid'] = new_cert['cluster_uuid']
|
||||
del new_cert['cluster_uuid']
|
||||
|
||||
response = self.post_json('/certificates', new_cert)
|
||||
self.assertEqual('application/json', response.content_type)
|
||||
self.assertEqual(201, response.status_int)
|
||||
self.assertEqual(self.cluster.uuid, response.json['cluster_uuid'])
|
||||
# verify bay_uuid is still valid as well
|
||||
self.assertEqual(self.cluster.uuid, response.json['bay_uuid'])
|
||||
self.assertEqual('fake-pem', response.json['pem'])
|
||||
|
||||
def test_create_cert_by_cluster_name(self, ):
|
||||
new_cert = api_utils.cert_post_data(cluster_uuid=self.cluster.name)
|
||||
del new_cert['pem']
|
||||
|
||||
response = self.post_json('/certificates', new_cert)
|
||||
|
||||
self.assertEqual('application/json', response.content_type)
|
||||
self.assertEqual(201, response.status_int)
|
||||
self.assertEqual(self.bay.uuid, response.json['bay_uuid'])
|
||||
self.assertEqual(self.cluster.uuid, response.json['cluster_uuid'])
|
||||
self.assertEqual('fake-pem', response.json['pem'])
|
||||
|
||||
def test_create_cert_bay_not_found(self, ):
|
||||
new_cert = api_utils.cert_post_data(bay_uuid='not_found')
|
||||
def test_create_cert_cluster_not_found(self, ):
|
||||
new_cert = api_utils.cert_post_data(cluster_uuid='not_found')
|
||||
del new_cert['pem']
|
||||
|
||||
response = self.post_json('/certificates', new_cert,
|
||||
|
@ -176,15 +198,15 @@ class TestCertPolicyEnforcement(api_base.FunctionalTest):
|
|||
response.json['errors'][0]['detail'])
|
||||
|
||||
def test_policy_disallow_get_one(self):
|
||||
bay = obj_utils.create_test_bay(self.context)
|
||||
cluster = obj_utils.create_test_cluster(self.context)
|
||||
self._common_policy_check(
|
||||
"certificate:get", self.get_json,
|
||||
'/certificates/%s' % bay.uuid,
|
||||
'/certificates/%s' % cluster.uuid,
|
||||
expect_errors=True)
|
||||
|
||||
def test_policy_disallow_create(self):
|
||||
bay = obj_utils.create_test_bay(self.context)
|
||||
cert = api_utils.cert_post_data(bay_uuid=bay.uuid)
|
||||
cluster = obj_utils.create_test_cluster(self.context)
|
||||
cert = api_utils.cert_post_data(cluster_uuid=cluster.uuid)
|
||||
self._common_policy_check(
|
||||
"certificate:create", self.post_json, '/certificates', cert,
|
||||
expect_errors=True)
|
||||
|
|
|
@ -61,7 +61,8 @@ def cluster_post_data(**kw):
|
|||
|
||||
def cert_post_data(**kw):
|
||||
return {
|
||||
'bay_uuid': kw.get('bay_uuid', '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'),
|
||||
'cluster_uuid': kw.get('cluster_uuid',
|
||||
'5d12f6fd-a196-4bf0-ae4c-1f639a523a52'),
|
||||
'csr': kw.get('csr', 'fake-csr'),
|
||||
'pem': kw.get('pem', 'fake-pem')
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue