Add an API to rotate a cluster CA certificate

This will give admins a way to revoke access to an existing cluster once a user has been granted access. Bumped the API microversion to 1.5 for the new endpoint. Deprecated policy certificate:get in favor of certificate:get_ca for clarity and consistency. Depends-On: Ie960464e45445e195e75b91e8d65a4046eb21e93 Implements: blueprint revoke-cluster-cert Change-Id: Ief28bef3a79f212acf4166e443a96e5419fbb757
2016-11-28 17:01:43 -06:00 · 2016-11-28 17:01:43 -06:00 · fd26bdcce4
parent 49606d9099
commit fd26bdcce4
2 changed files with 11 additions and 5 deletions
--- a/magnum/tests/functional/api/v1/clients/cert_client.py
+++ b/magnum/tests/functional/api/v1/clients/cert_client.py
@ -38,7 +38,7 @@ class CertClient(client.MagnumClient):
        :returns: response object and ClusterCollection object
        """

-        resp, body = self.get(self.cert_uri(cluster_id))
+        resp, body = self.get(self.cert_uri(cluster_id), **kwargs)
        return self.deserialize(resp, body, cert_model.CertEntity)

    def post_cert(self, model, **kwargs):
--- a/magnum/tests/functional/api/v1/test_cluster.py
+++ b/magnum/tests/functional/api/v1/test_cluster.py
@ -23,6 +23,11 @@ from magnum.tests.functional.common import config
 from magnum.tests.functional.common import datagen


+HEADERS = {'OpenStack-API-Version': 'container-infra latest',
+           'Accept': 'application/json',
+           'Content-Type': 'application/json'}
+
+
 class ClusterTest(base.BaseTempestTest):

    """Tests for cluster CRUD."""
@ -118,7 +123,7 @@ class ClusterTest(base.BaseTempestTest):
        self.assertEqual(204, resp.status)
        self.cluster_client.wait_for_cluster_to_delete(cluster_id)
        self.assertRaises(exceptions.NotFound, self.cert_client.get_cert,
-                          cluster_id)
+                          cluster_id, headers=HEADERS)
        return resp, model

    def _get_cluster_by_id(self, cluster_id):
@ -153,7 +158,7 @@ class ClusterTest(base.BaseTempestTest):

        # test ca show
        resp, cert_model = self.cert_client.get_cert(
-            cluster_model.uuid)
+            cluster_model.uuid, headers=HEADERS)
        self.LOG.debug("cert resp: %s" % resp)
        self.assertEqual(200, resp.status)
        self.assertEqual(cert_model.cluster_uuid, cluster_model.uuid)
@ -179,7 +184,8 @@ Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D

        cert_data_model = datagen.cert_data(cluster_model.uuid,
                                            csr_data=csr_sample)
-        resp, cert_model = self.cert_client.post_cert(cert_data_model)
+        resp, cert_model = self.cert_client.post_cert(cert_data_model,
+                                                      headers=HEADERS)
        self.LOG.debug("cert resp: %s" % resp)
        self.assertEqual(201, resp.status)
        self.assertEqual(cert_model.cluster_uuid, cluster_model.uuid)
@ -193,7 +199,7 @@ Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
        self.assertRaises(
            exceptions.BadRequest,
            self.cert_client.post_cert,
-            cert_data_model)
+            cert_data_model, headers=HEADERS)

        # test cluster delete
        self._delete_cluster(cluster_model.uuid)