From fd26bdcce47820db4c58313860cda93797ac6c9e Mon Sep 17 00:00:00 2001 From: Jason Dunsmore Date: Mon, 28 Nov 2016 17:01:43 -0600 Subject: [PATCH] Add an API to rotate a cluster CA certificate This will give admins a way to revoke access to an existing cluster once a user has been granted access. Bumped the API microversion to 1.5 for the new endpoint. Deprecated policy certificate:get in favor of certificate:get_ca for clarity and consistency. Depends-On: Ie960464e45445e195e75b91e8d65a4046eb21e93 Implements: blueprint revoke-cluster-cert Change-Id: Ief28bef3a79f212acf4166e443a96e5419fbb757 --- .../tests/functional/api/v1/clients/cert_client.py | 2 +- magnum/tests/functional/api/v1/test_cluster.py | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/magnum/tests/functional/api/v1/clients/cert_client.py b/magnum/tests/functional/api/v1/clients/cert_client.py index 835484a..6853f35 100644 --- a/magnum/tests/functional/api/v1/clients/cert_client.py +++ b/magnum/tests/functional/api/v1/clients/cert_client.py @@ -38,7 +38,7 @@ class CertClient(client.MagnumClient): :returns: response object and ClusterCollection object """ - resp, body = self.get(self.cert_uri(cluster_id)) + resp, body = self.get(self.cert_uri(cluster_id), **kwargs) return self.deserialize(resp, body, cert_model.CertEntity) def post_cert(self, model, **kwargs): diff --git a/magnum/tests/functional/api/v1/test_cluster.py b/magnum/tests/functional/api/v1/test_cluster.py index 12c7e72..3a0843e 100644 --- a/magnum/tests/functional/api/v1/test_cluster.py +++ b/magnum/tests/functional/api/v1/test_cluster.py @@ -23,6 +23,11 @@ from magnum.tests.functional.common import config from magnum.tests.functional.common import datagen +HEADERS = {'OpenStack-API-Version': 'container-infra latest', + 'Accept': 'application/json', + 'Content-Type': 'application/json'} + + class ClusterTest(base.BaseTempestTest): """Tests for cluster CRUD.""" @@ -118,7 +123,7 @@ class ClusterTest(base.BaseTempestTest): self.assertEqual(204, resp.status) self.cluster_client.wait_for_cluster_to_delete(cluster_id) self.assertRaises(exceptions.NotFound, self.cert_client.get_cert, - cluster_id) + cluster_id, headers=HEADERS) return resp, model def _get_cluster_by_id(self, cluster_id): @@ -153,7 +158,7 @@ class ClusterTest(base.BaseTempestTest): # test ca show resp, cert_model = self.cert_client.get_cert( - cluster_model.uuid) + cluster_model.uuid, headers=HEADERS) self.LOG.debug("cert resp: %s" % resp) self.assertEqual(200, resp.status) self.assertEqual(cert_model.cluster_uuid, cluster_model.uuid) @@ -179,7 +184,8 @@ Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D cert_data_model = datagen.cert_data(cluster_model.uuid, csr_data=csr_sample) - resp, cert_model = self.cert_client.post_cert(cert_data_model) + resp, cert_model = self.cert_client.post_cert(cert_data_model, + headers=HEADERS) self.LOG.debug("cert resp: %s" % resp) self.assertEqual(201, resp.status) self.assertEqual(cert_model.cluster_uuid, cluster_model.uuid) @@ -193,7 +199,7 @@ Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D self.assertRaises( exceptions.BadRequest, self.cert_client.post_cert, - cert_data_model) + cert_data_model, headers=HEADERS) # test cluster delete self._delete_cluster(cluster_model.uuid)