From f69088859f1a00ae39d848a6a51c9420be69a483 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 13 Aug 2013 11:49:45 -0400
Subject: Add support to delete keys and groups

Change-Id: I4bc853f436d6a906175830e0d7000847becadd92
---
 keystone/contrib/kds/backends/sql.py | 10 ++++++++++
 keystone/contrib/kds/controllers.py  |  8 ++++++++
 keystone/contrib/kds/core.py         | 14 ++++++++++++++
 keystone/contrib/kds/routers.py      | 10 ++++++++++
 4 files changed, 42 insertions(+)

diff --git a/keystone/contrib/kds/backends/sql.py b/keystone/contrib/kds/backends/sql.py
index 36dec215..f19cffb3 100644
--- a/keystone/contrib/kds/backends/sql.py
+++ b/keystone/contrib/kds/backends/sql.py
@@ -175,3 +175,13 @@ class KDS(sql.Base):
             return None
         d = key_ref.to_dict()
         return d['key']
+
+    def del_key(self, kds_id):
+        session = self.get_session()
+
+        # Remove group key
+        with session.begin():
+            id = self._id_from_name(kds_id)
+            key_ref = session.query(Keys).filter_by(id=id).first()
+            session.delete(key_ref)
+            session.flush()
diff --git a/keystone/contrib/kds/controllers.py b/keystone/contrib/kds/controllers.py
index 949dc35c..616f1391 100644
--- a/keystone/contrib/kds/controllers.py
+++ b/keystone/contrib/kds/controllers.py
@@ -36,3 +36,11 @@ class KDSController(wsgi.Application):
     def create_group(self, context, name):
         self.assert_admin(context)
         return self.kds_api.create_group(name)
+
+    def del_key(self, context, name):
+        self.assert_admin(context)
+        return self.kds_api.delete_key(name)
+
+    def delete_group(self, context, name):
+        self.assert_admin(context)
+        return self.kds_api.delete_group(name)
diff --git a/keystone/contrib/kds/core.py b/keystone/contrib/kds/core.py
index 53941f80..9f1fa904 100644
--- a/keystone/contrib/kds/core.py
+++ b/keystone/contrib/kds/core.py
@@ -302,6 +302,16 @@ class Manager(manager.Manager):
     def create_group(self, name):
         self.driver.set_group_key(name)
 
+    def delete_key(self, name):
+        if '.' not in name:
+            raise exception.Unauthorized('Invalid Request')
+        self.driver.del_key(name)
+
+    def delete_group(self, name):
+        if '.' in name:
+            raise exception.Unauthorized('Invalid Request')
+        self.driver.del_key(name)
+
 
 class Driver(object):
     """Interface description for a KDS driver."""
@@ -314,6 +324,10 @@ class Driver(object):
         """Set or Create group key object."""
         raise exception.NotImplemented()
 
+    def del_group_key(self, kds_id):
+        """Delete group key object."""
+        raise exception.NotImplemented()
+
     def get_shared_key(self, kds_id):
         """Get key related to kds_id.
 
diff --git a/keystone/contrib/kds/routers.py b/keystone/contrib/kds/routers.py
index a04b948a..0f057055 100644
--- a/keystone/contrib/kds/routers.py
+++ b/keystone/contrib/kds/routers.py
@@ -47,3 +47,13 @@ class KDSExtension(wsgi.ExtensionRouter):
                        controller=kds_controller,
                        action='create_group',
                        conditions=dict(method=['PUT']))
+
+        mapper.connect('/kds/key/{name}',
+                       controller=kds_controller,
+                       action='del_key',
+                       conditions=dict(method=['DELETE']))
+
+        mapper.connect('/kds/group/{name}',
+                       controller=kds_controller,
+                       action='delete_group',
+                       conditions=dict(method=['DELETE']))
-- 
cgit