Adds extension for retrieving certificates

 * Makes euca-upload/euca-register work again
 * Provides means for novarc to be generated
 * Fixes bug 903345
 * Implements blueprint x509-cert-crud

Change-Id: I0b2a42fe5436243da6925ba199936b49458d6f8c

5 files changed, 192 insertions, 0 deletions

diff --git a/etc/nova/policy.json b/etc/nova/policy.json
index abf8908f6..d63934994 100644
--- a/etc/nova/policy.json
+++ b/etc/nova/policy.json
@@ -12,6 +12,7 @@
     "admin_api": [["role:admin"]],
     "compute_extension:accounts": [["rule:admin_api"]],
     "compute_extension:admin_actions": [["rule:admin_api"]],
+    "compute_extension:certificates": [],
     "compute_extension:cloudpipe": [],
     "compute_extension:console_output": [],
     "compute_extension:consoles": [],
diff --git a/nova/api/openstack/compute/contrib/certificates.py b/nova/api/openstack/compute/contrib/certificates.py
new file mode 100644
index 000000000..6805daec6
--- /dev/null
+++ b/nova/api/openstack/compute/contrib/certificates.py
@@ -0,0 +1,112 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 OpenStack, LLC.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License
+
+import webob.exc
+
+from nova.api.openstack import wsgi
+from nova.api.openstack import xmlutil
+from nova.api.openstack import extensions
+from nova import flags
+from nova import log as logging
+from nova import network
+from nova import rpc
+
+
+LOG = logging.getLogger('nova.api.openstack.compute.contrib.certificates')
+FLAGS = flags.FLAGS
+authorize = extensions.extension_authorizer('compute', 'certificates')
+
+
+def make_certificate(elem):
+    elem.set('data')
+    elem.set('private_key')
+
+
+class CertificateTemplate(xmlutil.TemplateBuilder):
+    def construct(self):
+        root = xmlutil.TemplateElement('certificate',
+                                       selector='certificate')
+        make_certificate(root)
+        return xmlutil.MasterTemplate(root, 1)
+
+
+class CertificatesTemplate(xmlutil.TemplateBuilder):
+    def construct(self):
+        root = xmlutil.TemplateElement('certificates')
+        elem = xmlutil.SubTemplateElement(root, 'certificate',
+                                          selector='certificates')
+        make_certificate(elem)
+        return xmlutil.MasterTemplate(root, 1)
+
+
+def _translate_certificate_view(certificate, private_key=None):
+    return {
+        'data': certificate,
+        'private_key': private_key,
+    }
+
+
+class CertificatesController(object):
+    """The x509 Certificates API controller for the OpenStack API."""
+
+    def __init__(self):
+        self.network_api = network.API()
+        super(CertificatesController, self).__init__()
+
+    @wsgi.serializers(xml=CertificateTemplate)
+    def show(self, req, id):
+        """Return a list of certificates."""
+        context = req.environ['nova.context']
+        authorize(context)
+        if id != 'root':
+            msg = _("Only root certificate can be retrieved.")
+            raise webob.exc.HTTPNotImplemented(explanation=msg)
+        cert = rpc.call(context, FLAGS.cert_topic,
+                        {"method": "fetch_ca",
+                         "args": {"project_id": context.project_id}})
+        return {'certificate': _translate_certificate_view(cert)}
+
+    @wsgi.serializers(xml=CertificateTemplate)
+    def create(self, req, body=None):
+        """Return a list of certificates."""
+        context = req.environ['nova.context']
+        authorize(context)
+        pk, cert = rpc.call(context, FLAGS.cert_topic,
+                            {"method": "generate_x509_cert",
+                             "args": {"user_id": context.user_id,
+                                      "project_id": context.project_id}})
+        context = req.environ['nova.context']
+        return {'certificate': _translate_certificate_view(cert, pk)}
+
+
+class Certificates(extensions.ExtensionDescriptor):
+    """Certificates support"""
+
+    name = "Certificates"
+    alias = "os-certificates"
+    namespace = \
+        "http://docs.openstack.org/compute/ext/certificates/api/v1.1"
+    updated = "2012-01-19T00:00:00+00:00"
+
+    def get_resources(self):
+        resources = []
+
+        res = extensions.ResourceExtension('os-certificates',
+                         CertificatesController(),
+                         member_actions={})
+        resources.append(res)
+
+        return resources
diff --git a/nova/tests/api/openstack/compute/contrib/test_certificates.py b/nova/tests/api/openstack/compute/contrib/test_certificates.py
new file mode 100644
index 000000000..803cf5601
--- /dev/null
+++ b/nova/tests/api/openstack/compute/contrib/test_certificates.py
@@ -0,0 +1,77 @@
+# Copyright (c) 2012 OpenStack, LLC
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from lxml import etree
+
+from nova.api.openstack.compute.contrib import certificates
+from nova import context
+from nova import rpc
+from nova import test
+from nova.tests.api.openstack import fakes
+
+
+def fake_get_root_cert(context, *args, **kwargs):
+    return 'fakeroot'
+
+
+def fake_create_cert(context, *args, **kwargs):
+    return 'fakepk', 'fakecert'
+
+
+class CertificatesTest(test.TestCase):
+    def setUp(self):
+        super(CertificatesTest, self).setUp()
+        self.context = context.RequestContext('fake', 'fake')
+        self.controller = certificates.CertificatesController()
+
+    def test_translate_certificate_view(self):
+        pk, cert = fake_create_cert(self.context)
+        view = certificates._translate_certificate_view(cert, pk)
+        self.assertEqual(view['data'], cert)
+        self.assertEqual(view['private_key'], pk)
+
+    def test_certificates_show_root(self):
+        self.stubs.Set(rpc, 'call', fake_get_root_cert)
+        req = fakes.HTTPRequest.blank('/v2/fake/os-certificates/root')
+        res_dict = self.controller.show(req, 'root')
+
+        cert = fake_get_root_cert(self.context)
+        response = {'certificate': {'data': cert, 'private_key': None}}
+        self.assertEqual(res_dict, response)
+
+    def test_certificates_create_certificate(self):
+        self.stubs.Set(rpc, 'call', fake_create_cert)
+        req = fakes.HTTPRequest.blank('/v2/fake/os-certificates/')
+        res_dict = self.controller.create(req)
+
+        pk, cert = fake_create_cert(self.context)
+        response = {'certificate': {'data': cert, 'private_key': pk}}
+        self.assertEqual(res_dict, response)
+
+
+class CertificatesSerializerTest(test.TestCase):
+    def test_index_serializer(self):
+        serializer = certificates.CertificateTemplate()
+        text = serializer.serialize(dict(
+                certificate=dict(
+                    data='fakecert',
+                    private_key='fakepk'),
+                ))
+
+        tree = etree.fromstring(text)
+
+        self.assertEqual('certificate', tree.tag)
+        self.assertEqual('fakepk', tree.get('private_key'))
+        self.assertEqual('fakecert', tree.get('data'))
diff --git a/nova/tests/api/openstack/compute/test_extensions.py b/nova/tests/api/openstack/compute/test_extensions.py
index 4a03cacf6..8b20a615a 100644
--- a/nova/tests/api/openstack/compute/test_extensions.py
+++ b/nova/tests/api/openstack/compute/test_extensions.py
@@ -153,6 +153,7 @@ class ExtensionControllerTest(ExtensionTestCase):
         self.ext_list = [
             "Accounts",
             "AdminActions",
+            "Certificates",
             "Cloudpipe",
             "Console_output",
             "Consoles",
diff --git a/nova/tests/policy.json b/nova/tests/policy.json
index ff30cd43d..737e98f68 100644
--- a/nova/tests/policy.json
+++ b/nova/tests/policy.json
@@ -71,6 +71,7 @@
 
     "compute_extension:accounts": [],
     "compute_extension:admin_actions": [],
+    "compute_extension:certificates": [],
     "compute_extension:cloudpipe": [],
     "compute_extension:console_output": [],
     "compute_extension:consoles": [],